----------------------------------------- Version 1.0.6-Build1.2 2020-06-16T17:34:37 ----------------------------------------- Patch: SUSE-2018-1223 Released: Tue Jun 26 11:41:00 2018 Summary: Security update for gpg2 Severity: important References: 1096745,CVE-2018-12020 Description: This update for gpg2 fixes the following security issue: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745). ----------------------------------------- Patch: SUSE-2018-1264 Released: Tue Jul 3 10:56:12 2018 Summary: Recommended update for curl Severity: moderate References: 1086367 Description: This update for curl provides the following fix: - Use OPENSSL_config() instead of CONF_modules_load_file() to avoid crashes due to conflicting openssl engines. (bsc#1086367) ----------------------------------------- Patch: SUSE-2018-1268 Released: Tue Jul 3 18:09:41 2018 Summary: Security update for zsh Severity: moderate References: 1084656,1087026,1089030,CVE-2018-1071,CVE-2018-1083,CVE-2018-1100 Description: This update for zsh to version 5.5 fixes the following issues: Security issues fixed: - CVE-2018-1100: Fixes a buffer overflow in utils.c:checkmailpath() that can lead to local arbitrary code execution (bsc#1089030) - CVE-2018-1071: Fixed a stack-based buffer overflow in exec.c:hashcmd() (bsc#1084656) - CVE-2018-1083: Fixed a stack-based buffer overflow in gen_matches_files() at compctl.c (bsc#1087026) Non-security issues fixed: - The effect of the NO_INTERACTIVE_COMMENTS option extends into $(...) and `...` command substitutions when used on the command line. - The 'exec' and 'command' precommand modifiers, and options to them, are now parsed after parameter expansion. - Functions executed by ZLE widgets no longer have their standard input closed, but redirected from /dev/null instead. - There is an option WARN_NESTED_VAR, a companion to the existing WARN_CREATE_GLOBAL that causes a warning if a function updates a variable from an enclosing scope without using typeset -g. - zmodload now has an option -s to be silent on a failure to find a module but still print other errors. ----------------------------------------- Patch: SUSE-2018-1277 Released: Thu Jul 5 08:38:06 2018 Summary: Security update for unzip Severity: moderate References: 1080074,910683,914442,CVE-2014-9636,CVE-2018-1000035 Description: This update for unzip fixes the following issues: - CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442) - CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074) This non-security issue was fixed: +- Allow processing of Windows zip64 archives (Windows archivers set total_disks field to 0 but per standard, valid values are 1 and higher) (bnc#910683) ----------------------------------------- Patch: SUSE-2018-1292 Released: Mon Jul 9 11:57:14 2018 Summary: Security update for openslp Severity: important References: 1090638,CVE-2017-17833 Description: This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing ----------------------------------------- Patch: SUSE-2018-1303 Released: Wed Jul 11 16:09:12 2018 Summary: Recommended update for SUSEConnect Severity: moderate References: 1093658,1094348 Description: This update for SUSEConnect provides the following fixes: - Add dependencies needed by the rmt-client-setup script as Recommends. (bsc#1093658, bsc#1094348) - Enhance error message generation. - Add not supported operation exception to PackageSearch API. ----------------------------------------- Patch: SUSE-2018-1318 Released: Thu Jul 12 11:04:14 2018 Summary: Security update for rsyslog Severity: moderate References: 935393,CVE-2015-3243 Description: This update for rsyslog fixes the following security issue: - CVE-2015-3243: Prevent weak permissions for generated log files, which allowed local users to obtain sensitive information (bsc#935393). ----------------------------------------- Patch: SUSE-2018-1324 Released: Fri Jul 13 14:02:52 2018 Summary: Initial update for kernel-azure Severity: moderate References: 1094420 Description: This update is the initial delivery of the Azure flavor of the Linux Kernel, which contains enhancements and optimizations for running the SUSE Linux Enterprise kernel in the Azure cloud. ----------------------------------------- Patch: SUSE-2018-1327 Released: Tue Jul 17 08:07:24 2018 Summary: Security update for perl Severity: moderate References: 1096718,CVE-2018-12015 Description: This update for perl fixes the following issues: - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) ----------------------------------------- Patch: SUSE-2018-1330 Released: Tue Jul 17 08:55:29 2018 Summary: Recommended update for yast2-registration Severity: moderate References: 1096813,1099691 Description: This update for yast2-registration fixes the following issues: - Use SCC credentials at upgrade when both NCC and SCC credentials are present in the system (bsc#1096813) - Added additional searchkeys to desktop file (fate#321043). ----------------------------------------- Patch: SUSE-2018-1332 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Severity: moderate References: 1073299,1093392 Description: This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------- Patch: SUSE-2018-1333 Released: Tue Jul 17 09:03:21 2018 Summary: Recommended update for bind Severity: moderate References: 901577,965748 Description: This update for bind provides the following fix: - Fixed ldapdump to use a temporary pseudo nameserver that conforms to BIND's expected syntax. Prior versions would not work correctly with an LDAP backed DNS server. (bsc#965748) - Add SPF records in dnszone-schema file. (bsc#901577) ----------------------------------------- Patch: SUSE-2018-1334 Released: Tue Jul 17 09:06:41 2018 Summary: Recommended update for mozilla-nss Severity: moderate References: 1096515 Description: This update for mozilla-nss provides the following fixes: - Update to NSS 3.36.4 required by Firefox 60.0.2. (bsc#1096515) - Fix a problem that would cause connections to a server that was recently upgraded to TLS 1.3 to result in a SSL_RX_MALFORMED_SERVER_HELLO error. - Fix a rare bug with PKCS#12 files. - Use relro linker option. ----------------------------------------- Patch: SUSE-2018-1335 Released: Tue Jul 17 10:13:39 2018 Summary: Recommended update for cloud-netconfig Severity: moderate References: 1095485 Description: This update for cloud-netconfig fixes the following issues: - Make interface names in Azure persistent. (bsc#1095485) ----------------------------------------- Patch: SUSE-2018-1346 Released: Thu Jul 19 09:25:08 2018 Summary: Security update for glibc Severity: moderate References: 1082318,1092877,1094150,1094154,1094161,CVE-2017-18269,CVE-2018-11236,CVE-2018-11237 Description: This update for glibc fixes the following security issues: - CVE-2017-18269: An SSE2-optimized memmove implementation for i386 did not correctly perform the overlapping memory check if the source memory range spaned the middle of the address space, resulting in corrupt data being produced by the copy operation. This may have disclosed information to context-dependent attackers, resulted in a denial of service or code execution (bsc#1094150). - CVE-2018-11236: Prevent integer overflow on 32-bit architectures when processing very long pathname arguments to the realpath function, leading to a stack-based buffer overflow (bsc#1094161). - CVE-2018-11237: An AVX-512-optimized implementation of the mempcpy function may have writen data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper (bsc#1092877, bsc#1094154). ----------------------------------------- Patch: SUSE-2018-1347 Released: Thu Jul 19 09:28:41 2018 Summary: Security update for libgcrypt Severity: moderate References: 1097410,CVE-2018-0495 Description: This update for libgcrypt fixes the following issue: The following security issue was fixed: - CVE-2018-0495: Fixed a novel side-channel attack, by enabling blinding for ECDSA signatures (bsc#1097410) ----------------------------------------- Patch: SUSE-2018-1353 Released: Thu Jul 19 09:50:32 2018 Summary: Security update for e2fsprogs Severity: moderate References: 1009532,1038194,915402,918346,960273,CVE-2015-0247,CVE-2015-1572 Description: This update for e2fsprogs fixes the following issues: Security issues fixed: - CVE-2015-0247: Fixed couple of heap overflows in e2fsprogs (fsck, dumpe2fs, e2image...) (bsc#915402). - CVE-2015-1572: Fixed potential buffer overflow in closefs() (bsc#918346). Bug fixes: - bsc#1038194: generic/405 test fails with /dev/mapper/thin-vol is inconsistent on ext4 file system. - bsc#1009532: resize2fs hangs when trying to resize a large ext4 file system. - bsc#960273: xfsprogs does not call %{?regenerate_initrd_post}. ----------------------------------------- Patch: SUSE-2018-1362 Released: Thu Jul 19 12:47:33 2018 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1100415 Description: ca-certificates-mozilla was updated to the 2.24 state of the Mozilla NSS Certificate store. (bsc#1100415) Following CAs were removed: * S-TRUST_Universal_Root_CA * TC_TrustCenter_Class_3_CA_II * TUeRKTRUST_Elektronik_Sertifika_Hizmet_Saglayicisi_H5 ----------------------------------------- Patch: SUSE-2018-1372 Released: Mon Jul 23 10:40:29 2018 Summary: Security update for openssl-1_1 Severity: moderate References: 1097158,1097624,1098592,CVE-2018-0732 Description: This update for openssl-1_1 fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) ----------------------------------------- Patch: SUSE-2018-1392 Released: Thu Jul 26 11:48:41 2018 Summary: Recommended update for yast2-core Severity: important References: 1099325 Description: This update for yast2-core fixes the following issues: - Fixed detection of aarch64 during an offline upgrade (bsc#1099325) ----------------------------------------- Patch: SUSE-2018-1396 Released: Thu Jul 26 16:23:09 2018 Summary: Security update for rpm Severity: moderate References: 1094735,1095148,943457,CVE-2017-7500 Description: This update for rpm fixes the following issues: This security vulnerability was fixed: - CVE-2017-7500: Fixed symlink attacks during RPM installation (bsc#943457) ----------------------------------------- Patch: SUSE-2018-1397 Released: Thu Jul 26 16:25:29 2018 Summary: Security update for util-linux Severity: moderate References: 1084300,CVE-2018-7738 Description: This update for util-linux fixes the following security issue: - CVE-2018-7738: Fix local vulnerability using embedded shell commands in a mountpoint name (bsc#1084300) ----------------------------------------- Patch: SUSE-2018-1409 Released: Fri Jul 27 06:45:10 2018 Summary: Recommended update for systemd Severity: moderate References: 1039099,1083158,1088052,1091265,1093851,1095096,1095973,1098569 Description: This update for systemd provides the following fixes: - systemctl: Mask always reports the same unit names when different unknown units are passed. (bsc#1095973) - systemctl: Check the existence of all units, not just the first one. - scsi_id: Fix the prefix for pre-SPC inquiry reply. (bsc#1039099) - device: Make sure to always retroactively start device dependencies. (bsc#1088052) - locale-util: On overlayfs FTW_MOUNT causes nftw(3) to not list *any* files. - Fix pattern to detect distribution. - install: The 'user' and 'global' scopes are equivalent for user presets. (bsc#1093851) - install: Search for preset files in /run (#7715) - install: Consider globally enabled units as 'enabled' for the user. (bsc#1093851) - install: Consider non-Alias=/non-DefaultInstance= symlinks as 'indirect' enablement. - install: Only consider names in Alias= as 'enabling'. - udev: Whitelist mlx4_core locally-administered MAC addresses in the persistent rule generator. (bsc#1083158) - man: Updated systemd-analyze blame description for service-units with Type=simple. (bsc#1091265) - fileio: Support writing atomic files with timestamp. - fileio.c: Fix incorrect mtime - Drop runtime dependency on dracut, otherwise systemd pulls in tools to generate the initrd even in container/chroot installations that don't have a kernel. For environments where initrd matters, dracut should be pulled via a pattern. (bsc#1098569) - An update broke booting with encrypted partitions on NVMe (bsc#1095096) ----------------------------------------- Patch: SUSE-2018-1451 Released: Mon Jul 30 12:04:05 2018 Summary: Recommended update for release-notes-sles Severity: moderate References: 1080368,1085628,1089319,1089586,1090199,1097236,1098864,1101177,353876 Description: An update for the release notes of SUSE Linux Enterprise Server 15: (bsc#1101177) - Updated template text - Updated product description - Update aarch64 kernel limits - Updated release notes from FATE - New notes: - Device driver ibmvnic (FATE#323285) - NIS supports IPv6 (FATE#324353) - Advanced Systems Management Module has been removed (FATE#324614) - Migrating from SLES 12 to SLES 15 when the HPC Module is registered (FATE#325666) - Package insserv-compat has been added to SAP Application Server Base Pattern (FATE#325727) - Raspberry Pi using device tree from firmware (FATE#325780) - The user space X drivers cirrus/mga/ast have been removed (FATE#325795, bsc#1089319) - Using thunderbolt devices (FATE#325796, bsc#1090199) - Updated btrfs subvolume layout (FATE#325797, bsc#1085628) - su command does not preserve the value of PATH (FATE#325802, bsc#353876) - Changed notes: - NFS Tuning (FATE#322786, bsc#1097236) [Correct parameter that needs to be used] - Intel* Omni-Path architecture (OPA) Host Software (FATE#323041, bsc#1080368) [Correct URL] - xinetd and yast2-inetd have been removed (FATE#323373, bsc#1089586) [Add note about only_from] - Removed packages (FATE#323783) [Added cirrus/mga/ast driver information] - Searching packages across all SLE modules (FATE#325452, bsc#1098864) [Wording fixes] ----------------------------------------- Patch: SUSE-2018-1459 Released: Tue Jul 31 12:48:26 2018 Summary: Recommended update for yast2 Severity: moderate References: 1098919,1099691 Description: This update for yast2 fixes the following issues: - Network: Prevent from crashing when trying to delete some ip aliases from the original devices. (bsc#1098919) - Added additional searchkeys to desktop file. (fate#321043) ----------------------------------------- Patch: SUSE-2018-1469 Released: Wed Aug 1 13:59:43 2018 Summary: Security update for polkit Severity: moderate References: 1099031,CVE-2018-1116 Description: This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-1116: Fix uid comparison lacking in polkit_backend_interactive_authority_check_authorization (bsc#1099031). ----------------------------------------- Patch: SUSE-2018-1476 Released: Thu Aug 2 14:20:03 2018 Summary: Security update for cups Severity: moderate References: 1096405,1096406,1096407,1096408,CVE-2018-4180,CVE-2018-4181,CVE-2018-4182,CVE-2018-4183 Description: This update for cups fixes the following issues: The following security vulnerabilities were fixed: - Fixed a local privilege escalation to root and sandbox bypasses in the scheduler - CVE-2018-4180: Fixed a local privilege escalation to root in dnssd backend (bsc#1096405) - CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive (bsc#1096406) - CVE-2018-4182: Fixed a sandbox bypass due to insecure error handling (bsc#1096407) - CVE-2018-4183: Fixed a sandbox bypass due to profile misconfiguration (bsc#1096408) ----------------------------------------- Patch: SUSE-2018-1478 Released: Thu Aug 2 14:35:56 2018 Summary: Recommended update for openssl-1_1 Severity: important References: 1084011,1090765 Description: This update for openssl-1_1 fixes the following issues: - Suggest libopenssl1_1-hmac from libopenssl1_1 package to avoid dependency issues during updates. (bsc#1090765) - Relax CN name restrictions. (bsc#1084011) ----------------------------------------- Patch: SUSE-2018-1486 Released: Fri Aug 3 16:08:24 2018 Summary: Recommended update for several YaST modules Severity: moderate References: 1065258,1073633,1078359,1081605,1083851,1085134,1089643,1089699,1094157,1094875,1094924,1094963,1095253,1096240,1096758,1097634,1098594,1099691,760213,966637 Description: This update fixes the following issues: yast2-update: - Update encryption device names according to the values in the crypttab file. (bsc#1094963) - Flush the disk cache after restoring the backup to mitigate risk of data loss after unexpected reboot/poweroff after aborting upgrade. (bsc#1089643) - Added additional searchkeys to desktop file (fate#321043, bsc#1099691) yast2-storage-ng: - Partitioner: when creating a partition, use only regions of the selected type: primary, logical or extended (bsc#1097634). - AutoYaST: Export BIOS RAID devices correctly. (bsc#1098594) - AutoYaST: Do not crash when reusing partitions on non-disk devices like DASD or BIOS RAID. (bsc#1098594) - Added additional searchkeys to desktop file (fate#321043). - Mask systemd mount and swap units while expert partitioner is running. (bsc#1073633) - Partitioner: Add checkbox to format system volumes when importing mount points. (bsc#1078359, bsc#1094924) - Partitioner: Honor default subvolumes when importing the root mount point. (related to bsc#1078359, bsc#1083851 and fate#318196) - Partitioner: Honor default snapshots configuration when importing the root mount point. (bsc#966637) - Fixed crash in the error callback when the text contained non-ASCII characters in the translated message. (bsc#1096758) - Allow for numbers > 32 bit in region dialog. (bsc#1065258) - Fix 'Arbitrary Option Value' translation. (bsc#1081605) - Better auto-generated names for encryption devices: + Based on the udev id of the encrypted devices instead of its kernel name. (bsc#760213) + Adapted when partition numbers change, if doable. (bsc#1094157) + Prevent collision with other DeviceMapper names. (bsc#1094157) Do not write LUKS password of the proposal into YaST logs. - Do not crash when registering a zero-sized device into the logs. - AutoYaST: Fix handling of empty Btrfs subvolume prefixes. (bsc#1096240) - Added method to update encryption names according to a crypttab file. (needed for bsc#1094963) - Added additional searchkeys to desktop file (fate#321043, bsc#1099691) yast2-firstboot: - Allow going back from finish step and unified halt. (bsc#1095253) yast2-installation: - Firstboot.service: Shutdown on failure preventing the service to hang because of a systemd dependency when trying to call halt directly from the firsboot clients. (bsc#1095253) - Fixed possibly broken system after aborting upgrade running over SSH (caused by a partially finished rollback). (bsc#1089643) - Added additional searchkeys to desktop file (fate#321043). - Adapted testsuite to change in yast2-storage-ng. (bsc#1073633) libstorage-ng: - Handle device type attribute of udevadm info output. - Expose Device#devicegraph. (needed for bsc#1094157) - Do not try to activate LUKS on devices used by multipath. (bsc#1089699) - Encryption#set_dm_table_name adjusts #name. (bsc#1094157, bsc#1094963) - Added translations for Indonesian, Russian, Chinese (Taiwan), Portuguese (Brazil), Spanish, Slovak, Czech, Italian, Catalan and French. - Return better exception. (related to bsc#1094963) ----------------------------------------- Patch: SUSE-2018-1488 Released: Fri Aug 3 17:27:16 2018 Summary: Recommended update for samba Severity: moderate References: 1065551,1071090,1088574,1093864,1094881,1099702 Description: This update provides version 4.7.8 of samba and fixes the following issues: - Update tevent to version 0.9.36. - Update talloc to verison 2.1.11. - Use new foreground execution flags for systemd samba daemons. (bsc#1088574, bsc#1071090, bsc#1065551, bsc#1094881) - Add missing package descriptions for several sub-packages. (bsc#1093864) - s3/smbd: Generic fix for incorrect reporting of stream dos attributes on a directory. - ceph/VFS: Add asynchronous fsync to ceph module, fake using synchronous call. - s3/libsmbclient: Fix hard-coded connection error return of ETIMEDOUT. - s3/smbd: Fix SMB2-FLUSH against directories. - s3/smbd/printing: Re-implement delete-on-close semantics for print files missing since 3.5.x. - python: Fix talloc frame use in make_simple_acl(). - winbindd on the AD DC is slow for passdb queries. - No Backtrace given by Samba's AD DC by default. - winbindd doesn't recover loss of netlogon secure channel in case the peer DC is rebooted. - s3/smbd: Fix interaction between chown and SD flags. - s4-heimdal: Fix the format-truncation errors. - vfs_ceph: Add fake async pwrite/pread send/recv hooks. - printing: Return the same error code as Windows does on upload failures. - winbind: Improve child selection. - winbind: Maintain a binding handle per domain and always go via wb_domain_request_send(). - winbindd doesn't recover loss of netlogon secure channel in case the peer DC is rebooted. - Looking up the user using the UPN results in user name with the REALM instead of the DOMAIN. - rpc_server: Init local_server_* in make_internal_rpc_pipe_socketpair. - smbclient: Fix broken notify. - libads: Fix the build --without-ads. - winbindd: Don't split the rid for SID_NAME_DOMAIN sids in wb_lookupsids. - winbindd: Initialize type = SID_NAME_UNKNOWN in wb_lookupsids_single_done(). - s4:rpc_server: Fix call_id truncation in dcesrv_find_fragmented_call(). - A disconnecting winbind client can cause a problem in the winbind parent child communication. - winbind: Use one queue for all domain children. - Minimize the lifetime of winbindd_cli_state->{pw,gr}ent_state. - winbind should avoid using fstrcpy(domain->dcname,...) on a char *. - The winbind parent should find the dc of a foreign domain via the primary domain. - nsswitch: Fix memory leak in winbind_open_pipe_sock() when the privileged pipe is not accessable. - Fix broken server side GENSEC_FEATURE_LDAP_STYLE handling (NTLMSSP NTLM2 packet check failed due to invalid signature!). - s3/VFS: Fix memory leak in vfs_ceph. - rpc_server: Fix NetSessEnum with stale sessions. - dfree cache returning incorrect data for sub directory mounts. - Looking up the user using the UPN results in user name with the REALM instead of the DOMAIN. - s3/passdb: Do not return OK if we don't have pinfo set up. - s3/utils: Do not segfault on error in DoDNSUpdate(). - s4/auth_sam: Allow logons with an empty domain name. - s3/ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here. - s3/smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir(). - Round-tripping ACL get/set through vfs_fruit will increase the number of ACE entries without limit. - s3/smbd/SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues. - s3/smbd: Files or directories can't be opened DELETE_ON_CLOSE without delete access. - s3/smbd: Fix memory leak in vfswrap_getwd(). - s3/smbd: Unix extensions attempts to change wrong field in fchown call. - s3/smbd: Don't use the directory cache for SMB2/3. - build: Fix libceph-common detection. - build: Fix ceph_statx check when configured with libcephfs_dir. - vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async. - ctdb-scripts: Drop 'net serverid wipe' from 50.samba event script. - s3/lib/messages: Don't use the result of sec_init() before calling sec_init(). - smbd can panic if the client-supplied channel sequence number wraps. - dsdb: Fix Uninitialized scalar variable. - s3/libsmb: Allow -U'\\administrator' to work. - Windows 10 cannot logon on Samba NT4 domain. - smbc_opendir should not return EEXIST with invalid login credentials. - s3/smbd: Map nterror on smb2_flush errorpath. - libsmb: Use smb2 tcon if conn_protocol >= SMB2_02. - subnet: Avoid a segfault when renaming subnet objects. - 'wbinfo --name-to-sid' returns misleading result on invalid query. - s3/smbd: Do not crash if we fail to init the session table. - Allow AESNI to be used on all processor supporting AESNI. ----------------------------------------- Patch: SUSE-2018-1491 Released: Fri Aug 3 17:43:44 2018 Summary: Recommended update for yast2-ftp-server Severity: moderate References: 1041829,921303 Description: This update for yast2-ftp-server fixes the following issues: Feature update: fate#321043: Added additional searchkeys to desktop file. Security issues fixed: - bsc#921303: Drop SSLv2 and SSLv3 as it is dropped for security reason for vsftpd. Bug fixes: - bsc#1041829: Do not modify value when Browse dialog is canceled. ----------------------------------------- Patch: SUSE-2018-1505 Released: Mon Aug 6 19:26:19 2018 Summary: Security update for the Linux Kernel Severity: important References: 1012382,1037697,1046299,1046300,1046302,1046303,1046305,1046306,1046307,1046533,1046543,1048129,1050242,1050529,1050536,1050538,1050540,1050549,1051510,1054245,1056651,1056787,1058115,1058169,1058659,1060463,1066110,1068032,1075087,1075360,1075876,1077338,1077761,1077989,1078248,1085042,1085536,1085539,1086282,1086283,1086286,1086301,1086313,1086314,1086319,1086323,1086324,1086457,1086652,1087092,1087202,1087217,1087233,1087978,1088821,1088866,1090098,1090888,1091041,1091171,1091424,1091860,1092472,1093035,1093118,1093148,1093290,1093666,1094119,1094244,1094978,1095155,1095337,1096330,1096529,1096790,1096793,1097034,1097583,1097584,1097585,1097586,1097587,1097588,1097941,1097961,1098050,1098236,1098401,1098599,1098626,1098633,1098706,1098983,1098995,1099029,1099041,1099109,1099142,1099183,1099193,1099715,1099792,1099918,1099924,1099966,1100132,1100209,1100340,1100362,1100382,1100416,1100418,1100491,1100602,1100633,1100843,1100884,1101143,1101296,1101315,1101324,1101337,1101352,1101564,1101669,1101674,1101789,1101813,1101816,1102088,1102097,1102147,1102340,1102512,1102851,1103216,1103220,1103230,1103421,CVE-2017-18344,CVE-2017-5753,CVE-2018-1118,CVE-2018-13053,CVE-2018-13405,CVE-2018-13406,CVE-2018-5390,CVE-2018-9385 Description: The SUSE Linux Enterprise 15 kernel-azure was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-5390 aka 'SegmentSmack': A remote attacker even with relatively low bandwidth could have caused lots of CPU usage by triggering the worst case scenario during IP and/or TCP fragment reassembly (bsc#1102340) - CVE-2017-18344: The timer_create syscall implementation didn't properly validate input, which could have lead to out-of-bounds access. This allowed userspace applications to read arbitrary kernel memory in some setups. (bsc#1102851) - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function could have result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1100418) - CVE-2018-13053: The alarm_timer_nsleep function had an integer overflow via a large relative timeout because ktime_add_safe was not used (bnc#1099924) - CVE-2018-13405: The inode_init_owner function allowed local users to create files with an unintended group ownership allowing attackers to escalate privileges by making a plain file executable and SGID (bnc#1100416) - CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bsc#1068032) - CVE-2018-1118: Linux kernel vhost did not properly initialize memory in messages passed between virtual guests and the host operating system. This could have allowed local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file (bsc#1092472) The following non-security bugs were fixed: - 1wire: family module autoload fails because of upper/lower case mismatch (bsc#1051510) - 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() (networking-stable-18_05_15) - acpi / LPSS: Add missing prv_offset setting for byt/cht PWM devices (bsc#1051510) - acpi / processor: Finish making acpi_processor_ppc_has_changed() void (bsc#1051510) - acpi / watchdog: properly initialize resources (bsc#1051510) - acpi, APEI, EINJ: Subtract any matching Register Region from Trigger resources (bsc#1051510) - acpi, nfit: Fix scrub idle detection (bsc#1094119) - acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value (bsc#1051510) - acpi: Add helper for deactivating memory region (bsc#1100132) - ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS (bsc#1051510) - alsa: hda - Handle pm failure during hotplug (bsc#1051510) - alsa: hda/ca0132 - use ARRAY_SIZE (bsc#1051510) - alsa: hda/ca0132: Delete pointless assignments to struct auto_pin_cfg fields (bsc#1051510) - alsa: hda/ca0132: Delete redundant UNSOL event requests (bsc#1051510) - alsa: hda/ca0132: Do not test for QUIRK_NONE (bsc#1051510) - alsa: hda/ca0132: Fix DMic data rate for Alienware M17x R4 (bsc#1051510) - alsa: hda/ca0132: Restore PCM Analog Mic-In2 (bsc#1051510) - alsa: hda/ca0132: Restore behavior of QUIRK_ALIENWARE (bsc#1051510) - alsa: hda/ca0132: make array ca0132_alt_chmaps static (bsc#1051510) - alsa: hda/realtek - Add Panasonic CF-SZ6 headset jack quirk (bsc#1051510) - alsa: hda/realtek - Add a quirk for FSC ESPRIMO U9210 (bsc#1051510) - alsa: hda/realtek - Fix pop noise on Lenovo P50 and co (bsc#1051510) - alsa: hda/realtek - Fix the problem of two front mics on more machines (bsc#1051510) - alsa: hda/realtek - Yet another Clevo P950 quirk entry (bsc#1101143) - alsa: hda/realtek - two more lenovo models need fixup of MIC_LOCATION (bsc#1051510) - alsa: hda: add mute led support for HP ProBook 455 G5 (bsc#1051510) - alsa: rawmidi: Change resized buffers atomically (bsc#1051510) - alsa: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl (bsc#1051510) - alsa: timer: Fix UBSAN warning at SNDRV_TIMER_IOCTL_NEXT_DEVICE ioctl (bsc#1051510) - alx: take rtnl before calling __alx_open from resume (bsc#1051510) - amd-xgbe: Add pre/post auto-negotiation phy hooks (networking-stable-18_04_26) - amd-xgbe: Improve KR auto-negotiation and training (networking-stable-18_04_26) - amd-xgbe: Only use the SFP supported transceiver signals (networking-stable-18_04_26) - amd-xgbe: Restore pci interrupt enablement setting on resume (networking-stable-18_03_07) - arch/*: Kconfig: fix documentation for NMI watchdog (bsc#1099918) - arm64: kpti: Use early_param for kpti= command-line option (bsc#1103220) - arm: amba: Do not read past the end of sysfs 'driver_override' buffer (CVE-2018-9385,bsc#1100491) - arm: module: fix modsign build error (bsc#1093666) - arp: fix arp_filter on l3slave devices (networking-stable-18_04_10) - asoc: cirrus: i2s: Fix LRCLK configuration (bsc#1051510) - asoc: cirrus: i2s: Fix {TX|RX}LinCtrlData setup (bsc#1051510) - asoc: cs35l35: Add use_single_rw to regmap config (bsc#1051510) - asoc: dapm: delete dapm_kcontrol_data paths list before freeing it (bsc#1051510) - asoc: mediatek: preallocate pages use platform device (bsc#1051510) - ath9k_htc: Add a sanity check in ath9k_htc_ampdu_action() (bsc#1051510) - atl1c: reserve min skb headroom (bsc#1051510) - audit: Fix wrong task in comparison of session ID (bsc#1051510) - audit: ensure that 'audit=1' actually enables audit for PID 1 (bsc#1051510) - audit: return on memory error to avoid null pointer dereference (bsc#1051510) - auxdisplay: fix broken menu (bsc#1051510) - auxdisplay: img-ascii-lcd: Only build on archs that have IOMEM (bsc#1051510) - auxdisplay: img-ascii-lcd: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510) - b44: Initialize 64-bit stats seqcount (bsc#1051510) - backlight: as3711_bl: Fix Device Tree node leaks (bsc#1051510) - backlight: as3711_bl: Fix Device Tree node lookup (bsc#1051510) - backlight: lm3630a: Bump REG_MAX value to 0x50 instead of 0x1F (bsc#1051510) - backlight: max8925_bl: Fix Device Tree node lookup (bsc#1051510) - backlight: tps65217_bl: Fix Device Tree node lookup (bsc#1051510) - batman-adv: Accept only filled wifi station info (bsc#1051510) - batman-adv: Always initialize fragment header priority (bsc#1051510) - batman-adv: Avoid race in TT TVLV allocator helper (bsc#1051510) - batman-adv: Avoid storing non-TT-sync flags on singular entries too (bsc#1051510) - batman-adv: Fix TT sync flags for intermediate TT responses (bsc#1051510) - batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump (bsc#1051510) - batman-adv: Fix bat_v best gw refcnt after netlink dump (bsc#1051510) - batman-adv: Fix check of retrieved orig_gw in batadv_v_gw_is_eligible (bsc#1051510) - batman-adv: Fix debugfs path for renamed hardif (bsc#1051510) - batman-adv: Fix debugfs path for renamed softif (bsc#1051510) - batman-adv: Fix internal interface indices types (bsc#1051510) - batman-adv: Fix lock for ogm cnt access in batadv_iv_ogm_calc_tq (bsc#1051510) - batman-adv: Fix multicast packet loss with a single WANT_ALL_IPV4/6 flag (bsc#1051510) - batman-adv: Fix netlink dumping of BLA backbones (bsc#1051510) - batman-adv: Fix netlink dumping of BLA claims (bsc#1051510) - batman-adv: Fix skbuff rcsum on packet reroute (bsc#1051510) - batman-adv: Ignore invalid batadv_iv_gw during netlink send (bsc#1051510) - batman-adv: Ignore invalid batadv_v_gw during netlink send (bsc#1051510) - batman-adv: Use default throughput value on cfg80211 error (bsc#1051510) - batman-adv: fix TT sync flag inconsistencies (bsc#1051510) - batman-adv: fix header size check in batadv_dbg_arp() (bsc#1051510) - batman-adv: fix multicast-via-unicast transmission with AP isolation (bsc#1051510) - batman-adv: fix packet checksum in receive path (bsc#1051510) - batman-adv: fix packet loss for broadcasted DHCP packets to a server (bsc#1051510) - batman-adv: invalidate checksum on fragment reassembly (bsc#1051510) - batman-adv: update data pointers after skb_cow() (bsc#1051510) - bfq: Re-enable auto-loading when built as a module (bsc#1099918) - blk-mq-debugfs: fix device sched directory for default scheduler (bsc#1099918) - blk-mq: count allocated but not started requests in iostats inflight (bsc#1077989) - blk-mq: do not keep offline CPUs mapped to hctx 0 (bsc#1099918) - blk-mq: fix sysfs inflight counter (bsc#1077989) - blk-mq: make sure hctx->next_cpu is set correctly (bsc#1099918) - blk-mq: make sure that correct hctx->next_cpu is set (bsc#1099918) - blk-mq: reinit q->tag_set_list entry only after grace period (bsc#1099918) - blk-mq: simplify queue mapping; schedule with each possisble CPU (bsc#1099918) - block, bfq: add missing invocations of bfqg_stats_update_io_add/remove (bsc#1099918) - block, bfq: fix occurrences of request finish method's old name (bsc#1099918) - block/swim: Remove extra put_disk() call from error path (bsc#1099918) - block: Fix __bio_integrity_endio() documentation (bsc#1099918) - block: Fix cloning of requests with a special payload (bsc#1099918) - block: always set partition number to '0' in blk_partition_remap() (bsc#1054245) - block: always set partition number to '0' in blk_partition_remap() (bsc#1077989) - block: bio_check_eod() needs to consider partitions (bsc#1077989) - block: cope with WRITE ZEROES failing in blkdev_issue_zeroout() (bsc#1099918) - block: factor out __blkdev_issue_zero_pages() (bsc#1099918) - block: fail op_is_write() requests to read-only partitions (bsc#1077989) - block: pass 'run_queue' to blk_mq_request_bypass_insert (bsc#1077989) - block: sed-opal: Fix a couple off by one bugs (bsc#1099918) - block: set request_list for request (bsc#1077989) - bluetooth: avoid recursive locking in hci_send_to_channel() (bsc#1051510) - bluetooth: hci_ll: Add support for the external clock (bsc#1051510) - bluetooth: hci_ll: Fix download_firmware() return when __hci_cmd_sync fails (bsc#1051510) - bluetooth: hci_nokia: select BT_HCIUART_H4 (bsc#1051510) - bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader (bsc#1051510) - bluetooth: hci_uart: fix kconfig dependency (bsc#1051510) - bnx2x: Collect the device debug information during Tx timeout (bsc#1086323) - bnx2x: Collect the device debug information during Tx timeout (bsc#1086323) - bnx2x: Deprecate pci_get_bus_and_slot() (bsc#1086323) - bnx2x: Replace doorbell barrier() with wmb() (bsc#1086323) - bnx2x: Use NETIF_F_GRO_HW (bsc#1086323) - bnx2x: Use pci_ari_enabled() instead of local copy (bsc#1086323) - bnx2x: fix slowpath null crash (bsc#1086323) - bnx2x: fix spelling mistake: 'registeration' -> 'registration' (bsc#1086323) - bnx2x: fix spelling mistake: 'registeration' -> 'registration' (bsc#1086323) - bnx2x: use the right constant (bsc#1086323) - bnxt_en: Add BCM5745X NPAR device IDs (bsc#1086282) - bnxt_en: Add IRQ remapping logic (bsc#1086282) - bnxt_en: Add TC to hardware QoS queue mapping logic (bsc#1086282) - bnxt_en: Add ULP calls to stop and restart IRQs (bsc#1086282) - bnxt_en: Add cache line size setting to optimize performance (bsc#1086282) - bnxt_en: Add cache line size setting to optimize performance (bsc#1086282) - bnxt_en: Add extended port statistics support (bsc#1086282) - bnxt_en: Add support for ndo_set_vf_trust (bsc#1086282) - bnxt_en: Add the new firmware API to query hardware resources (bsc#1086282) - bnxt_en: Add the new firmware API to query hardware resources (bsc#1086282) - bnxt_en: Adjust default rings for multi-port NICs (bsc#1086282) - bnxt_en: Always forward VF MAC address to the PF (bsc#1086282) - bnxt_en: Always set output parameters in bnxt_get_max_rings() (bsc#1050242) - bnxt_en: Always set output parameters in bnxt_get_max_rings() (bsc#1050242) - bnxt_en: Change IRQ assignment for rdma driver (bsc#1086282) - bnxt_en: Check max_tx_scheduler_inputs value from firmware (bsc#1086282) - bnxt_en: Check max_tx_scheduler_inputs value from firmware (bsc#1086282) - bnxt_en: Check the lengths of encapsulated firmware responses (bsc#1086282) - bnxt_en: Check the lengths of encapsulated firmware responses (bsc#1086282) - bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only (bsc#1086282) - bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only (bsc#1086282) - bnxt_en: Display function level rx/tx_discard_pkts via ethtool (bsc#1086282) - bnxt_en: Display function level rx/tx_discard_pkts via ethtool (bsc#1086282) - bnxt_en: Do not allow VF to read EEPROM (bsc#1086282) - bnxt_en: Do not modify max IRQ count after rdma driver requests/frees IRQs (bsc#1050242) - bnxt_en: Do not modify max IRQ count after rdma driver requests/frees IRQs (bsc#1050242) - bnxt_en: Do not reserve rings on VF when min rings were not provisioned by PF (bsc#1086282) - bnxt_en: Do not reserve rings on VF when min rings were not provisioned by PF (bsc#1086282) - bnxt_en: Do not set firmware time from VF driver on older firmware (bsc#1086282) - bnxt_en: Do not set firmware time from VF driver on older firmware (bsc#1086282) - bnxt_en: Eliminate duplicate barriers on weakly-ordered archs (bsc#1086282) - bnxt_en: Eliminate duplicate barriers on weakly-ordered archs (bsc#1086282) - bnxt_en: Expand bnxt_check_rings() to check all resources (bsc#1086282) - bnxt_en: Expand bnxt_check_rings() to check all resources (bsc#1086282) - bnxt_en: Fix NULL pointer dereference at bnxt_free_irq() (bsc#1086282) - bnxt_en: Fix NULL pointer dereference at bnxt_free_irq() (bsc#1086282) - bnxt_en: Fix ethtool -x crash when device is down (bsc#1086282) - bnxt_en: Fix firmware message delay loop regression (bsc#1086282) - bnxt_en: Fix for system hang if request_irq fails (bsc#1050242) - bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic (bsc#1050242) - bnxt_en: Fix regressions when setting up MQPRIO TX rings (bsc#1086282) - bnxt_en: Fix regressions when setting up MQPRIO TX rings (bsc#1086282) - bnxt_en: Fix the vlan_tci exact match check (bsc#1050242) - bnxt_en: Fix vnic accounting in the bnxt_check_rings() path (bsc#1086282) - bnxt_en: Fix vnic accounting in the bnxt_check_rings() path (bsc#1086282) - bnxt_en: Forward VF MAC address to the PF (bsc#1086282) - bnxt_en: Implement new method for the PF to assign SRIOV resources (bsc#1086282) - bnxt_en: Implement new method for the PF to assign SRIOV resources (bsc#1086282) - bnxt_en: Implement new method to reserve rings (bsc#1086282) - bnxt_en: Improve resource accounting for SRIOV (bsc#1086282) - bnxt_en: Improve ring allocation logic (bsc#1086282) - bnxt_en: Improve valid bit checking in firmware response message (bsc#1086282) - bnxt_en: Improve valid bit checking in firmware response message (bsc#1086282) - bnxt_en: Include additional hardware port statistics in ethtool -S (bsc#1086282) - bnxt_en: Include additional hardware port statistics in ethtool -S (bsc#1086282) - bnxt_en: Increase RING_IDLE minimum threshold to 50 (bsc#1086282) - bnxt_en: Need to include rdma rings in bnxt_check_rings() (bsc#1086282) - bnxt_en: Need to include rdma rings in bnxt_check_rings() (bsc#1086282) - bnxt_en: Pass complete VLAN TCI to the stack (bsc#1086282) - bnxt_en: Read phy eeprom A2h address only when optical diagnostics is supported (bsc#1086282) - bnxt_en: Read phy eeprom A2h address only when optical diagnostics is supported (bsc#1086282) - bnxt_en: Refactor bnxt_close_nic() (bsc#1086282) - bnxt_en: Refactor bnxt_need_reserve_rings() (bsc#1086282) - bnxt_en: Refactor hardware resource data structures (bsc#1086282) - bnxt_en: Refactor the functions to reserve hardware rings (bsc#1086282) - bnxt_en: Refactor the functions to reserve hardware rings (bsc#1086282) - bnxt_en: Remap TC to hardware queues when configuring PFC (bsc#1086282) - bnxt_en: Remap TC to hardware queues when configuring PFC (bsc#1086282) - bnxt_en: Reserve RSS and L2 contexts for VF (bsc#1086282) - bnxt_en: Reserve completion rings and MSIX for bnxt_re rdma driver (bsc#1086282) - bnxt_en: Reserve completion rings and MSIX for bnxt_re rdma driver (bsc#1086282) - bnxt_en: Reserve resources for RFS (bsc#1086282) - bnxt_en: Reserve rings at driver open if none was reserved at probe time (bsc#1086282) - bnxt_en: Reserve rings at driver open if none was reserved at probe time (bsc#1086282) - bnxt_en: Reserve rings in bnxt_set_channels() if device is down (bsc#1086282) - bnxt_en: Reserve rings in bnxt_set_channels() if device is down (bsc#1086282) - bnxt_en: Restore MSIX after disabling SRIOV (bsc#1086282) - bnxt_en: Set initial default RX and TX ring numbers the same in combined mode (bsc#1086282) - bnxt_en: Set initial default RX and TX ring numbers the same in combined mode (bsc#1086282) - bnxt_en: Simplify ring alloc/free error messages (bsc#1086282) - bnxt_en: Support max-mtu with VF-reps (bsc#1086282) - bnxt_en: Update firmware interface to 1.9.0 (bsc#1086282) - bnxt_en: Update firmware interface to 1.9.1.15 (bsc#1086282) - bnxt_en: Use a dedicated VNIC mode for rdma (bsc#1086282) - bnxt_en: close and open NIC, only when the interface is in running state (bsc#1086282) - bnxt_en: close and open NIC, only when the interface is in running state (bsc#1086282) - bnxt_en: export a common switchdev PARENT_ID for all reps of an adapter (bsc#1086282) - bnxt_en: export a common switchdev PARENT_ID for all reps of an adapter (bsc#1086282) - bnxt_en: reduce timeout on initial HWRM calls (bsc#1086282) - bonding: do not allow rlb updates to invalid mac (networking-stable-18_05_15) - bonding: do not set slave_dev npinfo before slave_enable_netpoll in bond_enslave (networking-stable-18_04_26) - bonding: fix the err path for dev hwaddr sync in bond_enslave (networking-stable-18_04_10) - bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave (networking-stable-18_04_10) - bonding: process the err returned by dev_set_allmulti properly in bond_enslave (networking-stable-18_04_10) - bonding: re-evaluate force_primary when the primary slave name changes (networking-stable-18_06_20) - bonding: send learning packets for vlans on slave (networking-stable-18_05_15) - bpf: make bnxt compatible w/ bpf_xdp_adjust_tail (bsc#1086282) - bridge: check iface upper dev when setting master via ioctl (networking-stable-18_05_15) - btrfs: Do not remove block group still has pinned down bytes (bsc#1086457) - btrfs: use btrfs_op instead of bio_op in __btrfs_map_block (bsc#1099918) - bus: arm-cci: Fix use of smp_processor_id() in preemptible context (bsc#1051510) - bus: arm-ccn: Check memory allocation failure (bsc#1051510) - bus: arm-ccn: Fix use of smp_processor_id() in preemptible context (bsc#1051510) - bus: arm-ccn: fix module unloading Error: Removing state 147 which has instances left (bsc#1051510) - can: bcm: check for null sk before deferencing it via the call to sock_net (bsc#1051510) - can: hi311x: Acquire SPI lock on ->do_get_berr_counter (bsc#1051510) - can: hi311x: Work around TX complete interrupt erratum (bsc#1051510) - can: m_can.c: fix setup of CCCR register: clear CCCR NISO bit before checking can.ctrlmode (bsc#1051510) - can: mpc5xxx_can: check of_iomap return before use (bsc#1051510) - can: peak_canfd: fix firmware: limit allocation to 32-bit DMA addr only (bsc#1051510) - can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK (bsc#1051510) - can: xilinx_can: fix RX overflow interrupt not being enabled (bsc#1051510) - can: xilinx_can: fix device dropping off bus on RX overrun (bsc#1051510) - can: xilinx_can: fix incorrect clear of non-processed interrupts (bsc#1051510) - can: xilinx_can: fix power management handling (bsc#1051510) - can: xilinx_can: fix recovery from error states not being propagated (bsc#1051510) - can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting (bsc#1051510) - cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN (networking-stable-18_04_13) - cdc_ncm: avoid padding beyond end of skb (networking-stable-18_06_20) - ceph: fix dentry leak in splice_dentry() (bsc#1098236) - cfg80211: initialize sinfo in cfg80211_get_station (bsc#1051510) - checkpatch: add 6 missing types to --list-types (bsc#1051510) - cifs: Check for timeout on Negotiate stage (bsc#1091171) - cifs: Fix infinite loop when using hard mount option (bsc#1091171) - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097) - clk: Do not show the incorrect clock phase (bsc#1051510) - clk: Do not write error code into divider register (bsc#1051510) - clk: Fix __set_clk_rates error print-string (bsc#1051510) - clk: at91: PLL recalc_rate() now using cached MUL and DIV values (bsc#1051510) - clk: at91: fix clk-generated parenting (bsc#1051510) - clk: axi-clkgen: Correctly handle nocount bit in recalc_rate() (bsc#1051510) - clk: bcm2835: De-assert/assert PLL reset signal when appropriate (bsc#1051510) - clk: fix false-positive Wmaybe-uninitialized warning (bsc#1051510) - clk: fix mux clock documentation (bsc#1051510) - clk: fix set_rate_range when current rate is out of range (bsc#1051510) - clk: hi3660: fix incorrect uart3 clock freqency (bsc#1051510) - clk: hi6220: change watchdog clock source (bsc#1051510) - clk: hi6220: mark clock cs_atb_syspll as critical (bsc#1051510) - clk: hisilicon: fix potential NULL dereference in hisi_clk_alloc() (bsc#1051510) - clk: hisilicon: mark wdt_mux_p[] as const (bsc#1051510) - clk: honor CLK_MUX_ROUND_CLOSEST in generic clk mux (bsc#1051510) - clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU (bsc#1051510) - clk: imx7d: fix mipi dphy div parent (bsc#1051510) - clk: mediatek: add the option for determining PLL source clock (bsc#1051510) - clk: mediatek: mark mtk_infrasys_init_early __init (bsc#1051510) - clk: meson: gxbb: fix clk_mclk_i958 divider flags (bsc#1051510) - clk: meson: gxbb: fix meson cts_amclk divider flags (bsc#1051510) - clk: meson: gxbb: fix wrong clock for SARADC/SANA (bsc#1051510) - clk: meson: meson8b: fix protection against undefined clks (bsc#1051510) - clk: meson: mpll: fix mpll0 fractional part ignored (bsc#1051510) - clk: meson: mpll: use 64-bit maths in params_from_rate (bsc#1051510) - clk: meson: remove unnecessary rounding in the pll clock (bsc#1051510) - clk: mvebu: use correct bit for 98DX3236 NAND (bsc#1051510) - clk: qcom: Base rcg parent rate off plan frequency (bsc#1051510) - clk: qcom: clk-smd-rpm: Fix the reported rate of branches (bsc#1051510) - clk: qcom: common: fix legacy board-clock registration (bsc#1051510) - clk: qcom: msm8916: Fix bimc gpu clock ops (bsc#1051510) - clk: qcom: msm8916: fix mnd_width for codec_digcodec (bsc#1051510) - clk: renesas: div6: Document fields used for parent selection (bsc#1051510) - clk: renesas: r8a7745: Remove PLL configs for MD19=0 (bsc#1051510) - clk: renesas: r8a7745: Remove nonexisting scu-src[0789] clocks (bsc#1051510) - clk: renesas: r8a7795: Correct pwm, gpio, and i2c parent clocks on ES2.0 (bsc#1051510) - clk: renesas: rcar-gen2: Fix PLL0 on R-Car V2H and E2 (bsc#1051510) - clk: rockchip: Fix wrong parent for SDMMC phase clock for rk3228 (bsc#1051510) - clk: rockchip: Prevent calculating mmc phase if clock rate is zero (bsc#1051510) - clk: samsung: Fix m2m scaler clock on Exynos542x (bsc#1051510) - clk: samsung: exynos3250: Fix PLL rates (bsc#1051510) - clk: samsung: exynos5250: Add missing clocks for FIMC LITE SYSMMU devices (bsc#1051510) - clk: samsung: exynos5250: Fix PLL rates (bsc#1051510) - clk: samsung: exynos5260: Fix PLL rates (bsc#1051510) - clk: samsung: exynos5433: Fix PLL rates (bsc#1051510) - clk: samsung: exynos7: Fix PLL rates (bsc#1051510) - clk: samsung: s3c2410: Fix PLL rates (bsc#1051510) - clk: scpi: error when clock fails to register (bsc#1051510) - clk: scpi: fix return type of __scpi_dvfs_round_rate (bsc#1051510) - clk: si5351: Rename internal plls to avoid name collisions (bsc#1051510) - clk: si5351: fix PLL reset (bsc#1051510) - clk: socfpga: Fix the smplsel on Arria10 and Stratix10 (bsc#1051510) - clk: sunxi-ng: Fix fractional mode for N-M clocks (bsc#1051510) - clk: sunxi-ng: Make fractional helper less chatty (bsc#1051510) - clk: sunxi-ng: Wait for lock when using fractional mode (bsc#1051510) - clk: sunxi-ng: a31: Fix CLK_OUT_* clock ops (bsc#1051510) - clk: sunxi-ng: add CLK_SET_RATE_PARENT flag to H3 GPU clock (bsc#1051510) - clk: sunxi-ng: add CLK_SET_RATE_UNGATE to all H3 PLLs (bsc#1051510) - clk: sunxi-ng: allow set parent clock (PLL_CPUX) for CPUX clock on H3 (bsc#1051510) - clk: sunxi-ng: h3: gate then ungate PLL CPU clk after rate change (bsc#1051510) - clk: sunxi-ng: multiplier: Fix fractional mode (bsc#1051510) - clk: sunxi-ng: nm: Check if requested rate is supported by fractional clock (bsc#1051510) - clk: sunxi-ng: sun5i: Fix bit offset of audio PLL post-divider (bsc#1051510) - clk: sunxi-ng: sun6i: Export video PLLs (bsc#1051510) - clk: sunxi-ng: sun6i: Rename HDMI DDC clock to avoid name collision (bsc#1051510) - clk: sunxi: fix build warning (bsc#1051510) - clk: sunxi: fix uninitialized access (bsc#1051510) - clk: tegra: Fix cclk_lp divisor register (bsc#1051510) - clk: tegra: Fix pll_u rate configuration (bsc#1051510) - clk: tegra: Use readl_relaxed_poll_timeout_atomic() in tegra210_clock_init() (bsc#1051510) - clk: ti: dra7-atl-clock: fix child-node lookups (bsc#1051510) - clk: uniphier: fix DAPLL2 clock rate of Pro5 (bsc#1051510) - clk: x86: Do not gate clocks enabled by the firmware (bsc#1051510) - clockevents/drivers/cs5535: Improve resilience to spurious interrupts (bsc#1051510) - clocksource/drivers/stm32: Fix kernel panic with multiple timers (bsc#1051510) - cnic: Fix an error handling path in 'cnic_alloc_bnx2x_resc()' (bsc#1086324) - cnic: Fix an error handling path in 'cnic_alloc_bnx2x_resc()' (bsc#1086324) - cpufreq: CPPC: Initialize shared perf capabilities of CPUs (bsc#1100884) - cpufreq: Fix new policy initialization during limits updates via sysfs (bsc#1100884) - cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path (bsc#1100884) - cpufreq: docs: Add missing cpuinfo_cur_freq description (bsc#1051510) - cpufreq: docs: Drop intel-pstate.txt from index.txt (bsc#1051510) - cpufreq: governors: Fix long idle detection logic in load calculation (bsc#1100884) - cpufreq: intel_pstate: Add HWP boost utility and sched util hooks (bsc#1066110) - cpufreq: intel_pstate: Fix scaling max/min limits with Turbo 3.0 (bsc#1051510) - cpufreq: intel_pstate: HWP boost performance on IO wakeup (bsc#1066110) - cpufreq: intel_pstate: New sysfs entry to control HWP boost (bsc#1066110) - cpufreq: intel_pstate: enable boost for Skylake Xeon (bsc#1066110) - cpufreq: powernv: Fix hardlockup due to synchronous smp_call in timer interrupt (bsc#1100884) - cpuidle: powernv: Fix promotion from snooze if next state disabled (bsc#1100884) - crash_dump: is_kdump_kernel can be boolean (bsc#1103230) - crypto: caam/qi - explicitly set dma_ops (bsc#1051510) - crypto: ccp - remove unused variable qim (bsc#1051510) - crypto: change transient busy return code to -ENOSPC (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Add authenc versions of ctr and sha (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Check error code with IS_ERR macro (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Fix IV updated in XTS operation (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Fix Indentation (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Fix an error code in chcr_hash_dma_map() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Fix indentation warning (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Fix iv passed in fallback path for rfc3686 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Fix src buffer dma length (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Make function aead_ccm_validate_input static (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Move DMA un/mapping to chcr from lld cxgb4 driver (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Remove allocation of sg list to implement 2K limit of dsgl header (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Remove dst sg size zero check (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Remove unused parameter (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Update IV before sending request to HW (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Use kernel round function to align lengths (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - Use x8_ble gf multiplication to calculate IV (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - check for sg null (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: chelsio - do not leak pointers to authenc keys (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak (bsc#1051510) - crypto: crypto4xx - remove bad list_del (bsc#1051510) - crypto: gf128mul - The x8_ble multiplication functions (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - crypto: sha512-mb - add some missing unlock on error (bsc#1051510) - cxgb4/cxgb4vf: Notify link changes to OS-dependent code (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4/cxgb4vf: add support for ndo_set_vf_vlan (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4/cxgb4vf: check fw caps to set link mode mask (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4/cxgb4vf: link management changes for new SFP (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Add FORCE_PAUSE bit to 32 bit port caps (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Add HMA support (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Add TP Congestion map entry for single-port (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Add new T5 device id (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Add new T6 device ids (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Add support for ethtool i2c dump (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Add support to initialise/read SRQ entries (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Add support to query HW SRQ parameters (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Adds CPL support for Shared Receive Queues (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Check alignment constraint for T6 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Check for kvzalloc allocation failure (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Fix error handling path in 'init_one()' (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Fix queue free path of ULD drivers (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Fix {vxlan/geneve}_port initialization (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: IPv6 filter takes 2 tids (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Setup FW queues before registering netdev (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Support firmware rdma write completion work request (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: Support firmware rdma write with immediate work request (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: add new T5 device id's (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: avoid schedule while atomic (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: change the port capability bits definition (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: clean up init_one (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: collect SGE PF/VF queue map (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: collect hardware dump in second kernel (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: copy adap index to PF0-3 adapter instances (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: copy mbox log size to PF0-3 adap instances (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: copy the length of cpl_tx_pkt_core to fw_wr (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: copy vlan_id in ndo_get_vf_config (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: depend on firmware event for link status (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: do L1 config when module is inserted (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: do not display 50Gbps as unsupported speed (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: do not fail vf instatiation in slave mode (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: do not set needs_free_netdev for mgmt dev's (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: enable ZLIB_DEFLATE when building cxgb4 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: enable inner header checksum calculation (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: fix the wrong conversion of Mbps to Kbps (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: free up resources of pf 0-3 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: increase max tx rate limit to 100 Gbps (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: notify fatal error to uld drivers (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: remove dead code when allocating filter (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: restructure VF mgmt code (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: rework on-chip memory read (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: support new ISSI flash parts (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: update LE-TCAM collection for T6 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: update dump collection logic to use compression (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: update latest firmware version supported (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: use CLIP with LIP6 on T6 for TCAM filters (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: use zlib deflate to compress firmware dump (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4: zero the HMA memory (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4vf: Forcefully link up virtual interfaces (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgb4vf: display pause settings (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - cxgbit: call neigh_event_send() to update MAC address (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - dax: check for QUEUE_FLAG_DAX in bdev_dax_supported() (bsc#1101315) - dccp: do not free ccid2_hc_tx_sock struct in dccp_disconnect() (networking-stable-18_06_08) - dccp: do not restart ccid2_hc_tx_rto_expire() if sk in closed state (networking-stable-18_01_28) - dccp: fix tasklet usage (networking-stable-18_05_15) - dell_rbu: make firmware payload memory uncachable (bsc#1087978) - device property: Allow iterating over available child fwnodes (bsc#1098633) - device property: Introduce fwnode_call_bool_op() for ops that return bool (bsc#1098633) - device property: Introduce fwnode_device_is_available() (bsc#1098633) - device property: Introduce fwnode_get_mac_address() (bsc#1098633) - device property: Introduce fwnode_get_phy_mode() (bsc#1098633) - device property: Introduce fwnode_irq_get() (bsc#1098633) - device property: Move FW type specific functionality to FW specific files (bsc#1098633) - device property: Move fwnode graph ops to firmware specific locations (bsc#1098633) - device property: preserve usecount for node passed to of_fwnode_graph_get_port_parent() (bsc#1098633) - device: Fix kABI breakage for of/device change (bsc#1051510) - devlink: Remove redundant free on error path (networking-stable-18_03_28) - dm integrity: use kvfree for kvmalloc'd memory (bsc#1099918) - dm mpath: fix bio-based multipath queue_if_no_path handling (bsc#1099918) - dm raid: do not use 'const' in function return (bsc#1099918) - dm zoned: avoid triggering reclaim from inside dmz_map() (bsc#1099918) - dm: convert DM printk macros (bsc#1099918) - dm: fix printk() rate limiting code (bsc#1099918) - dm: use bio_split() when splitting out the already processed bio (bsc#1099918) - dmaengine: fsl-edma: disable clks on all error paths (bsc#1051510) - dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() (bsc#1051510) - dmaengine: mv_xor_v2: Fix clock resource by adding a register clock (bsc#1051510) - dmaengine: omap-dma: port_window support correction for both direction (bsc#1051510) - dmaengine: pl330: fix a race condition in case of threaded irqs (bsc#1051510) - dmaengine: pl330: report BURST residue granularity (bsc#1051510) - dmaengine: qcom: bam_dma: get num-channels and num-ees from dt (bsc#1051510) - dmaengine: qcom_hidma: check pending interrupts (bsc#1051510) - dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue() (bsc#1051510) - dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 (bsc#1051510) - dmaengine: tegra-apb: Really fix runtime-pm usage (bsc#1051510) - dmaengine: tegra210-adma: fix of_irq_get() error check (bsc#1051510) - dmaengine: xilinx_dma: Fix error code format specifier (bsc#1051510) - dmaengine: zynqmp_dma: Fix race condition in the probe (bsc#1051510) - doc: Rename .system_keyring to .builtin_trusted_keys (bsc#1051510) - doc: SKB_GSO_[IPIP|SIT] have been replaced (bsc#1051510) - docs-rst: fix broken links to dynamic-debug-howto in kernel-parameters (bsc#1051510) - docs: segmentation-offloads.txt: Fix ref to SKB_GSO_TUNNEL_REMCSUM (bsc#1051510) - documentation: admin-guide: intel_pstate: Fix sysfs path (bsc#1051510) - dp83640: Ensure against premature access to PHY registers after reset (bsc#1051510) - dpaa_eth: increment the RX dropped counter when needed (networking-stable-18_03_28) - dpaa_eth: remove duplicate increment of the tx_errors counter (networking-stable-18_03_28) - dpaa_eth: remove duplicate initialization (networking-stable-18_03_28) - drbd: Fix drbd_request_prepare() discard handling (bsc#1099918) - drbd: fix access after free (bsc#1051510) - driver core: Do not ignore class_dir_create_and_add() failure (bsc#1051510) - driver core: Fix link to device power management documentation (bsc#1051510) - driver core: Move device_links_purge() after bus_remove_device() (bsc#1099918) - driver core: Partially revert 'driver core: correct device's shutdown order' (bsc#1051510) - drivers/firmware: psci_checker: Add missing destroy_timer_on_stack() (bsc#1051510) - drivers/net/ethernet/qlogic/qed: Fix __qed_spq_block() ordering (bsc#1086314 bsc#1086313 bsc#1086301) - drivers/net/ethernet/qlogic/qed: Fix __qed_spq_block() ordering (bsc#1086314 bsc#1086313 bsc#1086301) - drivers: Move upstreamed ideapad-laptop patch to sorted section (bsc#1093035) - drivers: net: bnx2x: use setup_timer() helper (bsc#1086323) - drivers: net: i40evf: use setup_timer() helper (bsc#1101816) - drm/amdgpu: Add APU support in vi_set_uvd_clocks (bsc#1051510) - drm/amdgpu: Add APU support in vi_set_vce_clocks (bsc#1051510) - drm/amdgpu: Use kvmalloc_array for allocating VRAM manager nodes array (bsc#1051510) - drm/atmel-hlcdc: check stride values in the first plane (bsc#1051510) - drm/bridge/sii8620: fix potential buffer overflow (bsc#1051510) - drm/exynos: Fix dma-buf import (bsc#1051510) - drm/i915/dp: Send DPCD ON for MST before phy_up (bsc#1051510) - drm/i915/gvt: fix memory leak of a cmd_entry struct on error exit path (bsc#1051510) - drm/i915/psr: Chase psr.enabled only under the psr.lock (bsc#1051510) - drm/i915: Apply batch location restrictions before pinning (bsc#1051510) - drm/i915: Enable provoking vertex fix on Gen9 systems (bsc#1051510) - drm/i915: Fix context ban and hang accounting for client (bsc#1051510) - drm/i915: Fix hotplug irq ack on i965/g4x (bsc#1051510) - drm/i915: Only call tasklet_kill() on the first prepare_reset (bsc#1051510) - drm/i915: Remove unbannable context spam from reset (bsc#1051510) - drm/i915: Try GGTT mmapping whole object as partial (bsc#1051510) - drm/msm: do not deref error pointer in the msm_fbdev_create error path (bsc#1100209) - drm/nouveau/drm/nouveau: Fix runtime PM leak in nv50_disp_atomic_commit() (bsc#1090888) - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (bsc#1051510) - drm/nouveau: Avoid looping through fake MST connectors (bsc#1051510) - drm/nouveau: Use drm_connector_list_iter_* for iterating connectors (bsc#1051510) - drm/qxl: Call qxl_bo_unref outside atomic context (bsc#1051510) - drm/rockchip: Fix build warning in analogix_dp-rockchip.c (bsc#1085536) - drm/rockchip: analogix_dp: Remove unnecessary init code (bsc#1085536) - drm/rockchip: dw_hdmi: Move HDMI vpll clock enable to bind() (bsc#1087092) - drm/rockchip: inno_hdmi: Fix error handling path (bsc#1087092) - drm/rockchip: inno_hdmi: reorder clk_disable_unprepare call in unbind (bsc#1087092) - drm/tegra: Acquire a reference to the IOVA cache (bsc#1090888) - drm/udl: fix display corruption of the last line (bsc#1101337) - drm: Use kvzalloc for allocating blob property memory (bsc#1101352) - drm: mali-dp: Uninitialized variable in malidp_se_check_scaling() (bsc#1087092) - drm: rcar-du: Remove zpos field from rcar_du_vsp_plane_state structure (bsc#1085539) - drm: rcar-du: lvds: Fix LVDCR1 for R-Car gen3 (bsc#1085539) - dvb_frontend: do not use-after-free the frontend struct (bsc#1051510) - e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes (bsc#1075876) - earlycon: Use a pointer table to fix __earlycon_table stride (bsc#1099918) - efi/efi_test: Prevent an Oops in efi_runtime_query_capsulecaps() (bsc#1051510) - enic: do not overwrite error code (bsc#1037697) - enic: enable rq before updating rq descriptors (bsc#1037697) - enic: set DMA mask to 47 bit (networking-stable-18_06_08) - ethernet/broadcom: Use zeroing memory allocator than allocator/memset (bsc#1086282) - ethernet/broadcom: Use zeroing memory allocator than allocator/memset (bsc#1086282) - ethtool: add ethtool_intersect_link_masks (bsc#1101816) - f2fs: fix to wake up all sleeping flusher (bsc#1099918) - fib_semantics: Do not match route with mismatching tclassid (networking-stable-18_03_07) - firewire: net: max MTU off by one (bsc#1051510) - firmware: arm_scpi: fix endianness of dev_id in struct dev_pstate_set (bsc#1051510) - firmware: dmi: Optimize dmi_matches (bsc#1051510) - firmware: tegra: Fix locking bugs in BPMP (bsc#1051510) - fix Patch-mainline header - fix kabi due to perf_event.h uapi field change - flow_dissector: properly cap thoff field (networking-stable-18_01_28) - fm10k: Fix configuration for macvlan offload (bsc#1101813) - fm10k: Fix misuse of net_ratelimit() (bsc#1101813) - fm10k: Use seq_putc() in fm10k_dbg_desc_break() (bsc#1101813) - fm10k: add missing fall through comment (bsc#1101813) - fm10k: avoid divide by zero in rare cases when device is resetting (bsc#1101813) - fm10k: avoid divide by zero in rare cases when device is resetting (bsc#1101813) - fm10k: avoid needless delay when loading driver (bsc#1101813) - fm10k: avoid possible truncation of q_vector->name (bsc#1101813) - fm10k: bump version number (bsc#1101813) - fm10k: clarify action when updating the VLAN table (bsc#1101813) - fm10k: cleanup unnecessary parenthesis in fm10k_iov.c (bsc#1101813) - fm10k: cleanup unnecessary parenthesis in fm10k_iov.c (bsc#1101813) - fm10k: correct typo in fm10k_pf.c (bsc#1101813) - fm10k: do not assume VLAN 1 is enabled (bsc#1101813) - fm10k: do not loop while resetting VFs due to VFLR event (bsc#1101813) - fm10k: do not loop while resetting VFs due to VFLR event (bsc#1101813) - fm10k: do not protect fm10k_queue_mac_request by fm10k_host_mbx_ready (bsc#1101813) - fm10k: do not protect fm10k_queue_mac_request by fm10k_host_mbx_ready (bsc#1101813) - fm10k: fix 'failed to kill vid' message for VF (bsc#1101813) - fm10k: fix function doxygen comments (bsc#1101813) - fm10k: fix incorrect warning for function prototype (bsc#1101813) - fm10k: fix typos on fall through comments (bsc#1101813) - fm10k: introduce a message queue for MAC/VLAN messages (bsc#1101813) - fm10k: introduce a message queue for MAC/VLAN messages (bsc#1101813) - fm10k: mark PM functions as __maybe_unused (bsc#1101813) - fm10k: move fm10k_prepare_for_reset and fm10k_handle_reset (bsc#1101813) - fm10k: move fm10k_prepare_for_reset and fm10k_handle_reset (bsc#1101813) - fm10k: prefer %s and __func__ for diagnostic prints (bsc#1101813) - fm10k: prepare_for_reset() when we lose pcie Link (bsc#1101813) - fm10k: prevent race condition of __FM10K_SERVICE_SCHED (bsc#1101813) - fm10k: prevent race condition of __FM10K_SERVICE_SCHED (bsc#1101813) - fm10k: reduce duplicate fm10k_stat macro code (bsc#1101813) - fm10k: reschedule service event if we stall the PF-SM mailbox (bsc#1101813) - fm10k: reschedule service event if we stall the PF-SM mailbox (bsc#1101813) - fm10k: setup VLANs for l2 accelerated macvlan interfaces (bsc#1101813) - fm10k: setup VLANs for l2 accelerated macvlan interfaces (bsc#1101813) - fm10k: simplify reading PFVFLRE register (bsc#1101813) - fm10k: stop adding VLAN 0 to the VLAN table (bsc#1101813) - fm10k: stop spurious link down messages when Tx FIFO is full (bsc#1101813) - fm10k: stop spurious link down messages when Tx FIFO is full (bsc#1101813) - fm10k: use generic PM hooks instead of legacy pcie power hooks (bsc#1101813) - fm10k: use generic PM hooks instead of legacy pcie power hooks (bsc#1101813) - fm10k: use macro to avoid passing the array and size separately (bsc#1101813) - fm10k: use macro to avoid passing the array and size separately (bsc#1101813) - fm10k: use spinlock to implement mailbox lock (bsc#1101813) - fm10k: use the MAC/VLAN queue for VF-PF MAC/VLAN requests (bsc#1101813) - fm10k: use the MAC/VLAN queue for VF-PF MAC/VLAN requests (bsc#1101813) - fm10k: use variadic arguments to fm10k_add_stat_strings (bsc#1101813) - fm10k: use variadic arguments to fm10k_add_stat_strings (bsc#1101813) - fm10k: warn if the stat size is unknown (bsc#1101813) - fs/binfmt_misc.c: do not allow offset overflow (bsc#1099142) - fsi: core: register with postcore_initcall (bsc#1051510) - ftrace: Fix selftest goto location on error (bsc#1099918) - fuse: Remove the buggy retranslation of pids in fuse_dev_do_read (bsc#1051510) - fuse: atomic_o_trunc should truncate pagecache (bsc#1051510) - fuse: do not keep dead fuse_conn at fuse_fill_super() (bsc#1051510) - fuse: fix congested state leak on aborted connections (bsc#1051510) - fuse: fix control dir setup and teardown (bsc#1051510) - gpio: acpi: work around false-positive -Wstring-overflow warning (bsc#1051510) - gpio: brcmstb: allow all instances to be wakeup sources (bsc#1051510) - gpio: brcmstb: check return value of gpiochip_irqchip_add() (bsc#1051510) - gpio: brcmstb: correct the configuration of level interrupts (bsc#1051510) - gpio: brcmstb: release the bgpio lock during irq handlers (bsc#1051510) - gpio: brcmstb: switch to handle_level_irq flow (bsc#1051510) - gpio: pca953x: fix vendor prefix for PCA9654 (bsc#1051510) - gpio: reject invalid gpio before getting gpio_desc (bsc#1051510) - gpio: tegra: fix unbalanced chained_irq_enter/exit (bsc#1051510) - gpu: host1x: Acquire a reference to the IOVA cache (bsc#1090888) - hdlc_ppp: carrier detect ok, do not turn off negotiation (networking-stable-18_03_07) - hid: add backlight level quirk for Asus ROG laptops (bsc#1101324) - hid: debug: check length before copy_to_user() (bsc#1051510) - hid: hiddev: fix potential Spectre v1 (bsc#1051510) - hid: i2c-hid: Fix 'incomplete report' noise (bsc#1051510) - hid: intel-ish-hid: use put_device() instead of kfree() (bsc#1051510) - hid: intel_ish-hid: ipc: register more pm callbacks to support hibernation (bsc#1051510) - hid: lenovo: Add support for IBM/Lenovo Scrollpoint mice (bsc#1051510) - hid: wacom: Add support for One by Wacom (CTL-472 / CTL-672) (bsc#1100633) - hid: wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large (bsc#1051510) - hid: wacom: Correct touch maximum XY of 2nd-gen Intuos (bsc#1051510) - hid: wacom: Release device resource data obtained by devres_alloc() (bsc#1051510) - hwmon: (aspeed-pwm) add THERMAL dependency (bsc#1051510) - hwmon: (ftsteutates) Fix clearing alarm sysfs entries (bsc#1051510) - hwmon: (jc42) optionally try to disable the SMBUS timeout (bsc#1051510) - hwmon: (ltc2990) Fix incorrect conversion of negative temperatures (bsc#1051510) - hwmon: (nct6683) Enable EC access if disabled at boot (bsc#1051510) - hwmon: (nct6775) Fix writing pwmX_mode (bsc#1051510) - hwmon: (pmbus/adm1275) Accept negative page register values (bsc#1051510) - hwmon: (pmbus/max8688) Accept negative page register values (bsc#1051510) - hwmon: (stts751) buffer overrun on wrong chip configuration (bsc#1051510) - hwmon: (tmp102) Fix first temperature reading (bsc#1051510) - hwmon: Deal with errors from the thermal subsystem (bsc#1051510) - hwrng: stm32 - add reset during probe (bsc#1051510) - hwtracing: stm: fix build error on some arches (bsc#1051510) - i2c: axxia: enable clock before calling clk_get_rate() (bsc#1051510) - i2c: designware: Round down acpi provided clk to nearest supported clk (bsc#1051510) - i2c: mux: pinctrl: mention correct module name in Kconfig help text (bsc#1051510) - i2c: pmcmsp: fix error return from master_xfer (bsc#1051510) - i2c: pmcmsp: return message count on master_xfer success (bsc#1051510) - i2c: tegra: Fix NACK error handling (bsc#1051510) - i2c: viperboard: return message count on master_xfer success (bsc#1051510) - i40e/i40evf: Add support for new mechanism of updating adaptive ITR (bsc#1101816) - i40e/i40evf: Add support for new mechanism of updating adaptive ITR (bsc#1101816) - i40e/i40evf: Bump driver versions (bsc#1101816) - i40e/i40evf: Clean up logic for adaptive ITR (bsc#1101816) - i40e/i40evf: Clean-up of bits related to using q_vector->reg_idx (bsc#1101816) - i40e/i40evf: Clean-up of bits related to using q_vector->reg_idx (bsc#1101816) - i40e/i40evf: Detect and recover hung queue scenario (bsc#1101816) - i40e/i40evf: Do not bother setting the CLEARPBA bit (bsc#1101816) - i40e/i40evf: Enable NVMUpdate to retrieve AdminQ and add preservation flags for NVM update (bsc#1101816) - i40e/i40evf: Enable NVMUpdate to retrieve AdminQ and add preservation flags for NVM update (bsc#1101816) - i40e/i40evf: Only track one ITR setting per ring instead of Tx/Rx (bsc#1101816) - i40e/i40evf: Only track one ITR setting per ring instead of Tx/Rx (bsc#1101816) - i40e/i40evf: Record ITR register location in the q_vector (bsc#1101816) - i40e/i40evf: Record ITR register location in the q_vector (bsc#1101816) - i40e/i40evf: Split container ITR into current_itr and target_itr (bsc#1101816) - i40e/i40evf: Split container ITR into current_itr and target_itr (bsc#1101816) - i40e/i40evf: Update DESC_NEEDED value to reflect larger value (bsc#1101816) - i40e/i40evf: Update DESC_NEEDED value to reflect larger value (bsc#1101816) - i40e/i40evf: Use ring pointers to clean up _set_itr_per_queue (bsc#1101816) - i40e/i40evf: Use ring pointers to clean up _set_itr_per_queue (bsc#1101816) - i40e/i40evf: Use usec value instead of reg value for ITR defines (bsc#1101816) - i40e/i40evf: Use usec value instead of reg value for ITR defines (bsc#1101816) - i40e/i40evf: always set the CLEARPBA flag when re-enabling interrupts (bsc#1101816) - i40e/i40evf: always set the CLEARPBA flag when re-enabling interrupts (bsc#1101816) - i40e/i40evf: bundle more descriptors when allocating buffers (bsc#1101816) - i40e/i40evf: bundle more descriptors when allocating buffers (bsc#1101816) - i40e/i40evf: cleanup incorrect function doxygen comments (bsc#1101816) - i40e/i40evf: cleanup incorrect function doxygen comments (bsc#1101816) - i40e/i40evf: do not trust VF to reset itself (bsc#1101816) - i40e/i40evf: fix incorrect default ITR values on driver load (bsc#1101816) - i40e/i40evf: fix incorrect default ITR values on driver load (bsc#1101816) - i40e/i40evf: organize and re-number feature flags (bsc#1101816) - i40e/i40evf: rename bytes_per_int to bytes_per_usec (bsc#1101816) - i40e/i40evf: use DECLARE_BITMAP for state (bsc#1101816) - i40e/i40evf: use SW variables for hang detection (bsc#1101816) - i40e/virtchnl: fix application of sizeof to pointer (bsc#1101816) - i40e: Add advertising 10G LR mode (bsc#1101816) - i40e: Add delay after EMP reset for firmware to recover (bsc#1101816) - i40e: Add delay after EMP reset for firmware to recover (bsc#1101816) - i40e: Add infrastructure for queue channel support (bsc#1101816) - i40e: Add macro for PF reset bit (bsc#1101816) - i40e: Add new PHY types for 25G AOC and ACC support (bsc#1101816) - i40e: Add returning AQ critical error to SW (bsc#1101816) - i40e: Add support for 'ethtool -m' (bsc#1101816) - i40e: Cleanup i40e_vlan_rx_register (bsc#1101816) - i40e: Close client on suspend and restore client MSIx on resume (bsc#1088821) - i40e: Delete an error message for a failed memory allocation in i40e_init_interrupt_scheme() (bsc#1101816) - i40e: Delete an error message for a failed memory allocation in i40e_init_interrupt_scheme() (bsc#1101816) - i40e: Disable iWARP VSI PETCP_ENA flag on netdev down events (bsc#1101816) - i40e: Disable iWARP VSI PETCP_ENA flag on netdev down events (bsc#1101816) - i40e: Display error message if module does not meet thermal requirements (bsc#1101816) - i40e: Display error message if module does not meet thermal requirements (bsc#1101816) - i40e: Do not allow use more TC queue pairs than MSI-X vectors exist (bsc#1094978) - i40e: Enable VF to negotiate number of allocated queues (bsc#1101816) - i40e: Enable VF to negotiate number of allocated queues (bsc#1101816) - i40e: Fix FLR reset timeout issue (bsc#1101816) - i40e: Fix a potential NULL pointer dereference (bsc#1101816) - i40e: Fix for NUP NVM image downgrade failure (bsc#1101816) - i40e: Fix for adding multiple ethtool filters on the same location (bsc#1101816) - i40e: Fix for adding multiple ethtool filters on the same location (bsc#1101816) - i40e: Fix for blinking activity instead of link LEDs (bsc#1101816) - i40e: Fix for blinking activity instead of link LEDs (bsc#1101816) - i40e: Fix kdump failure (bsc#1101816) - i40e: Fix link down message when interface is brought up (bsc#1101816) - i40e: Fix link down message when interface is brought up (bsc#1101816) - i40e: Fix multiple issues with UDP tunnel offload filter configuration (bsc#1101816) - i40e: Fix multiple issues with UDP tunnel offload filter configuration (bsc#1101816) - i40e: Fix permission check for VF MAC filters (bsc#1101816) - i40e: Fix recalculation of MSI-X vectors for VMDq (bsc#1101816) - i40e: Fix reporting of supported link modes (bsc#1101816) - i40e: Fix the number of queues available to be mapped for use (bsc#1094978) - i40e: Fix the polling mechanism of GLGEN_RSTAT.DEVSTATE (bsc#1101816) - i40e: Fix the polling mechanism of GLGEN_RSTAT.DEVSTATE (bsc#1101816) - i40e: Fix unqualified module message while bringing link up (bsc#1101816) - i40e: Fix unqualified module message while bringing link up (bsc#1101816) - i40e: Prevent setting link speed on I40E_DEV_ID_25G_B (bsc#1101816) - i40e: Prevent setting link speed on I40E_DEV_ID_25G_B (bsc#1101816) - i40e: Prevent setting link speed on KX_X722 (bsc#1101816) - i40e: Properly maintain flow director filters list (bsc#1101816) - i40e: Remove limit of 64 max queues per channel (bsc#1101816) - i40e: Retry AQC GetPhyAbilities to overcome I2CRead hangs (bsc#1101816) - i40e: Retry AQC GetPhyAbilities to overcome I2CRead hangs (bsc#1101816) - i40e: Stop dropping 802.1ad tags - eth proto 0x88a8 (bsc#1101816) - i40e: add check for return from find_first_bit call (bsc#1101816) - i40e: add doxygen comment for new mode parameter (bsc#1101816) - i40e: add function doc headers for ethtool stats functions (bsc#1101816) - i40e: add function doc headers for ethtool stats functions (bsc#1101816) - i40e: add function header for i40e_get_rxfh (bsc#1101816) - i40e: add helper conversion function for link_speed (bsc#1101816) - i40e: add tx_busy to ethtool stats (bsc#1101816) - i40e: allow XPS with QoS enabled (bsc#1101816) - i40e: always return VEB stat strings (bsc#1101816) - i40e: always return all queue stat strings (bsc#1101816) - i40e: avoid divide by zero (bsc#1101816) - i40e: avoid overflow in i40e_ptp_adjfreq() (bsc#1101816) - i40e: broadcast filters can trigger overflow promiscuous (bsc#1101816) - i40e: broadcast filters can trigger overflow promiscuous (bsc#1101816) - i40e: calculate ethtool stats size in a separate function (bsc#1101816) - i40e: calculate ethtool stats size in a separate function (bsc#1101816) - i40e: change flags to use 64 bits (bsc#1101816) - i40e: change ppp name to ddp (bsc#1101816) - i40e: check for invalid DCB config (bsc#1101816) - i40e: cleanup unnecessary parens (bsc#1101816) - i40e: cleanup whitespace for some ethtool stat definitions (bsc#1101816) - i40e: cleanup whitespace for some ethtool stat definitions (bsc#1101816) - i40e: cleanup wording in a header comment (bsc#1101816) - i40e: convert i40e_get_settings_link_up to new API (bsc#1101816) - i40e: convert i40e_phy_type_to_ethtool to new API (bsc#1101816) - i40e: convert i40e_set_link_ksettings to new API (bsc#1101816) - i40e: disallow programming multiple filters with same criteria (bsc#1101816) - i40e: disallow programming multiple filters with same criteria (bsc#1101816) - i40e: display priority_xon and priority_xoff stats (bsc#1101816) - i40e: do not clear suspended state until we finish resuming (bsc#1101816) - i40e: do not clear suspended state until we finish resuming (bsc#1101816) - i40e: do not enter PHY debug mode while setting LEDs behaviour (bsc#1101816) - i40e: do not enter PHY debug mode while setting LEDs behaviour (bsc#1101816) - i40e: do not force filter failure in overflow promiscuous (bsc#1101816) - i40e: do not force filter failure in overflow promiscuous (bsc#1101816) - i40e: do not hold spinlock while resetting VF (bsc#1101816) - i40e: do not leak memory addresses (bsc#1101816) - i40e: drop i40e_pf *pf from i40e_vc_disable_vf() (bsc#1101816) - i40e: ensure reset occurs when disabling VF (bsc#1101816) - i40e: factor out re-enable functions for ATR and SB (bsc#1101816) - i40e: fix a typo (bsc#1101816) - i40e: fix a typo in i40e_pf documentation (bsc#1101816) - i40e: fix clearing link masks in i40e_get_link_ksettings (bsc#1101816) - i40e: fix clearing link masks in i40e_get_link_ksettings (bsc#1101816) - i40e: fix comment typo (bsc#1101816) - i40e: fix flags declaration (bsc#1101816) - i40e: fix for flow director counters not wrapping as expected (bsc#1101816) - i40e: fix for flow director counters not wrapping as expected (bsc#1101816) - i40e: fix for wrong partition id calculation on OCP mezz cards (bsc#1101816) - i40e: fix for wrong partition id calculation on OCP mezz cards (bsc#1101816) - i40e: fix handling of vf_states variable (bsc#1101816) - i40e: fix i40e_phy_type_to_ethtool function header (bsc#1101816) - i40e: fix incorrect register definition (bsc#1101816) - i40e: fix link reporting (bsc#1101816) - i40e: fix merge error (bsc#1101816) - i40e: fix reading LLDP configuration (bsc#1101816) - i40e: fix typo in function description (bsc#1101816) - i40e: fix whitespace issues in i40e_ethtool.c (bsc#1101816) - i40e: fold prefix strings directly into stat names (bsc#1101816) - i40e: free skb after clearing lock in ptp_stop (bsc#1101816) - i40e: free the skb after clearing the bitlock (bsc#1101816) - i40e: group autoneg PHY types together (bsc#1101816) - i40e: hold the RTNL lock while changing interrupt schemes (bsc#1101816) - i40e: hold the RTNL lock while changing interrupt schemes (bsc#1101816) - i40e: ignore skb->xmit_more when deciding to set RS bit (bsc#1101816) - i40e: ignore skb->xmit_more when deciding to set RS bit (bsc#1101816) - i40e: implement split pci error reset handler (bsc#1101816) - i40e: limit lan queue count in large CPU count machine (bsc#1101816) - i40e: limit lan queue count in large CPU count machine (bsc#1101816) - i40e: make const array patterns static, reduces object code size (bsc#1101816) - i40e: make const array patterns static, reduces object code size (bsc#1101816) - i40e: make i40evf_map_rings_to_vectors void (bsc#1101816) - i40e: make use of i40e_vc_disable_vf (bsc#1101816) - i40e: mark PM functions as __maybe_unused (bsc#1101816) - i40e: move AUTO_DISABLED flags into the state field (bsc#1101816) - i40e: move I40E_FLAG_FILTER_SYNC to a state bit (bsc#1101816) - i40e: move I40E_FLAG_TEMP_LINK_POLLING to state field (bsc#1101816) - i40e: move I40E_FLAG_TEMP_LINK_POLLING to state field (bsc#1101816) - i40e: move I40E_FLAG_UDP_FILTER_SYNC to the state field (bsc#1101816) - i40e: move I40E_FLAG_UDP_FILTER_SYNC to the state field (bsc#1101816) - i40e: move client flags into state bits (bsc#1101816) - i40e: prevent service task from running while we're suspended (bsc#1101816) - i40e: prevent service task from running while we're suspended (bsc#1101816) - i40e: re-enable PTP L4 capabilities for XL710 if FW >6.0 (bsc#1101816) - i40e: re-enable PTP L4 capabilities for XL710 if FW >6.0 (bsc#1101816) - i40e: re-number feature flags to remove gaps (bsc#1101816) - i40e: redfine I40E_PHY_TYPE_MAX (bsc#1101816) - i40e: reduce lrxqthresh from 2 to 1 (bsc#1101816) - i40e: refactor FW version checking (bsc#1101816) - i40e: refactor promisc_changed in i40e_sync_vsi_filters (bsc#1101816) - i40e: refactor promisc_changed in i40e_sync_vsi_filters (bsc#1101816) - i40e: relax warning message in case of version mismatch (bsc#1101816) - i40e: relax warning message in case of version mismatch (bsc#1101816) - i40e: remove duplicate pfc stats (bsc#1101816) - i40e: remove i40e_fcoe files (bsc#1101816) - i40e: remove ifdef SPEED_25000 (bsc#1101816) - i40e: remove logically dead code (bsc#1101816) - i40e: remove redundant initialization of read_size (bsc#1101816) - i40e: rename 'change' variable to 'autoneg_changed' (bsc#1101816) - i40e: rename 'cmd' variables in ethtool interface (bsc#1101816) - i40e: restore TCPv4 input set when re-enabling ATR (bsc#1101816) - i40e: restore promiscuous after reset (bsc#1101816) - i40e: shutdown all IRQs and disable MSI-X when suspended (bsc#1101816) - i40e: shutdown all IRQs and disable MSI-X when suspended (bsc#1101816) - i40e: simplify member variable accesses (bsc#1101816) - i40e: split i40e_get_strings() into smaller functions (bsc#1101816) - i40e: split i40e_get_strings() into smaller functions (bsc#1101816) - i40e: stop using cmpxchg flow in i40e_set_priv_flags() (bsc#1101816) - i40e: stop using cmpxchg flow in i40e_set_priv_flags() (bsc#1101816) - i40e: track filter type statistics when deleting invalid filters (bsc#1101816) - i40e: track filter type statistics when deleting invalid filters (bsc#1101816) - i40e: track id can be 0 (bsc#1101816) - i40e: update VFs of link state after GET_VF_RESOURCES (bsc#1101816) - i40e: update VFs of link state after GET_VF_RESOURCES (bsc#1101816) - i40e: update data pointer directly when copying to the buffer (bsc#1101816) - i40e: update data pointer directly when copying to the buffer (bsc#1101816) - i40e: use WARN_ONCE to replace the commented BUG_ON size check (bsc#1101816) - i40e: use WARN_ONCE to replace the commented BUG_ON size check (bsc#1101816) - i40e: use a local variable instead of calculating multiple times (bsc#1101816) - i40e: use a local variable instead of calculating multiple times (bsc#1101816) - i40e: use admin queue for setting LEDs behavior (bsc#1101816) - i40e: use newer generic PM support instead of legacy PM callbacks (bsc#1101816) - i40e: use newer generic PM support instead of legacy PM callbacks (bsc#1101816) - i40e: use separate state bit for miscellaneous IRQ setup (bsc#1101816) - i40e: use separate state bit for miscellaneous IRQ setup (bsc#1101816) - i40e: use the more traditional 'i' loop variable (bsc#1101816) - i40evf: Allow turning off offloads when the VF has VLAN set (bsc#1101816) - i40evf: Allow turning off offloads when the VF has VLAN set (bsc#1101816) - i40evf: Clean-up flags for promisc mode to avoid high polling rate (bsc#1101816) - i40evf: Clean-up flags for promisc mode to avoid high polling rate (bsc#1101816) - i40evf: Correctly populate rxitr_idx and txitr_idx (bsc#1101816) - i40evf: Do not clear MSI-X PBA manually (bsc#1101816) - i40evf: Drop i40evf_fire_sw_int as it is prone to races (bsc#1101816) - i40evf: Drop i40evf_fire_sw_int as it is prone to races (bsc#1101816) - i40evf: Enable VF to request an alternate queue allocation (bsc#1101816) - i40evf: Enable VF to request an alternate queue allocation (bsc#1101816) - i40evf: Fix a hardware reset support in VF driver (bsc#1101816) - i40evf: Fix double locking the same resource (bsc#1101816) - i40evf: Fix link up issue when queues are disabled (bsc#1101816) - i40evf: Fix turning TSO, GSO and GRO on after (bsc#1101816) - i40evf: Make VF reset warning message more clear (bsc#1101816) - i40evf: Replace GFP_ATOMIC with GFP_KERNEL in i40evf_add_vlan (bsc#1101816) - i40evf: Replace GFP_ATOMIC with GFP_KERNEL in i40evf_add_vlan (bsc#1101816) - i40evf: Use an iterator of the same type as the list (bsc#1101816) - i40evf: Use an iterator of the same type as the list (bsc#1101816) - i40evf: enable support for VF VLAN tag stripping control (bsc#1101816) - i40evf: enable support for VF VLAN tag stripping control (bsc#1101816) - i40evf: fix client notify of l2 params (bsc#1101816) - i40evf: fix ring to vector mapping (bsc#1101816) - i40evf: hold the critical task bit lock while opening (bsc#1101816) - i40evf: hold the critical task bit lock while opening (bsc#1101816) - i40evf: lower message level (bsc#1101816) - i40evf: release bit locks in reverse order (bsc#1101816) - i40evf: remove flags that are never used (bsc#1101816) - i40evf: remove flush_scheduled_work call in i40evf_remove (bsc#1101816) - i40evf: remove flush_scheduled_work call in i40evf_remove (bsc#1101816) - i40evf: use GFP_ATOMIC under spin lock (bsc#1101816) - i40evf: use __dev_c_sync routines in .set_rx_mode (bsc#1101816) - i40evf: use spinlock to protect (mac|vlan)_filter_list (bsc#1101816) - i40evf: use spinlock to protect (mac|vlan)_filter_list (bsc#1101816) - i40iw: Fix memory leak in error path of create QP (bsc#1058659) - i40iw: Refactor of driver generated AEs (bsc#1058659) - i40iw: Tear-down connection after CQP Modify QP failure (bsc#1058659) - i40iw: Tear-down connection after CQP Modify QP failure (bsc#1058659) - i40iw: Use correct address in dst_neigh_lookup for IPv6 (bsc#1058659) - i40iw: Use correct address in dst_neigh_lookup for IPv6 (bsc#1058659) - ib/Hfi1: Read CCE Revision register to verify the device is responsive (bsc#1096793) - ib/Hfi1: Read CCE Revision register to verify the device is responsive (bsc#1096793) - ib/core: Fix error code for invalid GID entry (bsc#1046306) - ib/core: Honor port_num while resolving GID for IB link layer (bsc#1046306) - ib/core: Honor port_num while resolving GID for IB link layer (bsc#1046306) - ib/core: Make ib_mad_client_id atomic (bsc#1046306) - ib/core: Make testing MR flags for writability a static inline function (bsc#1046306) - ib/core: Make testing MR flags for writability a static inline function (bsc#1046306) - ib/core: Remove duplicate declaration of gid_cache_wq (bsc#1046306) - ib/core: Remove duplicate declaration of gid_cache_wq (bsc#1046306) - ib/hfi1 Use correct type for num_user_context (bsc#1096793) - ib/hfi1: Add a safe wrapper for _rcd_get_by_index (bsc#1096793) - ib/hfi1: Add bypass register defines and replace blind constants (bsc#1060463) - ib/hfi1: Add bypass register defines and replace blind constants (bsc#1060463) - ib/hfi1: Add tx_opcode_stats like the opcode_stats (bsc#1096793) - ib/hfi1: Complete check for locally terminated smp (bsc#1096793) - ib/hfi1: Compute BTH only for rdma_WRITE_LAST/SEND_LAST packet (bsc#1096793) - ib/hfi1: Compute BTH only for rdma_WRITE_LAST/SEND_LAST packet (bsc#1096793) - ib/hfi1: Convert PortXmitWait/PortVLXmitWait counters to flit times (bsc#1096793) - ib/hfi1: Convert PortXmitWait/PortVLXmitWait counters to flit times (bsc#1096793) - ib/hfi1: Create common functions for affinity CPU mask operations (bsc#1096793) - ib/hfi1: Create common functions for affinity CPU mask operations (bsc#1096793) - ib/hfi1: Do not allocate PIO send contexts for VNIC (bsc#1096793) - ib/hfi1: Do not modify num_user_contexts module parameter (bsc#1096793) - ib/hfi1: Do not modify num_user_contexts module parameter (bsc#1096793) - ib/hfi1: Do not override given pcie_pset value (bsc#1096793) - ib/hfi1: Ensure VL index is within bounds (bsc#1096793) - ib/hfi1: Fix a wrapping test to insure the correct timeout (bsc#1096793) - ib/hfi1: Fix a wrapping test to insure the correct timeout (bsc#1096793) - ib/hfi1: Fix fault injection init/exit issues (bsc#1060463) - ib/hfi1: Fix for early release of sdma context (bsc#1096793) - ib/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values (bsc#1060463) - ib/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values (bsc#1060463) - ib/hfi1: Fix loss of BECN with AHG (bsc#1096793) - ib/hfi1: Fix memory leak in exception path in get_irq_affinity() (bsc#1096793) - ib/hfi1: Fix memory leak in exception path in get_irq_affinity() (bsc#1096793) - ib/hfi1: Fix serdes loopback set-up (bsc#1096793) - ib/hfi1: Fix user context tail allocation for DMA_RTAIL (bsc#1060463) - ib/hfi1: Fix user context tail allocation for DMA_RTAIL (bsc#1060463) - ib/hfi1: Handle initial value of 0 for CCTI setting (bsc#1096793) - ib/hfi1: Inline common calculation (bsc#1096793) - ib/hfi1: Insure int mask for in-kernel receive contexts is clear (bsc#1096793) - ib/hfi1: Insure int mask for in-kernel receive contexts is clear (bsc#1096793) - ib/hfi1: Look up ibport using a pointer in receive path (bsc#1096793) - ib/hfi1: Look up ibport using a pointer in receive path (bsc#1096793) - ib/hfi1: Optimize kthread pointer locking when queuing CQ entries (bsc#1096793) - ib/hfi1: Optimize kthread pointer locking when queuing CQ entries (bsc#1096793) - ib/hfi1: Optimize packet type comparison using 9B and bypass code paths (bsc#1096793) - ib/hfi1: Optimize packet type comparison using 9B and bypass code paths (bsc#1096793) - ib/hfi1: Prevent LNI hang when LCB can't obtain lanes (bsc#1096793) - ib/hfi1: Prevent LNI hang when LCB can't obtain lanes (bsc#1096793) - ib/hfi1: Prohibit invalid Init to Armed state transition (bsc#1096793) - ib/hfi1: Prohibit invalid Init to Armed state transition (bsc#1096793) - ib/hfi1: Race condition between user notification and driver state (bsc#1096793) - ib/hfi1: Race condition between user notification and driver state (bsc#1096793) - ib/hfi1: Refactor assign_ctxt() IOCTL (bsc#1096793) - ib/hfi1: Refactor get_base_info (bsc#1096793) - ib/hfi1: Refactor get_ctxt_info (bsc#1096793) - ib/hfi1: Refactor get_user() IOCTLs (bsc#1096793) - ib/hfi1: Refactor hfi_user_exp_rcv_clear() IOCTLs (bsc#1096793) - ib/hfi1: Refactor hfi_user_exp_rcv_invalid() IOCTLs (bsc#1096793) - ib/hfi1: Refactor hfi_user_exp_rcv_setup() IOCTL (bsc#1096793) - ib/hfi1: Remove unused hfi1_cpulist variables (bsc#1096793) - ib/hfi1: Reorder incorrect send context disable (bsc#1096793) - ib/hfi1: Return actual error value from program_rcvarray() (bsc#1060463) - ib/hfi1: Return actual error value from program_rcvarray() (bsc#1060463) - ib/hfi1: Return correct value for device state (bsc#1096793) - ib/hfi1: Send 'reboot' as planned down remote reason (bsc#1096793) - ib/hfi1: Send 'reboot' as planned down remote reason (bsc#1096793) - ib/hfi1: Set port number for errorinfo MAD response (bsc#1096793) - ib/hfi1: Show fault stats in both TX and RX directions (bsc#1096793) - ib/hfi1: Show fault stats in both TX and RX directions (bsc#1096793) - ib/hfi1: Update HFI to use the latest pci API (bsc#1096793) - ib/hfi1: Use after free race condition in send context error path (bsc#1096793) - ib/hfi1: Use after free race condition in send context error path (bsc#1096793) - ib/hfi1: Validate PKEY for incoming GSI MAD packets (bsc#1096793) - ib/ipoib: Change number of TX wqe to 64 (bsc#1096793) - ib/ipoib: Fix for notify send CQ failure messages (bsc#1096793) - ib/ipoib: Get rid of the tx_outstanding variable in all modes (bsc#1096793) - ib/ipoib: Get rid of the tx_outstanding variable in all modes (bsc#1096793) - ib/ipoib: Use NAPI in UD/TX flows (bsc#1096793) - ib/iser: Do not reduce max_sectors (bsc#1046306) - ib/isert: Fix for lib/dma_debug check_sync warning (bsc#1046306) - ib/isert: fix T10-pi check mask setting (bsc#1046306) - ib/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' (bsc#1046302) - ib/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' (bsc#1046302) - ib/mlx4: Mark user MR as writable if actual virtual memory is writable (bsc#1046302) - ib/mlx4: Mark user MR as writable if actual virtual memory is writable (bsc#1046302) - ib/mlx5: Fetch soft WQE's on fatal error state (bsc#1046305) - ib/mlx5: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046305) - ib/mlx5: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046305) - ib/qedr: Remove GID add/del dummy routines (bsc#1086314 bsc#1086313 bsc#1086301) - ib/qedr: Remove GID add/del dummy routines (bsc#1086314 bsc#1086313 bsc#1086301) - ib/rdmavt: Add trace for RNRNAK timer (bsc#1096793) - ib/rdmavt: No need to cancel RNRNAK retry timer when it is running (bsc#1096793) - ib/rdmavt: No need to cancel RNRNAK retry timer when it is running (bsc#1096793) - ib/rdmavt: Use correct numa node for SRQ allocation (bsc#1096793) - ib/rxe: Fix for oops in rxe_register_device on ppc64le arch (bsc#1046306) - ib/rxe: Fix for oops in rxe_register_device on ppc64le arch (bsc#1046306) - ib/rxe: add RXE_START_MASK for rxe_opcode IB_OPCODE_RC_SEND_ONLY_INV (bsc#1046306) - ib/rxe: add RXE_START_MASK for rxe_opcode IB_OPCODE_RC_SEND_ONLY_INV (bsc#1046306) - ib/rxe: avoid double kfree_skb (bsc#1046306) - ib/umem: Use the correct mm during ib_umem_release (bsc#1046306) - ib/uverbs: Fix possible oops with duplicate ioctl attributes (bsc#1046306) - ib/uverbs: Fix possible oops with duplicate ioctl attributes (bsc#1046306) - ib/{hfi1, qib}: Add handling of kernel restart (bsc#1096793) - ib/{hfi1, rdmavt}: Fix memory leak in hfi1_alloc_devdata() upon failure (bsc#1096793) - ib/{hfi1, rdmavt}: Fix memory leak in hfi1_alloc_devdata() upon failure (bsc#1096793) - ib/{rdmavt,hfi1}: Change hrtimer add to use pinned version (bsc#1096793) - ib/{rdmavt,hfi1}: Change hrtimer add to use pinned version (bsc#1096793) - ibmvnic: Fix error recovery on login failure (bsc#1101789) - ide: Make ide_cdrom_prep_fs() initialize the sense buffer pointer (bsc#1099918) - ide: ide-atapi: fix compile error with defining macro DEBUG (bsc#1099918) - ide:ide-cd: fix kernel panic resulting from missing scsi_req_init (bsc#1099918) - idr: fix invalid ptr dereference on item delete (bsc#1051510) - ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() (networking-stable-18_03_28) - igb: Fix not adding filter elements to the list (bsc#1056651) - igb: Fix queue selection on MAC filters on i210 (bsc#1056651) - iio: BME280: Updates to Humidity readings need ctrl_reg write! (bsc#1051510) - iio: accel: st_accel: fix data-ready line configuration (bsc#1051510) - iio: accel: st_accel_i2c: fix i2c_device_id table (bsc#1051510) - iio: accel: st_accel_spi: fix spi_device_id table (bsc#1051510) - iio: ad7793: implement IIO_CHAN_INFO_SAMP_FREQ (bsc#1051510) - iio: adc: sun4i-gpadc-iio: fix unbalanced irq enable/disable (bsc#1051510) - iio: adc: twl4030: Return an error if we can not enable the vusb3v1 regulator in 'twl4030_madc_probe()' (bsc#1051510) - iio: buffer: fix the function signature to match implementation (bsc#1051510) - iio: gyro: st_gyro: fix L3GD20H support (bsc#1051510) - iio: humidity: hts221: remove warnings in hts221_parse_{temp,rh}_caldata() (bsc#1051510) - iio: imu: inv_mpu6050: test whoami first and against all known values (bsc#1051510) - iio: magnetometer: st_magn: fix drdy line configuration for LIS3MDL (bsc#1051510) - iio: magnetometer: st_magn_core: enable multiread by default for LIS3MDL (bsc#1051510) - iio: magnetometer: st_magn_spi: fix spi_device_id table (bsc#1051510) - iio: pressure: bmp280: fix relative humidity unit (bsc#1051510) - iio: pressure: st_pressure: fix drdy configuration for LPS22HB and LPS25H (bsc#1051510) - iio: pressure: zpa2326: Remove always-true check which confuses gcc (bsc#1051510) - iio: pressure: zpa2326: report interrupted case as failure (bsc#1051510) - iio: trigger: stm32-timer: fix quadrature mode get routine (bsc#1051510) - iio: trigger: stm32-timer: fix write_raw return value (bsc#1051510) - iio: tsl2583: correct values in integration_time_available (bsc#1051510) - iio:buffer: make length types match kfifo types (bsc#1051510) - iio:kfifo_buf: check for uint overflow (bsc#1051510) - infiniband: fix a possible use-after-free bug (bsc#1046306) - input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) acpi ID (bsc#1051510) - input: elan_i2c_smbus - fix more potential stack buffer overflows (bsc#1051510) - input: elantech - enable middle button of touchpads on ThinkPad P52 (bsc#1051510) - input: elantech - fix V4 report decoding for module with middle key (bsc#1051510) - input: xpad - fix GPD Win 2 controller name (bsc#1051510) - iommu/vt-d: Clear Page Request Overflow fault bit - iommu/vt-d: Fix race condition in add_unmap() (bsc#1096790, bsc#1097034) - ip6_gre: better validate user provided tunnel names (networking-stable-18_04_10) - ip6_gre: init dev->mtu and dev->hard_header_len correctly (networking-stable-18_01_28) - ip6_tunnel: better validate user provided tunnel names (networking-stable-18_04_10) - ip6_tunnel: remove magic mtu value 0xFFF8 (networking-stable-18_06_08) - ip6mr: fix stale iterator (networking-stable-18_02_06) - ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds (git-fixes) - ip_tunnel: better validate user provided tunnel names (networking-stable-18_04_10) - ipc/shm: fix use-after-free of shm file via remap_file_pages() (bnc#1102512) - ipmr: properly check rhltable_init() return value (networking-stable-18_06_08) - ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY (networking-stable-18_01_28) - ipv4: fix fnhe usage by non-cached routes (networking-stable-18_05_15) - ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg (networking-stable-18_05_15) - ipv4: remove warning in ip_recv_error (networking-stable-18_06_08) - ipv6 sit: work around bogus gcc-8 -Wrestrict warning (networking-stable-18_03_07) - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy (networking-stable-18_04_26) - ipv6: allow PMTU exceptions to local routes (networking-stable-18_06_20) - ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() (networking-stable-18_03_28) - ipv6: fix udpv6 sendmsg crash caused by too small MTU (networking-stable-18_01_28) - ipv6: old_dport should be a __be16 in __ip6_datagram_connect() (networking-stable-18_03_28) - ipv6: sit: better validate user provided tunnel names (networking-stable-18_04_10) - ipv6: sr: fix NULL pointer dereference in seg6_do_srh_encap()- v4 pkts (git-fixes) - ipv6: sr: fix NULL pointer dereference when setting encap source address (networking-stable-18_03_28) - ipv6: sr: fix memory OOB access in seg6_do_srh_encap/inline (networking-stable-18_06_08) - ipv6: sr: fix scheduling in RCU when creating seg6 lwtunnel state (networking-stable-18_03_28) - ipv6: sr: fix seg6 encap performances with TSO enabled (networking-stable-18_04_10) - ipv6: the entire IPv6 header chain must fit the first fragment (networking-stable-18_04_10) - irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis (bsc#1098401) - iw_cxgb4: Add ib_device->get_netdev support (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - iw_cxgb4: correctly enforce the max reg_mr depth (bsc#1046543) - iw_cxgb4: initialize ib_mr fields for user mrs (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - iwlwifi: fw: harden page loading code (bsc#1051510) - iwlwifi: pcie: compare with number of IRQs requested for, not number of CPUs (bsc#1051510) - ixgbe/fm10k: Record macvlan stats instead of Rx queue for macvlan offloaded rings (bsc#1101674) - ixgbe/fm10k: Record macvlan stats instead of Rx queue for macvlan offloaded rings (bsc#1101674) - ixgbe/ixgbevf: Free IRQ when pci error recovery removes the device (bsc#1101674) - ixgbe/ixgbevf: Free IRQ when pci error recovery removes the device (bsc#1101674) - ixgbe: Add receive length error counter (bsc#1101674) - ixgbe: Add support for macvlan offload RSS on X550 and clean-up pool handling (bsc#1101674) - ixgbe: Add support for macvlan offload RSS on X550 and clean-up pool handling (bsc#1101674) - ixgbe: Assume provided MAC filter has been verified by macvlan (bsc#1101674) - ixgbe: Assume provided MAC filter has been verified by macvlan (bsc#1101674) - ixgbe: Avoid to write the RETA table when unnecessary (bsc#1101674) - ixgbe: Avoid to write the RETA table when unnecessary (bsc#1101674) - ixgbe: Clear SWFW_SYNC register during init (bsc#1101674) - ixgbe: Default to 1 pool always being allocated (bsc#1101674) - ixgbe: Do not assume dev->num_tc is equal to hardware TC config (bsc#1101674) - ixgbe: Do not assume dev->num_tc is equal to hardware TC config (bsc#1101674) - ixgbe: Do not manipulate macvlan Tx queues when performing macvlan offload (bsc#1101674) - ixgbe: Do not manipulate macvlan Tx queues when performing macvlan offload (bsc#1101674) - ixgbe: Do not report unsupported timestamping filters for X550 (bsc#1101674) - ixgbe: Do not report unsupported timestamping filters for X550 (bsc#1101674) - ixgbe: Drop l2_accel_priv data pointer from ring struct (bsc#1101674) - ixgbe: Drop l2_accel_priv data pointer from ring struct (bsc#1101674) - ixgbe: Drop support for macvlan specific unicast lists (bsc#1101674) - ixgbe: Drop support for macvlan specific unicast lists (bsc#1101674) - ixgbe: Fix handling of macvlan Tx offload (bsc#1101674) - ixgbe: Fix interaction between SR-IOV and macvlan offload (bsc#1101674) - ixgbe: Fix interaction between SR-IOV and macvlan offload (bsc#1101674) - ixgbe: Fix kernel-doc format warnings (bsc#1101674) - ixgbe: Fix limitations on macvlan so we can support up to 63 offloaded devices (bsc#1101674) - ixgbe: Fix limitations on macvlan so we can support up to 63 offloaded devices (bsc#1101674) - ixgbe: Fix logical operators typo (bsc#1101674) - ixgbe: Fix setting of TC configuration for macvlan case (bsc#1101674) - ixgbe: Fix setting of TC configuration for macvlan case (bsc#1101674) - ixgbe: Perform reinit any time number of VFs change (bsc#1101674) - ixgbe: Remove an obsolete comment about ITR (bsc#1101674) - ixgbe: There is no need to update num_rx_pools in L2 fwd offload (bsc#1101674) - ixgbe: There is no need to update num_rx_pools in L2 fwd offload (bsc#1101674) - ixgbe: Update adaptive ITR algorithm (bsc#1101674) - ixgbe: Use ring values to test for Tx pending (bsc#1101674) - ixgbe: add counter for times Rx pages gets allocated, not recycled (bsc#1101674) - ixgbe: add counter for times Rx pages gets allocated, not recycled (bsc#1101674) - ixgbe: add error checks when initializing the PHY (bsc#1101674) - ixgbe: add status reg reads to ixgbe_check_remove (bsc#1101674) - ixgbe: add support for reporting 5G link speed (bsc#1101674) - ixgbe: advertise highest capable link speed (bsc#1101674) - ixgbe: avoid bringing rings up/down as macvlans are added/removed (bsc#1101674) - ixgbe: avoid bringing rings up/down as macvlans are added/removed (bsc#1101674) - ixgbe: declare ixgbe_mac_operations structures as const (bsc#1101674) - ixgbe: declare ixgbe_mac_operations structures as const (bsc#1101674) - ixgbe: enable multicast on shutdown for WOL (bsc#1101674) - ixgbe: extend firmware version support (bsc#1101674) - ixgbe: fix crash when injecting AER after failed reset (bsc#1101674) - ixgbe: fix crash when injecting AER after failed reset (bsc#1101674) - ixgbe: fix disabling hide VLAN on VF reset (bsc#1101674) - ixgbe: fix possible race in reset subtask (bsc#1101674) - ixgbe: fix read-modify-write in x550 phy setup (bsc#1101674) - ixgbe: fix the FWSM.PT check in ixgbe_mng_present() (bsc#1101674) - ixgbe: force VF to grab new MAC on driver reload (bsc#1101674) - ixgbe: introduce a helper to simplify code (bsc#1101674) - ixgbe: remove redundant initialization of 'pool' (bsc#1101674) - ixgbe: remove unused enum latency_range (bsc#1101674) - ixgbe: restore normal RSS after last macvlan offload is removed (bsc#1101674) - ixgbe: restore normal RSS after last macvlan offload is removed (bsc#1101674) - ixgbe: return error on unsupported SFP module when resetting (bsc#1101674) - ixgbe: return error on unsupported SFP module when resetting (bsc#1101674) - ixgbe: split Tx/Rx ring clearing for ethtool loopback test (bsc#1101674) - ixgbe: split Tx/Rx ring clearing for ethtool loopback test (bsc#1101674) - ixgbe: use ARRAY_SIZE for array sizing calculation on array buf (bsc#1101674) - ixgbe: use ARRAY_SIZE for array sizing calculation on array buf (bsc#1101674) - ixgbevf: Fix kernel-doc format warnings (bsc#1101674) - ixgbevf: add build_skb support (bsc#1101674) - ixgbevf: add counters for Rx page allocations (bsc#1101674) - ixgbevf: add ethtool private flag for legacy Rx (bsc#1101674) - ixgbevf: add function for checking if we can reuse page (bsc#1101674) - ixgbevf: add function for checking if we can reuse page (bsc#1101674) - ixgbevf: add support for DMA_ATTR_SKIP_CPU_SYNC/WEAK_ORDERING (bsc#1101674) - ixgbevf: add support for DMA_ATTR_SKIP_CPU_SYNC/WEAK_ORDERING (bsc#1101674) - ixgbevf: add support for padding packet (bsc#1101674) - ixgbevf: add support for using order 1 pages to receive large frames (bsc#1101674) - ixgbevf: add support for using order 1 pages to receive large frames (bsc#1101674) - ixgbevf: allocate the rings as part of q_vector (bsc#1101674) - ixgbevf: break out Rx buffer page management (bsc#1101674) - ixgbevf: clear rx_buffer_info in configure instead of clean (bsc#1101674) - ixgbevf: clear rx_buffer_info in configure instead of clean (bsc#1101674) - ixgbevf: do not bother clearing tx_buffer_info in ixgbevf_clean_tx_ring() (bsc#1101674) - ixgbevf: do not bother clearing tx_buffer_info in ixgbevf_clean_tx_ring() (bsc#1101674) - ixgbevf: fix MAC address changes through ixgbevf_set_mac() (bsc#1101674) - ixgbevf: fix MAC address changes through ixgbevf_set_mac() (bsc#1101674) - ixgbevf: fix ixgbevf_xmit_frame()'s return type (bsc#1101674) - ixgbevf: fix possible race in the reset subtask (bsc#1101674) - ixgbevf: fix unused variable warning (bsc#1101674) - ixgbevf: improve performance and reduce size of ixgbevf_tx_map() (bsc#1101674) - ixgbevf: improve performance and reduce size of ixgbevf_tx_map() (bsc#1101674) - ixgbevf: make sure all frames fit minimum size requirements (bsc#1101674) - ixgbevf: make sure all frames fit minimum size requirements (bsc#1101674) - ixgbevf: only DMA sync frame length (bsc#1101674) - ixgbevf: remove redundant initialization of variable 'dma' (bsc#1101674) - ixgbevf: remove redundant initialization of variable 'dma' (bsc#1101674) - ixgbevf: remove redundant setting of xcast_mode (bsc#1101674) - ixgbevf: setup queue counts (bsc#1101674) - ixgbevf: update code to better handle incrementing page count (bsc#1101674) - ixgbevf: update code to better handle incrementing page count (bsc#1101674) - ixgbevf: use ARRAY_SIZE for various array sizing calculations (bsc#1101674) - ixgbevf: use ARRAY_SIZE for various array sizing calculations (bsc#1101674) - ixgbevf: use length to determine if descriptor is done (bsc#1101674) - ixgbevf: use length to determine if descriptor is done (bsc#1101674) - ixgbevf: use page_address offset from page (bsc#1101674) - jump_label: Add branch hints to static_branch_{un,}likely() (bnc#1101669 optimise numa balancing for fast migrate) - kABI fixes for nvme-if_ready-checks-fail-io-to-deleting-controll.patch (bsc#1077989) - kABI fixes for qla2xxx-Fix-inconsistent-DMA-mem-alloc-free.patch (bsc#1077989) - kABI: protect ife_tlv_meta_decode (kabi) - kABI: protect struct cstate (kabi) - kabi cxgb4 MU (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - kabi mlx5 hide cpu_rmap (bsc#1046303) - kabi mvpp2 10gkr support (bsc#1098633) - kabi protect fwnode_handle (bsc#1098633) - kabi/severities: add nvdimm internal symbols to kabi ignore list - kabi/severities: add qed inter module symbols to kabi ignore list - kcm: Fix use-after-free caused by clonned sockets (networking-stable-18_06_08) - kcm: lock lower socket in kcm_attach (networking-stable-18_03_28) - kconfig: Avoid format overflow warning from GCC 8.1 (bsc#1051510) - kconfig: Do not leak main menus during parsing (bsc#1051510) - kconfig: Fix automatic menu creation mem leak (bsc#1051510) - kconfig: Fix expr_free() E_NOT leak (bsc#1051510) - kernel/params.c: downgrade warning for unsafe parameters (bsc#1051510) - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE (bsc#1051510) - keys: DNS: fix parsing multiple options (bsc#1051510) - keys: DNS: limit the length of option strings (networking-stable-18_04_26) - kmod: fix wait on recursive loop (bsc#1099792) - kmod: reduce atomic operations on kmod_concurrent and simplify (bsc#1099792) - kmod: throttle kmod thread limit (bsc#1099792) - kobject: do not use WARN for registration failures (bsc#1051510) - kvm: PPC: Check if IOMMU page is contained in the pinned physical page (bsc#1077761, git-fixes) - kvm: nVMX: Enforce cpl=0 for VMX instructions (bsc#1099183) - kvm: x86: fix vcpu initialization with userspace lapic (bsc#1101564) - kvm: x86: move LAPIC initialization after VMCS creation (bsc#1101564) - l2tp: check sockaddr length in pppol2tp_connect() (networking-stable-18_04_26) - lan78xx: Crash in lan78xx_writ_reg (Workqueue: events lan78xx_deferred_multicast_write) (networking-stable-18_04_10) - lib/kobject: Join string literals back (bsc#1051510) - lib/string_helpers: Add missed declaration of struct task_struct (bsc#1099918) - lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly (bsc#1051510) - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs (bsc#1051510) - libata: Blacklist some Sandisk SSDs for NCQ (bsc#1051510) - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk (bsc#1051510) - libata: blacklist Micron 500IT SSD with MU01 firmware (bsc#1051510) - libata: zpodd: make arrays cdb static, reduces object code size (bsc#1051510) - libata: zpodd: small read overflow in eject_tray() (bsc#1051510) - libnvdimm, label: fix index block size calculation (bsc#1102147) - libnvdimm, pmem: Add sysfs notifications to badblocks - libnvdimm, pmem: Do not flush power-fail protected CPU caches (bsc#1091424) - libnvdimm, pmem: Unconditionally deep flush on *sync (bsc#1091424) - libnvdimm, region, pmem: fix 'badblocks' sysfs_get_dirent() reference lifetime - libnvdimm, region, pmem: fix 'badblocks' sysfs_get_dirent() reference lifetime - libnvdimm: add an api to cast a 'struct nd_region' to its 'struct device' (bsc#1094119) - llc: better deal with too small mtu (networking-stable-18_05_15) - llc: delete timers synchronously in llc_sk_free() (networking-stable-18_04_26) - llc: fix NULL pointer deref for SOCK_ZAPPED (networking-stable-18_04_26) - llc: hold llc_sap before release_sock() (networking-stable-18_04_26) - locking/qspinlock: Ensure node is initialised before updating prev->next (bsc#1050549) - locking/qspinlock: Ensure node->count is updated before initialising node (bsc#1050549) - locking: Remove smp_read_barrier_depends() from queued_spin_lock_slowpath() (bsc#1050549) - lsm: fix smack_inode_removexattr and xattr_getsecurity memleak (bsc#1051510) - macros.kernel-source: define linux_arch for KMPs (boo#1098050). CONFIG_64BIT is no longer defined so KMP spec files need to include %{?linux_make_arch} in any make call to build modules or descent into the kernel directory for any reason - macvlan: filter out unsupported feature flags (networking-stable-18_03_28) - macvlan: fix memory hole in macvlan_dev (bsc#1099918) - macvlan: remove unused fields in struct macvlan_dev (bsc#1099918) - mailbox: PCC: erroneous error message when parsing acpi PCCT (bsc#1096330) - mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush sequence (bsc#1051510) - mailbox: bcm-flexrm-mailbox: Fix mask used in CMPL_START_ADDR_VALUE() (bsc#1051510) - mailbox: bcm2835: Fix of_xlate return value (bsc#1051510) - mailbox: mailbox-test: do not rely on rx_buffer content to signal data ready (bsc#1051510) - mdio-sun4i: Fix a memory leak (bsc#1051510) - media: coda/imx-vdoa: Check for platform_get_resource() error (bsc#1051510) - media: cx231xx: Add support for AverMedia DVD EZMaker 7 (bsc#1051510) - media: cx25840: Use subdev host data for PLL override (bsc#1051510) - media: cx88: Get rid of spurious call to cx8800_start_vbi_dma() (bsc#1051510) - media: cxusb: restore RC_MAP for MyGica T230 (bsc#1051510) - media: dt-bindings: media: rcar_vin: Use status 'okay' (bsc#1051510) - media: dvb-core: always call invoke_release() in fe_free() (bsc#1051510) - media: dvb_frontend: fix ifnullfree.cocci warnings (bsc#1051510) - media: dvb_frontend: fix locking issues at dvb_frontend_get_event() (bsc#1051510) - media: dvb_frontend: only use kref after initialized (bsc#1051510) - media: dvb_net: ensure that dvb_net_ule_handle is fully initialized (bsc#1051510) - media: mxl111sf: Fix potential null pointer dereference (bsc#1051510) - media: omap3isp/isp: remove an unused static var (bsc#1051510) - media: s5p-jpeg: fix number of components macro (bsc#1051510) - media: s5p-mfc: Fix lock contention - request_firmware() once (bsc#1051510) - media: smiapp: fix timeout checking in smiapp_read_nvm (bsc#1099918) - media: staging: omap4iss: Include asm/cacheflush.h after generic includes (bsc#1051510) - media: uvcvideo: Support realtek's UVC 1.5 device (bsc#1099109) - media: v4l2-compat-ioctl32: prevent go past max size (bsc#1051510) - media: vivid: potential integer overflow in vidioc_g_edid() (bsc#1051510) - mfd: intel-lpss: Fix Intel Cannon Lake LPSS I2C input clock (bsc#1051510) - mfd: intel-lpss: Program REMAP register in PIO mode (bsc#1051510) - mfd: tps65218: Reorder tps65218_regulator_id enum (bsc#1051510) - mfd: tps65911-comparator: Fix a build error (bsc#1051510) - mfd: tps65911-comparator: Fix an off by one bug (bsc#1051510) - mlxsw: spectrum: Forbid creation of VLAN 1 over port/LAG (networking-stable-18_06_08) - mlxsw: spectrum_buffers: Set a minimum quota for CPU port traffic (networking-stable-18_03_28) - mlxsw: spectrum_router: Do not log an error on missing neighbor (networking-stable-18_01_28) - mlxsw: spectrum_router: Fix error path in mlxsw_sp_vr_create (networking-stable-18_03_07) - mlxsw: spectrum_switchdev: Check success of FDB add operation (networking-stable-18_03_07) - mm, oom_reaper: skip mm structs with mmu notifiers (bsc#1099918) - mm/pkeys, powerpc, x86: Provide an empty vma_pkey() in linux/pkeys.h (, bsc#1078248) - mm/pkeys, powerpc, x86: Provide an empty vma_pkey() in linux/pkeys.h (bsc#1078248) - mm/pkeys, x86, powerpc: Display pkey in smaps if arch supports pkeys (, bsc#1078248) - mm/pkeys, x86, powerpc: Display pkey in smaps if arch supports pkeys (bsc#1078248) - mm/pkeys: Add an empty arch_pkeys_enabled() (, bsc#1078248) - mm/pkeys: Add an empty arch_pkeys_enabled() (bsc#1078248) - mm/pkeys: Remove include of asm/mmu_context.h from pkeys.h (, bsc#1078248) - mm/pkeys: Remove include of asm/mmu_context.h from pkeys.h (bsc#1078248) - mmc: Downgrade printk level for MMC SDHCI host version error (bsc#1097941) - mmc: cavium: Fix use-after-free in of_platform_device_destroy (bsc#1051510) - mmc: dw_mmc: exynos: fix the suspend/resume issue for exynos5433 (bsc#1051510) - mmc: dw_mmc: fix card threshold control configuration (bsc#1051510) - mmc: meson-gx: remove CLK_DIVIDER_ALLOW_ZERO clock flag (bsc#1051510) - mmc: sdhci-msm: fix issue with power irq (bsc#1051510) - mmc: sdhci-of-esdhc: disable SD clock for clock value 0 (bsc#1051510) - mmc: sdhci-of-esdhc: fix eMMC couldn't work after kexec (bsc#1051510) - mmc: sdhci-of-esdhc: fix the mmc error after sleep on ls1046ardb (bsc#1051510) - mmc: sdhci-xenon: Fix clock resource by adding an optional bus clock (bsc#1051510) - mmc: sdhci-xenon: wait 5ms after set 1.8V signal enable (bsc#1051510) - mmc: tmio: remove outdated comment (bsc#1051510) - modsign: log module name in the event of an error (bsc#1093666) - modsign: print module name along with error message (bsc#1093666) - module: make it clear when we're handling the module copy in info->hdr (bsc#1093666) - module: setup load info before module_sig_check() (bsc#1093666) - mq-deadline: Enable auto-loading when built as module (bsc#1099918) - mtd: cmdlinepart: Update comment for introduction of OFFSET_CONTINUOUS (bsc#1099918) - mtd: jedec_probe: Fix crash in jedec_read_mfr() (bsc#1099918) - mtd: nand: fsl_ifc: Fix eccstat array overflow for IFC ver >= 2.0.0 (bsc#1099918) - mtd: partitions: add helper for deleting partition (bsc#1099918) - mtd: partitions: remove sysfs files when deleting all master's partitions (bsc#1099918) - mvpp2: fix multicast address filter (bsc#1098633) - n_tty: Access echo_* variables carefully (bsc#1051510) - n_tty: Fix stall at n_tty_receive_char_special() (bsc#1051510) - nbd: do not start req until after the dead connection logic (bsc#1099918) - nbd: fix -ERESTARTSYS handling (bsc#1099918) - nbd: fix nbd device deletion (bsc#1099918) - nbd: fix return value in error handling path (bsc#1099918) - nbd: wait uninterruptible for the dead timeout (bsc#1099918) - net sched actions: fix refcnt leak in skbmod (networking-stable-18_05_15) - net-sysfs: Fix memory leak in XPS configuration (networking-stable-18_06_08) - net/ipv6: Fix route leaking between VRFs (networking-stable-18_04_10) - net/ipv6: Increment OUTxxx counters after netfilter hook (networking-stable-18_04_10) - net/iucv: Free memory obtained by kzalloc (networking-stable-18_03_28) - net/mlx4: Fix irq-unsafe spinlock usage (networking-stable-18_06_08) - net/mlx4_core: Fix error handling in mlx4_init_port_info (bsc#1046300) - net/mlx4_core: Fix error handling in mlx4_init_port_info (bsc#1046300) - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper (bsc#1046300) - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper (bsc#1046300) - net/mlx4_en: Do not reuse RX page when XDP is set (bsc#1046299) - net/mlx4_en: Fix an error handling path in 'mlx4_en_init_netdev()' (networking-stable-18_05_15) - net/mlx4_en: Verify coalescing parameters are in range (networking-stable-18_05_15) - net/mlx5: Adjust clock overflow work period (bsc#1046303) - net/mlx5: E-Switch, Include VF rdma stats in vport statistics (networking-stable-18_05_15) - net/mlx5: Eswitch, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046303) - net/mlx5: Eswitch, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046303) - net/mlx5: FPGA, Call DMA unmap with the right size (bsc#1046303) - net/mlx5: Fix command interface race in polling mode (bsc#1046300) - net/mlx5: Fix command interface race in polling mode (bsc#1046300) - net/mlx5: Fix dump_command mailbox length printed (bsc#1046303) - net/mlx5: Fix incorrect raw command length parsing (bsc#1046300) - net/mlx5: Fix wrong size allocation for QoS ETC TC regitster (bsc#1046300) - net/mlx5: Fix wrong size allocation for QoS ETC TC regitster (bsc#1046300) - net/mlx5: Free IRQs in shutdown path (bsc#1046303) - net/mlx5: IPSec, Fix a race between concurrent sandbox QP commands (bsc#1046303) - net/mlx5: IPSec, Fix a race between concurrent sandbox QP commands (bsc#1046303) - net/mlx5: Properly deal with flow counters when deleting rules (bsc#1046303) - net/mlx5: Properly deal with flow counters when deleting rules (bsc#1046303) - net/mlx5: Protect from command bit overflow (bsc#1046303) - net/mlx5: Refactor num of blocks in mailbox calculation (bsc#1046303) - net/mlx5: Refactor num of blocks in mailbox calculation (bsc#1046303) - net/mlx5: Vport, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046303) - net/mlx5: Vport, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046303) - net/mlx5e: Do not allow aRFS for encapsulated packets (bsc#1046303) - net/mlx5e: Do not allow aRFS for encapsulated packets (bsc#1046303) - net/mlx5e: Do not attempt to dereference the ppriv struct if not being eswitch manager (bsc#1046300) - net/mlx5e: Do not attempt to dereference the ppriv struct if not being eswitch manager (bsc#1046300) - net/mlx5e: Err if asked to offload TC match on frag being first (networking-stable-18_05_15) - net/mlx5e: Fix quota counting in aRFS expire flow (bsc#1046303) - net/mlx5e: Refine ets validation function (bsc#1075360) - net/mlx5e: Remove redundant vport context vlan update (bsc#1046303) - net/mlx5e: Remove redundant vport context vlan update (bsc#1046303) - net/mlx5e: TX, Use correct counter in dma_map error flow (networking-stable-18_05_15) - net/mlx5e: When RXFCS is set, add FCS data into checksum calculation (networking-stable-18_06_08) - net/packet: refine check for priv area size (networking-stable-18_06_08) - net/sched: act_simple: fix parsing of TCA_DEF_DATA (networking-stable-18_06_20) - net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used (bsc#1056787) - net/sched: cls_u32: fix cls_u32 on filter replace (networking-stable-18_03_07) - net/sched: fix NULL dereference in the error path of tcf_sample_init() (bsc#1056787) - net: Allow neigh contructor functions ability to modify the primary_key (networking-stable-18_01_28) - net: Fix hlist corruptions in inet_evict_bucket() (networking-stable-18_03_28) - net: Only honor ifindex in IP_PKTINFO if non-0 (networking-stable-18_03_28) - net: add rb_to_skb() and other rb tree helpers (bsc#1102340) - net: af_packet: fix race in PACKET_{R|T}X_RING (networking-stable-18_04_26) - net: cxgb3_main: fix potential Spectre v1 (bsc#1046533) - net: define the TSO header size in net/tso.h (bsc#1098633) - net: dsa: add error handling for pskb_trim_rcsum (networking-stable-18_06_20) - net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred (networking-stable-18_03_28) - net: ethernet: davinci_emac: fix error handling in probe() (networking-stable-18_06_08) - net: ethernet: sun: niu set correct packet size in skb (networking-stable-18_05_15) - net: ethernet: ti: cpdma: correct error handling for chan create (networking-stable-18_06_08) - net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface (networking-stable-18_03_28) - net: ethernet: ti: cpsw: fix net watchdog timeout (networking-stable-18_03_07) - net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode (networking-stable-18_05_15) - net: ethernet: ti: cpsw: fix tx vlan priority mapping (networking-stable-18_04_26) - net: ethtool: Add macro to clear a link mode setting (bsc#1101816) - net: ethtool: Add macro to clear a link mode setting (bsc#1101816) - net: fec: Fix unbalanced PM runtime calls (networking-stable-18_03_28) - net: fix deadlock while clearing neighbor proxy table (networking-stable-18_04_26) - net: fix possible out-of-bound read in skb_network_protocol() (networking-stable-18_04_10) - net: fool proof dev_valid_name() (networking-stable-18_04_10) - net: in virtio_net_hdr only add VLAN_HLEN to csum_start if payload holds vlan (networking-stable-18_06_20) - net: ipv4: add missing RTA_TABLE to rtm_ipv4_policy (networking-stable-18_06_08) - net: ipv4: avoid unused variable warning for sysctl (git-fixes) - net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68 (networking-stable-18_03_07) - net: ipv6: keep sk status consistent after datagram connect failure (networking-stable-18_03_28) - net: metrics: add proper netlink validation (networking-stable-18_06_08) - net: mvmdio: add xmdio xsmi support (bsc#1098633) - net: mvmdio: check the MII_ADDR_C45 bit is not set for smi operations (bsc#1098633) - net: mvmdio: introduce an ops structure (bsc#1098633) - net: mvmdio: put the poll intervals in the ops structure (bsc#1098633) - net: mvmdio: remove duplicate locking (bsc#1098633) - net: mvmdio: reorder headers alphabetically (bsc#1098633) - net: mvmdio: simplify the smi read and write error paths (bsc#1098633) - net: mvmdio: use GENMASK for masks (bsc#1098633) - net: mvmdio: use tabs for defines (bsc#1098633) - net: mvpp2: Add hardware offloading for VLAN filtering (bsc#1098633) - net: mvpp2: Add support for unicast filtering (bsc#1098633) - net: mvpp2: Do not use dynamic allocs for local variables (bsc#1098633) - net: mvpp2: Fix DMA address mask size (bsc#1098633) - net: mvpp2: Fix TCAM filter reserved range (bsc#1098633) - net: mvpp2: Fix clk error path in mvpp2_probe (bsc#1098633) - net: mvpp2: Fix clock resource by adding an optional bus clock (bsc#1098633) - net: mvpp2: Fix clock resource by adding missing mg_core_clk (bsc#1098633) - net: mvpp2: Fix parser entry init boundary check (bsc#1098633) - net: mvpp2: Make mvpp2_prs_hw_read a parser entry init function (bsc#1098633) - net: mvpp2: Prevent userspace from changing TX affinities (bsc#1098633) - net: mvpp2: Simplify MAC filtering function parameters (bsc#1098633) - net: mvpp2: Use relaxed I/O in data path (bsc#1098633) - net: mvpp2: add comments about smp_processor_id() usage (bsc#1098633) - net: mvpp2: add ethtool GOP statistics (bsc#1098633) - net: mvpp2: add support for TX interrupts and RX queue distribution modes (bsc#1098633) - net: mvpp2: adjust the coalescing parameters (bsc#1098633) - net: mvpp2: align values in ethtool get_coalesce (bsc#1098633) - net: mvpp2: allocate zeroed tx descriptors (bsc#1098633) - net: mvpp2: check ethtool sets the Tx ring size is to a valid min value (bsc#1098633) - net: mvpp2: cleanup probed ports in the probe error path (bsc#1098633) - net: mvpp2: do not call txq_done from the Tx path when Tx irqs are used (bsc#1098633) - net: mvpp2: do not disable GMAC padding (bsc#1098633) - net: mvpp2: do not select the internal source clock (bsc#1098633) - net: mvpp2: do not set GMAC autoneg when using XLG MAC (bsc#1098633) - net: mvpp2: do not sleep in set_rx_mode (bsc#1098633) - net: mvpp2: do not unmap TSO headers buffers (bsc#1098633) - net: mvpp2: dynamic reconfiguration of the comphy/GoP/MAC (bsc#1098633) - net: mvpp2: enable UDP/TCP checksum over IPv6 (bsc#1098633) - net: mvpp2: enable acpi support in the driver (bsc#1098633) - net: mvpp2: enable basic 10G support (bsc#1098633) - net: mvpp2: fallback using h/w and random mac if the dt one isn't valid (bsc#1098633) - net: mvpp2: fix GOP statistics loop start and stop conditions (bsc#1098633) - net: mvpp2: fix MVPP21_ISR_RXQ_GROUP_REG definition (bsc#1098633) - net: mvpp2: fix TSO headers allocation and management (bsc#1098633) - net: mvpp2: fix invalid parameters order when calling the tcam init (bsc#1098633) - net: mvpp2: fix parsing fragmentation detection (bsc#1098633) - net: mvpp2: fix port list indexing (bsc#1098633) - net: mvpp2: fix the RSS table entry offset (bsc#1098633) - net: mvpp2: fix the packet size configuration for 10G (bsc#1098633) - net: mvpp2: fix the synchronization module bypass macro name (bsc#1098633) - net: mvpp2: fix the txq_init error path (bsc#1098633) - net: mvpp2: fix typo in the tcam setup (bsc#1098633) - net: mvpp2: fix use of the random mac address for PPv2.2 (bsc#1098633) - net: mvpp2: improve the link management function (bsc#1098633) - net: mvpp2: initialize the GMAC when using a port (bsc#1098633) - net: mvpp2: initialize the GoP (bsc#1098633) - net: mvpp2: initialize the RSS tables (bsc#1098633) - net: mvpp2: initialize the Tx FIFO size (bsc#1098633) - net: mvpp2: initialize the XLG MAC when using a port (bsc#1098633) - net: mvpp2: initialize the comphy (bsc#1098633) - net: mvpp2: introduce per-port nrxqs/ntxqs variables (bsc#1098633) - net: mvpp2: introduce queue_vector concept (bsc#1098633) - net: mvpp2: jumbo frames support (bsc#1098633) - net: mvpp2: limit TSO segments and use stop/wake thresholds (bsc#1098633) - net: mvpp2: make the phy optional (bsc#1098633) - net: mvpp2: move from cpu-centric naming to 'software thread' naming (bsc#1098633) - net: mvpp2: move the mac retrieval/copy logic into its own function (bsc#1098633) - net: mvpp2: move the mii configuration in the ndo_open path (bsc#1098633) - net: mvpp2: mvpp2_check_hw_buf_num() can be static (bsc#1098633) - net: mvpp2: only free the TSO header buffers when it was allocated (bsc#1098633) - net: mvpp2: remove RX queue group reset code (bsc#1098633) - net: mvpp2: remove mvpp2_pool_refill() (bsc#1098633) - net: mvpp2: remove unused mvpp2_bm_cookie_pool_set() function (bsc#1098633) - net: mvpp2: remove useless goto (bsc#1098633) - net: mvpp2: report the tx-usec coalescing information to ethtool (bsc#1098633) - net: mvpp2: set maximum packet size for 10G ports (bsc#1098633) - net: mvpp2: set the Rx FIFO size depending on the port speeds for PPv2.2 (bsc#1098633) - net: mvpp2: simplify maintaining enabled ports' list (bsc#1098633) - net: mvpp2: simplify the Tx desc set DMA logic (bsc#1098633) - net: mvpp2: simplify the link_event function (bsc#1098633) - net: mvpp2: software tso support (bsc#1098633) - net: mvpp2: split the max ring size from the default one (bsc#1098633) - net: mvpp2: take advantage of the is_rgmii helper (bsc#1098633) - net: mvpp2: unify register definitions coding style (bsc#1098633) - net: mvpp2: unify the txq size define use (bsc#1098633) - net: mvpp2: update the BM buffer free/destroy logic (bsc#1098633) - net: mvpp2: use a data size of 10kB for Tx FIFO on port 0 (bsc#1098633) - net: mvpp2: use correct index on array mvpp2_pools (bsc#1098633) - net: mvpp2: use device_*/fwnode_* APIs instead of of_* (bsc#1098633) - net: mvpp2: use the GoP interrupt for link status changes (bsc#1098633) - net: mvpp2: use the aggr txq size define everywhere (bsc#1098633) - net: mvpp2: use the same buffer pool for all ports (bsc#1098633) - net: phy: Tell caller result of phy_change() (networking-stable-18_03_28) - net: phy: add XAUI and 10GBASE-KR PHY connection types (bsc#1098633) - net: phy: broadcom: Fix auxiliary control register reads (networking-stable-18_06_08) - net: phy: broadcom: Fix bcm_write_exp() (networking-stable-18_06_08) - net: phy: dp83822: use BMCR_ANENABLE instead of BMSR_ANEGCAPABLE for DP83620 (networking-stable-18_06_20) - net: phy: fix phy_start to consider PHY_IGNORE_INTERRUPT (networking-stable-18_03_07) - net: qdisc_pkt_len_init() should be more robust (networking-stable-18_01_28) - net: qed: use correct strncpy() size (bsc#1086314 bsc#1086313 bsc#1086301) - net: qed: use correct strncpy() size (bsc#1086314 bsc#1086313 bsc#1086301) - net: qlge: use memmove instead of skb_copy_to_linear_data (bsc#1050529 bsc#1086319) - net: qlge: use memmove instead of skb_copy_to_linear_data (bsc#1050529 bsc#1086319) - net: sched: fix error path in tcf_proto_create() when modules are not configured (networking-stable-18_05_15) - net: sched: ife: check on metadata length (networking-stable-18_04_26) - net: sched: ife: handle malformed tlv length (networking-stable-18_04_26) - net: sched: ife: signal not finding metaid (networking-stable-18_04_26) - net: sched: red: avoid hashing NULL child (bsc#1056787) - net: sched: report if filter is too large to dump (networking-stable-18_03_07) - net: support compat 64-bit time in {s,g}etsockopt (networking-stable-18_05_15) - net: systemport: Rewrite __bcm_sysport_tx_reclaim() (networking-stable-18_03_28) - net: tcp: close sock if net namespace is exiting (networking-stable-18_01_28) - net: usb: cdc_mbim: add flag FLAG_SEND_ZLP (networking-stable-18_06_08) - net: validate attribute sizes in neigh_dump_table() (networking-stable-18_04_26) - net: vrf: Add support for sends to local broadcast address (networking-stable-18_01_28) - net_sched: fq: take care of throttled flows before reuse (networking-stable-18_05_15) - netdev-FAQ: clarify DaveM's position for stable backports (networking-stable-18_06_08) - netlink: avoid a double skb free in genlmsg_mcast() (git-fixes) - netlink: ensure to loop over all netns in genlmsg_multicast_allns() (networking-stable-18_03_07) - netlink: extack needs to be reset each time through loop (networking-stable-18_01_28) - netlink: make sure nladdr has correct size in netlink_connect() (networking-stable-18_04_10) - netlink: reset extack earlier in netlink_rcv_skb (networking-stable-18_01_28) - nfc: llcp: Limit size of SDP URI (bsc#1051510) - nfc: nfcmrvl_uart: fix device-node leak during probe (bsc#1051510) - nfc: pn533: Fix wrong GFP flag usage (bsc#1051510) - nfc: pn533: do not send usb data off of the stack (bsc#1051510) - nfit, address-range-scrub: add module option to skip initial ars (bsc#1094119) - nfit, address-range-scrub: determine one platform max_ars value (bsc#1094119) - nfit, address-range-scrub: fix scrub in-progress reporting (bsc#1051510) - nfit, address-range-scrub: introduce nfit_spa->ars_state (bsc#1094119) - nfit, address-range-scrub: rework and simplify ARS state machine (bsc#1094119) - nfit: fix region registration vs block-data-window ranges (bsc#1051510) - nfit: fix unchecked dereference in acpi_nfit_ctl (bsc#1051510) - nfs: Revert 'NFS: Move the flock open mode check into nfs_flock()' (bsc#1098983) - nfsv4: Revert commit 5f83d86cf531d ('NFSv4.x: Fix wraparound issues..') (git-fixes) - nl80211: relax ht operation checks for mesh (bsc#1051510) - nubus: Avoid array underflow and overflow (bsc#1099918) - nubus: Fix up header split (bsc#1099918) - nvme-fabrics: allow duplicate connections to the discovery controller (bsc#1098706) - nvme-fabrics: allow internal passthrough command on deleting controllers (bsc#1098706) - nvme-fabrics: centralize discovery controller defaults (bsc#1098706) - nvme-fabrics: fix and refine state checks in __nvmf_check_ready (bsc#1098706) - nvme-fabrics: handle the admin-only case properly in nvmf_check_ready (bsc#1098706) - nvme-fabrics: refactor queue ready check (bsc#1098706) - nvme-fabrics: remove unnecessary controller subnqn validation (bsc#1098706) - nvme-fc: change controllers first connect to use reconnect path (bsc#1098706) - nvme-fc: fix nulling of queue data on reconnect (bsc#1098706) - nvme-fc: release io queues to allow fast fail (bsc#1098706) - nvme-fc: remove reinit_request routine (bsc#1098706) - nvme-fc: remove setting DNR on exception conditions (bsc#1098706) - nvme-loop: add support for multiple ports (bsc#1054245) - nvme-multipath: fix sysfs dangerously created links (bsc#1096529) - nvme-rdma: Fix command completion race at error recovery (bsc#1099041) - nvme-rdma: correctly check for target keyed sgl support (bsc#1099041) - nvme-rdma: do not override opts->queue_size (bsc#1099041) - nvme-rdma: fix error flow during mapping request data (bsc#1099041) - nvme-rdma: fix possible double free condition when failing to create a controller (bsc#1099041) - nvme.h: add AEN configuration symbols (bsc#1054245) - nvme.h: add ANA definitions (bsc#1054245) - nvme.h: add support for the log specific field (bsc#1054245) - nvme.h: add the changed namespace list log (bsc#1054245) - nvme.h: untangle AEN notice definitions (bsc#1054245) - nvme/multipath: Disable runtime writable enabling parameter (bsc#1054245) - nvme/multipath: Fix multipath disabled naming collisions (bsc#1098706) - nvme: Fix sync controller reset return (bsc#1077989) - nvme: Revert 'nvme: mark nvme_queue_scan static' (bsc#1054245) - nvme: Set integrity flag for user passthrough commands (bsc#1098706) - nvme: Skip checking heads without namespaces (bsc#1098706) - nvme: Use admin command effects for admin commands (bsc#1098706) - nvme: add ANA support (bsc#1054245) - nvme: add bio remapping tracepoint (bsc#1054245) - nvme: allow duplicate controller if prior controller being deleted (bsc#1098706) - nvme: centralize ctrl removal prints (bsc#1054245) - nvme: check return value of init_srcu_struct function (bsc#1098706) - nvme: cleanup double shift issue (bsc#1054245) - nvme: do not enable AEN if not supported (bsc#1077989) - nvme: do not hold nvmf_transports_rwsem for more than transport lookups (bsc#1054245) - nvme: do not rely on the changed namespace list log (bsc#1054245) - nvme: enforce 64bit offset for nvme_get_log_ext fn (bsc#1054245) - nvme: expand nvmf_check_if_ready checks (bsc#1098706) - nvme: fix NULL pointer dereference in nvme_init_subsystem (bsc#1098706) - nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD - nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD (,) - nvme: fix potential memory leak in option parsing (bsc#1098706) - nvme: fix use-after-free in nvme_free_ns_head (bsc#1054245) - nvme: guard additional fields in nvme command structures (bsc#1054245) - nvme: host: core: fix precedence of ternary operator (bsc#1054245) - nvme: if_ready checks to fail io to deleting controller (bsc#1077989) - nvme: implement log page low/high offset and dwords (bsc#1054245) - nvme: kABI fix for ANA support in nvme_ctrl (bsc#1054245) - nvme: kABI fixes for nvmet_ctrl (bsc#1054245) - nvme: kabi fixes for nvme_ctrl (bsc#1054245) - nvme: make nvme_get_log_ext non-static (bsc#1054245) - nvme: mark nvme_queue_scan static (bsc#1054245) - nvme: move init of keep_alive work item to controller initialization (bsc#1098706) - nvme: partially revert 'nvme: remove nvme_req_needs_failover' (bsc#1054245) - nvme: reintruduce nvme_get_log_ext() (bsc#1054245) - nvme: remove nvme_req_needs_failover (bsc#1054245) - nvme: simplify the API for getting log pages (bsc#1054245) - nvme: submit AEN event configuration on startup (bsc#1054245) - nvme: use the changed namespaces list log to clear ns data changed AENs (bsc#1054245) - nvmet-fc: fix target sgl list on large transfers - nvmet-fc: fix target sgl list on large transfers (,) - nvmet-fc: increase LS buffer count per fc port (bsc#1098706) - nvmet: Revert 'nvmet: constify struct nvmet_fabrics_ops' (bsc#1054245) - nvmet: add AEN configuration support (bsc#1054245) - nvmet: add a new nvmet_zero_sgl helper (bsc#1054245) - nvmet: add minimal ANA support (bsc#1054245) - nvmet: constify struct nvmet_fabrics_ops (bsc#1054245) - nvmet: filter newlines from user input (bsc#1054245) - nvmet: fixup crash on NULL device path (bsc#1054245) - nvmet: implement the changed namespaces log (bsc#1054245) - nvmet: kABI fixes for ANA support (bsc#1054245) - nvmet: keep a port pointer in nvmet_ctrl (bsc#1054245) - nvmet: mask pending AENs (bsc#1054245) - nvmet: reset keep alive timer in controller enable (bsc#1054245) - nvmet: return all zeroed buffer when we can't find an active namespace (bsc#1054245) - nvmet: split log page implementation (bsc#1054245) - nvmet: support configuring ANA groups (bsc#1054245) - nvmet: switch loopback target state to connecting when resetting (bsc#1098706) - nvmet: track and limit the number of namespaces per subsystem (1054245) - nvmet: use Retain Async Event bit to clear AEN (bsc#1054245) - of/pci: Fix theoretical NULL dereference (bsc#1051510) - of: Make of_fwnode_handle() safer (bsc#1098633) - of: fix DMA mask generation (bsc#1051510) - of: overlay: validate offset from property fixups (bsc#1051510) - of: platform: stop accessing invalid dev in of_platform_device_destroy (bsc#1051510) - of: restrict DMA configuration (bsc#1051510) - of: unittest: for strings, account for trailing \0 in property length field (bsc#1051510) - openvswitch: Do not swap table in nlattr_set() after OVS_ATTR_NESTED is found (networking-stable-18_05_15) - p54: do not unregister leds when they are not initialized (bsc#1051510) - packet: fix bitfield update race (networking-stable-18_04_26) - pci: Account for all bridges on bus when distributing bus numbers (bsc#1100132) - pci: Add ACS quirk for Intel 300 series (bsc#1051510) - pci: Add ACS quirk for Intel 7th and 8th Gen mobile (bsc#1051510) - pci: Add function 1 DMA alias quirk for Marvell 88SE9220 (bsc#1051510) - pci: Mark Broadcom HT1100 and HT2000 Root Port Extended Tags as broken (bsc#1051510) - pci: Restore config space on runtime resume despite being unbound (bsc#1051510) - pci: aardvark: Fix logic in advk_pcie_{rd,wr}_conf() (bsc#1051510) - pci: aardvark: Fix pcie Max Read Request Size setting (bsc#1051510) - pci: aardvark: Set PIO_ADDR_LS correctly in advk_pcie_rd_conf() (bsc#1051510) - pci: aardvark: Use ISR1 instead of ISR0 interrupt in legacy irq mode (bsc#1051510) - pci: altera: Fix bool initialization in tlp_read_packet() (bsc#1051510) - pci: dwc: Fix enumeration end when reaching root subordinate (bsc#1100132) - pci: endpoint: Fix kernel panic after put_device() (bsc#1051510) - pci: endpoint: Populate func_no before calling pci_epc_add_epf() (bsc#1051510) - pci: exynos: Fix a potential init_clk_resources NULL pointer dereference (bsc#1051510) - pci: faraday: Fix of_irq_get() error check (bsc#1051510) - pci: ibmphp: Fix use-before-set in get_max_bus_speed() (bsc#1051510) - pci: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume (bsc#1051510) - pci: shpchp: Fix AMD POGO identification (bsc#1051510) - perf intel-pt: Always set no branch for dummy event (bsc#1087217) - perf intel-pt: Set no_aux_samples for the tracking event (bsc#1087217) - perf/x86/intel/uncore: Add event constraint for BDX PCU (bsc#1087202) - perf/x86/intel/uncore: Fix SKX CHA event extra regs (bsc#1087233) - perf/x86/intel/uncore: Fix Skylake UPI PMU event masks (bsc#1087233) - perf/x86/intel/uncore: Fix Skylake server CHA LLC_LOOKUP event umask (bsc#1087233) - perf/x86/intel/uncore: Fix Skylake server PCU PMU event format (bsc#1087233) - perf/x86/intel/uncore: Fix missing marker for skx_uncore_cha_extra_regs (bsc#1087233) - perf/x86/intel/uncore: Remove invalid Skylake server CHA filter field (bsc#1087233) - perf/x86: Fix data source decoding for Skylake - phy: add sgmii and 10gkr modes to the phy_mode enum (bsc#1098633) - pinctrl/amd: Fix build dependency on pinmux code (bsc#1051510) - pinctrl/amd: save pin registers over suspend/resume (bsc#1051510) - pinctrl: adi2: Fix Kconfig build problem (bsc#1051510) - pinctrl: armada-37xx: Fix direction_output() callback behavior (bsc#1051510) - pinctrl: artpec6: dt: add missing pin group uart5nocts (bsc#1051510) - pinctrl: bcm2835: Avoid warning from __irq_do_set_handler (bsc#1051510) - pinctrl: imx: fix debug message for SHARE_MUX_CONF_REG case (bsc#1051510) - pinctrl: intel: Initialize GPIO properly when used through irqchip (bsc#1087092) - pinctrl: intel: Read back TX buffer state (bsc#1051510) - pinctrl: meson-gxbb: remove non-existing pin GPIOX_22 (bsc#1051510) - pinctrl: meson-gxl: Fix typo in AO I2S pins (bsc#1051510) - pinctrl: meson-gxl: Fix typo in AO SPDIF pins (bsc#1051510) - pinctrl: mvebu: use correct MPP sel value for dev pins (bsc#1051510) - pinctrl: nand: meson-gxbb: fix missing data pins (bsc#1051510) - pinctrl: nsp: Fix potential NULL dereference (bsc#1051510) - pinctrl: nsp: off by ones in nsp_pinmux_enable() (bsc#1100132) - pinctrl: pinctrl-single: Fix pcs_request_gpio() when bits_per_mux != 0 (bsc#1051510) - pinctrl: pxa: pxa2xx: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510) - pinctrl: rockchip: enable clock when reading pin direction register (bsc#1051510) - pinctrl: samsung: Fix NULL pointer exception on external interrupts on S3C24xx (bsc#1051510) - pinctrl: samsung: Fix invalid register offset used for Exynos5433 external interrupts (bsc#1051510) - pinctrl: sh-pfc: r8a7790: Add missing TX_ER pin to avb_mii group (bsc#1051510) - pinctrl: sh-pfc: r8a7795-es1: Fix MOD_SEL1 bit[25:24] to 0x3 when using STP_ISEN_1_D (bsc#1051510) - pinctrl: sh-pfc: r8a7795: Fix MOD_SEL register pin assignment for SSI pins group (bsc#1051510) - pinctrl: sh-pfc: r8a7795: Fix to delete A20..A25 pins function definitions (bsc#1051510) - pinctrl: sh-pfc: r8a7796: Fix IPSR and MOD_SEL register pin assignment for NDFC pins group (bsc#1051510) - pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI pins group (bsc#1051510) - pinctrl: sh-pfc: r8a7796: Fix to delete A20..A25 pins function definitions (bsc#1051510) - pinctrl: sh-pfc: r8a7796: Fix to delete FSCLKST pin and IPSR7 bit[15:12] register definitions (bsc#1051510) - pinctrl: sunxi: Fix A64 UART mux value (bsc#1051510) - pinctrl: sunxi: Fix A80 interrupt pin bank (bsc#1051510) - pinctrl: sunxi: fix V3s pinctrl driver IRQ bank base (bsc#1051510) - pinctrl: sunxi: fix wrong irq_banks number for H5 pinctrl (bsc#1051510) - pinctrl: sx150x: Add a static gpio/pinctrl pin range mapping (bsc#1051510) - pinctrl: sx150x: Register pinctrl before adding the gpiochip (bsc#1051510) - pinctrl: sx150x: Unregister the pinctrl on release (bsc#1051510) - pinctrl: uniphier: fix members of rmii group for Pro4 (bsc#1051510) - pinctrl: uniphier: fix pin_config_get() for input-enable (bsc#1051510) - pipe: fix off-by-one error when checking buffer limits (bsc#1051510) - pktcdvd: Fix a recently introduced NULL pointer dereference (bsc#1099918) - pktcdvd: Fix pkt_setup_dev() error path (bsc#1099918) - platform/chrome: cros_ec_lpc: remove redundant pointer request (bsc#1051510) - platform/x86: asus-wmi: Fix NULL pointer dereference (bsc#1051510) - platform/x86: ideapad-laptop: Apply no_hw_rfkill to Y20-15IKBM, too (bsc#1098626) - pm/core: Fix supplier device runtime PM usage counter imbalance (bsc#1051510) - pm/hibernate: Fix oops at snapshot_write() (bsc#1051510) - pm/hibernate: Use CONFIG_HAVE_SET_MEMORY for include condition (bsc#1051510) - pm/wakeup: Only update last time for active wakeup sources (bsc#1051510) - power: gemini-poweroff: Avoid spurious poweroff (bsc#1051510) - power: supply: act8945a_charger: fix of_irq_get() error check (bsc#1051510) - power: supply: cpcap-charger: add OMAP_usb2 dependency (bsc#1051510) - powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently (bnc#1012382) - powerpc/64s: Clear PCR on boot (bnc#1012382) - powerpc/64s: Fix mce accounting for powernv (bsc#1094244) - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041) - powerpc/eeh: Fix enabling bridge MMIO windows (bnc#1012382) - powerpc/fadump: Unregister fadump on kexec down path (bnc#1012382) - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch (bnc#1012382) - powerpc/mm: Fix thread_pkey_regs_init() (, bsc#1078248, git-fixes) - powerpc/mm: Fix thread_pkey_regs_init() (bsc#1078248, git-fixes) - powerpc/mpic: Check if cpu_possible() in mpic_physmask() (bnc#1012382) - powerpc/pkeys: Detach execute_only key on !PROT_EXEC (, bsc#1078248, git-fixes) - powerpc/pkeys: Detach execute_only key on !PROT_EXEC (bsc#1078248, git-fixes) - powerpc/pkeys: Drop private VM_PKEY definitions (, bsc#1078248) - powerpc/pkeys: Drop private VM_PKEY definitions (bsc#1078248) - powerpc/powernv: Fix NVRAM sleep in invalid context when crashing (bnc#1012382) - powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops (bnc#1012382) - powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() (bnc#1012382) - powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops (bnc#1012382) - powerpc/ptrace: Fix enforcement of DAWR constraints (bsc#1099918) - powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG (bnc#1012382) - powerpc: Add missing prototype for arch_irq_work_raise() (bnc#1012382) - powerpc: Machine check interrupt is a non-maskable interrupt (bsc#1094244) - powerpc: mmu_context: provide old version of mm_iommu_ua_to_hpa (bsc#1077761, git-fixes) - ppp: avoid loop in xmit recursion detection code (networking-stable-18_03_28) - ppp: prevent unregistered channels from connecting to PPP units (networking-stable-18_03_07) - ppp: unlock all_ppp_mutex before registering device (networking-stable-18_01_28) - pppoe: check sockaddr length in pppoe_connect() (networking-stable-18_04_26) - pppoe: take ->needed_headroom of lower device into account on xmit (networking-stable-18_01_28) - pptp: remove a buggy dst release in pptp_connect() (networking-stable-18_04_10) - printk: fix possible reuse of va_list variable (bsc#1100602) - procfs: add tunable for fd/fdinfo dentry retention (bsc#1086652) - pty: cancel pty slave port buf's work in tty_release (bsc#1051510) - pwm: lpss: platform: Save/restore the ctrl register over a suspend/resume (bsc#1051510) - pwm: meson: Fix allocation of PWM channel array (bsc#1051510) - pwm: meson: Improve PWM calculation precision (bsc#1051510) - pwm: rcar: Fix a condition to prevent mismatch value setting to duty (bsc#1051510) - pwm: stm32: Enforce dependency on CONFIG_MFD_STM32_TIMERS (bsc#1051510) - pwm: stm32: Remove unused struct device (bsc#1051510) - pwm: stmpe: Fix wrong register offset for hwpwm=2 case (bsc#1051510) - pwm: tiehrpwm: Fix runtime PM imbalance at unbind (bsc#1051510) - pwm: tiehrpwm: fix clock imbalance in probe error path (bsc#1051510) - qed* : Add new TLV to request PF to update MAC in bulletin board (bsc#1086314 bsc#1086313 bsc#1086301) - qed* : Add new TLV to request PF to update MAC in bulletin board (bsc#1086314 bsc#1086313 bsc#1086301) - qed* : use trust mode to allow VF to override forced MAC (bsc#1086314 bsc#1086313 bsc#1086301) - qed* : use trust mode to allow VF to override forced MAC (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Advance drivers' version to 8.33.0.20 (bsc#1086314) - qed*: HSI renaming for different types of HW (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: HSI renaming for different types of HW (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Refactor mf_mode to consist of bits (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Refactor mf_mode to consist of bits (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Refactoring and rearranging FW API with no functional impact (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Refactoring and rearranging FW API with no functional impact (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Support drop action classification (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Support drop action classification (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Support other classification modes (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Support other classification modes (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Utilize FW 8.33.1.0 (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Utilize FW 8.33.1.0 (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Utilize FW 8.33.11.0 (bsc#1086314 bsc#1086313 bsc#1086301) - qed*: Utilize FW 8.33.11.0 (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Adapter flash update support (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Adapter flash update support (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add APIs for flash access (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add APIs for flash access (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add MFW interfaces for TLV request support (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add MFW interfaces for TLV request support (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add configuration information to register dump and debug data (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add configuration information to register dump and debug data (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add driver infrastucture for handling mfw requests (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add driver infrastucture for handling mfw requests (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add sanity check for SIMD fastpath handler (bsc#1050536) - qed: Add support for Unified Fabric Port (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add support for Unified Fabric Port (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add support for multi function mode with 802.1ad tagging (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add support for multi function mode with 802.1ad tagging (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add support for processing fcoe tlv request (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add support for processing fcoe tlv request (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add support for processing iscsi tlv request (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add support for processing iscsi tlv request (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add support for tlv request processing (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Add support for tlv request processing (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Correct Multicast API to reflect existence of 256 approximate buckets (bsc#1050536) - qed: Correct Multicast API to reflect existence of 256 approximate buckets (bsc#1050536) - qed: Delete unused parameter p_ptt from mcp APIs (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Delete unused parameter p_ptt from mcp APIs (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Do not advertise DCBX_LLD_MANAGED capability (bsc#1050536) - qed: Fix LL2 race during connection terminate (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix LL2 race during connection terminate (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix PTT entry leak in the selftest error flow (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix PTT entry leak in the selftest error flow (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix copying 2 strings (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix copying 2 strings (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix link flap issue due to mismatching EEE capabilities (bsc#1050536) - qed: Fix link flap issue due to mismatching EEE capabilities (bsc#1050536) - qed: Fix mask for physical address in ILT entry (networking-stable-18_06_08) - qed: Fix possibility of list corruption during rmmod flows (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix possibility of list corruption during rmmod flows (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix possible memory leak in Rx error path handling (bsc#1050536) - qed: Fix possible memory leak in Rx error path handling (bsc#1050536) - qed: Fix possible race for the link state value (bsc#1050536) - qed: Fix potential use-after-free in qed_spq_post() (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix potential use-after-free in qed_spq_post() (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix reading stale configuration information (bsc#1086314) - qed: Fix setting of incorrect eswitch mode (bsc#1050536) - qed: Fix shared memory inconsistency between driver and the MFW (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix shared memory inconsistency between driver and the MFW (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix use of incorrect shmem address (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix use of incorrect shmem address (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Fix use of incorrect size in memcpy call (bsc#1050536) - qed: Free reserved MR tid (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Free reserved MR tid (bsc#1086314 bsc#1086313 bsc#1086301) - qed: LL2 flush isles when connection is closed (bsc#1086314 bsc#1086313 bsc#1086301) - qed: LL2 flush isles when connection is closed (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Limit msix vectors in kdump kernel to the minimum required count (bsc#1050536) - qed: Limit msix vectors in kdump kernel to the minimum required count (bsc#1050536) - qed: Populate nvm image attribute shadow (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Populate nvm image attribute shadow (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Remove reserveration of dpi for kernel (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Remove reserveration of dpi for kernel (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Remove unused data member 'is_mf_default' (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Remove unused data member 'is_mf_default' (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Use true and false for boolean values (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Use true and false for boolean values (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Use zeroing memory allocator than allocator/memset (bsc#1086314 bsc#1086313 bsc#1086301) - qed: Use zeroing memory allocator than allocator/memset (bsc#1086314 bsc#1086313 bsc#1086301) - qed: code indent should use tabs where possible (bsc#1086314 bsc#1086313 bsc#1086301) - qed: code indent should use tabs where possible (bsc#1086314 bsc#1086313 bsc#1086301) - qed: fix spelling mistake: 'checksumed' -> 'checksummed' (bsc#1086314 bsc#1086313 bsc#1086301) - qed: fix spelling mistake: 'checksumed' -> 'checksummed' (bsc#1086314 bsc#1086313 bsc#1086301) - qed: fix spelling mistake: 'offloded' -> 'offloaded' (bsc#1086314 bsc#1086313 bsc#1086301) - qed: fix spelling mistake: 'offloded' -> 'offloaded' (bsc#1086314 bsc#1086313 bsc#1086301) - qed: fix spelling mistake: 'taskelt' -> 'tasklet' (bsc#1086314 bsc#1086313 bsc#1086301) - qed: fix spelling mistake: 'taskelt' -> 'tasklet' (bsc#1086314 bsc#1086313 bsc#1086301) - qed: off by one in qed_parse_mcp_trace_buf() (bsc#1086314 bsc#1086313 bsc#1086301) - qed: off by one in qed_parse_mcp_trace_buf() (bsc#1086314 bsc#1086313 bsc#1086301) - qed: use kzalloc instead of kmalloc and memset (bsc#1086314 bsc#1086313 bsc#1086301) - qed: use kzalloc instead of kmalloc and memset (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Add build_skb() support (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Add build_skb() support (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Add support for populating ethernet TLVs (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Add support for populating ethernet TLVs (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Adverstise software timestamp caps when PHC is not available (bsc#1050538) - qede: Adverstise software timestamp caps when PHC is not available (bsc#1050538) - qede: Do not drop rx-checksum invalidated packets (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Do not drop rx-checksum invalidated packets (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Ethtool flash update support (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Ethtool flash update support (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Fix barrier usage after tx doorbell write (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Fix barrier usage after tx doorbell write (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Fix ref-cnt usage count (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Fix ref-cnt usage count (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Refactor ethtool rx classification flow (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Refactor ethtool rx classification flow (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Support flow classification to the VFs (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Support flow classification to the VFs (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Use NETIF_F_GRO_HW (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Use NETIF_F_GRO_HW (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Validate unsupported configurations (bsc#1086314 bsc#1086313 bsc#1086301) - qede: Validate unsupported configurations (bsc#1086314 bsc#1086313 bsc#1086301) - qede: fix spelling mistake: 'registeration' -> 'registration' (bsc#1086314 bsc#1086313 bsc#1086301) - qede: fix spelling mistake: 'registeration' -> 'registration' (bsc#1086314 bsc#1086313 bsc#1086301) - qedr: Fix spelling mistake: 'hanlde' -> 'handle' (bsc#1086314 bsc#1086313 bsc#1086301) - qedr: Fix spelling mistake: 'hanlde' -> 'handle' (bsc#1086314 bsc#1086313 bsc#1086301) - qlogic/qed: Constify *pkt_type_str (bsc#1086314 bsc#1086313 bsc#1086301) - qlogic/qed: Constify *pkt_type_str (bsc#1086314 bsc#1086313 bsc#1086301) - qlogic: check kstrtoul() for errors (bsc#1050540) - qmi_wwan: Add support for Quectel EP06 (networking-stable-18_02_06) - qmi_wwan: add support for Quectel EG91 (bsc#1051510) - qmi_wwan: add support for the Dell Wireless 5821e module (bsc#1051510) - qmi_wwan: fix interface number for DW5821e production firmware (bsc#1051510) - qmi_wwan: set FLAG_SEND_ZLP to avoid network initiated disconnect (bsc#1051510) - r8152: fix tx packets accounting (bsc#1051510) - r8152: napi hangup fix after disconnect (bsc#1051510) - r8169: Be drop monitor friendly (bsc#1051510) - rbd: flush rbd_dev->watch_dwork after watch is unregistered (bsc#1103216) - rdma/bnxt_re: Fix broken RoCE driver due to recent L2 driver changes (bsc#1086283) - rdma/bnxt_re: Fix broken RoCE driver due to recent L2 driver changes (bsc#1086283) - rdma/bnxt_re: Remove redundant bnxt_qplib_disable_nq() call (bsc#1086283) - rdma/bnxt_re: Remove redundant bnxt_qplib_disable_nq() call (bsc#1086283) - rdma/cma: Do not query GID during QP state transition to RTR (bsc#1046306) - rdma/cma: Do not query GID during QP state transition to RTR (bsc#1046306) - rdma/cma: Fix use after destroy access to net namespace for IPoIB (bsc#1046306) - rdma/cma: Fix use after destroy access to net namespace for IPoIB (bsc#1046306) - rdma/cxgb4: Use structs to describe the uABI instead of opencoding (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - rdma/cxgb4: release hw resources on device removal (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - rdma/i40iw: Avoid panic when objects are being created and destroyed (bsc#1058659) - rdma/i40iw: Avoid panic when objects are being created and destroyed (bsc#1058659) - rdma/i40iw: Avoid reference leaks when processing the AEQ (bsc#1058659) - rdma/i40iw: Avoid reference leaks when processing the AEQ (bsc#1058659) - rdma/ipoib: Update paths on CLIENT_REREG/SM_CHANGE events (bsc#1046307) - rdma/ipoib: Update paths on CLIENT_REREG/SM_CHANGE events (bsc#1046307) - rdma/iwpm: fix memory leak on map_info (bsc#1046306) - rdma/mlx4: Discard unknown SQP work requests (bsc#1046302) - rdma/mlx5: Do not assume that medium blueFlame register exists (bsc#1046305) - rdma/mlx5: Do not assume that medium blueFlame register exists (bsc#1046305) - rdma/mlx5: Fix NULL dereference while accessing XRC_TGT QPs (bsc#1046305) - rdma/mlx5: Fix NULL dereference while accessing XRC_TGT QPs (bsc#1046305) - rdma/mlx5: Fix memory leak in mlx5_ib_create_srq() error path (bsc#1046305) - rdma/mlx5: Fix memory leak in mlx5_ib_create_srq() error path (bsc#1046305) - rdma/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow (bsc#1046305) - rdma/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow (bsc#1046305) - rdma/mlx5: Protect from shift operand overflow (bsc#1046305) - rdma/mlx5: Use proper spec flow label type (bsc#1046305) - rdma/qedr: Annotate iomem pointers correctly (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Annotate iomem pointers correctly (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Declare local functions static (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Declare local functions static (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix doorbell bar mapping for dpi > 1 (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix doorbell bar mapping for dpi > 1 (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix endian problems around imm_data (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix endian problems around imm_data (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix iWARP connect with port mapper (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix iWARP connect with port mapper (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix iWARP write and send with immediate (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix iWARP write and send with immediate (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix ipv6 destination address resolution (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix ipv6 destination address resolution (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix kernel panic when running fio over NFSordma (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix kernel panic when running fio over NFSordma (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix wmb usage in qedr (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Fix wmb usage in qedr (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Remove set-but-not-used variables (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Remove set-but-not-used variables (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Use NULL instead of 0 to represent a pointer (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Use NULL instead of 0 to represent a pointer (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Use zeroing memory allocator than allocator/memset (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Use zeroing memory allocator than allocator/memset (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Zero stack memory before copying to user space (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: Zero stack memory before copying to user space (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: eliminate duplicate barriers on weakly-ordered archs (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: eliminate duplicate barriers on weakly-ordered archs (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: lower print level of flushed CQEs (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/qedr: lower print level of flushed CQEs (bsc#1086314 bsc#1086313 bsc#1086301) - rdma/ucma: Do not allow setting rdma_OPTION_IB_PATH without an rdma device (bsc#1046306) - rdma/ucma: Do not allow setting rdma_OPTION_IB_PATH without an rdma device (bsc#1046306) - rdma/ucma: ucma_context reference leak in error path (bsc#1046306) - rdma/ucma: ucma_context reference leak in error path (bsc#1046306) - rdma/uverbs: Protect from attempts to create flows on unsupported QP (bsc#1046306) - rdma/uverbs: Protect from attempts to create flows on unsupported QP (bsc#1046306) - rdma/uverbs: Use an unambiguous errno for method not supported (bsc#1046306) - rdma/uverbs: Use an unambiguous errno for method not supported (bsc#1046306) - rds: MP-RDS may use an invalid c_path (networking-stable-18_04_13) - rds: do not leak kernel memory to user land (networking-stable-18_05_15) - regulator: Do not return or expect -errno from of_map_mode() (bsc#1099029) - regulator: max8998: Fix platform data retrieval (bsc#1051510) - regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' (bsc#1051510) - regulator: qcom_spmi: Include offset when translating voltages (bsc#1051510) - regulator: tps65218: Fix strobe assignment (bsc#1051510) - restore cond_resched() in shrink_dcache_parent() (bsc#1098599) - rmdir(),rename(): do shrink_dcache_parent() only on success (bsc#1100340) - rocker: fix possible null pointer dereference in rocker_router_fib_event_work (networking-stable-18_02_06) - route: check sysctl_fib_multipath_use_neigh earlier than hash (networking-stable-18_04_10) - rpm/config.sh: Use SUSE:SLE-15:Update project instead of GA - rpm/kernel-docs.spec.in: Fix and cleanup for 4.13 doc build (bsc#1048129) The whole DocBook stuff has been deleted. The PDF build still non-working thus the sub-packaging disabled so far - rpm/kernel-source.changes.old: Add pre-SLE15 history (bsc#1098995) - rpm/kernel-source.spec.in: Add more stuff to Recommends ... and move bc to Recommends as well. All these packages are needed for building a kernel manually from scratch with kernel-source files - rpm/kernel-source.spec.in: require bc for kernel-source This is needed for building include/generated/timeconst.h from kernel/time/timeconst.bc - rpm: ignore CONFIG_GCC_VERSION when checking for oldconfig changes Since 4.18-rc1, 'make oldconfig' writes gcc version and capabilities into generated .config. Thus whenever we build the package or run checks with different gcc version than used to update config/*/*, check for 'outdated configs' fails. As a quick band-aid, omit the lines with CONFIG_GCC_VERSION from both configs before comparing them. This way, the check won't fail unless run with newer gcc which would add new capabilities. More robust solution will require a wider discussion - rtc: ac100: Fix ac100 determine rate bug (bsc#1051510) - rtc: hctosys: Ensure system time does not overflow time_t (bsc#1051510) - rtc: pxa: fix probe function (bsc#1051510) - rtc: snvs: Fix usage of snvs_rtc_enable (bsc#1051510) - rtc: tx4939: avoid unintended sign extension on a 24 bit shift (bsc#1051510) - rtlwifi: Fix kernel Oops 'Fw download fail!!' (bsc#1051510) - rtlwifi: rtl8821ae: fix firmware is not ready to run (bsc#1051510) - rtnetlink: validate attributes in do_setlink() (networking-stable-18_06_08) - rxrpc: Fix send in rxrpc_send_data_packet() (networking-stable-18_03_07) - s390/crc32-vx: use expoline for indirect branches (git-fixes f19fbd5ed6) - s390/ftrace: use expoline for indirect branches (git-fixes f19fbd5ed6) - s390/gs: add compat regset for the guarded storage broadcast control block (git-fixes e525f8a6e696) - s390/kernel: use expoline for indirect branches (git-fixes f19fbd5ed6) - s390/lib: use expoline for indirect branches (git-fixes f19fbd5ed6) - s390/qdio: do not merge ERROR output buffers (bsc#1099715) - s390/qdio: do not retry EQBS after CCQ 96 (bsc#1102088, LTC#169699) - s390/qeth: do not dump control cmd twice (bsc#1099715) - s390/qeth: fix IPA command submission race (bsc#1099715) - s390/qeth: fix IPA command submission race (networking-stable-18_03_07) - s390/qeth: fix error handling in adapter command callbacks (bsc#1102088, LTC#169699) - s390/qeth: fix overestimated count of buffer elements (bsc#1099715) - s390/qeth: fix overestimated count of buffer elements (networking-stable-18_03_07) - s390/qeth: fix race when setting MAC address (bnc#1093148, LTC#167307) - s390/qeth: free netdevice when removing a card (bsc#1099715) - s390/qeth: free netdevice when removing a card (networking-stable-18_03_28) - s390/qeth: lock read device while queueing next buffer (bsc#1099715) - s390/qeth: lock read device while queueing next buffer (networking-stable-18_03_28) - s390/qeth: when thread completes, wake up all waiters (bsc#1099715) - s390/qeth: when thread completes, wake up all waiters (networking-stable-18_03_28) - s390: Correct register corruption in critical section cleanup (git-fixes 6dd85fbb87) - s390: add assembler macros for CPU alternatives (git-fixes f19fbd5ed6) - s390: correct module section names for expoline code revert (git-fixes f19fbd5ed6) - s390: extend expoline to BC instructions (git-fixes, bsc#1103421) - s390: move expoline assembler macros to a header (git-fixes f19fbd5ed6) - s390: move spectre sysfs attribute code (bsc#1090098) - s390: optimize memset implementation (git-fixes f19fbd5ed6) - s390: remove indirect branch from do_softirq_own_stack (git-fixes f19fbd5ed6) - s390: use expoline thunks in the BPF JIT (git-fixes, bsc#1103421) - sch_netem: fix skb leak in netem_enqueue() (networking-stable-18_03_28) - sched/core: Optimize ttwu_stat() (bnc#1101669 optimise numa balancing for fast migrate) - sched/core: Optimize update_stats_*() (bnc#1101669 optimise numa balancing for fast migrate) - scripts/dtc: fix '%zx' warning (bsc#1051510) - scripts/gdb/linux/tasks.py: fix get_thread_info (bsc#1051510) - scripts/git_sort/git_sort.py: Add 'nvme-4.18' to the list of repositories - scripts/git_sort/git_sort.py: add modules-next tree - scripts/kernel-doc: Do not fail with status != 0 if error encountered with -none (bsc#1051510) - scsi: Revert 'scsi: core: return BLK_STS_OK for DID_OK in __scsi_error_from_host_byte()' (bsc#1099918) - scsi: aacraid: Correct hba_send to include iu_type (bsc#1077989) - scsi: core: clean up generated file scsi_devinfo_tbl.c (bsc#1077989) - scsi: core: return BLK_STS_OK for DID_OK in __scsi_error_from_host_byte() (bsc#1099918) - scsi: cxgb4i: silence overflow warning in t4_uld_rx_handler() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - scsi: ipr: Format HCAM overlay ID 0x41 (bsc#1097961) - scsi: ipr: new IOASC update (bsc#1097961) - scsi: lpfc: Add per io channel NVME IO statistics (bsc#1088866) - scsi: lpfc: Change IO submit return to EBUSY if remote port is recovering (bsc#1088866) - scsi: lpfc: Comment cleanup regarding Broadcom copyright header (bsc#1088866) - scsi: lpfc: Correct fw download error message (bsc#1088866) - scsi: lpfc: Correct missing remoteport registration during link bounces (bsc#1088866) - scsi: lpfc: Correct target queue depth application changes (bsc#1088866) - scsi: lpfc: Driver NVME load fails when CPU cnt > WQ resource cnt (bsc#1088866) - scsi: lpfc: Enhance log messages when reporting CQE errors (bsc#1088866) - scsi: lpfc: Enlarge nvmet asynchronous receive buffer counts (bsc#1088866) - scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1093290) - scsi: lpfc: Fix Abort request WQ selection (bsc#1088866) - scsi: lpfc: Fix MDS diagnostics failure (bsc#1088866) - scsi: lpfc: Fix NULL pointer access in lpfc_nvme_info_show (bsc#1088866) - scsi: lpfc: Fix NULL pointer reference when resetting adapter (bsc#1088866) - scsi: lpfc: Fix crash in blk_mq layer when executing modprobe -r lpfc (bsc#1088866) - scsi: lpfc: Fix driver not recovering NVME rports during target link faults (bsc#1088866) - scsi: lpfc: Fix lingering lpfc_wq resource after driver unload (bsc#1088866) - scsi: lpfc: Fix multiple PRLI completion error path (bsc#1088866) - scsi: lpfc: Fix nvme remoteport registration race conditions (bsc#1088866) - scsi: lpfc: Fix port initialization failure (bsc#1093290) - scsi: lpfc: Fix up log messages and stats counters in IO submit code path (bsc#1088866) - scsi: lpfc: Handle new link fault code returned by adapter firmware (bsc#1088866) - scsi: lpfc: correct oversubscription of nvme io requests for an adapter (bsc#1088866) - scsi: lpfc: enhance LE data structure copies to hardware (bsc#1088866) - scsi: lpfc: fix spelling mistakes: 'mabilbox' and 'maibox' (bsc#1088866) - scsi: lpfc: update driver version to 12.0.0.2 (bsc#1088866) - scsi: lpfc: update driver version to 12.0.0.3 (bsc#1088866) - scsi: lpfc: update driver version to 12.0.0.4 (bsc#1088866) - scsi: megaraid_sas: Do not log an error if FW successfully initializes (bsc#1077989) - scsi: qla2xxx: Fix inconsistent DMA mem alloc/free (bsc#1077989) - scsi: qla2xxx: Fix kernel crash due to late workqueue allocation (bsc#1077338) - scsi: sg: mitigate read/write abuse (bsc#1101296) - scsi: target: fix crash with iscsi target and dvd (bsc#1099918) - scsi: zfcp: fix infinite iteration on ERP ready list (bsc#1102088, LTC#169699) - scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed (bsc#1102088, LTC#169699) - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED (bsc#1102088, LTC#169699) - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread (bsc#1102088, LTC#169699) - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return (bsc#1102088, LTC#169699) - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED (bsc#1102088, LTC#169699) - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler (bsc#1102088, LTC#169699) - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF (bsc#1102088, LTC#169699) - sctp: delay the authentication for the duplicated cookie-echo chunk (networking-stable-18_05_15) - sctp: do not check port in sctp_inet6_cmp_addr (networking-stable-18_04_26) - sctp: do not leak kernel memory to user space (networking-stable-18_04_10) - sctp: fix dst refcnt leak in sctp_v6_get_dst() (networking-stable-18_03_07) - sctp: fix the issue that the cookie-ack with auth can't get processed (networking-stable-18_05_15) - sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr (git-fixes) - sctp: not allow transport timeout value less than HZ/5 for hb_timer (networking-stable-18_06_08) - sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg (networking-stable-18_05_15) - sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 (networking-stable-18_04_10) - sctp: use the old asoc when making the cookie-ack chunk in dupcook_d (networking-stable-18_05_15) - selinux: KASAN: slab-out-of-bounds in xattr_getsecurity (bsc#1051510) - selinux: ensure the context is NUL terminated in security_context_to_sid_core() (bsc#1051510) - selinux: skip bounded transition processing if the policy isn't loaded (bsc#1051510) - serdev: fix memleak on module unload (bsc#1051510) - serial: 8250: omap: Fix idling of clocks for unused uarts (bsc#1051510) - serial: altera: ensure port->regshift is honored consistently (bsc#1051510) - serial: arc_uart: Fix out-of-bounds access through DT alias (bsc#1051510) - serial: earlycon: Only try fdt when specify 'earlycon' exactly (bsc#1051510) - serial: fsl_lpuart: Fix out-of-bounds access through DT alias (bsc#1051510) - serial: imx: Fix out-of-bounds access through serial port index (bsc#1051510) - serial: imx: drop if that always evaluates to true (bsc#1051510) - serial: mxs-auart: Fix out-of-bounds access through serial port index (bsc#1051510) - serial: pxa: Fix out-of-bounds access through serial port index (bsc#1051510) - serial: samsung: Fix out-of-bounds access through serial port index (bsc#1051510) - serial: samsung: fix maxburst parameter for DMA transactions (bsc#1051510) - serial: sh-sci: Fix out-of-bounds access through DT alias (bsc#1051510) - serial: sh-sci: Stop using printk format %pCr (bsc#1051510) - serial: sh-sci: Update warning message in sci_request_dma_chan() (bsc#1051510) - serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version (bsc#1051510) - serial: sirf: Fix out-of-bounds access through DT alias (bsc#1051510) - serial: xuartps: Fix out-of-bounds access through DT alias (bsc#1051510) - series.conf: Sort scheduler stats optimisations - sfc: stop the TX queue before pushing new buffers (bsc#1058169) - skbuff: Fix not waking applications when errors are enqueued (networking-stable-18_03_28) - slip: Check if rstate is initialized before uncompressing (networking-stable-18_04_13) - smsc75xx: Add workaround for gigabit link up hardware errata (bsc#1051510) - smsc75xx: fix smsc75xx_set_features() (bsc#1051510) - smsc95xx: Configure pause time to 0xffff when tx flow control enabled (bsc#1051510) - soc/fsl/qbman: fix issue in qman_delete_cgr_safe() (networking-stable-18_03_28) - socket: close race condition between sock_close() and sockfs_setattr() (networking-stable-18_06_20) - soreuseport: fix mem leak in reuseport_add_sock() (networking-stable-18_02_06) - spi: bcm-qspi: fIX some error handling paths (bsc#1051510) - spi: core: Fix devm_spi_register_master() function name in kerneldoc (bsc#1051510) - spi: pxa2xx: Do not touch CS pin until we have a transfer pending (bsc#1051510) - spi: sh-msiof: Fix bit field overflow writes to TSCR/RSCR (bsc#1051510) - staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write() (bsc#1051510) - staging: fbtft: array underflow in fbtft_request_gpios_match() (bsc#1051510) - staging: iio: ade7759: fix signed extension bug on shift of a u8 (bsc#1051510) - staging: rtl8723bs: Prevent an underflow in rtw_check_beacon_data() (bsc#1051510) - staging: rtl8723bs: add missing range check on id (bsc#1051510) - staging: rtl8723bs: fix u8 less than zero check (bsc#1051510) - staging: rts5208: Fix 'seg_no' calculation in reset_ms_card() (bsc#1051510) - staging: sm750fb: Fix parameter mistake in poke32 (bsc#1051510) - staging:iio:ade7854: Fix error handling on read/write (bsc#1051510) - staging:iio:ade7854: Fix the wrong number of bits to read (bsc#1051510) - stm class: Fix a use-after-free (bsc#1051510) - stm class: Use vmalloc for the master map (bsc#1051510) - strparser: Do not call mod_delayed_work with a timeout of LONG_MAX (networking-stable-18_04_26) - strparser: Fix incorrect strp->need_bytes value (networking-stable-18_04_26) - strparser: Fix sign of err codes (networking-stable-18_04_10) - sunrpc: remove incorrect HMAC request initialization (bsc#1051510) - swap: divide-by-zero when zero length swap file on ssd (bsc#1051510) - tcp: do not read out-of-bounds opsize (networking-stable-18_04_26) - tcp: ignore Fast Open on repair mode (networking-stable-18_05_15) - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets (networking-stable-18_04_26) - tcp: release sk_frag.page in tcp_disconnect (networking-stable-18_02_06) - tcp: revert F-RTO extension to detect more spurious timeouts (networking-stable-18_03_07) - tcp: verify the checksum of the first data segment in a new connection (networking-stable-18_06_20) - tcp_bbr: fix to zero idle_restart only upon S/ACKed data (networking-stable-18_05_15) - team: Fix double free in error path (networking-stable-18_03_28) - team: avoid adding twice the same option to the event list (networking-stable-18_04_26) - team: fix netconsole setup over team (networking-stable-18_04_26) - team: move dev_mc_sync after master_upper_dev_link in team_port_add (networking-stable-18_04_10) - team: use netdev_features_t instead of u32 (networking-stable-18_06_08) - tee: check shm references are consistent in offset/size (bsc#1051510) - tee: shm: fix use-after-free via temporarily dropped reference (bsc#1051510) - test_firmware: fix missing unlock on error in config_num_requests_store() (bsc#1051510) - test_firmware: fix setting old custom fw path back on exit (bsc#1051510) - test_firmware: fix setting old custom fw path back on exit, second try (bsc#1051510) - tg3: APE heartbeat changes (bsc#1086286) - tg3: Add Macronix NVRAM support (bsc#1086286) - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent() (bsc#1086286) - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent() (bsc#1086286) - tg3: prevent scheduling while atomic splat (bsc#1086286) - thermal/drivers/hisi: Fix kernel panic on alarm interrupt (bsc#1051510) - thermal/drivers/hisi: Fix missing interrupt enablement (bsc#1051510) - thermal/drivers/hisi: Fix multiple alarm interrupts firing (bsc#1051510) - thermal/drivers/hisi: Simplify the temperature/step computation (bsc#1051510) - thermal: bcm2835: Stop using printk format %pCr (bsc#1051510) - thermal: bcm2835: fix an error code in probe() (bsc#1051510) - thermal: exynos: Propagate error value from tmu_read() (bsc#1051510) - thermal: exynos: Reading temperature makes sense only when TMU is turned on (bsc#1051510) - thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies (bsc#1051510) - thermal: int3400_thermal: fix error handling in int3400_thermal_probe() (bsc#1051510) - thermal: int3403_thermal: Fix NULL pointer deref on module load / probe (bsc#1051510) - time: Make sure jiffies_to_msecs() preserves non-zero time periods (bsc#1051510) - timekeeping: Eliminate the stale declaration of ktime_get_raw_and_real_ts64() (bsc#1099918) - timekeeping: Use proper timekeeper for debug code (bsc#1051510) - tipc: add policy for TIPC_NLA_NET_ADDR (networking-stable-18_04_26) - tipc: fix a memory leak in tipc_nl_node_get_link() (networking-stable-18_01_28) - tools lib traceevent: Fix get_field_str() for dynamic strings (bsc#1051510) - tools lib traceevent: Simplify pointer print logic and fix %pF (bsc#1051510) - tools/lib/lockdep: Define the ARRAY_SIZE() macro (bsc#1051510) - tools/lib/lockdep: Fix undefined symbol prandom_u32 (bsc#1051510) - tools/libbpf: handle issues with bpf ELF objects containing .eh_frames (bsc#1051510) - tools/power turbostat: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1051510) - tools/thermal: tmon: fix for segfault (bsc#1051510) - tools/usbip: fixes build with musl libc toolchain (bsc#1051510) - tracing/uprobe_event: Fix strncpy corner case (bsc#1099918) - tracing: Fix converting enum's from the map in trace_event_eval_update() (bsc#1099918) - tracing: Fix missing tab for hwlat_detector print format (bsc#1099918) - tracing: Kconfig text fixes for CONFIG_HWLAT_TRACER (bsc#1099918) - tracing: Make the snapshot trigger work with instances (bsc#1099918) - tracing: probeevent: Fix to support minus offset from symbol (bsc#1099918) - tty/serial: atmel: use port->name as name in request_irq() (bsc#1051510) - tty: Avoid possible error pointer dereference at tty_ldisc_restore() (bsc#1051510) - tty: Do not call panic() at tty_ldisc_init() (bsc#1051510) - tty: Use __GFP_NOFAIL for tty_ldisc_get() (bsc#1051510) - tty: n_gsm: Allow ADM response in addition to UA for control dlci (bsc#1051510) - tty: n_gsm: Fix DLCI handling for ADM mode if debug is not set (bsc#1051510) - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode (bsc#1051510) - tty: pl011: Avoid spuriously stuck-off interrupts (bsc#1051510) - ubi: fastmap: Correctly handle interrupted erasures in EBA (bsc#1051510) - ubifs: Fix data node size for truncating uncompressed nodes (bsc#1051510) - ubifs: Fix potential integer overflow in allocation (bsc#1051510) - ubifs: Fix uninitialized variable in search_dh_cookie() (bsc#1051510) - ubifs: Fix unlink code wrt. double hash lookups (bsc#1051510) - udp: fix rx queue len reported by diag and proc interface (networking-stable-18_06_20) - usb-storage: Add compatibility quirk flags for G-Technologies G-Drive (bsc#1051510) - usb-storage: Add support for FL_ALWAYS_SYNC flag in the UAS driver (bsc#1051510) - usb/gadget: Fix 'high bandwidth' check in usb_gadget_ep_match_desc() (bsc#1051510) - usb: Increment wakeup count on remote wakeup (bsc#1051510) - usb: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM (bsc#1087092) - usb: audio-v2: Correct the comment for struct uac_clock_selector_descriptor (bsc#1051510) - usb: cdc_acm: Add quirk for Castles VEGA3000 (bsc#1051510) - usb: cdc_acm: Add quirk for Uniden UBC125 scanner (bsc#1051510) - usb: cdc_acm: prevent race at write to acm while system resumes (bsc#1087092) - usb: core: handle hub C_PORT_OVER_CURRENT condition (bsc#1051510) - usb: do not reset if a low-speed or full-speed device timed out (bsc#1051510) - usb: dwc2: Fix DMA alignment to start at allocated boundary (bsc#1051510) - usb: dwc2: Fix dwc2_hsotg_core_init_disconnected() (bsc#1051510) - usb: dwc2: Improve gadget state disconnection handling (bsc#1085539) - usb: dwc2: debugfs: Do not touch RX FIFO during register dump (bsc#1051510) - usb: dwc2: fix the incorrect bitmaps for the ports of multi_tt hub (bsc#1051510) - usb: dwc2: hcd: Fix host channel halt flow (bsc#1051510) - usb: dwc2: host: Fix transaction errors in host mode (bsc#1051510) - usb: dwc3: Add SoftReset PHY synchonization delay (bsc#1051510) - usb: dwc3: Fix GDBGFIFOSPACE_TYPE values (bsc#1051510) - usb: dwc3: Makefile: fix link error on randconfig (bsc#1051510) - usb: dwc3: Undo PHY init if soft reset fails (bsc#1051510) - usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields (bsc#1051510) - usb: dwc3: ep0: Reset TRB counter for ep0 IN (bsc#1051510) - usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue (bsc#1051510) - usb: dwc3: gadget: Set maxpacket size for ep0 IN (bsc#1051510) - usb: dwc3: of-simple: fix use-after-free on remove (bsc#1051510) - usb: dwc3: omap: do not miss events during suspend/resume (bsc#1051510) - usb: dwc3: pci: Properly cleanup resource (bsc#1051510) - usb: dwc3: prevent setting PRTCAP to OTG from debugfs (bsc#1051510) - usb: gadget: bdc: 64-bit pointer capability check (bsc#1051510) - usb: gadget: composite: fix incorrect handling of OS desc requests (bsc#1051510) - usb: gadget: core: Fix use-after-free of usb_request (bsc#1051510) - usb: gadget: dummy: fix nonsensical comparisons (bsc#1051510) - usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb() (bsc#1051510) - usb: gadget: f_fs: Only return delayed status when len is 0 (bsc#1051510) - usb: gadget: f_fs: Process all descriptors during bind (bsc#1051510) - usb: gadget: f_fs: Use config_ep_by_speed() (bsc#1051510) - usb: gadget: f_mass_storage: Fix the logic to iterate all common->luns (bsc#1051510) - usb: gadget: f_midi: fixing a possible double-free in f_midi (bsc#1051510) - usb: gadget: f_uac2: fix bFirstInterface in composite gadget (bsc#1051510) - usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' (bsc#1051510) - usb: gadget: f_uac2: fix error handling in afunc_bind (again) (bsc#1051510) - usb: gadget: ffs: Execute copy_to_user() with USER_DS set (bsc#1051510) - usb: gadget: ffs: Let setup() return usb_GADGET_DELAYED_STATUS (bsc#1051510) - usb: gadget: fsl_udc_core: fix ep valid checks (bsc#1051510) - usb: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe() (bsc#1051510) - usb: gadget: udc: change comparison to bitshift when dealing with a mask (bsc#1051510) - usb: gadget: udc: core: update usb_ep_queue() documentation (bsc#1051510) - usb: gadget: udc: renesas_usb3: disable the controller's irqs for reconnecting (bsc#1051510) - usb: host: ehci: use correct device pointer for dma ops (bsc#1087092) - usb: host: xhci-plat: revert 'usb: host: xhci-plat: enable clk in resume timing' (bsc#1051510) - usb: ldusb: add PIDs for new CASSY devices supported by this driver (bsc#1051510) - usb: musb: Fix external abort in musb_remove on omap2430 (bsc#1051510) - usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers (bsc#1051510) - usb: musb: fix enumeration after resume (bsc#1051510) - usb: musb: fix remote wakeup racing with suspend (bsc#1051510) - usb: musb: gadget: misplaced out of bounds check (bsc#1051510) - usb: musb: host: fix potential NULL pointer dereference (bsc#1051510) - usb: musb: trace: fix NULL pointer dereference in musb_g_tx() (bsc#1051510) - usb: option: Add support for FS040U modem (bsc#1087092) - usb: quirks: add delay quirks for Corsair Strafe (bsc#1051510) - usb: serial: ch341: fix type promotion bug in ch341_control_in() (bsc#1051510) - usb: serial: cp210x: add CESINEL device ids (bsc#1051510) - usb: serial: cp210x: add ELDAT Easywave RX09 id (bsc#1051510) - usb: serial: cp210x: add ID for NI usb serial console (bsc#1051510) - usb: serial: cp210x: add Silicon Labs IDs for Windows Update (bsc#1051510) - usb: serial: cp210x: add another usb ID for Qivicon ZigBee stick (bsc#1051510) - usb: serial: ftdi_sio: add RT Systems VX-8 cable (bsc#1051510) - usb: serial: ftdi_sio: add support for Harman FirmwareHubEmulator (bsc#1051510) - usb: serial: ftdi_sio: use jtag quirk for Arrow usb Blaster (bsc#1051510) - usb: serial: keyspan_pda: fix modem-status error handling (bsc#1100132) - usb: serial: mos7840: fix status-register error handling (bsc#1051510) - usb: serial: option: Add support for Quectel EP06 (bsc#1051510) - usb: serial: option: adding support for ublox R410M (bsc#1051510) - usb: serial: option: reimplement interface masking (bsc#1051510) - usb: serial: simple: add libtransistor console (bsc#1051510) - usb: serial: visor: handle potential invalid device configuration (bsc#1051510) - usb: typec: ucsi: Fix for incorrect status data issue (bsc#1100132) - usb: typec: ucsi: acpi: Workaround for cache mode issue (bsc#1100132) - usb: yurex: fix out-of-bounds uaccess in read handler (bsc#1100132) - usbip: Correct maximum value of CONFIG_usbIP_VHCI_HC_PORTS (bsc#1051510) - usbip: usbip_event: fix to not print kernel pointer address (bsc#1051510) - usbip: usbip_host: refine probe and disconnect debug msgs to be useful (bsc#1051510) - usbip: vhci_hcd: Fix usb device and sockfd leaks (bsc#1051510) - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1051510) - userns: Do not fail follow_automount based on s_user_ns (bsc#1099918) - vfb: fix video mode and line_length being set when loaded (bsc#1100362) - vfio/pci: Fix potential Spectre v1 (bsc#1051510) - vfio/spapr: Use IOMMU pageshift rather than pagesize (bsc#1077761, git-fixes) - vfio: Use get_user_pages_longterm correctly (bsc#1095337) - vfio: platform: Fix reset module leak in error path (bsc#1099918) - vhost: Fix vhost_copy_to_user() (networking-stable-18_04_13) - vhost: correctly remove wait queue during poll failure (networking-stable-18_04_10) - vhost: fix vhost_vq_access_ok() log check (networking-stable-18_04_13) - vhost: synchronize IOTLB message with dev cleanup (networking-stable-18_06_08) - vhost: validate log when IOTLB is enabled (networking-stable-18_04_10) - vhost_net: add missing lock nesting notation (networking-stable-18_04_10) - vhost_net: stop device during reset owner (networking-stable-18_02_06) - video/fbdev/stifb: Return -ENOMEM after a failed kzalloc() in stifb_init_fb() (bsc#1090888 bsc#1099966) - video/omap: add module license tags (bsc#1090888) - video: remove unused kconfig SH_LCD_MIPI_DSI (bsc#1087092) - virtio-gpu: fix ioctl and expose the fixed status to userspace (bsc#1100382) - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS (bsc#1051510) - virtio-net: correctly transmit XDP buff after linearizing (networking-stable-18_06_08) - virtio-net: fix leaking page for gso packet during mergeable XDP (networking-stable-18_06_08) - virtio-net: fix module unloading (bsc#1051510) - virtio: add ability to iterate over vqs (bsc#1051510) - virtio_console: do not tie bufs to a vq (bsc#1051510) - virtio_console: drop custom control queue cleanup (bsc#1051510) - virtio_console: free buffers after reset (bsc#1051510) - virtio_console: move removal code (bsc#1051510) - virtio_console: reset on out of memory (bsc#1051510) - virtio_net: Disable interrupts if napi_complete_done rescheduled napi (bsc#1051510) - virtio_net: fix XDP code path in receive_small() (bsc#1051510) - virtio_net: fix adding vids on big-endian (networking-stable-18_04_26) - virtio_net: split out ctrl buffer (networking-stable-18_04_26) - virtio_ring: fix num_free handling in error case (bsc#1051510) - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi (networking-stable-18_04_26) - vlan: also check phy_driver ts_info for vlan's real device (networking-stable-18_04_10) - vmcore: add API to collect hardware dump in second kernel (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584) - vmw_balloon: fix inflation with batching (bsc#1051510) - vmw_balloon: fixing double free when batching mode is off (bsc#1051510) - vmxnet3: avoid xmit reset due to a race in vmxnet3 (bsc#1091860) - vmxnet3: fix incorrect dereference when rxvlan is disabled (bsc#1091860) - vmxnet3: increase default rx ring sizes (bsc#1091860) - vmxnet3: set the DMA mask before the first DMA map operation (bsc#1091860) - vmxnet3: use DMA memory barriers where required (bsc#1091860) - vmxnet3: use correct flag to indicate LRO feature (bsc#1091860) - vrf: Fix use after free and double free in vrf_finish_output (networking-stable-18_04_10) - vrf: check the original netdevice for generating redirect (networking-stable-18_06_08) - vt: prevent leaking uninitialized data to userspace via /dev/vcs* (bsc#1051510) - vti6: better validate user provided tunnel names (networking-stable-18_04_10) - w1: mxc_w1: Enable clock before calling clk_get_rate() on it (bsc#1051510) - wait: add wait_event_killable_timeout() (bsc#1099792) - watchdog: da9063: Fix setting/changing timeout (bsc#1100843) - watchdog: da9063: Fix timeout handling during probe (bsc#1100843) - watchdog: da9063: Fix updating timeout value (bsc#1100843) - watchdog: f71808e_wdt: Fix magic close handling (bsc#1051510) - watchdog: sp5100_tco: Fix watchdog disable bit (bsc#1051510) - wlcore: add missing nvs file name info for wilink8 (bsc#1051510) - x.509: unpack RSA signatureValue field from BIT STRING (bsc#1051510) - x86/efi: Access EFI MMIO data as unencrypted when SEV is active (bsc#1099193) - x86/pkeys: Add arch_pkeys_enabled() (, bsc#1078248) - x86/pkeys: Add arch_pkeys_enabled() (bsc#1078248) - x86/pkeys: Move vma_pkey() into asm/pkeys.h (, bsc#1078248) - x86/pkeys: Move vma_pkey() into asm/pkeys.h (bsc#1078248) - x86/stacktrace: Clarify the reliable success paths (bnc#1058115) - x86/stacktrace: Do not fail for ORC with regs on stack (bnc#1058115) - x86/stacktrace: Do not unwind after user regs (bnc#1058115) - x86/stacktrace: Enable HAVE_RELIABLE_STACKTRACE for the ORC unwinder (bnc#1058115) - x86/stacktrace: Remove STACKTRACE_DUMP_ONCE (bnc#1058115) - x86/unwind/orc: Detect the end of the stack (bnc#1058115) - x86: Pass x86 as architecture on x86_64 and i386 (bsc#1093118) - xen/grant-table: log the lack of grants (bnc#1085042) - xhci: Add port status decoder for tracing purposes - xhci: Fix kernel oops in trace_xhci_free_virt_device (bsc#1100132) - xhci: Fix usb3 NULL pointer dereference at logical disconnect (bsc#1090888) - xhci: Fix use-after-free in xhci_free_virt_device (bsc#1100132) - xhci: Revert 'xhci: plat: Register shutdown for xhci_plat' (bsc#1090888) - xhci: add definitions for all port link states - xhci: add port speed ID to portsc tracing - xhci: add port status tracing - xhci: xhci-mem: off by one in xhci_stream_id_to_ring() (bsc#1100132) - xprtrdma: Fix list corruption / DMAR errors during MR recovery (git-fixes) - xprtrdma: Return -ENOBUFS when no pages are available (git-fixes) ----------------------------------------- Patch: SUSE-2018-1555 Released: Tue Aug 14 11:53:06 2018 Summary: Security update for samba Severity: important References: 1095048,1095056,1095057,1103411,1103414,CVE-2018-10858,CVE-2018-10918,CVE-2018-10919,CVE-2018-1139,CVE-2018-1140 Description: This update for samba fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-1139: Disable NTLMv1 auth if smb.conf doesn't allow it; (bsc#1095048) - CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes; (bsc#1095056) - CVE-2018-10919: Confidential attribute disclosure via substring search; (bsc#1095057) - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow; (bsc#1103411) - CVE-2018-10918: Fix NULL ptr dereference in DsCrackNames on a user without a SPN; (bsc#1103414) ----------------------------------------- Patch: SUSE-2018-1616 Released: Thu Aug 16 14:47:38 2018 Summary: Recommended update for libyui-ncurses-pkg Severity: moderate References: 991090 Description: This update for libyui-ncurses-pkg fixes the following issues: - Fix 'out of disk space' error at start when such a large disk is present in the system. (bsc#991090) - Fix displaying negative disk sizes in the disk usage dialog. (bsc#991090) - Added new 'Services' filter, displayed only when at least one repository service is present (FATE#321043) ----------------------------------------- Patch: SUSE-2018-1685 Released: Fri Aug 17 18:20:58 2018 Summary: Security update for curl Severity: moderate References: 1099793,CVE-2018-0500 Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2018-0500: Fix a SMTP send heap buffer overflow (bsc#1099793). ----------------------------------------- Patch: SUSE-2018-1701 Released: Mon Aug 20 10:36:20 2018 Summary: Security update for the Linux Kernel Severity: important References: 1051510,1051979,1065600,1066110,1077761,1081917,1083647,1086274,1086288,1086314,1086315,1086317,1086327,1086331,1086906,1087081,1087092,1089343,1090888,1097104,1097577,1097808,1099811,1099813,1099844,1099845,1099846,1099849,1099858,1099863,1099864,1100132,1101116,1101331,1101669,1101822,1101828,1101832,1101833,1101837,1101839,1101841,1101843,1101844,1101845,1101847,1101852,1101853,1101867,1101872,1101874,1101875,1101882,1101883,1101885,1101887,1101890,1101891,1101893,1101895,1101896,1101900,1101902,1101903,1102633,1102658,1103097,1103269,1103277,1103356,1103363,1103421,1103445,1103517,1103723,1103724,1103725,1103726,1103727,1103728,1103729,1103730,1103886,1103917,1103920,1103948,1103949,1104066,1104111,1104174,1104211,1104319,1104353,1104365,1104427,1104494,1104495,1104708,1104777,1104897,CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-3620,CVE-2018-3646,CVE-2018-5391 Description: The SUSE Linux Enterprise 15 azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-5391: A remote attacker even with relatively low bandwidth could have caused lots of CPU usage by triggering the worst case scenario during fragment reassembly (bsc#1103097) - CVE-2018-3620, CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343, bsc#1087081). - CVE-2018-10882: A local user could have caused an out-of-bound write, leading to denial of service and a system crash by unmounting a crafted ext4 filesystem image (bsc#1099849). - CVE-2018-10880: Prevent a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing crafted ext4 images. An attacker could have used this to cause a system crash and a denial of service (bsc#1099845). - CVE-2018-10881: A local user could have caused an out-of-bound access and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099864). - CVE-2018-10877: Prevent an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image (bsc#1099846). - CVE-2018-10876: Prevent use-after-free in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image (bsc#1099811). - CVE-2018-10878: A local user could have caused an out-of-bounds write and a denial of service by mounting and operating a crafted ext4 filesystem image (bsc#1099813). - CVE-2018-10883: A local user could have caused an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099863). - CVE-2018-10879: A local user could have caused a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image (bsc#1099844). - CVE-2018-10853: A flaw was found in Linux Kernel KVM. In which certain instructions such as sgdt/sidt call segmented_write_std doesn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bnc#1097104). The following non-security bugs were fixed: - apci / lpss: Only call pwm_add_table() for Bay Trail PWM if PMIC HRV is 2 (bsc#1051510). - acpi / pci: Bail early in acpi_pci_add_bus() if there is no ACPI handle (bsc#1051510). - af_key: Always verify length of provided sadb_key (bsc#1051510). - af_key: fix buffer overread in parse_exthdrs() (bsc#1051510). - af_key: fix buffer overread in verify_address_len() (bsc#1051510). - afs: Fix directory permissions check (bsc#1101828). - agp: uninorth: make two functions static (bsc#1051510). - alsa: emu10k1: add error handling for snd_ctl_add (bsc#1051510). - alsa: emu10k1: Rate-limit error messages about page errors (bsc#1051510). - alsa: fm801: add error handling for snd_ctl_add (bsc#1051510). - alsa: snd-aoa: add of_node_put() in error path (bsc#1051510). - alsa: usb-audio: Apply rate limit to warning messages in URB complete callback (bsc#1051510). - arm64: Correct type for PUD macros (bsc#1103723). - arm64: Disable unhandled signal log messages by default (bsc#1103724). - arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1103725). - arm64: mm: Fix set_memory_valid() declaration (bsc#1103726). - arm64: perf: correct PMUVer probing (bsc#1103727). - arm64: ptrace: Avoid setting compat FPR to garbage if get_user fails (bsc#1103728). - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics (bsc#1103729). - arm64: vdso: fix clock_getres for 4GiB-aligned res (bsc#1103730). - arm: 8715/1: add a private asm/unaligned.h (bsc#1051510). - arm: 8720/1: ensure dump_instr() checks addr_limit (bsc#1051510). - arm: 8721/1: mm: dump: check hardware RO bit for LPAE (bsc#1051510). - arm: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE (bsc#1051510). - arm: 8731/1: Fix csum_partial_copy_from_user() stack mismatch (bsc#1051510). - arm: 8743/1: bL_switcher: add MODULE_LICENSE tag (bsc#1051510). - arm: 8746/1: vfp: Go back to clearing vfp_current_hw_state[] (bsc#1051510). - arm: 8748/1: mm: Define vdso_start, vdso_end as array (bsc#1051510). - arm: 8753/1: decompressor: add a missing parameter to the addruart macro (bsc#1051510). - arm: 8758/1: decompressor: restore r1 and r2 just before jumping to the kernel (bsc#1051510). - arm: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size (bsc#1051510). - arm: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed (bsc#1051510). - arm: 8770/1: kprobes: Prohibit probing on optimized_callback (bsc#1051510). - arm: 8771/1: kprobes: Prohibit kprobes on do_undefinstr (bsc#1051510). - arm: 8772/1: kprobes: Prohibit kprobes on get_user functions (bsc#1051510). - arm: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function (bsc#1051510). - arm: amba: Fix race condition with driver_override (bsc#1051510). - arm: amba: Fix wrong indentation in driver_override_store() (bsc#1051510). - arm: amba: Make driver_override output consistent with other buses (bsc#1051510). - arm: at91: do not select CONFIG_ARM_CPU_SUSPEND for old platforms (bsc#1051510). - arm: avoid faulting on qemu (bsc#1051510). - arm: BUG if jumping to usermode address in kernel mode (bsc#1051510). - arm-ccn: perf: Prevent module unload while PMU is in use (bsc#1051510). - arm: davinci: Add dma_mask to dm365's eDMA device (bsc#1051510). - arm: davinci: board-da830-evm: fix GPIO lookup for MMC/SD (bsc#1051510). - arm: davinci: board-da850-evm: fix GPIO lookup for MMC/SD (bsc#1051510). - arm: davinci: board-da850-evm: fix WP pin polarity for MMC/SD (bsc#1051510). - arm: davinci: board-dm355-evm: fix broken networking (bsc#1051510). - arm: davinci: board-dm646x-evm: pass correct I2C adapter id for VPIF (bsc#1051510). - arm: davinci: board-dm646x-evm: set VPIF capture card name (bsc#1051510). - arm: davinci: board-omapl138-hawk: fix GPIO numbers for MMC/SD lookup (bsc#1051510). - arm: davinci: dm646x: fix timer interrupt generation (bsc#1051510). - arm: davinci: fix mmc entries in dm365's dma_slave_map (bsc#1051510). - arm: davinci: fix the GPIO lookup for omapl138-hawk (bsc#1051510). - arm: davinci: Use platform_device_register_full() to create pdev for dm365's eDMA (bsc#1051510). - arm: DRA722: remove redundant definition of 1.0 device (bsc#1051510). - arm: fix return value of parse_cpu_capacity (bsc#1051510). - arm: kexec: fix failure to boot crash kernel (bsc#1051510). - arm: kexec: fix kdump register saving on panic() (bsc#1051510). - arm: keystone: fix platform_domain_notifier array overrun (bsc#1051510). - arm: kvm: fix building with gcc-8 (bsc#1051510). - arm: multi_v7_defconfig: Replace DRM_RCAR_HDMI by generic bridge options (bsc#1051510). - arm: multi_v7_defconfig: Replace SND_SOC_RSRC_CARD by SND_SIMPLE_SCU_CARD (bsc#1051510). - arm: mvebu: Fix broken PL310_ERRATA_753970 selects (bsc#1051510). - arm: OMAP1: clock: Fix debugfs_create_*() usage (bsc#1051510). - arm: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context (bsc#1051510). - arm: omap2: hide omap3_save_secure_ram on non-OMAP3 builds (bsc#1051510). - arm: OMAP2+: omap_device: drop broken RPM status update from suspend_noirq (bsc#1051510). - arm: OMAP2+: powerdomain: use raw_smp_processor_id() for trace (bsc#1051510). - arm: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt (bsc#1051510). - arm: OMAP3: Fix prm wake interrupt for resume (bsc#1051510). - arm: OMAP3: hwmod_data: add missing module_offs for MMC3 (bsc#1051510). - arm: OMAP3+: PRM: fix of_irq_get() result check (bsc#1051510). - arm: OMAP4+: PRM: fix of_irq_get() result checks (bsc#1051510). - arm: OMAP: Fix dmtimer init for omap1 (bsc#1051510). - arm: OMAP: Fix SRAM W+X mapping (bsc#1051510). - arm: orion5x: Revert commit 4904dbda41c8 (bsc#1051510). - arm: orion: fix orion_ge00_switch_board_info initialization (bsc#1051510). - arm: pxa: select both FB and FB_W100 for eseries (bsc#1051510). - arm: pxa/tosa-bt: add MODULE_LICENSE tag (bsc#1051510). - arm: remove wrong CONFIG_PROC_SYSCTL ifdef (bsc#1051510). - arm: s3c24xx: Fix NAND ECC mode for mini2440 board (bsc#1051510). - arm: shmobile: defconfig: Enable missing PCIE_RCAR dependency (bsc#1051510). - arm: shmobile: defconfig: Replace DRM_RCAR_HDMI by generic bridge options (bsc#1051510). - arm: shmobile: defconfig: Replace SND_SOC_RSRC_CARD by SND_SIMPLE_SCU_CARD (bsc#1051510). - arm: shmobile: defconfig: Replace USB_XHCI_RCAR by USB_XHCI_PLATFORM (bsc#1051510). - arm: shmobile: rcar-gen2: Fix deadlock in regulator quirk (bsc#1051510). - arm: socfpga_defconfig: Remove QSPI Sector 4K size force (bsc#1051510). - arm: spear13xx: Fix dmas cells (bsc#1051510). - arm: sunxi_defconfig: Enable CMA (bsc#1051510). - arm: sunxi: fix the core number of V3s in sunxi README (bsc#1051510). - asoc: dpcm: do not merge format from invalid codec dai (bsc#1051510). - ASoC: dpcm: fix BE dai not hw_free and shutdown (bsc#1051510). - asoc: es7134: remove 64kHz rate from the supported rates (bsc#1051510). - asoc: rsnd: cmd: Add missing newline to debug message (bsc#1051510). - asoc: sirf: Fix potential NULL pointer dereference (bsc#1051510). - asoc: topology: Add missing clock gating parameter when parsing hw_configs (bsc#1051510). - asoc: topology: Fix bclk and fsync inversion in set_link_hw_format() (bsc#1051510). - asoc: zte: Fix incorrect PCM format bit usages (bsc#1051510). - ata: do not schedule hot plug if it is a sas host (). - ath: Add regulatory mapping for APL13_WORLD (bsc#1051510). - ath: Add regulatory mapping for APL2_FCCA (bsc#1051510). - ath: Add regulatory mapping for Bahamas (bsc#1051510). - ath: Add regulatory mapping for Bermuda (bsc#1051510). - ath: Add regulatory mapping for ETSI8_WORLD (bsc#1051510). - ath: Add regulatory mapping for FCC3_ETSIC (bsc#1051510). - ath: Add regulatory mapping for Serbia (bsc#1051510). - ath: Add regulatory mapping for Tanzania (bsc#1051510). - ath: Add regulatory mapping for Uganda (bsc#1051510). - audit: fix potential null dereference 'context->module.name' (bsc#1051510). - backlight: pwm_bl: Do not use GPIOF_* with gpiod_get_direction (bsc#1051510). - bdi: Move cgroup bdi_writeback to a dedicated low concurrency workqueue (bsc#1101867). - be2net: gather debug info and reset adapter (only for Lancer) on a tx-timeout (bsc#1086288). - be2net: Update the driver version to 12.0.0.0 (bsc#1086288 ). - befs_lookup(): use d_splice_alias() (bsc#1101844). - block: Fix transfer when chunk sectors exceeds max (bsc#1101874). - Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011 (bsc#1051510). - Bluetooth: btusb: add ID for LiteOn 04ca:301a (bsc#1051510). - Bluetooth: hci_qca: Fix 'Sleep inside atomic section' warning (bsc#1051510). - bpf, ppc64: fix unexpected r0=0 exit path inside bpf_xadd (bsc#1083647). - branch-check: fix long->int truncation when profiling branches (bsc#1101116,). - brcmfmac: Add support for bcm43364 wireless chipset (bsc#1051510). - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag (bsc#1099858). - cachefiles: Fix refcounting bug in backing-file read monitoring (bsc#1099858). - cachefiles: Wait rather than BUG'ing on 'Unexpected object collision' (bsc#1099858). - can: dev: increase bus-off message severity (bsc#1051510). - can: ems_usb: Fix memory leak on ems_usb_disconnect() (bsc#1051510). - can: m_can: change comparison to bitshift when dealing with a mask (bsc#1051510). - cdrom: do not call check_disk_change() inside cdrom_open() (bsc#1101872). - clk: at91: fix clk-generated compilation (bsc#1051510). - clk: renesas: cpg-mssr: Stop using printk format %pCr (bsc#1051510). - coccinelle: fix parallel build with CHECK=scripts/coccicheck (bsc#1051510). - compiler.h: enable builtin overflow checkers and add fallback code (bsc#1101116,). - cpufreq: intel_pstate: Limit the scope of HWP dynamic boost platforms (bsc#1066110). - cpu/hotplug: Make bringup/teardown of smp threads symmetric (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - crypto: authenc - do not leak pointers to authenc keys (bsc#1051510). - crypto: authencesn - do not leak pointers to authenc keys (bsc#1051510). - crypto: padlock-aes - Fix Nano workaround data corruption (bsc#1051510). - delayacct: fix crash in delayacct_blkio_end() after delayacct init failure (bsc#1104066). - Delete patches.suse/0201-dax-dm-allow-device-mapper-to-operate-without-dax-su.patch (bsc#1103917). - disable PINCTRL_LEWISBURG - dm: add writecache target (bsc#1101116,). - dm: prevent DAX mounts if not supported (bsc#1103917). - dm writecache: support optional offset for start of device (bsc#1101116,). - dm writecache: use 2-factor allocator arguments (bsc#1101116,). - doc: Add vendor prefix for Kieback and Peter GmbH (bsc#1051510). - docs: zh_CN: fix location of oops-tracing.txt (bsc#1051510). - drivers: soc: sunxi: fix error processing on base address when claiming (bsc#1051510). - drm: Add DP PSR2 sink enable bit (bsc#1051510). - drm/amdgpu: Remove VRAM from shared bo domains (bsc#1051510). - drm/atomic: Check old_plane_state->crtc in drm_atomic_helper_async_check() (bsc#1051510). - drm/atomic: Handling the case when setting old crtc for plane (bsc#1051510). - drm/atomic-helper: Drop plane->fb references only for drm_atomic_helper_shutdown() (bsc#1051510). - drm/atomic: Initialize variables in drm_atomic_helper_async_check() to make gcc happy (bsc#1051510). - drm/atomic: Make async plane update checks work as intended, v2 (bsc#1051510). - drm/atomic: Make atomic helper track newly assigned planes correctly, v2 (bsc#1051510). - drm/atomic: Make atomic iterators less surprising (bsc#1051510). - drm/cirrus: Use drm_framebuffer_put to avoid kernel oops in clean-up (bsc#1101822). - drm/dp/mst: Fix off-by-one typo when dump payload table (bsc#1051510). - drm/gma500: fix psb_intel_lvds_mode_valid()'s return type (bsc#1051510). - drm/nouveau/fifo/gk104-: poll for runlist update completion (bsc#1051510). - drm/radeon: fix mode_valid's return type (bsc#1051510). - drm: re-enable error handling (bsc#1051510). - drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats (bsc#1051510). - edac: Add missing MEM_LRDDR4 entry in edac_mem_types[] (bsc#1103886). - edac, altera: Fix ARM64 build warning (bsc#1051510). - edac: Drop duplicated array of strings for memory type names (bsc#1103886). - edac, mv64x60: Fix an error handling path (bsc#1051510). - edac, octeon: Fix an uninitialized variable warning (bsc#1051510). - edac, sb_edac: Fix missing break in switch (bsc#1051510). - ext2: fix a block leak (bsc#1101875). - ext4: add more mount time checks of the superblock (bsc#1101900). - ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget() (bsc#1101896). - ext4: check for allocation block validity with block group locked (bsc#1104495). - ext4: check superblock mapped prior to committing (bsc#1101902). - ext4: do not update s_last_mounted of a frozen fs (bsc#1101841). - ext4: factor out helper ext4_sample_last_mounted() (bsc#1101841). - ext4: fix check to prevent initializing reserved inodes (bsc#1104319). - ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445). - ext4: fix fencepost error in check for inode count overflow during resize (bsc#1101853). - ext4: fix inline data updates with checksums enabled (bsc#1104494). - ext4: include the illegal physical block in the bad map ext4_error msg (bsc#1101903). - ext4: report delalloc reserve as non-free in statfs for project quota (bsc#1101843). - ext4: update mtime in ext4_punch_hole even if no blocks are released (bsc#1101895). - f2fs: call unlock_new_inode() before d_instantiate() (bsc#1101837). - fix io_destroy()/aio_complete() race (bsc#1101852). - Force log to disk before reading the AGF during a fstrim (bsc#1101893). - fs: allow per-device dax status checking for filesystems (bsc#1103917). - fscache: Allow cancelled operations to be enqueued (bsc#1099858). - fscache: Fix hanging wait on page discarded by writeback (bsc#1101885). - fscache: Fix reference overput in fscache_attach_object() error handling (bsc#1099858). - fs: clear writeback errors in inode_init_always (bsc#1101882). - fs: do not scan the inode cache before SB_BORN is set (bsc#1101883). - geneve: update skb dst pmtu on tx path (bsc#1051510). - genirq: Check __free_irq() return value for NULL (bsc#1103517). - genirq: Fix editing error in a comment (bsc#1051510). - genirq: Make force irq threading setup more robust (bsc#1051510). - gtp: Initialize 64-bit per-cpu stats correctly (bsc#1051510). - HID: hid-plantronics: Re-resend Update to map button for PTT products (bsc#1051510). - HID: i2c-hid: check if device is there before really probing (bsc#1051510). - hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close (bsc#1051510). - hns3: fix unused function warning (bsc#1104353). - hns3pf: do not check handle during mqprio offload (bsc#1104353 ). - hns3pf: fix hns3_del_tunnel_port() (bsc#1104353). - hns3pf: Fix some harmless copy and paste bugs (bsc#1104353 ). - hv_netvsc: Ensure correct teardown message sequence order (). - hv/netvsc: fix handling of fallback to single queue mode (). - hv_netvsc: Fix napi reschedule while receive completion is busy. - hv_netvsc: Fix net device attach on older Windows hosts (). - hv/netvsc: Fix NULL dereference at single queue mode fallback (bsc#1104708). - hv_netvsc: set master device (bsc#1051979). - hv_netvsc: Split netvsc_revoke_buf() and netvsc_teardown_gpadl() (). - hv_netvsc: split sub-channel setup into async and sync (). - hv_netvsc: Use Windows version instead of NVSP version on GPAD teardown (). - hwmon: (asus_atk0110) Replace deprecated device register call (bsc#1103363). - i2c: imx: Fix reinit_completion() use (bsc#1051510). - IB/hns: Annotate iomem pointers correctly (bsc#1104427 ). - IB/hns: Avoid compile test under non 64bit environments (bsc#1104427). - IB/hns: Declare local functions 'static' (bsc#1104427 ). - IB/hns: fix boolreturn.cocci warnings (bsc#1104427). - IB/hns: Fix for checkpatch.pl comment style warnings (bsc#1104427). - IB/hns: fix memory leak on ah on error return path (bsc#1104427 ). - IB/hns: fix returnvar.cocci warnings (bsc#1104427). - IB/hns: fix semicolon.cocci warnings (bsc#1104427). - IB/hns: Fix the bug of polling cq failed for loopback Qps (bsc#1104427). - IB/hns: Fix the bug with modifying the MAC address without removing the driver (bsc#1104427). - IB/hns: Fix the bug with rdma operation (bsc#1104427 ). - IB/hns: Fix the bug with wild pointer when destroy rc qp (bsc#1104427). - IB/hns: include linux/interrupt.h (bsc#1104427). - IB/hns: Support compile test for hns RoCE driver (bsc#1104427 ). - IB/hns: Use zeroing memory allocator instead of allocator/memset (bsc#1104427). - ibmasm: do not write out of bounds in read handler (bsc#1051510). - ibmvnic: Remove code to request error information (bsc#1104174). - ibmvnic: Revise RX/TX queue error messages (bsc#1101331). - ibmvnic: Update firmware error reporting with cause string (bsc#1104174). - init: rename and re-order boot_cpu_state_init() (bsc#1104365). - Input: elan_i2c - add ACPI ID for lenovo ideapad 330 (bsc#1051510). - Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST (bsc#1051510). - Input: i8042 - add Lenovo LaVie Z to the i8042 reset list (bsc#1051510). - irqchip: brcmstb-l2: Define an irq_pm_shutdown function (bsc#1051510). - irqchip/gic: Take lock when updating irq type (bsc#1051510). - irqchip/gic-v3: Change pr_debug message to pr_devel (bsc#1051510). - irqchip/gic-v3: Fix the driver probe() fail due to disabled GICC entry (bsc#1051510). - irqchip/gic-v3: Ignore disabled ITS nodes (bsc#1051510). - irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq() (bsc#1051510). - irqchip/qcom: Fix check for spurious interrupts (bsc#1051510). - irqchip/qcom: Fix u32 comparison with value less than zero (bsc#1051510). - isofs: fix potential memory leak in mount option parsing (bsc#1101887). - iwlwifi: add more card IDs for 9000 series (bsc#1051510). - iwlwifi: pcie: fix race in Rx buffer allocator (bsc#1051510). - jump_label: Fix concurrent static_key_enable/disable() (bsc#1089343). - jump_label: Provide hotplug context variants (bsc#1089343). - jump_label: Reorder hotplug lock and jump_label_lock (bsc#1089343). - kabi protect bdev_dax_supported (bsc#1103917). - kabi protect struct ccw_device_private (bsc#1103421). - KABI protect structy ata_host (git-fixes). - kabi/severities: Allow kABI changes for kvm/x86 (except for kvm_x86_ops) - kabi/severities: do not complain on hisi_sas internal changes (). - kabi/severities: ignore qla2xxx as all symbols are internal - kabi/severities: ignore x86_kvm_ops; lttng-modules would have to be adjusted in case they depend on this particular change - kbuild: add '-fno-stack-check' to kernel build options (bsc#1051510). - kbuild: Handle builtin dtb file names containing hyphens (bsc#1051510). - kbuild: pkg: use --transform option to prefix paths in tar (bsc#1051510). - kconfig: display recursive dependency resolution hint just once (bsc#1051510). - kmemleak: add scheduling point to kmemleak_scan() (bsc#1051510). - kthread, tracing: Do not expose half-written comm when creating kthreads (bsc#1104897). - KVM: SVM: Add pause filter threshold (). - KVM: SVM: Implement pause loop exit logic in SVM (). - KVM: VMX: Bring the common code to header file (). - KVM: VMX: Fix the module parameters for vmx (). - KVM: VMX: Remove ple_window_actual_max (). - libata: add refcounting to ata_host (git-fixes). - libata: ensure host is free'd on error exit paths (git-fixes). - libnvdimm, dimm: fix dpa reservation vs uninitialized label area (git-fixes). - linvdimm, pmem: Preserve read-only setting for pmem devices (git-fixes). - MAINTAINERS: review Renesas DT bindings as well (bsc#1051510). - media: media-device: fix ioctl function types (bsc#1051510). - media: omap3isp: fix unbalanced dma_iommu_mapping (bsc#1051510). - media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open() (bsc#1051510). - media: rc: oops in ir_timer_keyup after device unplug (bsc#1090888). - media: saa7164: Fix driver name in debug output (bsc#1051510). - media: si470x: fix __be16 annotations (bsc#1051510). - media: siano: get rid of __le32/__le16 cast warnings (bsc#1051510). - media: tw686x: Fix incorrect vb2_mem_ops GFP flags (bsc#1051510). - media: videobuf2-core: do not call memop 'finish' when queueing (bsc#1051510). - mfd: cros_ec: Fail early if we cannot identify the EC (bsc#1051510). - mfd: fsl-imx25: Clean up irq settings during removal (bsc#1051510). - mfd: mxs-lradc: Fix error handling in mxs_lradc_probe() (bsc#1051510). - misc: pci_endpoint_test: Avoid triggering a BUG() (bsc#1051510). - mmc: dw_mmc: update actual clock for mmc debugfs (bsc#1051510). - mmc: pwrseq: Use kmalloc_array instead of stack VLA (bsc#1051510). - mm: fix __gup_device_huge vs unmap (bsc#1101839). - mm/kmemleak.c: make cond_resched() rate-limiting more efficient (bsc#1051510). - mwifiex: correct histogram data with appropriate index (bsc#1051510). - mwifiex: handle race during mwifiex_usb_disconnect (bsc#1051510). - net: hns3: Add a check for client instance init state (bsc#1104353). - net: hns3: add a mask initialization for mac_vlan table (bsc#1104353). - net: hns3: Add *Asserting Reset* mailbox message and handling in VF (bsc#1104353). - net: hns3: add Asym Pause support to phy default features (bsc#1104353). - net: hns3: Add dcb netlink interface for the support of DCB feature (bsc#1104353). - net: hns3: Add DCB support when interacting with network stack (bsc#1104353). - net: hns3: Add ethtool interface for vlan filter (bsc#1104353 ). - net: hns3: add ethtool_ops.get_channels support for VF (bsc#1104353). - net: hns3: add ethtool_ops.get_coalesce support to PF (bsc#1104353). - net: hns3: add ethtool_ops.set_coalesce support to PF (bsc#1104353). - net: hns3: add ethtool -p support for fiber port (bsc#1104353 ). - net: hns3: add ethtool related offload command (bsc#1104353 ). - net: hns3: Add Ethtool support to HNS3 driver (bsc#1104353 ). - net: hns3: add existence checking before adding unicast mac address (bsc#1104353). - net: hns3: add existence check when remove old uc mac address (bsc#1104353). - net: hns3: add feature check when feature changed (bsc#1104353 ). - net: hns3: add get_link support to VF (bsc#1104353). - net: hns3: add get/set_coalesce support to VF (bsc#1104353 ). - net: hns3: add handling vlan tag offload in bd (bsc#1104353 ). - net: hns3: Add hclge_dcb module for the support of DCB feature (bsc#1104353). - net: hns3: Add HNS3 Acceleration Engine and Compatibility Layer Support (bsc#1104353). - net: hns3: Add HNS3 driver to kernel build framework and MAINTAINERS (bsc#1104353). - net: hns3: Add hns3_get_handle macro in hns3 driver (bsc#1104353 ). - net: hns3: Add HNS3 IMP(Integrated Mgmt Proc) Cmd Interface Support (bsc#1104353). - net: hns3: Add HNS3 VF driver to kernel build framework (bsc#1104353). - net: hns3: Add HNS3 VF HCL(Hardware Compatibility Layer) Support (bsc#1104353). - net: hns3: Add HNS3 VF IMP(Integrated Management Proc) cmd interface (bsc#1104353). - net: hns3: add int_gl_idx setup for TX and RX queues (bsc#1104353). - net: hns3: add int_gl_idx setup for VF (bsc#1104353 ). - net: hns3: Add mac loopback selftest support in hns3 driver (bsc#1104353). - net: hns3: Add mailbox interrupt handling to PF driver (bsc#1104353). - net: hns3: Add mailbox support to PF driver (bsc#1104353 ). - net: hns3: Add mailbox support to VF driver (bsc#1104353 ). - net: hns3: add manager table initialization for hardware (bsc#1104353). - net: hns3: Add MDIO support to HNS3 Ethernet driver for hip08 SoC (bsc#1104353). - net: hns3: Add missing break in misc_irq_handle (bsc#1104353 ). - net: hns3: Add more packet size statisctics (bsc#1104353 ). - net: hns3: add MTU initialization for hardware (bsc#1104353 ). - net: hns3: add net status led support for fiber port (bsc#1104353). - net: hns3: add nic_client check when initialize roce base information (bsc#1104353). - net: hns3: add querying speed and duplex support to VF (bsc#1104353). - net: hns3: Add repeat address checking for setting mac address (bsc#1104353). - net: hns3: Add reset interface implementation in client (bsc#1104353). - net: hns3: Add reset process in hclge_main (bsc#1104353 ). - net: hns3: Add reset service task for handling reset requests (bsc#1104353). - net: hns3: add result checking for VF when modify unicast mac address (bsc#1104353). - net: hns3: Add some interface for the support of DCB feature (bsc#1104353). - net: hns3: Adds support for led locate command for copper port (bsc#1104353). - net: hns3: Add STRP_TAGP field support for hardware revision 0x21 (bsc#1104353). - net: hns3: Add support for dynamically buffer reallocation (bsc#1104353). - net: hns3: add support for ETHTOOL_GRXFH (bsc#1104353 ). - net: hns3: add support for get_regs (bsc#1104353). - net: hns3: Add support for IFF_ALLMULTI flag (bsc#1104353 ). - net: hns3: Add support for misc interrupt (bsc#1104353 ). - net: hns3: add support for nway_reset (bsc#1104353). - net: hns3: Add support for PFC setting in TM module (bsc#1104353 ). - net: hns3: Add support for port shaper setting in TM module (bsc#1104353). - net: hns3: add support for querying advertised pause frame by ethtool ethx (bsc#1104353). - net: hns3: add support for querying pfc puase packets statistic (bsc#1104353). - net: hns3: add support for set_link_ksettings (bsc#1104353 ). - net: hns3: add support for set_pauseparam (bsc#1104353 ). - net: hns3: add support for set_ringparam (bsc#1104353 ). - net: hns3: add support for set_rxnfc (bsc#1104353). - net: hns3: Add support for tx_accept_tag2 and tx_accept_untag2 config (bsc#1104353). - net: hns3: add support for VF driver inner interface hclgevf_ops.get_tqps_and_rss_info (bsc#1104353). - net: hns3: Add support of hardware rx-vlan-offload to HNS3 VF driver (bsc#1104353). - net: hns3: Add support of HNS3 Ethernet Driver for hip08 SoC (bsc#1104353). - net: hns3: Add support of .sriov_configure in HNS3 driver (bsc#1104353). - net: hns3: Add support of the HNAE3 framework (bsc#1104353 ). - net: hns3: Add support of TX Scheduler and Shaper to HNS3 driver (bsc#1104353). - net: hns3: Add support to change MTU in HNS3 hardware (bsc#1104353). - net: hns3: Add support to enable TX/RX promisc mode for H/W rev(0x21) (bsc#1104353). - net: hns3: add support to modify tqps number (bsc#1104353 ). - net: hns3: add support to query tqps number (bsc#1104353 ). - net: hns3: Add support to re-initialize the hclge device (bsc#1104353). - net: hns3: Add support to request VF Reset to PF (bsc#1104353 ). - net: hns3: Add support to reset the enet/ring mgmt layer (bsc#1104353). - net: hns3: add support to update flow control settings after autoneg (bsc#1104353). - net: hns3: Add tc-based TM support for sriov enabled port (bsc#1104353). - net: hns3: Add timeout process in hns3_enet (bsc#1104353 ). - net: hns3: Add VF Reset device state and its handling (bsc#1104353). - net: hns3: Add VF Reset Service Task to support event handling (bsc#1104353). - net: hns3: add vlan offload config command (bsc#1104353 ). - net: hns3: change GL update rate (bsc#1104353). - net: hns3: Change PF to add ring-vect binding and resetQ to mailbox (bsc#1104353). - net: hns3: Change return type of hnae3_register_ae_algo (bsc#1104353). - net: hns3: Change return type of hnae3_register_ae_dev (bsc#1104353). - net: hns3: Change return value in hnae3_register_client (bsc#1104353). - net: hns3: Changes required in PF mailbox to support VF reset (bsc#1104353). - net: hns3: Changes to make enet watchdog timeout func common for PF/VF (bsc#1104353). - net: hns3: Changes to support ARQ(Asynchronous Receive Queue) (bsc#1104353). - net: hns3: change the returned tqp number by ethtool -x (bsc#1104353). - net: hns3: change the time interval of int_gl calculating (bsc#1104353). - net: hns3: change the unit of GL value macro (bsc#1104353 ). - net: hns3: change TM sched mode to TC-based mode when SRIOV enabled (bsc#1104353). - net: hns3: check for NULL function pointer in hns3_nic_set_features (bsc#1104353). - net: hns3: Cleanup for endian issue in hns3 driver (bsc#1104353 ). - net: hns3: Cleanup for non-static function in hns3 driver (bsc#1104353). - net: hns3: Cleanup for ROCE capability flag in ae_dev (bsc#1104353). - net: hns3: Cleanup for shifting true in hns3 driver (bsc#1104353 ). - net: hns3: Cleanup for struct that used to send cmd to firmware (bsc#1104353). - net: hns3: Cleanup indentation for Kconfig in the the hisilicon folder (bsc#1104353). - net: hns3: cleanup mac auto-negotiation state query (bsc#1104353 ). - net: hns3: cleanup mac auto-negotiation state query in hclge_update_speed_duplex (bsc#1104353). - net: hns3: cleanup of return values in hclge_init_client_instance() (bsc#1104353). - net: hns3: Clear TX/RX rings when stopping port and un-initializing client (bsc#1104353). - net: hns3: Consistently using GENMASK in hns3 driver (bsc#1104353). - net: hns3: converting spaces into tabs to avoid checkpatch.pl warning (bsc#1104353). - net: hns3: Disable VFs change rxvlan offload status (bsc#1104353 ). - net: hns3: Disable vf vlan filter when vf vlan table is full (bsc#1104353). - net: hns3: ensure media_type is unitialized (bsc#1104353 ). - net: hns3: export pci table of hclge and hclgevf to userspace (bsc#1104353). - net: hns3: fix a bug about hns3_clean_tx_ring (bsc#1104353 ). - net: hns3: fix a bug for phy supported feature initialization (bsc#1104353). - net: hns3: fix a bug in hclge_uninit_client_instance (bsc#1104353). - net: hns3: fix a bug in hns3_driv_to_eth_caps (bsc#1104353 ). - net: hns3: fix a bug when alloc new buffer (bsc#1104353 ). - net: hns3: fix a bug when getting phy address from NCL_config file (bsc#1104353). - net: hns3: fix a dead loop in hclge_cmd_csq_clean (bsc#1104353 ). - net: hns3: fix a handful of spelling mistakes (bsc#1104353 ). - net: hns3: Fix a loop index error of tqp statistics query (bsc#1104353). - net: hns3: Fix a misuse to devm_free_irq (bsc#1104353 ). - net: hns3: Fix an error handling path in 'hclge_rss_init_hw()' (bsc#1104353). - net: hns3: Fix an error macro definition of HNS3_TQP_STAT (bsc#1104353). - net: hns3: Fix an error of total drop packet statistics (bsc#1104353). - net: hns3: Fix a response data read error of tqp statistics query (bsc#1104353). - net: hns3: fix endian issue when PF get mbx message flag (bsc#1104353). - net: hns3: fix error type definition of return value (bsc#1104353). - net: hns3: Fixes API to fetch ethernet header length with kernel default (bsc#1104353). - net: hns3: Fixes error reported by Kbuild and internal review (bsc#1104353). - net: hns3: Fixes initalization of RoCE handle and makes it conditional (bsc#1104353). - net: hns3: Fixes initialization of phy address from firmware (bsc#1104353). - net: hns3: Fixes kernel panic issue during rmmod hns3 driver (bsc#1104353). - net: hns3: Fixes ring-to-vector map-and-unmap command (bsc#1104353). - net: hns3: Fixes the back pressure setting when sriov is enabled (bsc#1104353). - net: hns3: Fixes the command used to unmap ring from vector (bsc#1104353). - net: hns3: Fixes the default VLAN-id of PF (bsc#1104353 ). - net: hns3: Fixes the error legs in hclge_init_ae_dev function (bsc#1104353). - net: hns3: Fixes the ether address copy with appropriate API (bsc#1104353). - net: hns3: Fixes the initialization of MAC address in hardware (bsc#1104353). - net: hns3: Fixes the init of the VALID BD info in the descriptor (bsc#1104353). - net: hns3: Fixes the missing PCI iounmap for various legs (bsc#1104353). - net: hns3: Fixes the missing u64_stats_fetch_begin_irq in 64-bit stats fetch (bsc#1104353). - net: hns3: Fixes the out of bounds access in hclge_map_tqp (bsc#1104353). - net: hns3: Fixes the premature exit of loop when matching clients (bsc#1104353). - net: hns3: fixes the ring index in hns3_fini_ring (bsc#1104353 ). - net: hns3: Fixes the state to indicate client-type initialization (bsc#1104353). - net: hns3: Fixes the static checker error warning in hns3_get_link_ksettings() (bsc#1104353). - net: hns3: Fixes the static check warning due to missing unsupp L3 proto check (bsc#1104353). - net: hns3: Fixes the wrong IS_ERR check on the returned phydev value (bsc#1104353). - net: hns3: fix for buffer overflow smatch warning (bsc#1104353 ). - net: hns3: fix for changing MTU (bsc#1104353). - net: hns3: fix for cleaning ring problem (bsc#1104353 ). - net: hns3: Fix for CMDQ and Misc. interrupt init order problem (bsc#1104353). - net: hns3: fix for coal configuation lost when setting the channel (bsc#1104353). - net: hns3: fix for coalesce configuration lost during reset (bsc#1104353). - net: hns3: Fix for deadlock problem occurring when unregistering ae_algo (bsc#1104353). - net: hns3: Fix for DEFAULT_DV when dev does not support DCB (bsc#1104353). - net: hns3: Fix for fiber link up problem (bsc#1104353 ). - net: hns3: fix for getting advertised_caps in hns3_get_link_ksettings (bsc#1104353). - net: hns3: fix for getting autoneg in hns3_get_link_ksettings (bsc#1104353). - net: hns3: fix for getting auto-negotiation state in hclge_get_autoneg (bsc#1104353). - net: hns3: fix for getting wrong link mode problem (bsc#1104353 ). - net: hns3: Fix for hclge_reset running repeatly problem (bsc#1104353). - net: hns3: Fix for hns3 module is loaded multiple times problem (bsc#1104353). - net: hns3: fix for ipv6 address loss problem after setting channels (bsc#1104353). - net: hns3: fix for loopback failure when vlan filter is enable (bsc#1104353). - net: hns3: fix for netdev not running problem after calling net_stop and net_open (bsc#1104353). - net: hns3: Fix for netdev not running problem after calling net_stop and net_open (bsc#1104353). - net: hns3: fix for not initializing VF rss_hash_key problem (bsc#1104353). - net: hns3: fix for not returning problem in get_link_ksettings when phy exists (bsc#1104353). - net: hns3: fix for not setting pause parameters (bsc#1104353 ). - net: hns3: Fix for not setting rx private buffer size to zero (bsc#1104353). - net: hns3: Fix for packet loss due wrong filter config in VLAN tbls (bsc#1104353). - net: hns3: fix for pause configuration lost during reset (bsc#1104353). - net: hns3: Fix for PF mailbox receving unknown message (bsc#1104353). - net: hns3: fix for phy_addr error in hclge_mac_mdio_config (bsc#1104353). - net: hns3: Fix for phy not link up problem after resetting (bsc#1104353). - net: hns3: Fix for pri to tc mapping in TM (bsc#1104353 ). - net: hns3: fix for returning wrong value problem in hns3_get_rss_indir_size (bsc#1104353). - net: hns3: fix for returning wrong value problem in hns3_get_rss_key_size (bsc#1104353). - net: hns3: fix for RSS configuration loss problem during reset (bsc#1104353). - net: hns3: Fix for rx priv buf allocation when DCB is not supported (bsc#1104353). - net: hns3: Fix for rx_priv_buf_alloc not setting rx shared buffer (bsc#1104353). - net: hns3: Fix for service_task not running problem after resetting (bsc#1104353). - net: hns3: Fix for setting mac address when resetting (bsc#1104353). - net: hns3: fix for setting MTU (bsc#1104353). - net: hns3: Fix for setting rss_size incorrectly (bsc#1104353 ). - net: hns3: Fix for the null pointer problem occurring when initializing ae_dev failed (bsc#1104353). - net: hns3: fix for the wrong shift problem in hns3_set_txbd_baseinfo (bsc#1104353). - net: hns3: fix for updating fc_mode_last_time (bsc#1104353 ). - net: hns3: fix for use-after-free when setting ring parameter (bsc#1104353). - net: hns3: Fix for VF mailbox cannot receiving PF response (bsc#1104353). - net: hns3: Fix for VF mailbox receiving unknown message (bsc#1104353). - net: hns3: fix for vlan table lost problem when resetting (bsc#1104353). - net: hns3: Fix for vxlan tx checksum bug (bsc#1104353 ). - net: hns3: Fix initialization when cmd is not supported (bsc#1104353). - net: hns3: fix length overflow when CONFIG_ARM64_64K_PAGES (bsc#1104353). - net: hns3: fix null pointer dereference before null check (bsc#1104353). - net: hns3: fix return value error of hclge_get_mac_vlan_cmd_status() (bsc#1104353). - net: hns3: fix rx path skb->truesize reporting bug (bsc#1104353 ). - net: hns3: Fix setting mac address error (bsc#1104353 ). - net: hns3: Fix spelling errors (bsc#1104353). - net: hns3: fix spelling mistake: 'capabilty' -> 'capability' (bsc#1104353). - net: hns3: fix the bug of hns3_set_txbd_baseinfo (bsc#1104353 ). - net: hns3: fix the bug when map buffer fail (bsc#1104353 ). - net: hns3: fix the bug when reuse command description in hclge_add_mac_vlan_tbl (bsc#1104353). - net: hns3: Fix the missing client list node initialization (bsc#1104353). - net: hns3: fix the ops check in hns3_get_rxnfc (bsc#1104353 ). - net: hns3: fix the queue id for tqp enable and reset (bsc#1104353 ). - net: hns3: fix the ring count for ETHTOOL_GRXRINGS (bsc#1104353 ). - net: hns3: fix the TX/RX ring.queue_index in hns3_ring_get_cfg (bsc#1104353). - net: hns3: fix the VF queue reset flow error (bsc#1104353 ). - net: hns3: fix to correctly fetch l4 protocol outer header (bsc#1104353). - net: hns3: Fix to support autoneg only for port attached with phy (bsc#1104353). - net: hns3: Fix typo error for feild in hclge_tm (bsc#1104353 ). - net: hns3: free the ring_data structrue when change tqps (bsc#1104353). - net: hns3: get rss_size_max from configuration but not hardcode (bsc#1104353). - net: hns3: get vf count by pci_sriov_get_totalvfs (bsc#1104353 ). - net: hns3: hclge_inform_reset_assert_to_vf() can be static (bsc#1104353). - net: hns3: hns3:fix a bug about statistic counter in reset process (bsc#1104353). - net: hns3: hns3_get_channels() can be static (bsc#1104353 ). - net: hns3: Increase the default depth of bucket for TM shaper (bsc#1104353). - net: hns3: increase the max time for IMP handle command (bsc#1104353). - net: hns3: make local functions static (bsc#1104353 ). - net: hns3: Mask the packet statistics query when NIC is down (bsc#1104353). - net: hns3: Modify the update period of packet statistics (bsc#1104353). - net: hns3: never send command queue message to IMP when reset (bsc#1104353). - net: hns3: Optimize PF CMDQ interrupt switching process (bsc#1104353). - net: hns3: Optimize the PF's process of updating multicast MAC (bsc#1104353). - net: hns3: Optimize the VF's process of updating multicast MAC (bsc#1104353). - net: hns3: reallocate tx/rx buffer after changing mtu (bsc#1104353). - net: hns3: refactor GL update function (bsc#1104353 ). - net: hns3: refactor interrupt coalescing init function (bsc#1104353). - net: hns3: Refactor mac_init function (bsc#1104353). - net: hns3: Refactor of the reset interrupt handling logic (bsc#1104353). - net: hns3: Refactors the requested reset and pending reset handling code (bsc#1104353). - net: hns3: refactor the coalesce related struct (bsc#1104353 ). - net: hns3: refactor the get/put_vector function (bsc#1104353 ). - net: hns3: refactor the hclge_get/set_rss function (bsc#1104353 ). - net: hns3: refactor the hclge_get/set_rss_tuple function (bsc#1104353). - net: hns3: Refactor the initialization of command queue (bsc#1104353). - net: hns3: refactor the loopback related function (bsc#1104353 ). - net: hns3: Refactor the mapping of tqp to vport (bsc#1104353 ). - net: hns3: Refactor the skb receiving and transmitting function (bsc#1104353). - net: hns3: remove a couple of redundant assignments (bsc#1104353 ). - net: hns3: remove add/del_tunnel_udp in hns3_enet module (bsc#1104353). - net: hns3: Remove a useless member of struct hns3_stats (bsc#1104353). - net: hns3: Remove error log when getting pfc stats fails (bsc#1104353). - net: hns3: Remove packet statistics in the range of 8192~12287 (bsc#1104353). - net: hns3: remove redundant memset when alloc buffer (bsc#1104353). - net: hns3: remove redundant semicolon (bsc#1104353). - net: hns3: Remove repeat statistic of rx_errors (bsc#1104353 ). - net: hns3: Removes unnecessary check when clearing TX/RX rings (bsc#1104353). - net: hns3: remove TSO config command from VF driver (bsc#1104353 ). - net: hns3: remove unnecessary pci_set_drvdata() and devm_kfree() (bsc#1104353). - net: hns3: remove unused GL setup function (bsc#1104353 ). - net: hns3: remove unused hclgevf_cfg_func_mta_filter (bsc#1104353). - net: hns3: Remove unused led control code (bsc#1104353 ). - net: hns3: report the function type the same line with hns3_nic_get_stats64 (bsc#1104353). - net: hns3: set the cmdq out_vld bit to 0 after used (bsc#1104353 ). - net: hns3: set the max ring num when alloc netdev (bsc#1104353 ). - net: hns3: Setting for fc_mode and dcb enable flag in TM module (bsc#1104353). - net: hns3: Support for dynamically assigning tx buffer to TC (bsc#1104353). - net: hns3: Unified HNS3 {VF|PF} Ethernet Driver for hip08 SoC (bsc#1104353). - net: hns3: unify the pause params setup function (bsc#1104353 ). - net: hns3: Unify the strings display of packet statistics (bsc#1104353). - net: hns3: Updates MSI/MSI-X alloc/free APIs(depricated) to new APIs (bsc#1104353). - net: hns3: Updates RX packet info fetch in case of multi BD (bsc#1104353). - net: hns3: Use enums instead of magic number in hclge_is_special_opcode (bsc#1104353). - net: hns3: VF should get the real rss_size instead of rss_size_max (bsc#1104353). - net: lan78xx: Fix race in tx pending skb size calculation (bsc#1100132). - net: lan78xx: fix rx handling before first packet is send (bsc#1100132). - net: qmi_wwan: add BroadMobi BM806U 2020:2033 (bsc#1087092). - net: qmi_wwan: Add Netgear Aircard 779S (bsc#1090888). - net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 (bsc#1087092). - net: usb: asix: replace mii_nway_restart in resume path (bsc#1100132). - nohz: Fix local_timer_softirq_pending() (bsc#1051510). - nvme: ensure forward progress during Admin passthru (git-fixes). - nvme-fabrics: Ignore nr_io_queues option for discovery controllers (bsc#1102633). - nvme: fixup crash on failed discovery (bsc#1103920). - nvme.h: fixup ANA group descriptor format (bsc#1104111). - nvme: use hw qid in trace events (bsc#1102633). - orangefs: report attributes_mask and attributes for statx (bsc#1101832). - orangefs: set i_size on new symlink (bsc#1101845). - overflow.h: Add allocation size calculation helpers (bsc#1101116,). - PCI: pciehp: Assume NoCompl+ for Thunderbolt ports (bsc#1051510). - PCI: pciehp: Request control of native hotplug only if supported (bsc#1051510). - PCI: Prevent sysfs disable of device while driver is attached (bsc#1051510). - pinctrl: at91-pio4: add missing of_node_put (bsc#1051510). - pinctrl: cannonlake: Fix community ordering for H variant (bsc#1051510). - pinctrl: core: Return selector to the pinctrl driver (bsc#1051510). - pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show() (bsc#1051510). - pinctrl: imx: off by one in imx_pinconf_group_dbg_show() (bsc#1051510). - pinctrl: intel: Add Intel Lewisburg GPIO support (). - pinctrl: nand: meson-gxl: fix missing data pins (bsc#1051510). - pinctrl: pinmux: Return selector to the pinctrl driver (bsc#1051510). - pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant (bsc#1051510). - pinctrl: single: Fix group and function selector use (bsc#1051510). - PM / devfreq: rk3399_dmc: Fix duplicated opp table on reload (bsc#1051510). - pmem: only set QUEUE_FLAG_DAX for fsdax mode (bsc#1103917). - powerpc/64: Add GENERIC_CPU support for little endian (). - powerpc/fadump: handle crash memory ranges array index overflow (bsc#1103269). - powerpc/fadump: merge adjacent memory ranges to reduce PT_LOAD segements (bsc#1103269). - powerpc/pkeys: Deny read/write/execute by default (bsc#1097577). - powerpc/pkeys: Fix calculation of total pkeys (bsc#1097577). - powerpc/pkeys: Give all threads control of their key permissions (bsc#1097577). - powerpc/pkeys: key allocation/deallocation must not change pkey registers (bsc#1097577). - powerpc/pkeys: make protection key 0 less special (bsc#1097577). - powerpc/pkeys: Preallocate execute-only key (bsc#1097577). - powerpc/pkeys: Save the pkey registers before fork (bsc#1097577). - qed*: Add link change count value to ethtool statistics display (bsc#1086314). - qed: Add qed APIs for PHY module query (bsc#1086314 ). - qed: Add srq core support for RoCE and iWARP (bsc#1086314 ). - qede: Add driver callbacks for eeprom module query (bsc#1086314 ). - qedf: Add get_generic_tlv_data handler (bsc#1086317). - qedf: Add support for populating ethernet TLVs (bsc#1086317). - qed: fix spelling mistake 'successffuly' -> 'successfully' (bsc#1086314). - qedi: Add get_generic_tlv_data handler (bsc#1086315). - qedi: Add support for populating ethernet TLVs (bsc#1086315). - qed: Make some functions static (bsc#1086314). - qed: remove redundant functions qed_get_cm_pq_idx_rl (bsc#1086314). - qed: remove redundant functions qed_set_gft_event_id_cm_hdr (bsc#1086314). - qed: remove redundant pointer 'name' (bsc#1086314). - qed: use dma_zalloc_coherent instead of allocator/memset (bsc#1086314). - qed*: Utilize FW 8.37.2.0 (bsc#1086314). - RDMA/hns: Add 64KB page size support for hip08 (bsc#1104427 ). - RDMA/hns: Add command queue support for hip08 RoCE driver (bsc#1104427). - RDMA/hns: Add CQ operations support for hip08 RoCE driver (bsc#1104427). - RDMA/hns: Add detailed comments for mb() call (bsc#1104427 ). - RDMA/hns: Add eq support of hip08 (bsc#1104427). - RDMA/hns: Add gsi qp support for modifying qp in hip08 (bsc#1104427). - RDMA/hns: Add mailbox's implementation for hip08 RoCE driver (bsc#1104427). - RDMA/hns: Add modify CQ support for hip08 (bsc#1104427 ). - RDMA/hns: Add names to function arguments in function pointers (bsc#1104427). - RDMA/hns: Add profile support for hip08 driver (bsc#1104427 ). - RDMA/hns: Add QP operations support for hip08 SoC (bsc#1104427 ). - RDMA/hns: Add releasing resource operation in error branch (bsc#1104427). - RDMA/hns: Add rereg mr support for hip08 (bsc#1104427 ). - RDMA/hns: Add reset process for RoCE in hip08 (bsc#1104427 ). - RDMA/hns: Add return operation when configured global param fail (bsc#1104427). - RDMA/hns: Add rq inline data support for hip08 RoCE (bsc#1104427 ). - RDMA/hns: Add rq inline flags judgement (bsc#1104427 ). - RDMA/hns: Add sq_invld_flg field in QP context (bsc#1104427 ). - RDMA/hns: Add support for processing send wr and receive wr (bsc#1104427). - RDMA/hns: Add the interfaces to support multi hop addressing for the contexts in hip08 (bsc#1104427). - RDMA/hns: Adjust the order of cleanup hem table (bsc#1104427 ). - RDMA/hns: Assign dest_qp when deregistering mr (bsc#1104427 ). - RDMA/hns: Assign the correct value for tx_cqn (bsc#1104427 ). - RDMA/hns: Assign zero for pkey_index of wc in hip08 (bsc#1104427 ). - RDMA/hns: Avoid NULL pointer exception (bsc#1104427 ). - RDMA/hns: Bugfix for cq record db for kernel (bsc#1104427 ). - RDMA/hns: Bugfix for init hem table (bsc#1104427). - RDMA/hns: Bugfix for rq record db for kernel (bsc#1104427 ). - RDMA/hns: Check return value of kzalloc (bsc#1104427 ). - RDMA/hns: Configure BT BA and BT attribute for the contexts in hip08 (bsc#1104427). - RDMA/hns: Configure fence attribute in hip08 RoCE (bsc#1104427 ). - RDMA/hns: Configure mac and gid and user access region for hip08 RoCE driver (bsc#1104427). - RDMA/hns: Configure sgid type for hip08 RoCE (bsc#1104427 ). - RDMA/hns: Configure the MTPT in hip08 (bsc#1104427). - RDMA/hns: Configure TRRL field in hip08 RoCE device (bsc#1104427 ). - RDMA/hns: Create gsi qp in hip08 (bsc#1104427). - RDMA/hns: Delete the unnecessary initializing enum to zero (bsc#1104427). - RDMA/hns: Do not unregister a callback we didn't register (bsc#1104427). - RDMA/hns: Drop local zgid in favor of core defined variable (bsc#1104427). - RDMA/hns: Enable inner_pa_vld filed of mpt (bsc#1104427 ). - RDMA/hns: Enable the cqe field of sqwqe of RC (bsc#1104427 ). - RDMA/hns: ensure for-loop actually iterates and free's buffers (bsc#1104427). - RDMA/hns: Fill sq wqe context of ud type in hip08 (bsc#1104427 ). - RDMA/hns: Filter for zero length of sge in hip08 kernel mode (bsc#1104427). - RDMA/hns: Fix a bug with modifying mac address (bsc#1104427 ). - RDMA/hns: Fix a couple misspellings (bsc#1104427). - RDMA/hns: Fix calltrace for sleeping in atomic (bsc#1104427 ). - RDMA/hns: Fix cqn type and init resp (bsc#1104427). - RDMA/hns: Fix cq record doorbell enable in kernel (bsc#1104427 ). - RDMA/hns: Fix endian problems around imm_data and rkey (bsc#1104427). - RDMA/hns: Fix inconsistent warning (bsc#1104427). - RDMA/hns: Fix init resp when alloc ucontext (bsc#1104427 ). - RDMA/hns: Fix misplaced call to hns_roce_cleanup_hem_table (bsc#1104427). - RDMA/hns: Fix QP state judgement before receiving work requests (bsc#1104427). - RDMA/hns: Fix QP state judgement before sending work requests (bsc#1104427). - RDMA/hns: fix spelling mistake: 'Reseved' -> 'Reserved' (bsc#1104427). - RDMA/hns: Fix the bug with NULL pointer (bsc#1104427 ). - RDMA/hns: Fix the bug with rq sge (bsc#1104427). - RDMA/hns: Fix the endian problem for hns (bsc#1104427 ). - RDMA/hns: Fix the illegal memory operation when cross page (bsc#1104427). - RDMA/hns: Fix the issue of IOVA not page continuous in hip08 (bsc#1104427). - RDMA/hns: Fix the qp context state diagram (bsc#1104427 ). - RDMA/hns: Generate gid type of RoCEv2 (bsc#1104427). - RDMA/hns: Get rid of page operation after dma_alloc_coherent (bsc#1104427). - RDMA/hns: Get rid of virt_to_page and vmap calls after dma_alloc_coherent (bsc#1104427). - RDMA/hns: Implement the disassociate_ucontext API (bsc#1104427 ). - RDMA/hns: Increase checking CMQ status timeout value (bsc#1104427). - RDMA/hns: Initialize the PCI device for hip08 RoCE (bsc#1104427 ). - RDMA/hns: Intercept illegal RDMA operation when use inline data (bsc#1104427). - RDMA/hns: Load the RoCE dirver automatically (bsc#1104427 ). - RDMA/hns: make various function static, fixes warnings (bsc#1104427). - RDMA/hns: Modify assignment device variable to support both PCI device and platform device (bsc#1104427). - RDMA/hns: Modify the usage of cmd_sn in hip08 (bsc#1104427 ). - RDMA/hns: Modify the value with rd dest_rd of qp_attr (bsc#1104427). - RDMA/hns: Modify uar allocation algorithm to avoid bitmap exhaust (bsc#1104427). - RDMA/hns: Move priv in order to add multiple hns_roce support (bsc#1104427). - RDMA/hns: Move the location for initializing tmp_len (bsc#1104427). - RDMA/hns: Not support qp transition from reset to reset for hip06 (bsc#1104427). - RDMA/hns: Only assign dest_qp if IB_QP_DEST_QPN bit is set (bsc#1104427). - RDMA/hns: Only assign dqpn if IB_QP_PATH_DEST_QPN bit is set (bsc#1104427). - RDMA/hns: Only assign mtu if IB_QP_PATH_MTU bit is set (bsc#1104427). - RDMA/hns: Refactor code for readability (bsc#1104427 ). - RDMA/hns: Refactor eq code for hip06 (bsc#1104427). - RDMA/hns: remove redundant assignment to variable j (bsc#1104427 ). - RDMA/hns: Remove some unnecessary attr_mask judgement (bsc#1104427). - RDMA/hns: Remove unnecessary operator (bsc#1104427). - RDMA/hns: Remove unnecessary platform_get_resource() error check (bsc#1104427). - RDMA/hns: Rename the idx field of db (bsc#1104427). - RDMA/hns: Replace condition statement using hardware version information (bsc#1104427). - RDMA/hns: Replace __raw_write*(cpu_to_le*()) with LE write*() (bsc#1104427). - RDMA/hns: return 0 rather than return a garbage status value (bsc#1104427). - RDMA/hns_roce: Do not check return value of zap_vma_ptes() (bsc#1104427). - RDMA/hns: Set access flags of hip08 RoCE (bsc#1104427 ). - RDMA/hns: Set desc_dma_addr for zero when free cmq desc (bsc#1104427). - RDMA/hns: Set NULL for __internal_mr (bsc#1104427). - RDMA/hns: Set rdma_ah_attr type for querying qp (bsc#1104427 ). - RDMA/hns: Set se attribute of sqwqe in hip08 (bsc#1104427 ). - RDMA/hns: Set sq_cur_sge_blk_addr field in QPC in hip08 (bsc#1104427). - RDMA/hns: Set the guid for hip08 RoCE device (bsc#1104427 ). - RDMA/hns: Set the owner field of SQWQE in hip08 RoCE (bsc#1104427). - RDMA/hns: Split CQE from MTT in hip08 (bsc#1104427). - RDMA/hns: Split hw v1 driver from hns roce driver (bsc#1104427 ). - RDMA/hns: Submit bad wr (bsc#1104427). - RDMA/hns: Support cq record doorbell for kernel space (bsc#1104427). - RDMA/hns: Support cq record doorbell for the user space (bsc#1104427). - RDMA/hns: Support multi hop addressing for PBL in hip08 (bsc#1104427). - RDMA/hns: Support rq record doorbell for kernel space (bsc#1104427). - RDMA/hns: Support rq record doorbell for the user space (bsc#1104427). - RDMA/hns: Support WQE/CQE/PBL page size configurable feature in hip08 (bsc#1104427). - RDMA/hns: Unify the calculation for hem index in hip08 (bsc#1104427). - RDMA/hns: Update assignment method for owner field of send wqe (bsc#1104427). - RDMA/hns: Update calculation of irrl_ba field for hip08 (bsc#1104427). - RDMA/hns: Update convert function of endian format (bsc#1104427 ). - RDMA/hns: Update the interfaces for MTT/CQE multi hop addressing in hip08 (bsc#1104427). - RDMA/hns: Update the IRRL table chunk size in hip08 (bsc#1104427 ). - RDMA/hns: Update the PD CQE MTT specification in hip08 (bsc#1104427). - RDMA/hns: Update the usage of ack timeout in hip08 (bsc#1104427 ). - RDMA/hns: Update the usage of sr_max and rr_max field (bsc#1104427). - RDMA/hns: Update the verbs of polling for completion (bsc#1104427). - RDMA/hns: Use free_pages function instead of free_page (bsc#1104427). - RDMA/hns: Use structs to describe the uABI instead of opencoding (bsc#1104427). - RDMA/qedr: Fix NULL pointer dereference when running over iWARP without RDMA-CM (bsc#1086314). - RDMA/qedr: fix spelling mistake: 'adrresses' -> 'addresses' (bsc#1086314). - RDMA/qedr: fix spelling mistake: 'failes' -> 'fails' (bsc#1086314). - regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops (bsc#1051510). - reiserfs: fix buffer overflow with long warning messages (bsc#1101847). - Revert 'drm/nouveau/drm/therm/fan: add a fallback if no fan control is specified in the vbios' (bsc#1103356). - rtc: ensure rtc_set_alarm fails when alarms are not supported (bsc#1051510). - s390/cio: clear timer when terminating driver I/O (bsc#1103421). - s390/cio: fix return code after missing interrupt (bsc#1103421). - s390/dasd: configurable IFCC handling (bsc#1097808). - s390/dasd: fix handling of internal requests (bsc#1103421). - s390/dasd: fix wrongly assigned configuration data (bsc#1103421). - s390/dasd: prevent prefix I/O error (bsc#1103421). - s390/eadm: fix CONFIG_BLOCK include dependency (bsc#1103421). - s390/ipl: ensure loadparm valid flag is set (bsc#1103421). - s390/pci: do not require AIS facility (bsc#1103421). - s390/qdio: do not release memory in qdio_setup_irq() (bsc#1103421). - sc16is7xx: Check for an error when the clock is enabled (bsc#1051510). - sched/debug: Reverse the order of printing faults (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Consider RT/IRQ pressure in capacity_spare_wake() (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Fix find_idlest_group() when local group is not allowed (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Fix usage of find_idlest_group() when no groups are allowed (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Fix usage of find_idlest_group() when the local group is idlest (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Move select_task_rq_fair() slow-path into its own function (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Remove impossible condition from find_idlest_group_cpu() (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Remove unnecessary comparison with -1 (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Spare idle load balancing on nohz_full CPUs (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Use 'unsigned long' for utilization, consistently (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Evaluate move once per node (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Modify migrate_swap() to accept additional parameters (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Move task_numa_placement() closer to numa_migrate_preferred() (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove redundant field (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove redundant field -kabi (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove unused task_capacity from 'struct numa_stats' (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Set preferred_node based on best_cpu (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Simplify load_too_imbalanced() (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Skip nodes that are at 'hoplimit' (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Update the scan period without holding the numa_group lock (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Use group_weights to identify if migration degrades locality (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Use task faults only if numa_group is not yet set up (bnc#1101669 optimise numa balancing for fast migrate). - sched/smt: Update sched_smt_present at runtime (bsc#1089343). - scsi: ata: enhance the definition of SET MAX feature field value (). - scsi: hisi_sas: add an mechanism to do reset work synchronously (). - scsi: hisi_sas: add check of device in hisi_sas_task_exec() (). - scsi: hisi_sas: add internal abort dev in some places (). - scsi: hisi_sas: Add LED feature for v3 hw (). - scsi: hisi_sas: add RAS feature for v3 hw (). - scsi: hisi_sas: add readl poll timeout helper wrappers (). - scsi: hisi_sas: Add some checks to avoid free'ing a sas_task twice (). - scsi: hisi_sas: add some print to enhance debugging (). - scsi: hisi_sas: Add v2 hw force PHY function for internal ATA command (). - scsi: hisi_sas: add v2 hw port AXI error handling support (). - scsi: hisi_sas: add v3 hw MODULE_DEVICE_TABLE() (). - scsi: hisi_sas: add v3 hw suspend and resume (). - scsi: hisi_sas: allocate slot buffer earlier (). - scsi: hisi_sas: Change common allocation mode of device id (). - scsi: hisi_sas: Change frame type for SET MAX commands (). - scsi: hisi_sas: change ncq process for v3 hw (). - scsi: hisi_sas: change slot index allocation mode (). - scsi: hisi_sas: check host frozen before calling 'done' function (). - scsi: hisi_sas: check IPTT is valid before using it for v3 hw (). - scsi: hisi_sas: check sas_dev gone earlier in hisi_sas_abort_task() (). - scsi: hisi_sas: Code cleanup and minor bug fixes (). - scsi: hisi_sas: config ATA de-reset as an constrained command for v3 hw (). - scsi: hisi_sas: consolidate command check in hisi_sas_get_ata_protocol() (). - scsi: hisi_sas: Create a scsi_host_template per HW module (). - scsi: hisi_sas: delete timer when removing hisi_sas driver (). - scsi: hisi_sas: do link reset for some CHL_INT2 ints (). - scsi: hisi_sas: Do not lock DQ for complete task sending (). - scsi: hisi_sas: dt-bindings: add an property of signal attenuation (). - scsi: hisi_sas: fix a bug in hisi_sas_dev_gone() (). - scsi: hisi_sas: fix a typo in hisi_sas_task_prep() (). - scsi: hisi_sas: fix dma_unmap_sg() parameter (). - scsi: hisi_sas: fix PI memory size (). - scsi: hisi_sas: fix return value of hisi_sas_task_prep() (). - scsi: hisi_sas: Fix return value when get_free_slot() failed (). - scsi: hisi_sas: fix SAS_QUEUE_FULL problem while running IO (). - scsi: hisi_sas: fix the issue of link rate inconsistency (). - scsi: hisi_sas: fix the issue of setting linkrate register (). - scsi: hisi_sas: improve int_chnl_int_v2_hw() consistency with v3 hw (). - scsi: hisi_sas: Include TMF elements in struct hisi_sas_slot (). - scsi: hisi_sas: increase timer expire of internal abort task (). - scsi: hisi_sas: Init disks after controller reset (). - scsi: hisi_sas: initialize dq spinlock before use (). - scsi: hisi_sas: Introduce hisi_sas_phy_set_linkrate() (). - scsi: hisi_sas: judge result of internal abort (). - scsi: hisi_sas: make local symbol host_attrs static (). - scsi: hisi_sas: make return type of prep functions void (). - scsi: hisi_sas: make SAS address of SATA disks unique (). - scsi: hisi_sas: Mark PHY as in reset for nexus reset (). - scsi: hisi_sas: modify hisi_sas_dev_gone() for reset (). - scsi: hisi_sas: modify some register config for hip08 (). - scsi: hisi_sas: optimise port id refresh function (). - scsi: hisi_sas: optimise the usage of DQ locking (). - scsi: hisi_sas: print device id for errors (). - scsi: hisi_sas: re-add the lldd_port_deformed() (). - scsi: hisi_sas: relocate clearing ITCT and freeing device (). - scsi: hisi_sas: relocate smp sg map (). - scsi: hisi_sas: Remove depends on HAS_DMA in case of platform dependency (). - scsi: hisi_sas: remove redundant handling to event95 for v3 (). - scsi: hisi_sas: remove some unneeded structure members (). - scsi: hisi_sas: remove unused variable hisi_sas_devices.running_req (). - scsi: hisi_sas: Reset disks when discovered (). - scsi: hisi_sas: some optimizations of host controller reset (). - scsi: hisi_sas: stop controller timer for reset (). - scsi: hisi_sas: support the property of signal attenuation for v2 hw (). - scsi: hisi_sas: Terminate STP reject quickly for v2 hw (). - scsi: hisi_sas: Try wait commands before before controller reset (). - scsi: hisi_sas: update PHY linkrate after a controller reset (). - scsi: hisi_sas: update RAS feature for later revision of v3 HW (). - scsi: hisi_sas: use an general way to delay PHY work (). - scsi: hisi_sas: Use device lock to protect slot alloc/free (). - scsi: hisi_sas: use dma_zalloc_coherent() (). - scsi: hisi_sas: workaround a v3 hw hilink bug (). - scsi: libsas: defer ata device eh commands to libata (). - scsi: lpfc: Add Buffer overflow check, when nvme_info larger than PAGE_SIZE (bsc#1102658). - scsi: lpfc: Correct LCB ACCept payload (bsc#1102658). - scsi: lpfc: devloss timeout race condition caused null pointer reference (bsc#1102658). - scsi: lpfc: Fix abort error path for NVMET (bsc#1102658). - scsi: lpfc: Fix driver crash when re-registering NVME rports (bsc#1102658). - scsi: lpfc: Fix driver not setting dpp bits correctly in doorbell word (bsc#1102658). - scsi: lpfc: Fix ELS abort on SLI-3 adapters (bsc#1102658). - scsi: lpfc: Fix list corruption on the completion queue (bsc#1102658). - scsi: lpfc: Fix NVME Target crash in defer rcv logic (bsc#1102658). - scsi: lpfc: Fix panic if driver unloaded when port is offline (bsc#1102658). - scsi: lpfc: Fix sysfs Speed value on CNA ports (bsc#1102658). - scsi: lpfc: Limit tracking of tgt queue depth in fast path (bsc#1102658). - scsi: lpfc: Make PBDE optimizations configurable (bsc#1102658). - scsi: lpfc: Remove lpfc_enable_pbde as module parameter (bsc#1102658). - scsi: lpfc: Revise copyright for new company language (bsc#1102658). - scsi: lpfc: Support duration field in Link Cable Beacon V1 command (bsc#1102658). - scsi: lpfc: update driver version to 12.0.0.5 (bsc#1102658). - scsi: lpfc: update driver version to 12.0.0.6 (bsc#1102658). - scsi: mpt3sas: Add an I/O barrier (bsc#1086906,). - scsi: mpt3sas: Added support for SAS Device Discovery Error Event (bsc#1086906,). - scsi: mpt3sas: Add PCI device ID for Andromeda (bsc#1086906,). - scsi: mpt3sas: Allow processing of events during driver unload (bsc#1086906,). - scsi: mpt3sas: As per MPI-spec, use combined reply queue for SAS3.5 controllers when HBA supports more than 16 MSI-x vectors (bsc#1086906,). - scsi: mpt3sas: Bug fix for big endian systems (bsc#1086906,). - scsi: mpt3sas: Cache enclosure pages during enclosure add (bsc#1086906,). - scsi: mpt3sas: clarify mmio pointer types (bsc#1086906,). - scsi: mpt3sas: Configure reply post queue depth, DMA and sgl tablesize (bsc#1086906,). - scsi: mpt3sas: Do not abort I/Os issued to NVMe drives while processing Async Broadcast primitive event (bsc#1086906,). - scsi: mpt3sas: Do not access the structure after decrementing it's instance reference count (bsc#1086906,). - scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM (bsc#1086906,). - scsi: mpt3sas: Enhanced handling of Sense Buffer (bsc#1086906,). - scsi: mpt3sas: Fix, False timeout prints for ioctl and other internal commands during controller reset (bsc#1086906,). - scsi: mpt3sas: fix possible memory leak (bsc#1086906,). - scsi: mpt3sas: fix spelling mistake: 'disbale' -> 'disable' (bsc#1086906,). - scsi: mpt3sas: For NVME device, issue a protocol level reset (bsc#1086906,). - scsi: mpt3sas: Incorrect command status was set/marked as not used (bsc#1086906,). - scsi: mpt3sas: Increase event log buffer to support 24 port HBA's (bsc#1086906,). - scsi: mpt3sas: Introduce API to get BAR0 mapped buffer address (bsc#1086906,). - scsi: mpt3sas: Introduce Base function for cloning (bsc#1086906,). - scsi: mpt3sas: Introduce function to clone mpi reply (bsc#1086906,). - scsi: mpt3sas: Introduce function to clone mpi request (bsc#1086906,). - scsi: mpt3sas: Lockless access for chain buffers (bsc#1086906,). - scsi: mpt3sas: Optimize I/O memory consumption in driver (bsc#1086906,). - scsi: mpt3sas: Pre-allocate RDPQ Array at driver boot time (bsc#1086906,). - scsi: mpt3sas: Replace PCI pool old API (bsc#1081917). - scsi: mpt3sas: Report Firmware Package Version from HBA Driver (bsc#1086906,). - scsi: mpt3sas: Update driver version '25.100.00.00' (bsc#1086906,). - scsi: mpt3sas: Update driver version '26.100.00.00' (bsc#1086906,). - scsi: mpt3sas: Update MPI Headers (bsc#1086906,). - scsi: qedf: Add additional checks when restarting an rport due to ABTS timeout (bsc#1086317). - scsi: qedf: Add check for offload before flushing I/Os for target (bsc#1086317). - scsi: qedf: Add dcbx_not_wait module parameter so we won't wait for DCBX convergence to start discovery (bsc#1086317). - scsi: qedf: Add missing skb frees in error path (bsc#1086317). - scsi: qedf: Add more defensive checks for concurrent error conditions (bsc#1086317). - scsi: qedf: Add task id to kref_get_unless_zero() debug messages when flushing requests (bsc#1086317). - scsi: qedf: Check if link is already up when receiving a link up event from qed (bsc#1086317). - scsi: qedf: fix LTO-enabled build (bsc#1086317). - scsi: qedf: Fix VLAN display when printing sent FIP frames (bsc#1086317). - scsi: qedf: Honor default_prio module parameter even if DCBX does not converge (bsc#1086317). - scsi: qedf: Honor priority from DCBX FCoE App tag (bsc#1086317). - scsi: qedf: If qed fails to enable MSI-X fail PCI probe (bsc#1086317). - scsi: qedf: Improve firmware debug dump handling (bsc#1086317). - scsi: qedf: Increase the number of default FIP VLAN request retries to 60 (bsc#1086317). - scsi: qedf: Release RRQ reference correctly when RRQ command times out (bsc#1086317). - scsi: qedf: remove redundant initialization of 'fcport' (bsc#1086317). - scsi: qedf: Remove setting DCBX pending during soft context reset (bsc#1086317). - scsi: qedf: Return request as DID_NO_CONNECT if MSI-X is not enabled (bsc#1086317). - scsi: qedf: Sanity check FCoE/FIP priority value to make sure it's between 0 and 7 (bsc#1086317). - scsi: qedf: Send the driver state to MFW (bsc#1086317). - scsi: qedf: Set the UNLOADING flag when removing a vport (bsc#1086317). - scsi: qedf: Synchronize rport restarts when multiple ELS commands time out (bsc#1086317). - scsi: qedf: Update copyright for 2018 (bsc#1086317). - scsi: qedf: Update version number to 8.33.16.20 (bsc#1086317). - scsi: qedf: use correct strncpy() size (bsc#1086317). - scsi: qedi: fix building with LTO (bsc#1086315). - scsi: qedi: fix build regression (bsc#1086315). - scsi: qedi: Fix kernel crash during port toggle (bsc#1086315). - scsi: qedi: Send driver state to MFW (bsc#1086315). - scsi: qla2xxx: Avoid double completion of abort command (git-fixes). - scsi: qla2xxx: correctly shift host byte (bsc#1086327,). - scsi: qla2xxx: Correct setting of SAM_STAT_CHECK_CONDITION (bsc#1086327,). - scsi: qla2xxx: Fix crash on qla2x00_mailbox_command (bsc#1086327,). - scsi: qla2xxx: Fix driver unload by shutting down chip (git-fixes). - scsi: qla2xxx: Fix Inquiry command being dropped in Target mode (bsc#1086327,). - scsi: qla2xxx: Fix NPIV deletion by calling wait_for_sess_deletion (git-fixes). - scsi: qla2xxx: Fix NULL pointer dereference for fcport search (git-fixes). - scsi: qla2xxx: Fix race condition between iocb timeout and initialisation (bsc#1086327,). - scsi: qla2xxx: Fix Rport and session state getting out of sync (bsc#1086327,). - scsi: qla2xxx: Fix sending ADISC command for login (bsc#1086327,). - scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails (bsc#1086327,). - scsi: qla2xxx: Fix TMF and Multi-Queue config (bsc#1086327,). - scsi: qla2xxx: Fix unintialized List head crash (git-fixes). - scsi: qla2xxx: Move GPSC and GFPNID out of session management (bsc#1086327,). - scsi: qla2xxx: Prevent relogin loop by removing stale code (bsc#1086327,). - scsi: qla2xxx: Reduce redundant ADISC command for RSCNs (bsc#1086327,). - scsi: qla2xxx: remove irq save in qla2x00_poll() (bsc#1086327,). - scsi: qla2xxx: Remove stale debug value for login_retry flag (bsc#1086327,). - scsi: qla2xxx: Return error when TMF returns (git-fixes). - scsi: qla2xxx: Update driver version to 10.00.00.07-k (bsc#1086327,). - scsi: qla2xxx: Use predefined get_datalen_for_atio() inline function (bsc#1086327,). - scsi: qla4xxx: Move an array from a .h into a .c file (bsc#1086331). - scsi: qla4xxx: Remove unused symbols (bsc#1086331). - scsi: qla4xxx: skip error recovery in case of register disconnect (bsc#1086331). - scsi: qla4xxx: Use dma_pool_zalloc() (bsc#1086331). - scsi: qla4xxx: Use zeroing allocator rather than allocator/memset (bsc#1086331). - scsi: smartpqi: add in new supported controllers (bsc#1086274). - scsi: smartpqi: add inspur advantech ids (bsc#1086274). - scsi: smartpqi: bump driver version to 1.1.4-130 (bsc#1086274). - scsi: smartpqi: fix critical ARM issue reading PQI index registers (bsc#1086274). - scsi: smartpqi: improve error checking for sync requests (bsc#1086274). - scsi: smartpqi: improve handling for sync requests (bsc#1086274). - scsi: smartpqi: update driver version (bsc#1086274). - scsi: smartpqi: workaround fw bug for oq deletion (bsc#1086274). - sctp: fix the issue that pathmtu may be set lower than MINSEGMENT (git-fixes). - sctp: introduce sctp_dst_mtu (git-fixes). - selftests/powerpc: Fix core-pkey for default execute permission change (bsc#1097577). - selftests/powerpc: Fix ptrace-pkey for default execute permission change (bsc#1097577). - series.conf: Sort automatic NUMA balancing related patch - soc: bcm2835: Make !RASPBERRYPI_FIRMWARE dummies return failure (bsc#1051510). - soc: bcm: raspberrypi-power: Fix use of __packed (bsc#1051510). - soc: imx: gpc: de-register power domains only if initialized (bsc#1051510). - soc: imx: gpc: restrict register range for regmap access (bsc#1051510). - soc: imx: gpcv2: correct PGC offset (bsc#1051510). - soc: imx: gpcv2: Do not pass static memory as platform data (bsc#1051510). - soc: imx: gpcv2: fix regulator deferred probe (bsc#1051510). - soc: mediatek: pwrap: fix compiler errors (bsc#1051510). - soc: qcom: wcnss_ctrl: Fix increment in NV upload (bsc#1051510). - soc: rockchip: power-domain: Fix wrong value when power up pd with writemask (bsc#1051510). - soc/tegra: Fix bad of_node_put() in powergate init (bsc#1051510). - soc/tegra: flowctrl: Fix error handling (bsc#1051510). - soc: ti: ti_sci_pm_domains: Populate name for genpd (bsc#1051510). - soc: zte: Restrict SOC_ZTE to ARCH_ZX or COMPILE_TEST (bsc#1051510). - spi: bcm2835aux: ensure interrupts are enabled for shared handler (bsc#1051510). - spi/bcm63xx-hspi: Enable the clock before calling clk_get_rate() (bsc#1051510). - spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL (bsc#1051510). - spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master (bsc#1051510). - spi: cadence: Add usleep_range() for cdns_spi_fill_tx_fifo() (bsc#1051510). - spi: pxa2xx: Allow 64-bit DMA (bsc#1051510). - spi: pxa2xx: check clk_prepare_enable() return value (bsc#1051510). - spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe (bsc#1051510). - sr: pass down correctly sized SCSI sense buffer (git-fixes). - staging: ks7010: Use constants from ieee80211_eid instead of literal ints (bsc#1051510). - staging: speakup: fix wraparound in uaccess length check (bsc#1051510). - supported.conf: add drivers/md/dm-writecache - supported.conf: added hns3 modules - supported.conf: added hns-roce-hw-v1 and hns-roce-hw-v2 - supported.conf: Enable HiSi v3 SAS adapter () - sysrq : fix Show Regs call trace on ARM (bsc#1051510). - TCM_RBD depends on BLK_DEV_RBD (). - thermal: exynos: fix setting rising_threshold for Exynos5433 (bsc#1051510). - tty: Fix data race in tty_insert_flip_string_fixed_flag (bsc#1051510). - typec: tcpm: Fix a msecs vs jiffies bug (bsc#1100132). - typec: tcpm: fusb302: Resolve out of order messaging events (bsc#1087092). - udf: Detect incorrect directory size (bsc#1101891). - udf: Provide saner default for invalid uid / gid (bsc#1101890). - Update patches.arch/KVM-PPC-Check-if-IOMMU-page-is-contained-in-the-pinn.patch (bsc#1077761, git-fixes, bsc#1103948, bsc#1103949). - usb: hub: Do not wait for connect state at resume for powered-off ports (bsc#1051510). - usbip: usbip_detach: Fix memory, udev context and udev leak (bsc#1051510). - vfs: add the sb_start_intwrite_trylock() helper (bsc#1101841). - virtio_balloon: fix another race between migration and ballooning (bsc#1051510). - wlcore: sdio: check for valid platform device data before suspend (bsc#1051510). - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/KVM/VMX: Add module argument for L1TF mitigation. - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 (binutils_2.31). - x86/xen: init %gs very early to avoid page faults with stack protector (bnc#1104777). - xen-netback: fix input validation in xenvif_set_hash_mapping() (bnc#1103277). - xen/netfront: do not cache skb_shinfo() (bnc#1065600). - xfs: catch inode allocation state mismatch corruption (bsc#1104211). - xfs: prevent creating negative-sized file via INSERT_RANGE (bsc#1101833). - xhci: Fix perceived dead host due to runtime suspend race with event handler (bsc#1051510). ----------------------------------------- Patch: SUSE-2018-1705 Released: Mon Aug 20 16:31:22 2018 Summary: Recommended update for quota Severity: important References: 1104898 Description: This update for quota fixes the following issues: - Fix issue with high cpu load if RQUOTAD_PORT is set in /etc/sysconfig/nfs. (bsc#1104898) ----------------------------------------- Patch: SUSE-2018-1751 Released: Fri Aug 24 11:03:00 2018 Summary: Recommended update for polkit-default-privs Severity: moderate References: 1100328 Description: This update for polkit-default-privs fixes the following issues: - Contains whitelisting for new libvirt polkit action (bsc#1100328) ----------------------------------------- Patch: SUSE-2018-1754 Released: Fri Aug 24 16:40:21 2018 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1104780 Description: This update for ca-certificates-mozilla fixes the following issues: Updated to the 2.26 state of the Mozilla NSS Certificate store. (bsc#1104780) - removed server auth rights from following CAs: - Certplus Root CA G1 - Certplus Root CA G2 - OpenTrust Root CA G1 - OpenTrust Root CA G2 - OpenTrust Root CA G3 - removed CA - ComSign CA - new CA added: - GlobalSign ----------------------------------------- Patch: SUSE-2018-1760 Released: Fri Aug 24 17:14:53 2018 Summary: Recommended update for libtirpc Severity: moderate References: 1072183 Description: This update for libtirpc fixes the following issues: - rpcinfo: send RPC getport call as specified via parameter (bsc#1072183) ----------------------------------------- Patch: SUSE-2018-1761 Released: Fri Aug 24 17:15:21 2018 Summary: Recommended update for dracut Severity: moderate References: 1048551,1065058,1091099,1094603 Description: This update for dracut fixes the following issues: - Fix an issue with static network setups (bsc#1091099) - Fix cat: write error: Broken pipe error (bsc#1094603) - Pickup multipath files in /etc/multipath/conf.d (bsc#1048551) - Load all keymaps for a given locale (bsc#1065058) ----------------------------------------- Patch: SUSE-2018-1775 Released: Tue Aug 28 12:40:50 2018 Summary: Recommended update for xfsprogs Severity: important References: 1089777,1105396 Description: This update for xfsprogs fixes the following issues: - avoid divide-by-zero when hardware reports optimal i/o size as 0 (bsc#1089777) - repair: shift inode back into place if corrupted by bad log replay (bsc#1105396). ----------------------------------------- Patch: SUSE-2018-1804 Released: Fri Aug 31 13:02:24 2018 Summary: Recommended update for docker Severity: moderate References: 1065609,1073877,1099277,1100727 Description: This update for docker fixes the following issues: - Build the client binary with -buildmode=pie to fix issues on POWER. (bsc#1100727) - Fix an issue where changed AppArmor profiles don't actually get applied on Docker daemon reboot. (bsc#1099277) - Update to AppArmor patch so that signal mediation also works for signals between in-container processes. (bsc#1073877) - Do not log incorrect warnings when attempting to inject non-existent host files. (bsc#1065609) ----------------------------------------- Patch: SUSE-2018-1837 Released: Wed Sep 5 11:22:39 2018 Summary: Recommended update for perl-Bootloader Severity: moderate References: 1033776,1050349 Description: This update for perl-Bootloader fixes the following issues: - Add --get-option to pbl. (bsc#1033776, bsc#1050349) ----------------------------------------- Patch: SUSE-2018-1839 Released: Wed Sep 5 14:08:22 2018 Summary: Recommended update for permissions Severity: moderate References: 1101420 Description: This update for permissions fixes the following issues: - add whitelisting for the spice-gtk setuid binary (bsc#1101420) for improved usability. ----------------------------------------- Patch: SUSE-2018-1878 Released: Tue Sep 11 14:07:30 2018 Summary: Recommended update for sle-module-legacy-release Severity: moderate References: 1104195 Description: This update for sle-module-legacy-release fixes the following issues: - Set lifecycle end to 2021-07-31. (bsc#1104195) ----------------------------------------- Patch: SUSE-2018-1880 Released: Tue Sep 11 15:00:02 2018 Summary: Security update for zsh Severity: important References: 1107294,1107296,CVE-2018-0502,CVE-2018-13259 Description: This update for zsh to version 5.6 fixes the following security issues: - CVE-2018-0502: The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line (bsc#1107296). - CVE-2018-13259: Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one (bsc#1107294). ----------------------------------------- Patch: SUSE-2018-1883 Released: Tue Sep 11 15:50:31 2018 Summary: Security update for libzypp, zypper Severity: important References: 1036304,1041178,1043166,1045735,1058515,1066215,1070770,1070851,1082318,1084525,1088037,1088705,1091624,1092413,1093103,1096217,1096617,1096803,1099847,1100028,1100095,1100427,1101349,1102019,1102429,408814,428822,907538,CVE-2017-9269,CVE-2018-7685 Description: This update for libzypp, zypper, libsolv provides the following fixes: Security fixes in libzypp: - CVE-2018-7685: PackageProvider: Validate RPMs before caching (bsc#1091624, bsc#1088705) - CVE-2017-9269: Be sure bad packages do not stay in the cache (bsc#1045735) Changes in libzypp: - Update to version 17.6.4 - Automatically fetch repository signing key from gpgkey url (bsc#1088037) - lsof: use '-K i' if lsof supports it (bsc#1099847,bsc#1036304) - Check for not imported keys after multi key import from rpmdb (bsc#1096217) - Flags: make it std=c++14 ready - Ignore /var, /tmp and /proc in zypper ps. (bsc#1096617) - Show GPGME version in log - Adapt to changes in libgpgme11-11.1.0 breaking the signature verification (bsc#1100427) - RepoInfo::provideKey: add report telling where we look for missing keys. - Support listing gpgkey URLs in repo files (bsc#1088037) - Add new report to request user approval for importing a package key - Handle http error 502 Bad Gateway in curl backend (bsc#1070851) - Add filesize check for downloads with known size (bsc#408814) - Removed superfluous space in translation (bsc#1102019) - Prevent the system from sleeping during a commit - RepoManager: Explicitly request repo2solv to generate application pseudo packages. - libzypp-devel should not require cmake (bsc#1101349) - Avoid zombies from ExternalProgram - Update ApiConfig - HardLocksFile: Prevent against empty commit without Target having been been loaded (bsc#1096803) - lsof: use '-K i' if lsof supports it (bsc#1099847) - Add filesize check for downloads with known size (bsc#408814) - Fix detection of metalink downloads and prevent aborting if a metalink file is larger than the expected data file. - Require libsolv-devel >= 0.6.35 during build (fixing bsc#1100095) - Make use of %license macro (bsc#1082318) Security fix in zypper: - CVE-2017-9269: Improve signature check callback messages (bsc#1045735) Changes in zypper: - Always set error status if any nr of unknown repositories are passed to lr and ref (bsc#1093103) - Notify user about unsupported rpm V3 keys in an old rpm database (bsc#1096217) - Detect read only filesystem on system modifying operations (fixes #199) - Use %license (bsc#1082318) - Handle repo aliases containing multiple ':' in the PackageArgs parser (bsc #1041178) - Fix broken display of detailed query results. - Fix broken search for items with a dash. (bsc#907538, bsc#1043166, bsc#1070770) - Disable repository operations when searching installed packages. (bsc#1084525) - Prevent nested calls to exit() if aborted by a signal. (bsc#1092413) - ansi.h: Prevent ESC sequence strings from going out of scope. (bsc#1092413) - Fix some translation errors. - Support listing gpgkey URLs in repo files (bsc#1088037) - Check for root privileges in zypper verify and si (bsc#1058515) - XML attribute `packages-to-change` added (bsc#1102429) - Add expert (allow-*) options to all installer commands (bsc#428822) - Sort search results by multiple columns (bsc#1066215) - man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf (bsc#1100028) - Set error status if repositories passed to lr and ref are not known (bsc#1093103) - Do not override table style in search - Fix out of bound read in MbsIterator - Add --supplements switch to search and info - Add setter functions for zypp cache related config values to ZConfig Changes in libsolv: - convert repo2solv.sh script into a binary tool - Make use of %license macro (bsc#1082318) ----------------------------------------- Patch: SUSE-2018-1887 Released: Wed Sep 12 12:34:28 2018 Summary: Recommended update for python-websocket-client Severity: moderate References: 1076519 Description: This update for python-websocket-client fixes the following issues: - Use systems ca bundle file by default. (bsc#1076519) ----------------------------------------- Patch: SUSE-2018-1892 Released: Thu Sep 13 09:51:42 2018 Summary: Recommended update for patterns-base Severity: moderate References: 1095916 Description: This update for patterns-base fixes the following issues: - Moved xfsprogs from the enhanced base pattern to the minimal base pattern and recommends instead of suggests it. (bsc#1095916) ----------------------------------------- Patch: SUSE-2018-1904 Released: Fri Sep 14 12:46:39 2018 Summary: Security update for curl Severity: moderate References: 1086367,1106019,CVE-2018-14618 Description: This update for curl fixes the following issues: This security issue was fixed: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019) This non-security issue was fixed: - Use OPENSSL_config instead of CONF_modules_load_file() to avoid crashes due to openssl engines conflicts (bsc#1086367) ----------------------------------------- Patch: SUSE-2018-1919 Released: Tue Sep 18 13:16:40 2018 Summary: Recommended update for crash Severity: moderate References: 1092101 Description: This update for crash fixes the following issues: - Reimplement IDR facility to use radix trees in Kernel 4.11. (bsc#1092101) ----------------------------------------- Patch: SUSE-2018-1926 Released: Wed Sep 19 21:32:48 2018 Summary: Recommended update for the SLE Module Development Tools release Severity: moderate References: 1097116 Description: This update for sle-module-development-tools-release fixes the following issues: - Correctly obsolete SLE SDK and Toolchain Module. (bsc#1097116) ----------------------------------------- Patch: SUSE-2018-1949 Released: Fri Sep 21 11:31:54 2018 Summary: Recommended update for yast2-installation Severity: moderate References: 1071745,1097661,1099505,1101879 Description: This update for yast2-installation fixes the following issues: - Turn off systemd console output at the second stage of an installation (bsc#1099505). - Do not print errors if plymouth is not installed (bsc#1101879) - Do not crash if /etc/os-release is a directory (bsc#1097661) - Delete unneeded content of /mnt/run after installation/update. (bsc#1071745) ----------------------------------------- Patch: SUSE-2018-1993 Released: Mon Sep 24 12:55:44 2018 Summary: Security update for shadow Severity: moderate References: 1106914 Description: This update for shadow fixes the following security issue: - Prevent useradd from creating intermediate directories with mode 0777 (bsc#1106914) ----------------------------------------- Patch: SUSE-2018-1999 Released: Tue Sep 25 08:20:35 2018 Summary: Recommended update for zlib Severity: moderate References: 1071321 Description: This update for zlib provides the following fixes: - Speedup zlib on power8. (fate#325307) - Add safeguard against negative values in uInt. (bsc#1071321) ----------------------------------------- Patch: SUSE-2018-2020 Released: Tue Sep 25 21:35:23 2018 Summary: Recommended update for yast2-update Severity: moderate References: 1079034 Description: This update for yast2-update provides the following fix: - Do not show wrong fstype 'Windows Data Partition' for partition which are suggested for upgrade. (bsc#1079034) ----------------------------------------- Patch: SUSE-2018-2049 Released: Thu Sep 27 09:30:04 2018 Summary: Recommended update for autoyast2 Severity: moderate References: 1095113,1098794,1104655,1105711 Description: This update for autoyast2 provides the following fixes: - AutoInstallRules: Fix a crash while merging profiles. (bsc#1105711) - AutoInstallRules: Increase the default maxdepth for not crashing with a big software package list. (bsc#1104655) - Installation/Update: Do not call registration if module yast2-registration is not available in inst-sys. (bsc#1098794) - Autoyast configuration module: Report XML errors while reading an Autoyast configuration file. (bsc#1098794) - Added additional search keys to desktop file. (fate#321043) - Show AutoYaST configuration file errors just once. (bsc#1095113) ----------------------------------------- Patch: SUSE-2018-2050 Released: Thu Sep 27 09:37:56 2018 Summary: Recommended update for mozjs52 Severity: moderate References: 1082720,1093033 Description: This update for mozjs52 provides the following fixes: - Fix building failing on PowerPC due to memory constraints. - Fix build errors on ppc64 (BE). (bsc#1093033) - Fix armv6 build by fixing armv6 detection. - Use system zlib instead of the bundled one to avoid potential problems when trying to use system zlib while mozjs52-devel is installed. (bsc#1082720) - Drop unused dependency on zip. ----------------------------------------- Patch: SUSE-2018-2055 Released: Thu Sep 27 14:30:14 2018 Summary: Recommended update for openldap2 Severity: moderate References: 1089640 Description: This update for openldap2 provides the following fix: - Fix slapd segfaults in mdb_env_reader_dest. (bsc#1089640) ----------------------------------------- Patch: SUSE-2018-2065 Released: Thu Sep 27 20:28:31 2018 Summary: Recommended update for grub2 Severity: moderate References: 1063443,1084508,1088830,1102515,1105163,1106381 Description: This update for grub2 provides the following fixes: - Fix overflow in sector count calculation. (bsc#1105163) - Fix config_directory on btrfs to follow path scheme. (bsc#1063443) - Fix setparams doesn't work as expected in boot-last-label. (bsc#1088830) - Suggest instead of libburnia-tools to not pull in tcl/tk and half of the x11 stack automatically. (bsc#1102515) - Fix broken network interface with random address and same name. (bsc#1084508) - Fix outputting invalid btrfs subvolume path on non btrfs filesystem due to bogus return code handling. (bsc#1106381) ----------------------------------------- Patch: SUSE-2018-2068 Released: Fri Sep 28 06:55:59 2018 Summary: Recommended update for multiple yast2 packages Severity: moderate References: 1087957,1099691 Description: This update addresses issues in several yast2 packages: Feature added to all packages: - Added additional searchkeys to desktop file (fate#321043, bsc#1099691) ----------------------------------------- Patch: SUSE-2018-2070 Released: Fri Sep 28 08:02:02 2018 Summary: Security update for gnutls Severity: moderate References: 1047002,1105437,1105459,1105460,CVE-2017-10790,CVE-2018-10844,CVE-2018-10845,CVE-2018-10846 Description: This update for gnutls fixes the following security issues: - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (bsc#1105460) - CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (bsc#1105459) - CVE-2018-10844: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (bsc#1105437) - CVE-2017-10790: The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (bsc#1047002) ----------------------------------------- Patch: SUSE-2018-2082 Released: Sun Sep 30 14:06:27 2018 Summary: Security update for libX11 Severity: moderate References: 1102062,1102068,1102073,CVE-2018-14598,CVE-2018-14599,CVE-2018-14600 Description: This update for libX11 fixes the following security issues: - CVE-2018-14599: The function XListExtensions was vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact (bsc#1102062) - CVE-2018-14600: The function XListExtensions interpreted a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution (bsc#1102068) - CVE-2018-14598: A malicious server could have sent a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault) (bsc#1102073) ----------------------------------------- Patch: SUSE-2018-2083 Released: Sun Sep 30 14:06:33 2018 Summary: Security update for openssl-1_1 Severity: moderate References: 1097158,1101470,CVE-2018-0732 Description: This update for openssl-1_1 to 1.1.0i fixes the following issues: These security issues were fixed: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Make problematic ECDSA sign addition length-invariant - Add blinding to ECDSA and DSA signatures to protect against side channel attacks These non-security issues were fixed: - When unlocking a pass phrase protected PEM file or PKCS#8 container, we now allow empty (zero character) pass phrases. - Certificate time validation (X509_cmp_time) enforces stricter compliance with RFC 5280. Fractional seconds and timezone offsets are no longer allowed. - Fixed a text canonicalisation bug in CMS - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) ----------------------------------------- Patch: SUSE-2018-2124 Released: Tue Oct 2 21:14:38 2018 Summary: Recommended update for yast2-users Severity: moderate References: 1095320 Description: This update for yast2-users fixes the following issues: - Fixed conflicting shortcuts in plugin module (bsc#1095320). ----------------------------------------- Patch: SUSE-2018-2136 Released: Thu Oct 4 14:17:44 2018 Summary: Security update for python Severity: moderate References: 1109663,CVE-2018-1000802 Description: This update for python fixes the following issue: - CVE-2018-1000802: Prevent command injection in shutil module (make_archive function) via passage of unfiltered user input (bsc#1109663) ----------------------------------------- Patch: SUSE-2018-2138 Released: Thu Oct 4 15:52:15 2018 Summary: Recommended update for sudo Severity: low References: 1097643 Description: This update for sudo fixes the following issues: - fix permissions for /var/lib/sudo and /var/lib/sudo/ts (bsc#1097643) ----------------------------------------- Patch: SUSE-2018-2142 Released: Thu Oct 4 16:06:44 2018 Summary: Recommended update for yast2-http-server Severity: moderate References: 1099106 Description: This update for yast2-http-server provides the following fixes: - Fixed PHP support (use PHP7 instead of dropped PHP5). (bsc#1099106) - Fixed also other renamed packages (for Python and apparmor). - Added additional search keys to desktop file. (fate#321043). ----------------------------------------- Patch: SUSE-2018-2143 Released: Thu Oct 4 16:07:44 2018 Summary: Recommended update for yast2-add-on Severity: low References: 1102705 Description: This update for yast2-add-on provides the following fixes: - Do not show the main dialog when it is immediately skipped. (bsc#1102705) - Added additional search keys to desktop file. (fate#321043) ----------------------------------------- Patch: SUSE-2018-2155 Released: Fri Oct 5 14:41:17 2018 Summary: Recommended update for ca-certificates Severity: moderate References: 1101470 Description: This update for ca-certificates fixes the following issues: - Changed 'openssl' requirement to 'openssl(cli)' (bsc#1101470) ----------------------------------------- Patch: SUSE-2018-2157 Released: Fri Oct 5 14:43:00 2018 Summary: Recommended update for yast2 and yast2-services-manager Severity: moderate References: 1080738,1093111,1096027,1098910,1104568 Description: This update for yast2 and yast2-services-manager provides the following fixes: Fixes in both packages: - Add support for systemd services that can only be started on-demand. (fate#319428, bsc#1104568) - Fix support to handle services during early 1st stage. (fate#319428) Fixes in yast2: - Improve systemd socket detection. (fate#319428) - Fix an exception in SystemService#find_many. - Add a method to detect whether a systemd service exists in the underlying system or not. (fate#319428) - Fix systemd socket detection. - Do not display 'download failed' error when using unsigned packages. (bsc#1096027) - Firewall state can now be correctly determined. (bsc#1093111) - Increases the timeout for systemctl command executions (bsc#1098910) - CWM: allow to define next handler for CWM#show and define default next handler in CWM::Dialog. This is needed for Expert Partitioner. (fate#318196) Fixes in yast2-services-manager: - Show systemd state and substate for each service, e.g. 'Active (Running)'. (bsc#1080738) - Added a new menu button to select the service start mode (on boot, on demand or manually). (fate#319427) - Added additional searchkeys to desktop file. (fate#321043) ----------------------------------------- Patch: SUSE-2018-2158 Released: Fri Oct 5 14:43:25 2018 Summary: Recommended update for libzypp, zypper Severity: moderate References: 1100095,1104415,1108999 Description: This update for libzypp, zypper fixes the following issues: - Drop type application due to poor metadata support (bsc#1100095, bsc#1104415) - Allow repo commands on transactional-server (bsc#1108999) ----------------------------------------- Patch: SUSE-2018-2170 Released: Mon Oct 8 10:31:14 2018 Summary: Recommended update for python3 Severity: moderate References: 1107030 Description: This update for python3 fixes the following issues: - Add -fwrapv to OPTS, which is default for python3 for bugs which are caused by avoiding it. (bsc#1107030) ----------------------------------------- Patch: SUSE-2018-2177 Released: Tue Oct 9 09:00:13 2018 Summary: Recommended update for bash Severity: moderate References: 1095661,1095670,1100488 Description: This update for bash provides the following fixes: - Bugfix: Parse settings in inputrc for all screen TERM variables starting with 'screen.' (bsc#1095661) - Make the generation of bash.html reproducible. (bsc#1100488) - Use initgroups(3) instead of setgroups(2) to fix the usage of suid programs. (bsc#1095670) - Fix a problem that could cause hash table bash uses to store exit statuses from asynchronous processes to develop loops in circumstances involving long-running scripts that create and reap many processes. - Fix a problem that could cause the shell to loop if a SIGINT is received inside of a SIGINT trap handler. - Fix cases where a failing readline command (e.g., delete-char at the end of a line) can cause a multi-character key sequence to 'back up' and attempt to re-read some of the characters in the sequence. - Fix a problem when sourcing a file from an interactive shell, that setting the SIGINT handler to the default and typing ^C would cause the shell to exit. ----------------------------------------- Patch: SUSE-2018-2182 Released: Tue Oct 9 11:08:36 2018 Summary: Security update for libxml2 Severity: moderate References: 1088279,1102046,1105166,CVE-2018-14404,CVE-2018-14567,CVE-2018-9251 Description: This update for libxml2 fixes the following security issues: - CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279) - CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166) - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) ----------------------------------------- Patch: SUSE-2018-2191 Released: Wed Oct 10 09:12:38 2018 Summary: Recommended update for nfs-utils Severity: low References: 1098532 Description: This update for nfs-utils provides the following fix: - nfs.conf: Spell NFSV4LEASETIME correctly. (bsc#1098532) ----------------------------------------- Patch: SUSE-2018-2192 Released: Wed Oct 10 13:20:46 2018 Summary: Recommended update for yast2-support Severity: moderate References: 1093358,1099691 Description: This update for yast2-support provides the following fixes: - Make the 'Next' button to submit the gathered information visible in ncurses. (bsc#1093358) - Make the Contact Information screen fit in a 80x24 terminal. - Add additional search keys to the desktop file. (fate#321043, bsc#1099691) ----------------------------------------- Patch: SUSE-2018-2244 Released: Tue Oct 16 14:06:30 2018 Summary: Security update for libssh Severity: important References: 1108020,CVE-2018-10933 Description: This update for libssh fixes the following issues: - CVE-2018-10933: Fixed a server mode authentication bypass (bsc#1108020). ----------------------------------------- Patch: SUSE-2018-2247 Released: Tue Oct 16 14:24:46 2018 Summary: Recommended update for hwinfo Severity: moderate References: 1072450,1105003 Description: This update for hwinfo provides the following fixes: - Try a more aggressive way to catch all usb platform controllers. (bsc#1072450) - Detect ARM HISILICON SAS controller. (bsc#1072450) - Check for vmware only when running in a vm. (bsc#1105003) - Add support for RISC-V. ----------------------------------------- Patch: SUSE-2018-2265 Released: Tue Oct 16 15:35:42 2018 Summary: Security update for binutils Severity: moderate References: 1065643,1065689,1065693,1068640,1068643,1068887,1068888,1068950,1069176,1069202,1075418,1077745,1079103,1079741,1080556,1081527,1083528,1083532,1085784,1086608,1086784,1086786,1086788,1090997,1091015,1091365,1091368,CVE-2017-15938,CVE-2017-15939,CVE-2017-15996,CVE-2017-16826,CVE-2017-16827,CVE-2017-16828,CVE-2017-16829,CVE-2017-16830,CVE-2017-16831,CVE-2017-16832,CVE-2018-10372,CVE-2018-10373,CVE-2018-10534,CVE-2018-10535,CVE-2018-6323,CVE-2018-6543,CVE-2018-6759,CVE-2018-6872,CVE-2018-7208,CVE-2018-7568,CVE-2018-7569,CVE-2018-7570,CVE-2018-7642,CVE-2018-7643,CVE-2018-8945 Description: This update for binutils to version 2.31 fixes the following issues: These security issues were fixed: - CVE-2017-15996: readelf allowed remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggered a buffer overflow on fuzzed archive header (bsc#1065643) - CVE-2017-15939: Binary File Descriptor (BFD) library (aka libbfd) mishandled NULL files in a .debug_line file table, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename (bsc#1065689) - CVE-2017-15938: the Binary File Descriptor (BFD) library (aka libbfd) miscalculated DW_FORM_ref_addr die refs in the case of a relocatable object file, which allowed remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash) (bsc#1065693) - CVE-2017-16826: The coff_slurp_line_table function the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068640) - CVE-2017-16832: The pe_bfd_read_buildid function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate size and offset values in the data dictionary, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068643) - CVE-2017-16831: Binary File Descriptor (BFD) library (aka libbfd) did not validate the symbol count, which allowed remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file (bsc#1068887) - CVE-2017-16830: The print_gnu_property_note function did not have integer-overflow protection on 32-bit platforms, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068888) - CVE-2017-16829: The _bfd_elf_parse_gnu_properties function in the Binary File Descriptor (BFD) library (aka libbfd) did not prevent negative pointers, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068950) - CVE-2017-16828: The display_debug_frames function allowed remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069176) - CVE-2017-16827: The aout_get_external_symbols function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069202) - CVE-2018-6323: The elf_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) had an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1077745) - CVE-2018-6543: Prevent integer overflow in the function load_specific_debug_section() which resulted in `malloc()` with 0 size. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1079103) - CVE-2018-6759: The bfd_get_debug_link_info_1 function in the Binary File Descriptor (BFD) library (aka libbfd) had an unchecked strnlen operation. Remote attackers could have leveraged this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file (bsc#1079741) - CVE-2018-6872: The elf_parse_notes function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment (bsc#1080556) - CVE-2018-7208: In the coff_pointerize_aux function in the Binary File Descriptor (BFD) library (aka libbfd) an index was not validated, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object (bsc#1081527) - CVE-2018-7570: The assign_file_positions_for_non_load_sections function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy (bsc#1083528) - CVE-2018-7569: The Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm (bsc#1083532) - CVE-2018-8945: The bfd_section_from_shdr function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (segmentation fault) via a large attribute section (bsc#1086608) - CVE-2018-7643: The display_debug_ranges function allowed remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump (bsc#1086784) - CVE-2018-7642: The swap_std_reloc_in function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy (bsc#1086786) - CVE-2018-7568: The parse_die function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm (bsc#1086788) - CVE-2018-10373: concat_filename in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new (bsc#1090997) - CVE-2018-10372: process_cu_tu_index allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf (bsc#1091015) - CVE-2018-10535: The ignore_section_sym function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate the output_section pointer in the case of a symtab entry with a 'SECTION' type that has a '0' value, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy (bsc#1091365) - CVE-2018-10534: The _bfd_XX_bfd_copy_private_bfd_data_common function in the Binary File Descriptor (BFD) library (aka libbfd) processesed a negative Data Directory size with an unbounded loop that increased the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeded its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c (bsc#1091368) These non-security issues were fixed: - The AArch64 port now supports showing disassembly notes which are emitted when inconsistencies are found with the instruction that may result in the instruction being invalid. These can be turned on with the option -M notes to objdump. - The AArch64 port now emits warnings when a combination of an instruction and a named register could be invalid. - Added O modifier to ar to display member offsets inside an archive - The ADR and ADRL pseudo-instructions supported by the ARM assembler now only set the bottom bit of the address of thumb function symbols if the -mthumb-interwork command line option is active. - Add --generate-missing-build-notes=[yes|no] option to create (or not) GNU Build Attribute notes if none are present in the input sources. Add a --enable-generate-build-notes=[yes|no] configure time option to set the default behaviour. Set the default if the configure option is not used to 'no'. - Remove -mold-gcc command-line option for x86 targets. - Add -O[2|s] command-line options to x86 assembler to enable alternate shorter instruction encoding. - Add support for .nops directive. It is currently supported only for x86 targets. - Speed up direct linking with DLLs for Cygwin and Mingw targets. - Add a configure option --enable-separate-code to decide whether -z separate-code should be enabled in ELF linker by default. Default to yes for Linux/x86 targets. Note that -z separate-code can increase disk and memory size. - RISC-V: Fix symbol address problem with versioned symbols - Restore riscv64-elf cross prefix via symlinks - Fix pacemaker libqb problem with section start/stop symbols - RISC-V: Don't enable relaxation in relocatable link - Prevent linking faiures on i386 with assertion (bsc#1085784) - Fix symbol size bug when relaxation deletes bytes - Add --debug-dump=links option to readelf and --dwarf=links option to objdump which displays the contents of any .gnu_debuglink or .gnu_debugaltlink sections. Add a --debug-dump=follow-links option to readelf and a --dwarf=follow-links option to objdump which causes indirect links into separate debug info files to be followed when dumping other DWARF sections. - Add support for loaction views in DWARF debug line information. - Add -z separate-code to generate separate code PT_LOAD segment. - Add '-z undefs' command line option as the inverse of the '-z defs' option. - Add -z globalaudit command line option to force audit libraries to be run for every dynamic object loaded by an executable - provided that the loader supports this functionality. - Tighten linker script grammar around file name specifiers to prevent the use of SORT_BY_ALIGNMENT and SORT_BY_INIT_PRIORITY on filenames. These would previously be accepted but had no effect. - The EXCLUDE_FILE directive can now be placed within any SORT_* directive within input section lists. - Fix linker relaxation with --wrap ----------------------------------------- Patch: SUSE-2018-2289 Released: Wed Oct 17 10:49:48 2018 Summary: Recommended update for yast2-network Severity: moderate References: 1052042,1086454,1095113,1095971,1098407,1099691,1103712 Description: This update for yast2-network fixes the following issues: - Added additional searchkeys to desktop file (fate#321043, bsc#1099691) - lan_test: stubbin Host.GetModified call (bsc#1052042). - Fixed flickering testcase which has been introduced by fixing (bsc#1052042) - Bugfix: Do not crash when trying to convert the /etc/hosts profile declaration from multiple line host entries for the same host to just one line (bsc#1095971) - Bugfix: Inform the user about empty host name entries (bsc#1095113) - Bugfix: Does no longer enforce particular mode for IPoIB devices by default (bsc#1086454) - Makes yast2-network independent of AutoYaST (bsc#1098407) - Fixes to the networking AY schema (bsc#1103712) ----------------------------------------- Patch: SUSE-2018-2293 Released: Wed Oct 17 10:52:51 2018 Summary: Recommended update for SUSEConnect Severity: moderate References: 1098220,1101470 Description: This update for SUSEConnect fixes the following issues: - Detect if system is in cloud provider AWS/Google/Azure. (fate#320935) - Fix doesn't fail when trying to parse an empty body. (bsc#1098220) - Don't install release packages if they are already present - Fix .spec file for running SUSEConnect on Fedora28 - Changed 'openssl' requirement to 'openssl(cli)'. (bsc#1101470) ----------------------------------------- Patch: SUSE-2018-2307 Released: Thu Oct 18 14:42:54 2018 Summary: Recommended update for libxcb Severity: moderate References: 1101560 Description: This update for libxcb provides the following fix: - Fix some IO errors when using KWin in combination with the NVIDIA driver. (bsc#1101560) ----------------------------------------- Patch: SUSE-2018-2340 Released: Fri Oct 19 16:05:53 2018 Summary: Security update for fuse Severity: moderate References: 1101797,CVE-2018-10906 Description: This update for fuse fixes the following issues: - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) ----------------------------------------- Patch: SUSE-2018-2344 Released: Mon Oct 22 09:37:36 2018 Summary: Recommended update for grub2 Severity: moderate References: 1093145 Description: This update for grub2 fixes the following issues: - Implement FCP methods for WWPN and LUNs (bsc#1093145) ----------------------------------------- Patch: SUSE-2018-2346 Released: Mon Oct 22 09:40:46 2018 Summary: Recommended update for logrotate Severity: moderate References: 1093617 Description: This update for logrotate provides the following fix: - Ensure the HOME environment variable is set to /root when logrotate is started via systemd. This allows mariadb to rotate its logs when the database has a root password defined. (bsc#1093617) ----------------------------------------- Patch: SUSE-2018-2347 Released: Mon Oct 22 09:41:15 2018 Summary: Recommended update for libzypp and zypper Severity: moderate References: 1099982,1109877,1109893,556664,939392 Description: This update for libzypp and zypper fixes the following issues: - Fix blocking wait for finished child process (bsc#1109877) - Fix conversion of string and glob to regex when compiling queries (bsc#1099982, bsc#939392, bsc#556664) - Always warn if no repos are defined, but don't return ZYPPER_EXIT_NO_REPOS(6) in install commands (bsc#1109893) - Switch global help format and fix bash-completion ----------------------------------------- Patch: SUSE-2018-2370 Released: Mon Oct 22 14:02:01 2018 Summary: Recommended update for aaa_base Severity: moderate References: 1102310,1104531 Description: This update for aaa_base provides the following fixes: - Let bash.bashrc work even for (m)ksh. (bsc#1104531) - Fix an error at login if java system directory is empty. (bsc#1102310) ----------------------------------------- Patch: SUSE-2018-2389 Released: Tue Oct 23 10:50:28 2018 Summary: Recommended update for yast2-storage-ng and libstorage-ng Severity: moderate References: 1055756,1085134,1089353,1090010,1099144,1099181,1099394,1099762,1103113,1104774,1105227,1106774,1107298,1108831 Description: This update for yast2-storage-ng and libstorage-ng fixes the following issues: yast2-storage-ng: - When trying to reuse a partition, AutoYaST will consider only those partitions from the right disk (bsc#1106774). - Show a warning when overwriting manually edited settings (bsc#1055756) - AutoYaST: Export volume group name (lvm_group) when an MD RAID device is used as a physical volume (bsc#1103113). - AutoYaST: Recognize Xen virtual partitions in the profile when importing and installing (bsc#1085134). - AutoYaST: Set the 'mount by' option when reusing partitions (bsc#1104774). - Fixed the warning about overwriting a manually edited partition layout. Now it works even after going back and forth in the installer steps (bsc#1055756). - Partitioner: Display Xen virtual partitions and allow to format and mount them (bsc#1085134). - RAID attributes: Include 'Active: Yes/No'. (bsc#1090010) - Fixed crash in the Kubic proposal when insufficient disk space. (bsc#1099762) - Allow to use whole disk as PV by indicating a partition with number 0 (bsc#1107298) - Add asterisk to mount points that is not active and to the description (fate#318196) - Does no longer crash if existing boot partition cannot be used without formatting it (bsc#1108831) libstorage-ng: - Fixed variable scope to fix temporary mounting. (bsc#1099144) - Avoid exceptions for inactive RAIDs. (bsc#1090010) - Adjust multipath parser to accept nvme related output. (bsc#1089353) - Detect correctly whether a file system is currently mounted. (bsc#1105227) - Do not crash when displaying summary for an encrypted but not mounted disk (bsc#1099181) - Improve handling of udev ids starting with dm-uuid for partitions on multipath (bsc#1099394) ----------------------------------------- Patch: SUSE-2018-2409 Released: Tue Oct 23 17:26:51 2018 Summary: Recommended update for yast2-core Severity: moderate References: 1103076 Description: This update for yast2-core fixes the following issues: - Reduced risk of race condition between getenv and setenv while logging (bsc#1103076) ----------------------------------------- Patch: SUSE-2018-2412 Released: Tue Oct 23 17:28:04 2018 Summary: Recommended update for gettext-runtime Severity: moderate References: 1106843 Description: This update for gettext-runtime provides the following fix: - Reset the length of message string after a line has been removed to fix a crash in msgfmt when writing java source code and the .po file has a POT-Creation-Date header. (bsc#1106843) ----------------------------------------- Patch: SUSE-2018-2430 Released: Wed Oct 24 13:05:18 2018 Summary: Security update for python-cryptography Severity: moderate References: 1101820,CVE-2018-10903 Description: This update for python-cryptography fixes the following issues: - CVE-2018-10903: The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries could have caused key leakage (bsc#1101820). ----------------------------------------- Patch: SUSE-2018-2438 Released: Wed Oct 24 16:37:14 2018 Summary: Recommended update for yast2-registration Severity: moderate References: 1043125,1103412 Description: This update for yast2-registration provides the following fixes: - Fixes a bug where yast2-registration was crashing when acquiring a zypper lock failed. (bsc#1043125) - Fix online migration on PPC. (bsc#1103412) - Check the non-installed addon products, as some specific repositories do not provide any product. - Added more searchkeys to desktop file (fate#321043). - Added tags full_system_media_name and full_system_download_url in control.xml which describe the location for the 'all-packages' medium. This information will be shown if the registration has been scipped by the user. No hint will be shown if these tags have not been defined. (fate#325834) ----------------------------------------- Patch: SUSE-2018-2442 Released: Wed Oct 24 16:39:09 2018 Summary: Recommended update for python-msrestazure and it's dependencies Severity: moderate References: 1109694 Description: This update for python-adal, python-isodate, python-msrest, python-msrestazure fixes the following issues: python-msrestazure: - Update to version 0.5.0 + Features * Implementation is now using ADAL and not request-oauthlib. This allows more AD scenarios (like federated). * Add additionalInfo parsing for CloudError. * Implement new LRO options of Autorest. * Improve MSI for VM token polling algorithm. * MSIAuthentication now uses IMDS endpoint if available. * MSIAuthentication can be used in any environment that defines MSI_ENDPOINT env variable. * CloudError now includes the 'innererror' attribute to match OData v4. * Introduces ARMPolling implementation of Azure Resource Management LRO. * Add support for WebApp/Functions in MSIAuthentication classes. * Add parse_resource_id(), resource_id(), validate_resource_id() to parse ARM ids. * Retry strategy now n reach 24 seconds (instead of 12 seconds). * Add Managed Service Integrated (MSI) authentication. * Add 'timeout' to ServicePrincipalCredentials and UserPasswordCredentials. * Threads created by AzureOperationPoller have now a name prefixed by 'AzureOperationPoller' to help identify them. * Improve MSIAuthentication to support User Assigned Identity. + Bugfixes * MSIAuthentication regression for KeyVault since IMDS support. * MSIAuthentication should initialize the token attribute on creation. * Fixes refreshToken in UserPassCredentials and AADTokenCredentials. * Fix US government cloud definition. * Reduce max MSI polling time for VM. * IMDS/MSI: Retry on more error codes. * IMDS/MSI: Fix a boundary case on timeout. * Fix parse_resource_id() tool to be case*insensitive to keywords when matching. * Add missing baseclass init call for AdalAuthentication. * Fix LRO result if POST uses AsyncOperation header. * Remove a possible infinite loop with MSIAuthentication. * Fix session obj for cloudmetadata endpoint. * Fix authentication resource node for AzureSatck. * Better detection of AppService with MSIAuthentication. * get_cloud_from_metadata_endpoint incorrect on AzureStack. * get_cloud_from_metadata_endpoint certificate issue. * Fix AttributeError if error JSON from ARM does not follow ODatav4 (as it should). * Fix AttributeError if input JSON is not a dict. * Fix AdalError handling in some scenarios. * Update Azure Gov login endpoint. * Update metadata ARM endpoint parser. + Incompatible changes * Remove unused auth_uri, state, client and token_uri attributes in ServicePrincipalCredentials, UserPassCredentials and AADTokenCredentials. * Remove token caching based on 'keyring'. Token caching should be implemented using ADAL now. * Remove InteractiveCredentials. This class was deprecated and unusable. Use ADAL device code instead. python-msrest - Update to version 0.5.0 + Require python-enum32 and python-typing. + Features * Support additionalProperties and XML. * Deserialize/from_dict now accepts a content*type parameter to parse XML strings. * Add XML support * Add many type hints, and MyPY testing on CI. * HTTP calls are made through a HTTPDriver API. Only implementation is `requests` for now. This driver API is *not* considered stable and you should pin your msrest version if you want to provide a personal implementation. * msrest is now able to keep the 'requests.Session' alive for performance. * All Authentication classes now define `signed_session` and `refresh_session` with an optional `session` parameter. * Disable HTTP log by default (security), add `enable_http_log` to restore it. * Add TopicCredentials for EventGrid client. * Add LROPoller class. This is a customizable LRO engine. * Model now accept kwargs in constructor for future kwargs models. * Add support for additional_properties. * The interpretation of Swagger 2.0 'discriminator' is now lenient. * Add ApiKeyCredentials class. This can be used to support OpenAPI ApiKey feature. * Add CognitiveServicesAuthentication class. Pre*declared ApiKeyCredentials class for Cognitive Services. * Add Configuration.session_configuration_callback to customize the requests.Session if necessary. * Add a flag to Serializer to disable client*side*validation. * Remove 'import requests' from 'exceptions.py' for apps that require fast loading time. * Input is now more lenient. * Model have a 'validate' method to check content constraints. * Model have now new methods for serialize, as_dict, deserialize and from_dict. + Bugfixes * Fix a serialization issue if additional_properties is declared, and 'automatic model' syntax is used ('automatic model' being the ability to pass a dict to command and have the model auto*created). * Better parse empty node and not string types. * Improve 'object' XML parsing. * Fix some XML serialization subtle scenarios. * Fix some complex XML Swagger definitions. * Lower Accept header overwrite logging message. * Fix 'object' type and XML format. * Incorrect milliseconds serialization for some datetime object. * Improve `SDKClient.__exit__` to take exc_details as optional parameters and not required. * Refresh_session should also use the permanent HTTP session if available. * Fix incorrect date parsing if ms precision is over 6 digits. * Fix minimal dependency of isodate. * Fix serialisation from dict if datetime provided. * Date parsing is now compliant with Autorest / Swagger 2.0 specification (less lenient). * Accept to deserialize enum of different type if content string match. * Stop failing on deserialization if enum string is unkwon. Return the string instead. * Do not validate additional_properties. * Improve validation error if expected type is dict, but actual type is not. * Fix additional_properties if Swagger was flatten. * Optional formdata parameters were raising an exception. * 'application/x*www*form*urlencoded' form was sent using 'multipart/form*data'. * Fix regression: accept 'set' as a valid '[str]' * Always log response body. * Improved exception message if error JSON is Odata v4. * Refuse 'str' as a valid '[str]' type. * Better exception handling if input from server is not JSON valid. * Fix regression introduced in msrest 0.4.12 * dict syntax with enum modeled as string and enum used. * Fix regression introduced in msrest 0.4.12 * dict syntax using isodate.Duration. * Better Enum checking. + Internal optimisation * Call that does not return a streamable object are now executed in requests stream mode False (was True whatever the type of the call). This should reduce the number of leaked opened session and allow urllib3 to manage connection pooling more efficiently. Only clients generated with Autorest.Python >= 2.1.31 (not impacted otherwise, fully backward compatible) + Deprecation * Trigger DeprecationWarning for _client.add_header and _client.send_formdata. python-adal - Update to version 1.0.2 python-isodate - Update to version 0.6.0 + Support incomplete month date. + Rely on duck typing when doing duration maths. + Support ':' as separator in fractional time zones. ----------------------------------------- Patch: SUSE-2018-2454 Released: Thu Oct 25 11:19:46 2018 Summary: Recommended update for python-pyOpenSSL Severity: moderate References: 1110435 Description: This update for python-pyOpenSSL fixes the following issues: - Handle duplicate certificate addition using X509_STORE_add_cert so it works after upgrading to openssl 1.1.1. (bsc#1110435) ----------------------------------------- Patch: SUSE-2018-2463 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Severity: moderate References: 1104700,1112310 Description: This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------- Patch: SUSE-2018-2467 Released: Thu Oct 25 14:50:49 2018 Summary: Recommended update for yast2-bootloader and rubygem-cfa_grub2 Severity: moderate References: 1053559,1089829,1094031 Description: This update addresses some bugs for yast2-bootloader and rubygem-cfa_grub2: yast2-bootloader: - Fixed crash while reading grub settings from installed system (bsc#1094031) - Fix an internal error when GRUB_TERMINAL contains multiple values (bsc#1053559) - Added additional searchkeys to desktop file (fate#321043) - Does no longer crash when required package is not installed (bsc#1089829) rubygem-cfa_grub2: - cfa_grub2 can now handle multiple values for GRUB_TERMINAL. This is required by yast2-bootloader to work properly (bsc#1053559) ----------------------------------------- Patch: SUSE-2018-2477 Released: Thu Oct 25 17:07:55 2018 Summary: Recommended update for yast2-nfs-client Severity: moderate References: 1105674,1110093 Description: This update for yast2-nfs-client fixes the following issues: - do not crash when nfs version is written as 4.0 instead of 4. (bsc#1105674, bsc#1110093) - Added additional searchkeys to desktop file. (fate#321043) ----------------------------------------- Patch: SUSE-2018-2478 Released: Thu Oct 25 17:08:50 2018 Summary: Recommended update for tevent Severity: moderate References: 1109571 Description: This update for tevent fixes the following issues: - Update license to LGPL 3.0 or later. (bsc#1109571) ----------------------------------------- Patch: SUSE-2018-2479 Released: Thu Oct 25 17:09:17 2018 Summary: Recommended update for ldb Severity: moderate References: 1108164,1109571 Description: This update for ldb fixes the following issues: - Remove python-talloc-devel from %if %else block, since the py3 build should not remove py2 dependencies. (bsc#1108164) - Update license to LGPL 3.0 or later. (bsc#1109571) ----------------------------------------- Patch: SUSE-2018-2485 Released: Fri Oct 26 12:38:01 2018 Summary: Recommended update for kmod Severity: moderate References: 1112928 Description: This update for kmod provides the following fixes: - Allow 'modprobe -c' print the status of 'allow_unsupported_modules' option. (bsc#1112928) ----------------------------------------- Patch: SUSE-2018-2486 Released: Fri Oct 26 12:38:27 2018 Summary: Recommended update for xfsprogs Severity: moderate References: 1105068 Description: This update for xfsprogs fixes the following issues: - Explictly disable systemd unit files for scrub (bsc#1105068). ----------------------------------------- Patch: SUSE-2018-2487 Released: Fri Oct 26 12:39:07 2018 Summary: Recommended update for glibc Severity: moderate References: 1102526 Description: This update for glibc fixes the following issues: - Fix build on aarch64 with binutils newer than 2.30. - Fix year 2039 bug for localtime with 64-bit time_t (bsc#1102526) ----------------------------------------- Patch: SUSE-2018-2489 Released: Fri Oct 26 12:40:27 2018 Summary: Recommended update for tdb Severity: moderate References: 1109571 Description: This update for tdb fixes the following issues: - Update license to LGPL 3.0 or later. (bsc#1109571) ----------------------------------------- Patch: SUSE-2018-2494 Released: Fri Oct 26 14:19:07 2018 Summary: Recommended update for yast2-users Severity: moderate References: 1107456,1112119 Description: This update for yast2-users fixes the following issues: - Read ssh keys from root user only if the user exists (bsc#1112119, bsc#1107456) ----------------------------------------- Patch: SUSE-2018-2502 Released: Fri Oct 26 15:21:46 2018 Summary: Recommended update for SUSEConnect Severity: important References: 1104183,1112702 Description: This update for SUSEConnect fixes the following issues: - Fix s390 activation fails due to unavailable 'dmidecode'. (bsc#1112702) - Fix migration targets sorting. (bsc#1104183) ----------------------------------------- Patch: SUSE-2018-2526 Released: Tue Oct 30 11:00:24 2018 Summary: Recommended update for polkit-default-privs Severity: low References: 1106813 Description: This update for polkit-default-privs fixes the following issues: - Add renamed libvirt rules (bsc#1106813) ----------------------------------------- Patch: SUSE-2018-2539 Released: Tue Oct 30 16:17:23 2018 Summary: Recommended update for rpm Severity: moderate References: 1113100 Description: This update for rpm fixes the following issues: - On PowerPC64 fix the superfluous TOC. dependency (bsc#1113100) ----------------------------------------- Patch: SUSE-2018-2550 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Severity: moderate References: 1113554 Description: This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------- Patch: SUSE-2018-2552 Released: Fri Nov 2 12:40:47 2018 Summary: Recommended update for open-iscsi Severity: moderate References: 1088389,1094797,1100349,1106685,1106694,1111608 Description: This update for open-iscsi provides the following fixes: - Fix a core dump which can occur if iscsiuio is started and then immediately stopped. (bsc#1094797) - Avoid netlink buffer corruption when more than one host tries to xmit packet at the same time. (bsc#1100349) - Use libkmod instead of running modprobe (bsc#1106685) - iscsiuio: limit retries of dhpcv6 (bsc#1106694) - Restore space to output of 'iscsiadm -m node'. (bsc#1111608) - Fix session info output if iscsid started up and found stale sessions and add ability to limit reconnect retries. (bsc#1088389) ----------------------------------------- Patch: SUSE-2018-2569 Released: Fri Nov 2 19:00:18 2018 Summary: Recommended update for pam Severity: moderate References: 1110700 Description: This update for pam fixes the following issues: - Remove limits for nproc from /etc/security/limits.conf (bsc#1110700) ----------------------------------------- Patch: SUSE-2018-2571 Released: Mon Nov 5 11:07:07 2018 Summary: Recommended update for yast2-storage-ng Severity: moderate References: 1073544,1105350,1107298,1112545,1112546 Description: This update for yast2-storage-ng fixes the following issues: - Improve support to reuse a disk as a PV. (bsc#1107298) - Resize and then create new devices. (bsc#1112545) - Warn the user when trying to reuse a non-existent filesystem. - Fix support of old format to specify several software RAIDs. (bsc#1112546) - Proper support for Xen virtual partitions. (bsc#1105350) - Export enable_snapshots element properly. (bsc#1073544) - Allow to format a whole disk and use it as a filesystem. - Add support for partitioned software RAIDs. (fate#326573) - Allow to use a whole disk as a software RAID member. (fate#326573) ----------------------------------------- Patch: SUSE-2018-2578 Released: Mon Nov 5 17:55:35 2018 Summary: Security update for curl Severity: moderate References: 1112758,1113660,CVE-2018-16839,CVE-2018-16840,CVE-2018-16842 Description: This update for curl fixes the following issues: - CVE-2018-16839: A SASL password overflow via integer overflow was fixed which could lead to crashes (bsc#1112758) - CVE-2018-16840: A use-after-free in SASL handle close was fixed which could lead to crashes (bsc#1112758) - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660) ----------------------------------------- Patch: SUSE-2018-2595 Released: Wed Nov 7 11:14:42 2018 Summary: Security update for systemd Severity: important References: 1089761,1090944,1091677,1093753,1101040,1102908,1105031,1107640,1107941,1109197,1109252,1110445,1112024,1113083,1113632,1113665,1114135,991901,CVE-2018-15686,CVE-2018-15688 Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non security issues fixed: - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don't create Requires for workdir if 'missing ok' (bsc#1113083) - logind: use manager_get_user_by_pid() where appropriate - logind: rework manager_get_{user|session}_by_pid() a bit - login: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024) - core: be more defensive if we can't determine per-connection socket peer (#7329) - core: introduce systemd.early_core_pattern= kernel cmdline option - core: add missing 'continue' statement - core/mount: fstype may be NULL - journald: don't ship systemd-journald-audit.socket (bsc#1109252) - core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445) - mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076) - detect-virt: do not try to read all of /proc/cpuinfo (bsc#1109197) - emergency: make sure console password agents don't interfere with the emergency shell - man: document that 'nofail' also has an effect on ordering - journald: take leading spaces into account in syslog_parse_identifier - journal: do not remove multiple spaces after identifier in syslog message - syslog: fix segfault in syslog_parse_priority() - journal: fix syslog_parse_identifier() - install: drop left-over debug message (#6913) - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool. - Add udev.no-partlabel-links kernel command-line option. This option can be used to disable the generation of the by-partlabel symlinks regardless of the name used. (bsc#1089761) - man: SystemMaxUse= clarification in journald.conf(5). (bsc#1101040) - systemctl: load unit if needed in 'systemctl is-active' (bsc#1102908) - core: don't freeze OnCalendar= timer units when the clock goes back a lot (bsc#1090944) - Enable or disable machines.target according to the presets (bsc#1107941) - cryptsetup: add support for sector-size= option (fate#325697) - nspawn: always use permission mode 555 for /sys (bsc#1107640) - Bugfix for a race condition between daemon-reload and other commands (bsc#1105031) - Fixes an issue where login with root credentials was not possible in init level 5 (bsc#1091677) - Fix an issue where services of type 'notify' harmless DENIED log entries. (bsc#991901) - Does no longer adjust qgroups on existing subvolumes (bsc#1093753) - cryptsetup: add support for sector-size= option (#9936) (fate#325697 bsc#1114135) ----------------------------------------- Patch: SUSE-2018-2597 Released: Wed Nov 7 11:39:11 2018 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1104789,1106180,1112209 Description: This update for openssl-1_1 fixes the following issues: - Obsolete libopenssl-1_0_0-devel by libopenssl-1_1-devel to avoid conflicts when updating from older distributions (bsc#1106180) - Fix infinite loop in DSA generation with incorrect parameters (bsc#1112209) - Fix One&Done side-channel attack on RSA (bsc#1104789) ----------------------------------------- Patch: SUSE-2018-2604 Released: Wed Nov 7 14:14:11 2018 Summary: Recommended update for autoyast2 Severity: moderate References: 1108933 Description: This update for autoyast2 fixes the following issues: - AutoInstallRules: Do a cleanup of the profile being merged with (bsc#1108933). - AutoYaST configuration module: Enable edit action for firewall module (fate#324662). ----------------------------------------- Patch: SUSE-2018-2605 Released: Wed Nov 7 14:14:43 2018 Summary: Recommended update for dracut Severity: moderate References: 1098448,1104090,1104178,1110519 Description: This update for dracut fixes the following issues: - Fix fails booting from Intel DCPMEM by adding nfit module. (bsc#1110519) - Add kernel-syms to list of packages to remove with purge-kernels. (bsc#1104090) - Skip kernels that cannot be removed by purge-kernels due to dependencies and continue removing other kernels. (bsc#1104090) - Fix finding btrfs devices. (bsc#1104178) - Add fix to override ACPI tables via initrd, a kernel config variable changed name. (bsc#1098448) ----------------------------------------- Patch: SUSE-2018-2607 Released: Wed Nov 7 15:42:48 2018 Summary: Optional update for gcc8 Severity: low References: 1084812,1084842,1087550,1094222,1102564 Description: The GNU Compiler GCC 8 is being added to the Development Tools Module by this update. The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15. Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved. The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened: https://gcc.gnu.org/gcc-8/changes.html Also changes needed or common pitfalls when porting software are described on: https://gcc.gnu.org/gcc-8/porting_to.html ----------------------------------------- Patch: SUSE-2018-2619 Released: Thu Nov 8 17:56:45 2018 Summary: Security update for openssh Severity: moderate References: 1081947,1091396,1105010,1106163,964336,CVE-2018-15473,CVE-2018-15919 Description: This update for openssh fixes the following issues: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or 'oracle') as a vulnerability. (bsc#1106163) - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) The following non-security issues were fixed: - Stop leaking File descriptors (bsc#964336) - sftp-client.c returns wrong error code upon failure (bsc#1091396) - added pam_keyinit to pam configuration file (bsc#1081947) ----------------------------------------- Patch: SUSE-2018-2622 Released: Mon Nov 12 08:37:02 2018 Summary: Recommended update for ethtool Severity: moderate References: 1092037 Description: This update for ethtool fixes the following issues: - Fix stack clash for PHY tunables (bsc#1092037) - Sync UAPI header copies with SLE15 kernel ----------------------------------------- Patch: SUSE-2018-2638 Released: Mon Nov 12 20:38:42 2018 Summary: Recommended update for samba Severity: moderate References: 1102230,1111374,1111528 Description: This update provides version 4.7.10 of samba and brings the following fixes and improvements: - Support the new v4 Performance Co-Pilot API. (bsc#1111374) - Deadlock with ctdb_mutex_ceph_rados_helper (bsc#1102230) - Quotas don't work with SMB2. - Build failure when quota support not detected. - vfs_fruit can leave lock records when testing for netatalk share mode locks - causing panic. - vfs_time_audit is failing FSCTL_SRV_REQUEST_RESUME_KEY requests. - g_lock conflict detection broken when processing stale entries. - NTLM authentications using default domain/workgroup stopped working. - vfs_ceph lies about flock support. - Using sendfile = yes with SMB2 can cause CPU spin. - Durable Handle reconnect fails in smbd_smb2_create_durable_lease_check(). - cli_splice() fallback code reads wrong amount on termination case. - LDB 1.4.0 breaks Samba < 4.9. - samba-tool trust: support discovery via netr_GetDcName. - samba-tool domain trust: Fix trust compatibility to Windows Server 1709 and FreeIPA. - conn->vuid is invalid after a SMB session reauth. - Durable Handles reconnect fails in a cluster when the cluster fs uses different device ids. - cli_splice() doesn't correctly return written bytes as it's uninitialized in libsmbclient code. - Threading support in talloc_tos() crashes when enabled. - Incorrect talloc_stackframe handling in python ACL test code (make_simple_acl). - Fail renaming file if that file has open streams. - vfs_fruit: Delete 0 byte size streams if AAPL is enabled. - Creating missing remote databases during recovery can fail. - CTDB_BROADCAST_VNNMAP should not be used. - Fix building Samba with gcc 8.1. - Uncaught exception at ldb_modules/password_hash.c:2241 during new domain provision. - 'net ads keytab add nfs' writes only one enctype with older kerberos libraries. - VFS modules that implement pread/pwrite must also implement pread_send/pwrite_send. - vfs_ceph is missing async fsync implementations. - net ads keytab list fails with (smb_krb5_kt_open failed (Key table name malformed). - s390 and s390 needs to run with 'use mmap = no' by default. ----------------------------------------- Patch: SUSE-2018-2641 Released: Mon Nov 12 20:39:30 2018 Summary: Recommended update for nfsidmap Severity: moderate References: 1098217 Description: This update for nfsidmap fixes the following issues: - Improve support for SAMBA with Active Directory. (bsc#1098217) ----------------------------------------- Patch: SUSE-2018-2658 Released: Wed Nov 14 11:43:48 2018 Summary: Recommended update for yast2-packager Severity: moderate References: 1099691,1105758,926841,991090 Description: This update for yast2-packager fixes the following issues: - Do not display a false 'not enough free space' warning popup if the free space is bigger than 8EiB (2^63) (bsc#991090) - Do not display the 'not enough free space' warning for partitions where nothing is going to be installed. (bsc#926841) - Added additional searchkeys to desktop file (fate#321043, bsc#1099691) - Added better license handling for addon products that are added via an automated installation (bsc#1105758) ----------------------------------------- Patch: SUSE-2018-2700 Released: Mon Nov 19 09:43:26 2018 Summary: Recommended update for yast2-network Severity: moderate References: 1095761,1105230,1108852,1111925,1113080 Description: This update for yast2-network fixes the following issues: - Fixes to the networking AutoYaST schema (bsc#1108852) * Added missed s390 device 'layer2' boolean element. - Does no longer crash with internal error when 0.0.0.0 netmask is used in the routing tab (bsc#1105230) - Activate s390 network devices before applying udev naming rules, avoiding 'Invalid key/value pair in /etc/udev/rules.d/70-persistent-net.rules' (bsc#1095761) - Propose wpa_supplicant when configuring wlan (bsc#1111925) - Fix detection of peap mode (bsc#1113080) - Propose most commonly used setup for WPA by default - wicked compatible parsing of NTP servers from dhcp leases (fate#323454) - Fixes to the networking AY schema by adding missed s390 device 'layer2' boolean element (bsc#1108852) - Fix crashing with internal error when 0.0.0.0 netmask is used in the routing tab (bsc#1105230) ----------------------------------------- Patch: SUSE-2018-2720 Released: Tue Nov 20 16:18:54 2018 Summary: Recommended update for openssh Severity: important References: 1115654,1116577,CVE-2018-15919 Description: This update for openssh fixes the following issues: - Revert fix for CVE-2018-15919 which could have caused login problems with GSSAPI authentication (bsc#1115654, bsc#1116577) ----------------------------------------- Patch: SUSE-2018-2728 Released: Thu Nov 22 13:25:55 2018 Summary: Recommended update for autoyast2 and yast2-security Severity: moderate References: 1094822,1112769 Description: This update for autoyast2 and yast2-security fixes the following issue: - Writing security settings in first AY installation stage, So other modules can rely on these settings now. (bsc#1112769) autoyast2 only: - Adapt schema to support the new way of defining a software RAID. (fate#326573) - Removed an old flag in script section that was no longer being used: network_needed (bsc#1094822) ----------------------------------------- Patch: SUSE-2018-2742 Released: Thu Nov 22 13:28:36 2018 Summary: Recommended update for rpcbind Severity: moderate References: 969953 Description: This update for rpcbind fixes the following issues: - Fix tool stack buffer overflow aborting (bsc#969953) ----------------------------------------- Patch: SUSE-2018-2744 Released: Thu Nov 22 14:30:38 2018 Summary: Recommended update for apparmor Severity: moderate References: 1111345 Description: This update for apparmor fixes the following issues: - allow dnsmasq to open logfiles (bsc#1111345) ----------------------------------------- Patch: SUSE-2018-2758 Released: Thu Nov 22 16:23:59 2018 Summary: Security update for openssl-1_1 Severity: moderate References: 1113651,1113652,CVE-2018-0734,CVE-2018-0735 Description: This update for openssl-1_1 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-0735: Fixed timing vulnerability in ECDSA signature generation (bsc#1113651). ----------------------------------------- Patch: SUSE-2018-2780 Released: Mon Nov 26 17:46:10 2018 Summary: Security update for glib2 Severity: moderate References: 1107116,1107121,1111499,CVE-2018-16428,CVE-2018-16429 Description: This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16428: Do not do a NULL pointer dereference (crash). Avoid that, at the cost of introducing a new translatable error message (bsc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issue fixed: - various GVariant parsing issues have been resolved (bsc#1111499) ----------------------------------------- Patch: SUSE-2018-2792 Released: Tue Nov 27 10:52:31 2018 Summary: Recommended update for autofs Severity: moderate References: 1093436 Description: This update for autofs fixes the following issues: - Fix file descriptor leak (bsc#1093436) ----------------------------------------- Patch: SUSE-2018-2819 Released: Fri Nov 30 17:43:11 2018 Summary: Security update for the Linux Kernel Severity: important References: 1012382,1031392,1043912,1044189,1046302,1046305,1046306,1046307,1046540,1046543,1050244,1050319,1050536,1050540,1051510,1054914,1055014,1055117,1055120,1058659,1060463,1061840,1065600,1065729,1066674,1067126,1067906,1068032,1069138,1071995,1076830,1077761,1077989,1078720,1079524,1080157,1082519,1082555,1083647,1083663,1084760,1084831,1085030,1085042,1085262,1086282,1086283,1086288,1086327,1089663,1090078,1091800,1092903,1094244,1094825,1095344,1095805,1096748,1097105,1097583,1097584,1097585,1097586,1097587,1097588,1098459,1098782,1098822,1099125,1099922,1099999,1100001,1100132,1101480,1101557,1101669,1102346,1102495,1102517,1102715,1102870,1102875,1102877,1102879,1102881,1102882,1102896,1103269,1103308,1103356,1103363,1103387,1103405,1103421,1103543,1103587,1103636,1103948,1103949,1103961,1104172,1104353,1104482,1104683,1104731,1104824,1104888,1104890,1105025,1105190,1105247,1105292,1105322,1105355,1105378,1105396,1105428,1105467,1105524,1105536,1105597,1105603,1105672,1105731,1105795,1105907,1106007,1106016,1106105,1106110,1106121,1106170,1106178,1106229,1106230,1106231,1106233,1106235,1106236,1106237,1106238,1106240,1106291,1106297,1106333,1106369,1106427,1106464,1106509,1106511,1106594,1106636,1106688,1106697,1106779,1106800,1106838,1106890,1106891,1106892,1106893,1106894,1106896,1106897,1106898,1106899,1106900,1106901,1106902,1106903,1106905,1106906,1106948,1106995,1107008,1107060,1107061,1107065,1107074,1107207,1107319,1107320,1107522,1107535,1107685,1107689,1107735,1107756,1107783,1107829,1107870,1107924,1107928,1107945,1107947,1107966,1108010,1108093,1108096,1108170,1108241,1108243,1108260,1108281,1108323,1108377,1108399,1108468,1108520,1108823,1108841,1108870,1109151,1109158,1109217,1109244,1109269,1109330,1109333,1109336,1109337,1109511,1109603,1109739,1109772,1109784,1109806,1109818,1109907,1109915,1109919,1109951,1109979,1109992,1110006,1110096,1110301,1110363,1110538,1110561,1110639,1110642,1110643,1110644,1110645,1110646,1110647,1110649,1110650,1111028,1111040,1111076,1111506,1111806,1111819,1111830,1111834,1111841,1111870,1111901,1111904,1111921,1111928,1111983,1112170,1112208,1112219,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112878,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113257,1113284,1113295,1113408,1113667,1113722,1113751,1113780,1113972,1114279,971975,CVE-2017-16533,CVE-2017-18224,CVE-2018-10902,CVE-2018-10938,CVE-2018-10940,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13095,CVE-2018-14613,CVE-2018-14617,CVE-2018-14633,CVE-2018-15572,CVE-2018-16658,CVE-2018-17182,CVE-2018-18386,CVE-2018-18445,CVE-2018-18710,CVE-2018-6554,CVE-2018-6555,CVE-2018-9363 Description: The SUSE Linux Enterprise 15 azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9363: Fixed an integer overflow that could have been used for an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation (bsc#1105292). - CVE-2018-6555: The irda_setsockopt function in net/irda/af_irda.c was fixed in drivers/staging/irda/net/af_irda.c that allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bsc#1106511). - CVE-2018-6554: Fixed memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bsc#1106509). - CVE-2018-18710: An information leak was fixed in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c that could have been used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bsc#1113751). - CVE-2018-18445: Fixed faulty computation of numeric bounds in the BPF verifier that now permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bsc#1112372). - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c was fixed that was vulnerable to sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations. (bsc#1108399). - CVE-2018-16658: An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c was fixed that could have leed to be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 (bsc#1107689). - CVE-2018-15572: The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c was not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks. (bsc#1102517) - CVE-2018-14633: A security flaw was fixed in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely (bsc#1107829). - CVE-2018-14617: A NULL pointer dereference and panic in hfsplus_lookup() was fixed when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory. (bsc#1102870) - CVE-2018-14613: An invalid pointer dereference in io_ctl_map_page() was fixed when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c. (bsc#1102896) - CVE-2018-13095: A denial of service (memory corruption and BUG) was fixed to prevent a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork. (bsc#1099999) - CVE-2018-13093: A NULL pointer dereference and panic in lookup_slow() on a NULL was fixed to prevent pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation. (bsc#1100001) - CVE-2018-12896: An integer overflow in the POSIX timer code was fixed to prevent overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls. (bsc#1099922) - CVE-2018-1129: The signature calculation was fixed to by the cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. (bsc#1096748) - CVE-2018-1128: The cephx authentication protocol was fixed to verify ceph clients correctly and to prevent the vulnerability to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network could have used this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable (bsc#1096748). - CVE-2018-10940: The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c was fixed to prevent local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903). - CVE-2018-10938: A flaw was fixed how the kernel handled network packet sent remotely by an attacker that may forced the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw. (bsc#1106016) - CVE-2018-10902: The the raw midi kernel driver was fixed to be protected against concurrent access which could have lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation (bsc#1105322). - CVE-2017-18224: fs/ocfs2/aops.c omits use of a semaphore and consequently had a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bsc#1084831). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bsc#1066674). The following security bug was previously fixed by has now an assigned CVE number: - CVE-2018-18386: drivers/tty/n_tty.c in the Linux kernel allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). The following non-security bugs were fixed: - /dev/mem: Add bounce buffer for copy-out (git-fixes). - /dev/mem: Avoid overwriting 'err' in read_mem() (git-fixes). - 9p/net: Fix zero-copy path in the 9p virtio transport (bsc#1051510). - 9p/virtio: fix off-by-one error in sg list bounds check (bsc#1051510). - 9p: fix multiple NULL-pointer-dereferences (bsc#1051510). - ACPI / APEI: Remove ghes_ioremap_area (bsc#1051510). - ACPI / EC: Add another entry for Thinkpad X1 Carbon 6th (bsc#1051510). - ACPI / EC: Add parameter to force disable the GPE on suspend (bsc#1051510). - ACPI / EC: Use ec_no_wakeup on ThinkPad X1 Yoga 3rd (bsc#1051510). - ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th (bsc#1051510). - ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems (bsc#1051510). - ACPI / PCI: pci_link: Allow the absence of _PRS and change log level (bsc#1104172). - ACPI / PM: save NVS memory for ASUS 1025C laptop (bsc#1051510). - ACPI / bus: Only call dmi_check_system on X86 (bsc#1105597, bsc#1106178). - ACPI / processor: Fix the return value of acpi_processor_ids_walk() (bsc#1051510). - ACPI / scan: Initialize status to ACPI_STA_DEFAULT (bsc#1051510). - ACPI/IORT: Remove temporary iort_get_id_mapping_index() ACPICA guard (bsc#1103387). - ACPI/PCI: pci_link: reduce verbosity when IRQ is enabled (bsc#1104172). - ACPICA: Reference Counts: increase max to 0x4000 for large servers (bsc#1108241). - ACPICA: iasl: Add SMMUv3 device ID mapping index support (bsc#1103387). - ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path (bsc#1051510). - ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping (bsc#1051510). - ALSA: cs46xx: Deliver indirect-PCM transfer error (). - ALSA: cs5535audio: Fix invalid endian conversion (bsc#1051510). - ALSA: emu10k1: Deliver indirect-PCM transfer error (). - ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO (bsc#1051510). - ALSA: fireface: fix memory leak in ff400_switch_fetching_mode() (bsc#1051510). - ALSA: firewire-digi00x: fix memory leak of private data (bsc#1051510). - ALSA: firewire-tascam: fix memory leak of private data (bsc#1051510). - ALSA: fireworks: fix memory leak of response buffer at error path (bsc#1051510). - ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bsc#1051510). - ALSA: hda - Add quirk for ASUS G751 laptop (bsc#1051510). - ALSA: hda - Fix cancel_work_sync() stall from jackpoll work (bsc#1051510). - ALSA: hda - Fix headphone pin config for ASUS G751 (bsc#1051510). - ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs (bsc#1051510). - ALSA: hda - Turn CX8200 into D3 as well upon reboot (bsc#1051510). - ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 (bsc#1051510). - ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 (bsc#1051510). - ALSA: hda: Add 2 more models to the power_save blacklist (bsc#1051510). - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge (bsc#1051510). - ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry (bsc#1051510). - ALSA: hda: fix unused variable warning (bsc#1051510). - ALSA: memalloc: Do not exceed over the requested size (bsc#1051510). - ALSA: mips: Deliver indirect-PCM transfer error (). - ALSA: msnd: Fix the default sample sizes (bsc#1051510). - ALSA: oxfw: fix memory leak for model-dependent data at error path (bsc#1051510). - ALSA: oxfw: fix memory leak of discovered stream formats at error path (bsc#1051510). - ALSA: oxfw: fix memory leak of private data (bsc#1051510). - ALSA: pcm: Fix negative appl_ptr handling in pcm-indirect helpers (). - ALSA: pcm: Fix snd_interval_refine first/last with open min/max (bsc#1051510). - ALSA: pcm: Simplify forward/rewind codes (). - ALSA: pcm: Use a common helper for PCM state check and hwsync (). - ALSA: pcm: Workaround for weird PulseAudio behavior on rewind error (). - ALSA: rme32: Deliver indirect-PCM transfer error (). - ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro (bsc#1051510). - ALSA: usb-audio: update quirk for B W PX to remove microphone (bsc#1051510). - ALSA: virmidi: Fix too long output trigger loop (bsc#1051510). - ALSA: vx222: Fix invalid endian conversions (bsc#1051510). - ALSA: vxpocket: Fix invalid endian conversions (bsc#1051510). - ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot (bsc#1051510). - ARM: 8799/1: mm: fix pci_ioremap_io() offset check (bsc#1051510). - ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores (bsc#1051510). - ARM: bcm2835: Add GET_THROTTLED firmware property (bsc#1108468). - ARM: exynos: Clear global variable on init error path (bsc#1051510). - ARM: hisi: check of_iomap and fix missing of_node_put (bsc#1051510). - ARM: hisi: fix error handling and missing of_node_put (bsc#1051510). - ARM: hisi: handle of_iomap and fix missing of_node_put (bsc#1051510). - ARM: hwmod: RTC: Do not assume lock/unlock will be called with irq enabled (bsc#1051510). - ARM: imx: flag failure of of_iomap (bsc#1051510). - ARM: imx_v4_v5_defconfig: Select ULPI support (bsc#1051510). - ARM: imx_v6_v7_defconfig: Select ULPI support (bsc#1051510). - ARM: mvebu: declare asm symbols as character arrays in pmsu.c (bsc#1051510). - ARM: pxa: irq: fix handling of ICMR registers in suspend/resume (bsc#1051510). - ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510). - ASoC: Intel: cht_bsw_max98090: remove useless code, align with ChromeOS driver (bsc#1051510). - ASoC: Intel: cht_bsw_max98090_ti: Fix jack initialization (bsc#1051510). - ASoC: cs4265: fix MMTLR Data switch control (bsc#1051510). - ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs (bsc#1051510). - ASoC: intel: skylake: Add missing break in skl_tplg_get_token() (bsc#1051510). - ASoC: msm8916-wcd-digital: fix RX2 MIX1 and RX3 MIX1 (bsc#1051510). - ASoC: rsnd: adg: care clock-frequency size (bsc#1051510). - ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510). - ASoC: rsnd: fixup not to call clk_get/set under non-atomic (bsc#1051510). - ASoC: rsnd: move rsnd_ssi_config_init() execute condition into it (bsc#1051510). - ASoC: rsnd: update pointer more accurate (bsc#1051510). - ASoC: rt5514: Add the I2S ASRC support (bsc#1051510). - ASoC: rt5514: Add the missing register in the readable table (bsc#1051510). - ASoC: rt5514: Eliminate the noise in the ASRC case (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied again (bsc#1051510). - ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510). - ASoC: wm8804: Add ACPI support (bsc#1051510). - ASoC: wm8994: Fix missing break in switch (bsc#1051510). - Apparmor fixes from git-fixes - Backport stable-patches for x86 architecture - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 (bsc#1051510). - Bluetooth: Use lock_sock_nested in bt_accept_enqueue (bsc#1051510). - Bluetooth: avoid killing an already killed socket (bsc#1051510). - Bluetooth: btsdio: Do not bind to non-removable BCM43430 (bsc#1103587). - Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV (bsc#1051510). - Bluetooth: hidp: Fix handling of strncpy for hid->name information (bsc#1051510). - Bluetooth: hidp: buffer overflow in hidp_process_report (bsc#1051510). - Btrfs: fix data corruption when deduplicating between different files (bsc#1110647). - Btrfs: fix duplicate extents after fsync of file with prealloc extents (bsc#1110644). - Btrfs: fix file data corruption after cloning a range and fsync (bsc#1111901). - Btrfs: fix fsync after hole punching when using no-holes feature (bsc#1110642). - Btrfs: fix loss of prealloc extents past i_size after fsync log replay (bsc#1110643). - Btrfs: fix mount failure after fsync due to hard link recreation (bsc#1103543). - Btrfs: fix return value on rename exchange failure (bsc#1110645). - Btrfs: fix send failure when root has deleted files still open (bsc#1110650). - Btrfs: rework outstanding_extents (dependency for bsc#1031392). - Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting (bsc#1111904). - Btrfs: sync log after logging new name (bsc#1110646). - CIFS: check for STATUS_USER_SESSION_DELETED (bsc#1112902). - Cleanup out-of-tree subsection - Disable DRM patches that broke vbox video driver KMP (bsc#1111076) - Do not leak MNT_INTERNAL away from internal mounts (git-fixes). - Documentation/l1tf: Fix small spelling typo (bsc#1051510). - Documentation: add some docs for errseq_t (bsc#1107008). - Documentation: ip-sysctl.txt: document addr_gen_mode (bsc#1051510). - Drivers: HV: Send one page worth of kmsg dump over Hyper-V during panic (bsc#1107207). - Drivers: hv: vmbus: Add comments on ring buffer signaling (bsc#1107207). - Drivers: hv: vmbus: Cleanup synic memory free path (bsc#1107207). - Drivers: hv: vmbus: Fix the issue with freeing up hv_ctl_table_hdr (bsc#1107207). - Drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer() (bsc#1051510). - Drivers: hv: vmbus: Get rid of MSR access from vmbus_drv.c (bsc#1107207). - Drivers: hv: vmbus: Implement Direct Mode for stimer0 (bsc#1107207). - Drivers: hv: vmbus: Make TLFS #define names architecture neutral (bsc#1107207). - Drivers: hv: vmbus: Remove use of slow_virt_to_phys() (bsc#1107207). - Drivers: hv: vmbus: Remove x86 MSR refs in arch independent code (bsc#1107207). - Drivers: hv: vmbus: Remove x86-isms from arch independent drivers (bsc#1107207). - Drivers: hv: vmbus: Removed an unnecessary cast from void * (bsc#1107207). - Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1107207). - Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() (bsc#1107207). - Drivers: hv: vmbus: add numa_node to sysfs (bsc#1107207). - Drivers: hv: vmbus: do not mark HV_PCIE as perf_device (bsc#1051510). - Drivers: hv: vmbus: enable VMBus protocol version 5.0 (bsc#1107207). - Drivers: hv: vmbus: respect what we get from hv_get_synint_state() (bsc#1107207). - Drivers: hv: vmus: Fix the check for return value from kmsg get dump buffer (bsc#1107207). - EDAC, ghes: Add DDR4 and NVDIMM memory types (bsc#1099125). - EDAC, i7core: Fix memleaks and use-after-free on probe and remove (bsc#1051510). - EDAC, skx: Fix skx_edac build error when ACPI_NFIT=m (bsc#1099125). - EDAC, skx_edac: Detect non-volatile DIMMs (bsc#1099125). - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279). - EDAC: Add new memory type for non-volatile DIMMs (bsc#1099125). - EDAC: Fix memleak in module init error path (bsc#1051510). - EDAC: Raise the maximum number of memory controllers (bsc#1113780). - Filesystem and FUSE fixes from upstream - Fix kexec forbidding kernels signed with keys in the secondary keyring to boot (bsc#1110006). - HID: add quirk for another PIXART OEM mouse used by HP (bsc#1051510). - HID: add support for Apple Magic Keyboards (bsc#1051510). - HID: hid-ntrig: add error handling for sysfs_create_group (bsc#1051510). - HID: hid-saitek: Add device ID for RAT 7 Contagion (bsc#1051510). - HID: hid-sensor-hub: Force logical minimum to 1 for power and report state (bsc#1051510). - HID: i2c-hid: Add no-irq-after-reset quirk for 0911:5288 device (). - HID: quirks: fix support for Apple Magic Keyboards (bsc#1051510). - HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report (bsc#1051510). - IB/IPoIB: Set ah valid flag in multicast send flow (bsc#1046307 ). - IB/core: type promotion bug in rdma_rw_init_one_mr() (bsc#1046306). - IB/hfi1: Invalid NUMA node information can cause a divide by zero (bsc#1060463). - IB/hfi1: Remove incorrect call to do_interrupt callback (bsc#1060463). - IB/hfi1: Set in_use_ctxts bits for user ctxts only (bsc#1060463 ). - IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler (bsc#1046307). - IB/ipoib: Fix error return code in ipoib_dev_init() (bsc#1046307 ). - IB/mlx4: Test port number before querying type (bsc#1046302 ). - IB/mlx4: Use 4K pages for kernel QP's WQE buffer (bsc#1046302 ). - IB/mlx5: fix uaccess beyond 'count' in debugfs read/write handlers (bsc#1046305). - Input: atakbd - fix Atari CapsLock behaviour (bsc#1051510). - Input: atakbd - fix Atari keymap (bsc#1051510). - Input: atmel_mxt_ts - only use first T9 instance (bsc#1051510). - Input: edt-ft5x06 - fix error handling for factory mode on non-M06 (bsc#1051510). - Input: edt-ft5x06 - implement support for the EDT-M12 series (bsc#1051510). - Input: edt-ft5x06 - make distinction between m06/m09/generic more clear (bsc#1051510). - Input: elantech - enable middle button of touchpad on ThinkPad P72 (bsc#1051510). - Input: synaptics-rmi4 - fix axis-swap behavior (bsc#1051510). - KABI: hide new member in struct iommu_table from genksyms (bsc#1061840). - KABI: move the new handler to end of machdep_calls and hide it from genksyms (bsc#1094244). - KABI: powerpc: export __find_linux_pte as __find_linux_pte_or_hugepte (bsc#1061840). - KABI: tpm: change relinquish_locality return value back to void (bsc#1082555). - KABI: tpm: do keep the cmd_ready and go_idle as pm ops (bsc#1082555). - KVM/VMX: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the RDMSR path as unlikely() (bsc#1110006). - KVM/x86: remove WARN_ON() for when vm_munmap() fails (bsc#1106240). - KVM: Enforce error in ioctl for compat tasks when !KVM_COMPAT (bsc#1106240). - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840). - KVM: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840). - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840). - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840). - KVM: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840). - KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840). - KVM: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840). - KVM: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840). - KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840). - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840). - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840). - KVM: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840). - KVM: PPC: Book3S HV: Do not use existing 'prodded' flag for XIVE escalations (bsc#1061840). - KVM: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840). - KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840). - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840). - KVM: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840). - KVM: PPC: Book3S HV: Fix constant size warning (bsc#1061840). - KVM: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840). - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840). - KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840). - KVM: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840). - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry (bsc#1061840). - KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840). - KVM: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840). - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840). - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840). - KVM: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840). - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840). - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840). - KVM: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840). - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840). - KVM: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840). - KVM: PPC: Book3S HV: Remove useless statement (bsc#1061840). - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840). - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840). - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840). - KVM: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840). - KVM: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840). - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840). - KVM: PPC: Book3S HV: Use correct pagesize in kvm_unmap_radix() (bsc#1061840, git-fixes). - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840). - KVM: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840). - KVM: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840). - KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840). - KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840). - KVM: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840). - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840). - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840). - KVM: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840). - KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840). - KVM: PPC: Book3S: Fix guest DMA when guest partially backed by THP pages (bsc#1077761, git-fixes, bsc#1103948, bsc#1103949). - KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840). - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840). - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840). - KVM: PPC: Make iommu_table::it_userspace big endian (bsc#1061840). - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840). - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840). - KVM: SVM: Add MSR-based feature support for serializing LFENCE (bsc#1106240). - KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr (bsc#1106240). - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry (bsc#1106240). - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - KVM: VMX: raise internal error for exception during invalid protected mode state (bsc#1110006). - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (bsc#1106240). - KVM: X86: Fix reserved bits check for MOV to CR3 (bsc#1110006). - KVM: X86: Introduce kvm_get_msr_feature() (bsc#1106240). - KVM: X86: fix incorrect reference of trace_kvm_pi_irte_update (bsc#1110006). - KVM: hyperv: idr_find needs RCU protection (bsc#1107207). - KVM: introduce kvm_make_vcpus_request_mask() API (bsc#1107207). - KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use (bsc#1110006). - KVM: nVMX: Do not expose MPX VMX controls when guest MPX disabled (bsc#1106240). - KVM: nVMX: Do not flush TLB when vmcs12 uses VPID (bsc#1106240). - KVM: nVMX: Do not halt vcpu when L1 is injecting events to L2 (bsc#1110006). - KVM: nVMX: Fix injection to L2 when L1 do not intercept external-interrupts (bsc#1106240). - KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2 (bsc#1106240). - KVM: nVMX: Re-evaluate L1 pending events when running L2 and L1 got posted-interrupt (bsc#1106240). - KVM: s390: add etoken support for guests (bsc#1106948, LTC#171029). - KVM: s390: force bp isolation for VSIE (bsc#1103421). - KVM: s390: implement CPU model only facilities (bsc#1106948, LTC#171029). - KVM: vmx: track host_state.loaded using a loaded_vmcs pointer (bsc#1110006). - KVM: vmx: use local variable for current_vmptr when emulating VMPTRST (bsc#1110006). - KVM: x86: Add a framework for supporting MSR-based features (bsc#1106240). - KVM: x86: Change __kvm_apic_update_irr() to also return if max IRR updated (bsc#1106240). - KVM: x86: Default to not allowing emulation retry in kvm_mmu_page_fault (bsc#1106240). - KVM: x86: Do not re-{try,execute} after failed emulation in L2 (bsc#1106240). - KVM: x86: Do not use kvm_x86_ops->mpx_supported() directly (bsc#1106240). - KVM: x86: Invert emulation re-execute behavior to make it opt-in (bsc#1106240). - KVM: x86: Merge EMULTYPE_RETRY and EMULTYPE_ALLOW_REEXECUTE (bsc#1106240). - KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled (git-fixes 1f50ddb4f418). - KVM: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed (bsc#1110006). - KVM: x86: VMX: hyper-v: Enlightened MSR-Bitmap support (bsc#1107207). - KVM: x86: define SVM/VMX specific kvm_arch_[alloc|free]_vm (bsc#1111506). - KVM: x86: ensure all MSRs can always be KVM_GET/SET_MSR'd (bsc#1107207). - KVM: x86: fix #UD address of failed Hyper-V hypercalls (bsc#1107207). - KVM: x86: fix #UD address of failed Hyper-V hypercalls (bsc#1110006). - KVM: x86: fix APIC page invalidation (bsc#1106240). - KVM: x86: fix escape of guest dr6 to the host (bsc#1110006). - KVM: x86: hyperv: do rep check for each hypercall separately (bsc#1107207). - KVM: x86: hyperv: simplistic HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE} implementation (bsc#1107207). - KVM: x86: hyperv: simplistic HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE}_EX implementation (bsc#1107207). - KVM: x86: hyperv: use defines when parsing hypercall parameters (bsc#1107207). - KVM: x86: remove APIC Timer periodic/oneshot spikes (bsc#1110006). - Kbuild: fix # escaping in .cmd files for future Make (git-fixes). - Limit kernel-source build to architectures for which we build binaries (bsc#1108281). - MAINTAINERS: fix location of ina2xx.txt device tree file (bsc#1051510). - NET: stmmac: align DMA stuff to largest cache line length (netfilter-stable-18_08_01). - NFC: Fix possible memory corruption when handling SHDLC I-Frame commands (bsc#1051510). - NFC: nfcmrvl_uart: fix OF child-node lookup (bsc#1051510). - NFC: trf7970a: fix check of clock frequencies (bsc#1051510). - NFS/filelayout: Fix racy setting of fl->dsaddr in filelayout_check_deviceid() (bsc#1105190). - NFS: Avoid quadratic search when freeing delegations (bsc#1084760). - NFS: Use an appropriate work queue for direct-write completion (bsc#1082519). - NFSv4 client live hangs after live data migration recovery (git-fixes). - NFSv4: Fix a sleep in atomic context in nfs4_callback_sequence() (git-fixes). - NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message (git-fixes). - Netperf performance issue due to AppArmor net mediation (bsc#1108520) - PCI/ASPM: Fix link_state teardown on device removal (bsc#1051510). - PCI/portdrv: Compute MSI/MSI-X IRQ vectors after final allocation (bsc#1109806). - PCI/portdrv: Factor out Interrupt Message Number lookup (bsc#1109806). - PCI: Add PCI resource type mask #define (bsc#1105355). - PCI: Add pci_resize_resource() for resizing BARs (bsc#1105355). - PCI: Add resizable BAR infrastructure (bsc#1105355). - PCI: Allow release of resources that were never assigned (bsc#1105355). - PCI: Cleanup PCI_REBAR_CTRL_BAR_SHIFT handling (bsc#1105355). - PCI: Match Root Port's MPS to endpoint's MPSS as necessary (bsc#1109269). - PCI: OF: Fix I/O space page leak (git-fixes). - PCI: Reprogram bridge prefetch registers on resume (bsc#1051510). - PCI: Restore resized BAR state on resume (bsc#1105355). - PCI: Skip MPS logic for Virtual Functions (VFs) (bsc#1051510). - PCI: aardvark: Fix I/O space page leak (git-fixes). - PCI: aardvark: Size bridges before resources allocation (bsc#1109806). - PCI: designware: Fix I/O space page leak (bsc#1109806). - PCI: dwc: Fix scheduling while atomic issues (git-fixes). - PCI: faraday: Add missing of_node_put() (bsc#1109806). - PCI: faraday: Fix I/O space page leak (bsc#1109806). - PCI: hotplug: Do not leak pci_slot on registration failure (bsc#1051510). - PCI: hv: Convert remove_lock to refcount (bsc#1107207). - PCI: hv: Do not wait forever on a device that has disappeared (bsc#1107207). - PCI: hv: Do not wait forever on a device that has disappeared (bsc#1109806). - PCI: hv: Fix return value check in hv_pci_assign_slots() (bsc#1107207). - PCI: hv: Make sure the bus domain is really unique (git-fixes). - PCI: hv: Remove unused reason for refcount handler (bsc#1107207). - PCI: hv: Replace GFP_ATOMIC with GFP_KERNEL in new_pcichild_device() (bsc#1107207). - PCI: hv: Use effective affinity mask (bsc#1107207). - PCI: hv: Use list_for_each_entry() (bsc#1107207). - PCI: hv: support reporting serial number as slot information (bsc#1107207). - PCI: mvebu: Fix I/O space end address calculation (bsc#1051510). - PCI: pciehp: Fix unprotected list iteration in IRQ handler (bsc#1051510). - PCI: pciehp: Fix use-after-free on unplug (bsc#1051510). - PCI: versatile: Fix I/O space page leak (bsc#1109806). - PCI: xgene: Fix I/O space page leak (bsc#1109806). - PCI: xilinx-nwl: Add missing of_node_put() (bsc#1109806). - PCI: xilinx: Add missing of_node_put() (bsc#1109806). - PM / Domains: Fix error path during attach in genpd (bsc#1051510). - PM / Domains: Fix genpd to deal with drivers returning 1 from ->prepare() (bsc#1051510). - PM / clk: signedness bug in of_pm_clk_add_clks() (bsc#1051510). - PM / core: Clear the direct_complete flag on errors (bsc#1051510). - PM / runtime: Drop usage count for suppliers at device link removal (bsc#1100132). - PM / sleep: wakeup: Fix build error caused by missing SRCU support (bsc#1051510). - PM: cpuidle: Fix cpuidle_poll_state_init() prototype (bsc#1110006). - RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (git-fixes). - RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c (bsc#1050244). - RDMA/bnxt_re: Fix a couple off by one bugs (bsc#1050244 ). - RDMA/bnxt_re: Fix system crash during RDMA resource initialization (bsc#1086283). - RDMA/i40w: Hold read semaphore while looking after VMA (bsc#1058659). - RDMA/uverbs: Expand primary and alt AV port checks (bsc#1046306 ). - Squashfs: Compute expected length from inode size rather than block length (bsc#1051510). - Tools: hv: Fix a bug in the key delete code (bsc#1107207). - USB: Add quirk to support DJI CineSSD (bsc#1051510). - USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller (bsc#1051510). - USB: cdc-wdm: do not enable interrupts in USB-giveback (bsc#1051510). - USB: fix error handling in usb_driver_claim_interface() (bsc#1051510). - USB: handle NULL config in usb_find_alt_setting() (bsc#1051510). - USB: net2280: Fix erroneous synchronization change (bsc#1051510). - USB: option: add support for DW5821e (bsc#1051510). - USB: remove LPM management from usb_driver_claim_interface() (bsc#1051510). - USB: serial: cypress_m8: fix interrupt-out transfer length (bsc#1051510). - USB: serial: io_ti: fix array underflow in completion handler (bsc#1051510). - USB: serial: kobil_sct: fix modem-status error handling (bsc#1051510). - USB: serial: pl2303: add a new device id for ATEN (bsc#1051510). - USB: serial: sierra: fix potential deadlock at close (bsc#1051510). - USB: serial: simple: add Motorola Tetra MTP6550 id (bsc#1051510). - USB: serial: ti_usb_3410_5052: fix array underflow in completion handler (bsc#1051510). - USB: yurex: Check for truncation in yurex_read() (bsc#1051510). - USB: yurex: Fix buffer over-read in yurex_write() (bsc#1051510). - Update config files, make CRYPTO_CRCT10DIF_PCLMUL built-in (bsc#1105603). - VFS: do not test owner for NFS in set_posix_acl() (bsc#1103405). - Workaround for mysterious NVMe breakage with i915 CFL (bsc#1111040). - Workaround kABI breakage by __must_check drop of strscpy() (bsc#1051510). - X86/Hyper-V: Add flush HvFlushGuestPhysicalAddressSpace hypercall support (bsc#1107207). - X86/Hyper-V: Add hyperv_nested_flush_guest_mapping ftrace support (bsc#1107207). - X86/Hyper-V: Consolidate code for converting cpumask to vpset (bsc#1107207). - X86/Hyper-V: Consolidate the allocation of the hypercall input page (bsc#1107207). - X86/Hyper-V: Enable IPI enlightenments (bsc#1107207). - X86/Hyper-V: Enhanced IPI enlightenment (bsc#1107207). - X86/Hyper-V: Enlighten APIC access (bsc#1107207). - acpi, nfit: Add function to look up nvdimm device and provide SMBIOS handle (bsc#1099125). - affs_lookup(): close a race with affs_remove_link() (bsc#1105355). - ahci: Add Intel Ice Lake LP PCI ID (bsc#1051510). - aio: fix io_destroy(2) vs. lookup_ioctx() race (git-fixes). - apparmor: Check buffer bounds when mapping permissions mask (git-fixes). - apparmor: Fix failure to audit context info in build_change_hat (bsc#1051510). - apparmor: Fix regression in profile conflict logic (bsc#1106427) - apparmor: Fully initialize aa_perms struct when answering userspace query (bsc#1051510). - apparmor: ensure that undecidable profile attachments fail (bsc#1106427). - apparmor: fix an error code in __aa_create_ns() (bsc#1106427). - apparmor: fix mediation of prlimit (bsc#1051510). - apparmor: fix memory leak when deduping profile load (bsc#1051510). - apparmor: fix ptrace read check (bsc#1051510). - apparmor: remove no-op permission check in policy_unpack (bsc#1106427). - arm/asm/tlb.h: Fix build error implicit func declaration (bsc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - arm64/acpi: Create arch specific cpu to acpi id helper (bsc#1106903). - arm64/kasan: do not allocate extra shadow memory (bsc#1106897). - arm64/mm/kasan: do not use vmemmap_populate() to initialize shadow (bsc#1106898). - arm64: Enforce BBM for huge IO/VMAP mappings (bsc#1106890). - arm64: Ignore hardware dirty bit updates in ptep_set_wrprotect() (bsc#1108010). - arm64: Make sure permission updates happen for pmd/pud (bsc#1106891). - arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag (bsc#1106902). - arm64: enable thunderx gpio driver - arm64: export memblock_reserve()d regions via /proc/iomem (bsc#1106892). - arm64: fix unwind_frame() for filtered out fn for function graph tracing (bsc#1106900). - arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups (bsc#1106896). - arm64: fpsimd: Avoid FPSIMD context leakage for the init task (bsc#1106894). - arm64: kasan: avoid pfn_to_nid() before page array is initialized (bsc#1106899). - arm64: mm: Ensure writes to swapper are ordered wrt subsequent cache maintenance (bsc#1106906). - arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() (bsc#1106893). - arm64: move patches to sorted section - arm64: numa: rework ACPI NUMA initialization (bsc#1106905). - arm64: vgic-v2: Fix proxying of cpuif access (bsc#1106901). - asix: Check for supported Wake-on-LAN modes (bsc#1051510). - ata: Fix ZBC_OUT all bit handling (bsc#1051510). - ata: Fix ZBC_OUT command block check (bsc#1051510). - ata: libahci: Allow reconfigure of DEVSLP register (bsc#1051510). - ata: libahci: Correct setting of DEVSLP register (bsc#1051510). - ath10k: disable bundle mgmt tx completion event support (bsc#1051510). - ath10k: fix kernel panic issue during pci probe (bsc#1051510). - ath10k: fix scan crash due to incorrect length calculation (bsc#1051510). - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bsc#1051510). - ath10k: prevent active scans on potential unusable channels (bsc#1051510). - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock (bsc#1051510). - ath10k: update the phymode along with bandwidth change request (bsc#1051510). - ath9k: add MSI support (). - ath9k: report tx status on EOSP (bsc#1051510). - ath9k_hw: fix channel maximum power level test (bsc#1051510). - atm: Preserve value of skb->truesize when accounting to vcc (networking-stable-18_07_19). - atm: horizon: Fix irq release error (bsc#1105355). - atm: zatm: Fix potential Spectre v1 (networking-stable-18_07_19). - atm: zatm: fix memcmp casting (bsc#1105355). - audit: Fix extended comparison of GID/EGID (bsc#1051510). - audit: allow not equal op for audit by executable (bsc#1051510). - audit: fix use-after-free in audit_add_watch (bsc#1051510). - autofs: fix autofs_sbi() does not check super block type (git-fixes). - autofs: fix slab out of bounds read in getname_kernel() (git-fixes). - autofs: mount point create should honour passed in mode (git-fixes). - ax88179_178a: Check for supported Wake-on-LAN modes (bsc#1051510). - b43/leds: Ensure NUL-termination of LED name string (bsc#1051510). - b43legacy/leds: Ensure NUL-termination of LED name string (bsc#1051510). - badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes). - batman-adv: Avoid probe ELP information leak (bsc#1051510). - batman-adv: Fix multicast TT issues with bogus ROAM flags (bsc#1051510). - batman-adv: Fix segfault when writing to sysfs elp_interval (bsc#1051510). - batman-adv: Fix segfault when writing to throughput_override (bsc#1051510). - batman-adv: Prevent duplicated gateway_node entry (bsc#1051510). - batman-adv: Prevent duplicated global TT entry (bsc#1051510). - batman-adv: Prevent duplicated nc_node entry (bsc#1051510). - batman-adv: Prevent duplicated softif_vlan entry (bsc#1051510). - batman-adv: Prevent duplicated tvlv handler (bsc#1051510). - batman-adv: fix backbone_gw refcount on queue_work() failure (bsc#1051510). - batman-adv: fix hardif_neigh refcount on queue_work() failure (bsc#1051510). - bcache: avoid unncessary cache prefetch bch_btree_node_get(). - bcache: calculate the number of incremental GC nodes according to the total of btree nodes. - bcache: display rate debug parameters to 0 when writeback is not running. - bcache: do not check return value of debugfs_create_dir(). - bcache: finish incremental GC. - bcache: fix I/O significant decline while backend devices registering. - bcache: fix error setting writeback_rate through sysfs interface. - bcache: free heap cache_set->flush_btree in bch_journal_free. - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section. - bcache: release dc->writeback_lock properly in bch_writeback_thread(). - bcache: set max writeback rate when I/O request is idle. - bcache: simplify the calculation of the total amount of flash dirty data. - bdi: Fix another oops in wb_workfn() (bsc#1112746). - bdi: Preserve kabi when adding cgwb_release_mutex (bsc#1112746). - be2net: Fix memory leak in be_cmd_get_profile_config() (bsc#1086288). - be2net: remove unused old AIC info (bsc#1086288). - be2net: remove unused old custom busy-poll fields (bsc#1086288 ). - binfmt_elf: Respect error return from `regset->active' (bsc#1051510). - blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713). - blk-mq: avoid to synchronize rcu inside blk_cleanup_queue() (bsc#1077989). - blkdev: __blkdev_direct_IO_simple: fix leak in error case (bsc#1083663). - blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers (bsc#1111819). - block, bfq: fix wrong init of saved start time for weight raising (bsc#1112708). - block, bfq: return nbytes and not zero from struct cftype .write() method (bsc#1106238). - block, dax: remove dead code in blkdev_writepages() (bsc#1104888). - block: Invalidate cache on discard v2 (bsc#1109992). - block: bfq: swap puts in bfqg_and_blkg_put (bsc#1112712). - block: bio_iov_iter_get_pages: fix size of last iovec (bsc#1083663). - block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs (bsc#1083663). - block: bvec_nr_vecs() returns value for wrong slab (bsc#1111834). - block: do not print a message when the device went away (bsc#1098459). - block: do not warn for flush on read-only device (bsc#1107756). - block: fix warning when I/O elevator is changed as request_queue is being removed (bsc#1109979). - block: pass inclusive 'lend' parameter to truncate_inode_pages_range (bsc#1109992). - block: properly protect the 'queue' kobj in blk_unregister_queue (bsc#1109979). - bnx2x: Fix invalid memory access in rss hash config path (bsc#1050319). - bnx2x: Fix receiving tx-timeout in error or recovery state (bsc#1050319). - bnxt_en: Clean up unused functions (bsc#1086282). - bnxt_en: Do not adjust max_cp_rings by the ones used by RDMA (bsc#1086282). - bnxt_en: Fix VF mac address regression (bsc#1086282 ). - bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1050244). - bonding: avoid lockdep confusion in bond_get_stats() (netfilter-stable-18_08_04). - bpf, s390: fix potential memleak when later bpf_jit_prog fails (bsc#1083647). - bpf/verifier: disallow pointer subtraction (bsc#1083647). - bpf: fix references to free_bpf_prog_info() in comments (bsc#1083647). - bpf: fix uninitialized variable in bpf tools (bsc#1083647). - bpf: hash map: decrement counter on error (bsc#1083647). - bpf: make cavium thunder compatible w/ bpf_xdp_adjust_tail (bsc#1110096). - bpf: powerpc64: pad function address loads with NOPs (bsc#1083647). - bpf: use GFP_ATOMIC instead of GFP_KERNEL in bpf_parse_prog() (bsc#1083647). - brcmfmac: stop watchdog before detach and free everything (bsc#1051510). - brcmsmac: fix wrap around in conversion from constant to s16 (bsc#1051510). - btrfs: Add checker for EXTENT_CSUM (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Add sanity check for EXTENT_DATA when reading out leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Check if item pointer overlaps with the item itself (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Check that each block group has corresponding chunk at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device (bsc#1097105). - btrfs: Fix wrong btrfs_delalloc_release_extents parameter (bsc#1031392). - btrfs: Handle error from btrfs_uuid_tree_rem call in _btrfs_ioctl_set_received_subvol (bsc#1097105). - btrfs: Introduce mount time chunk dev extent mapping check (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Manually implement device_total_bytes getter/setter (bsc#1043912). - btrfs: Move leaf and node validation checker to tree-checker.c (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Remove unused parameters from various functions (bsc#1110649). - btrfs: Round down values which are written for total_bytes_size (bsc#1043912). - btrfs: Verify that every chunk has corresponding block group at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: add a comp_refs() helper (dependency for bsc#1031392). - btrfs: add tracepoints for outstanding extents mods (dependency for bsc#1031392). - btrfs: check-integrity: Fix NULL pointer dereference for degraded mount (bsc#1107947). - btrfs: cleanup extent locking sequence (dependency for bsc#1031392). - btrfs: delayed-inode: Remove wrong qgroup meta reservation calls (bsc#1031392). - btrfs: delayed-inode: Use new qgroup meta rsv for delayed inode and item (bsc#1031392). - btrfs: fix error handling in btrfs_dev_replace_start (bsc#1107535). - btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919). - btrfs: handle errors while updating refcounts in update_ref_for_cow (Git-fixes bsc#1109915). - btrfs: log csums for all modified extents (bsc#1110639). - btrfs: make the delalloc block rsv per inode (dependency for bsc#1031392). - btrfs: qgroup: Add quick exit for non-fs extents (dependency for bsc#1031392). - btrfs: qgroup: Cleanup btrfs_qgroup_prepare_account_extents function (dependency for bsc#1031392). - btrfs: qgroup: Cleanup the remaining old reservation counters (bsc#1031392). - btrfs: qgroup: Commit transaction in advance to reduce early EDQUOT (bsc#1031392). - btrfs: qgroup: Do not use root->qgroup_meta_rsv for qgroup (bsc#1031392). - btrfs: qgroup: Fix qgroup reserved space underflow by only freeing reserved ranges (dependency for bsc#1031392). - btrfs: qgroup: Fix qgroup reserved space underflow caused by buffered write and quotas being enabled (dependency for bsc#1031392). - btrfs: qgroup: Fix wrong qgroup reservation update for relationship modification (bsc#1031392). - btrfs: qgroup: Introduce extent changeset for qgroup reserve functions (dependency for bsc#1031392). - btrfs: qgroup: Introduce function to convert META_PREALLOC into META_PERTRANS (bsc#1031392). - btrfs: qgroup: Introduce helpers to update and access new qgroup rsv (bsc#1031392). - btrfs: qgroup: Make qgroup_reserve and its callers to use separate reservation type (bsc#1031392). - btrfs: qgroup: Return actually freed bytes for qgroup release or free data (dependency for bsc#1031392). - btrfs: qgroup: Skeleton to support separate qgroup reservation type (bsc#1031392). - btrfs: qgroup: Split meta rsv type into meta_prealloc and meta_pertrans (bsc#1031392). - btrfs: qgroup: Update trace events for metadata reservation (bsc#1031392). - btrfs: qgroup: Update trace events to use new separate rsv types (bsc#1031392). - btrfs: qgroup: Use independent and accurate per inode qgroup rsv (bsc#1031392). - btrfs: qgroup: Use root::qgroup_meta_rsv_* to record qgroup meta reserved space (bsc#1031392). - btrfs: qgroup: Use separate meta reservation type for delalloc (bsc#1031392). - btrfs: remove type argument from comp_tree_refs (dependency for bsc#1031392). - btrfs: round down size diff when shrinking/growing device (bsc#1097105). - btrfs: scrub: Do not use inode page cache in scrub_handle_errored_block() (follow up for bsc#1108096). - btrfs: scrub: Do not use inode pages for device replace (follow up for bsc#1108096). - btrfs: switch args for comp_*_refs (dependency for bsc#1031392). - btrfs: tests/qgroup: Fix wrong tree backref level (bsc#1107928). - btrfs: tree-checker: Add checker for dir item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Detect invalid and empty essential trees (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance btrfs_check_node output (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for btrfs_check_leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_csum_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_extent_data_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Fix false panic for sanity test (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Replace root parameter with fs_info (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Verify block_group_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - cdc-acm: fix race between reset and control messaging (bsc#1051510). - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (bsc#1051510). - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1111983). - ceph: fix incorrect use of strncpy (bsc#1107319). - ceph: return errors from posix_acl_equiv_mode() correctly (bsc#1107320). - cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() (bsc#1051510). - cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE (bsc#1051510). - cfg80211: reg: Init wiphy_idx in regulatory_hint_core() (bsc#1051510). - cgroup: avoid copying strings longer than the buffers (bsc#1051510). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510). - cifs: Fix use after free of a mid_q_entry (bsc#1112903). - cifs: check kmalloc before use (bsc#1051510). - cifs: fix memory leak in SMB2_open() (bsc#1112894). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510). - clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure (bsc#1051510). - clk: core: Potentially free connection id (bsc#1051510). - clk: imx6ul: fix missing of_node_put() (bsc#1051510). - clk: meson: gxbb: remove HHI_GEN_CLK_CTNL duplicate definition (bsc#1051510). - clk: mvebu: armada-38x: add support for 1866MHz variants (bsc#1105355). - clk: mvebu: armada-38x: add support for missing clocks (bsc#1105355). - clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 (bsc#1051510). - clk: rockchip: fix clk_i2sout parent selection bits on rk3399 (bsc#1051510). - clk: tegra: bpmp: Do not crash when a clock fails to register (bsc#1051510). - clk: x86: Stop marking clocks as CLK_IS_CRITICAL (bsc#1051510). - clk: x86: add 'ether_clk' alias for Bay Trail / Cherry Trail (bsc#1051510). - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs (bsc#1051510). - clocksource/drivers/timer-atmel-pit: Properly handle error cases (bsc#1051510). - cls_matchall: fix tcf_unbind_filter missing (networking-stable-18_08_21). - coda: fix 'kernel memory exposure attempt' in fsync (bsc#1051510). - coresight: Handle errors in finding input/output ports (bsc#1051510). - coresight: tpiu: Fix disabling timeouts (bsc#1051510). - cpu/hotplug: Fix SMT supported evaluation (bsc#1110006). - cpufreq / CPPC: Set platform specific transition_delay_us (bsc#1101480). - cpufreq, intel_pstate: Allow unspecified FADT profile to probe PPC (bsc#1108841). - cpufreq: CPPC: Do not set transition_latency (bsc#1101480). - cpufreq: CPPC: Use transition_delay_us depending transition_latency (bsc#1101480). - cpufreq: remove setting of policy->cpu in policy->cpus during init (bsc#1101480). - crypto: ablkcipher - fix crash flushing dcache in error path (bsc#1051510). - crypto: blkcipher - fix crash flushing dcache in error path (bsc#1051510). - crypto: caam - fix implicit casts in endianness helpers (bsc#1051510). - crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic (bsc#1051510). - crypto: caam/jr - fix descriptor DMA unmapping (bsc#1051510). - crypto: caam/qi - fix error path in xts setkey (bsc#1051510). - crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions (bsc#1051510). - crypto: ccp - Check for NULL PSP pointer at module unload (bsc#1051510). - crypto: ccp - Fix command completion detection race (bsc#1051510). - crypto: ccp - add timeout support in the SEV command (bsc#1106838). - crypto: chelsio - Fix memory corruption in DMA Mapped buffers (bsc#1051510). - crypto: clarify licensing of OpenSSL asm code (). - crypto: lrw - Fix out-of bounds access on counter overflow (bsc#1051510). - crypto: mxs-dcp - Fix wait logic on chan threads (bsc#1051510). - crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() (bsc#1051510). - crypto: sharah - Unregister correct algorithms for SAHARA 3 (bsc#1051510). - crypto: skcipher - Fix -Wstringop-truncation warnings (bsc#1051510). - crypto: skcipher - fix aligning block size in skcipher_copy_iv() (bsc#1051510). - crypto: skcipher - fix crash flushing dcache in error path (bsc#1051510). - crypto: tcrypt - fix ghash-generic speed test (bsc#1051510). - crypto: vmac - require a block cipher with 128-bit block size (bsc#1051510). - crypto: vmac - separate tfm and request context (bsc#1051510). - crypto: vmx - Fix sleep-in-atomic bugs (bsc#1051510). - crypto: vmx - Use skcipher for ctr fallback to SLE12-SP4 (bsc#1106464). - crypto: x86/sha256-mb - fix digest copy in sha256_mb_mgr_get_comp_job_avx2() (bsc#1051510). - cxgb4: Fix the condition to check if the card is T5 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: fix abort_req_rss6 struct (bsc#1046540). - cxgb4: when disabling dcb set txq dcb priority to 0 (bsc#1046540 ). - cxl: Configure PSL to not use APC virtual machines (bsc#1055014, git-fixes). - cxl: Fix wrong comparison in cxl_adapter_context_get() (bsc#1055014, git-fixes). - dax: Fix deadlock in dax_lock_mapping_entry() (bsc#1109951). - dax: Introduce a ->copy_to_iter dax operation (bsc#1098782). - dax: Make extension of dax_operations transparent (bsc#1098782). - dax: Report bytes remaining in dax_iomap_actor() (bsc#1098782). - dax: remove VM_MIXEDMAP for fsdax and device dax (bsc#1106007). - dax: remove default copy_from_iter fallback (bsc#1098782). - dax: require 'struct page' by default for filesystem dax (bsc#1104888). - dax: store pfns in the radix (bsc#1104888). - dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() (netfilter-stable-18_08_17). - debugobjects: Make stack check warning more informative (bsc#1051510). - declance: Fix continuation with the adapter identification message (bsc#1051510). - device-dax: Add missing address_space_operations (bsc#1107783). - device-dax: Enable page_mapping() (bsc#1107783). - device-dax: Set page->index (bsc#1107783). - devicectree: bindings: fix location of leds common file (bsc#1051510). - dma-buf: remove redundant initialization of sg_table (bsc#1051510). - dmaengine: hsu: Support dmaengine_terminate_sync() (bsc#1051510). - dmaengine: idma64: Support dmaengine_terminate_sync() (bsc#1051510). - dmaengine: mv_xor_v2: kill the tasklets upon exit (bsc#1051510). - dmaengine: pl330: fix irq race with terminate_all (bsc#1051510). - do d_instantiate/unlock_new_inode combinations safely (git-fixes). - doc/README.SUSE: Remove mentions of cloneconfig (bsc#1103636). - driver core: add __printf verification to __ata_ehi_pushv_desc (bsc#1051510). - drivers/base: stop new probing during shutdown (bsc#1051510). - drivers/tty: add error handling for pcmcia_loop_config (bsc#1051510). - drm/amd/pp/Polaris12: Fix a chunk of registers missed to program (bsc#1051510). - drm/amdgpu/powerplay: fix missing break in switch statements (bsc#1113722) - drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode (bsc#1051510). - drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode (bsc#1051510). - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bsc#1051510). - drm/amdgpu: Fix vce work queue was not cancelled when suspend (bsc#1106110) - drm/amdgpu: Pulling old prepare and submit for flip back (bsc#1051510). - drm/amdgpu: Update power state at the end of smu hw_init (bsc#1051510). - drm/amdgpu: add another ATPX quirk for TOPAZ (bsc#1051510). - drm/amdgpu: add new polaris pci id (bsc#1051510). - drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk (bsc#1106110) - drm/amdgpu: fix swapped emit_ib_size in vce3 (bsc#1051510). - drm/amdgpu: revert 'fix deadlock of reservation between cs and gpu reset v2' (bsc#1051510). - drm/amdgpu: update tmr mc address (bsc#1100132). - drm/amdgpu:add new firmware id for VCN (bsc#1051510). - drm/amdgpu:add tmr mc address into amdgpu_firmware_info (bsc#1051510). - drm/amdkfd: Fix error codes in kfd_get_process (bsc#1051510). - drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format (bsc#1051510). - drm/armada: fix colorkey mode property (bsc#1051510). - drm/armada: fix irq handling (bsc#1051510). - drm/bridge/sii8620: Fix display of packed pixel modes (bsc#1051510). - drm/bridge/sii8620: fix display of packed pixel modes in MHL2 (bsc#1051510). - drm/bridge/sii8620: fix loops in EDID fetch logic (bsc#1051510). - drm/bridge: adv7511: Reset registers on hotplug (bsc#1051510). - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 (bsc#1051510). - drm/edid: VSDB yCBCr420 Deep Color mode bit definitions (bsc#1051510). - drm/exynos: decon5433: Fix WINCONx reset value (bsc#1051510). - drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes (bsc#1051510). - drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes (bsc#1051510). - drm/fb-helper: Fix typo on kerneldoc (bsc#1051510). - drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113722) - drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113722) - drm/i915/aml: Introducing Amber Lake platform (). - drm/i915/audio: Fix audio enumeration issue on BXT (). - drm/i915/audio: Hook up component bindings even if displays are (bsc#1113722) - drm/i915/cfl: Add a new CFL PCI ID (). - drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit panel's native mode (bsc#1051510). - drm/i915/gen9+: Fix initial readout for Y tiled framebuffers (bsc#1113722) - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (bsc#1051510). - drm/i915/gvt: Fix the incorrect length of child_device_config issue (bsc#1051510). - drm/i915/gvt: Off by one in intel_vgpu_write_fence() (bsc#1051510). - drm/i915/gvt: clear ggtt entries when destroy vgpu (bsc#1051510). - drm/i915/gvt: request srcu_read_lock before checking if one gfn is valid (bsc#1051510). - drm/i915/kvmgt: Fix potential Spectre v1 (bsc#1051510). - drm/i915/lpe: Mark LPE audio runtime pm as 'no callbacks' (bsc#1051510). - drm/i915/overlay: Allocate physical registers from stolen (bsc#1051510). - drm/i915/whl: Introducing Whiskey Lake platform (). - drm/i915: Handle incomplete Z_FINISH for compressed error states (bsc#1100132) - drm/i915: Increase LSPCON timeout (bsc#1051510). - drm/i915: Nuke the LVDS lid notifier (bsc#1051510). - drm/i915: Only show debug for state changes when banning (bsc#1051510). - drm/i915: Restore user forcewake domains across suspend (bsc#1100132). - drm/i915: Restore vblank interrupts earlier (bsc#1051510). - drm/i915: Unmask user interrupts writes into HWSP on snb/ivb/vlv/hsw (bsc#1051510). - drm/i915: set DP Main Stream Attribute for color range on DDI platforms (bsc#1051510). - drm/imx: imx-ldb: check if channel is enabled before printing warning (bsc#1051510). - drm/imx: imx-ldb: disable LDB on driver bind (bsc#1051510). - drm/mediatek: fix OF sibling-node lookup (bsc#1106110) - drm/modes: Introduce drm_mode_match() (). - drm/msm: fix OF child-node lookup (bsc#1106110) - drm/nouveau/TBDdevinit: do not fail when PMU/PRE_OS is missing from VBIOS (bsc#1051510). - drm/nouveau/debugfs: Wake up GPU before doing any reclocking (bsc#1051510). - drm/nouveau/disp: fix DP disable race (bsc#1051510). - drm/nouveau/drm/nouveau: Do not forget to cancel hpd_work on suspend/unload (bsc#1051510). - drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement (bsc#1051510). - drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early (bsc#1051510). - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() (bsc#1051510). - drm/nouveau: Do not disable polling in fallback mode (bsc#1103356). - drm/nouveau: Fix deadlocks in nouveau_connector_detect() (bsc#1051510). - drm/nouveau: Fix runtime PM leak in drm_open() (bsc#1051510). - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping (bsc#1051510). - drm/panel: type promotion bug in s6e8aa0_read_mtp_id() (bsc#1051510). - drm/rockchip: lvds: add missing of_node_put (bsc#1051510). - drm/sti: do not remove the drm_bridge that was never added (bsc#1100132) - drm/sun4i: Fix an ulong overflow in the dotclock driver (bsc#1106110) - drm/sun4i: Fix releasing node when enumerating enpoints (bsc#1051510). - drm/tegra: Check for malformed offsets and sizes in the 'submit' IOCTL (bsc#1106170). - drm/tegra: Fix comparison operator for buffer size (bsc#1100132). - drm/vc4: Fix the 'no scaling' case on multi-planar YUV formats (bsc#1051510). - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1113722) - drm: Add DRM client cap for aspect-ratio (). - drm: Add and handle new aspect ratios in DRM layer (). - drm: Add aspect ratio parsing in DRM layer (). - drm: Expose modes with aspect ratio, only if requested (). - drm: Handle aspect ratio info in legacy modeset path (). - drm: mali-dp: Call drm_crtc_vblank_reset on device init (bsc#1051510). - drm: mali-dp: Enable Global SE interrupts mask for DP500 (bsc#1051510). - drm: udl: Destroy framebuffer only if it was initialized (bsc#1051510). - dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation (bsc#1051510). - e1000: check on netif_running() before calling e1000_up() (bsc#1051510). - e1000: ensure to free old tx/rx rings in set_ringparam() (bsc#1051510). - eeprom: at24: change nvmem stride to 1 (bsc#1051510). - eeprom: at24: check at24_read/write arguments (bsc#1051510). - eeprom: at24: correctly set the size for at24mac402 (bsc#1051510). - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode (bsc#1110006). - enable CONFIG_SCSI_MQ_DEFAULT (bsc#1107207) - enable MLX5 in azure (bsc#1108260) - enic: do not call enic_change_mtu in enic_probe (bsc#1051510). - enic: handle mtu change for vf properly (bsc#1051510). - enic: initialize enic->rfs_h.lock in enic_probe (bsc#1051510). - errseq: Add to documentation tree (bsc#1107008). - errseq: Always report a writeback error once (bsc#1107008). - ethtool: Remove trailing semicolon for static inline (bsc#1051510). - ethtool: fix a privilege escalation bug (bsc#1076830). - evm: Do not deadlock if a crypto algorithm is unavailable (bsc#1051510). - ext2, dax: introduce ext2_dax_aops (bsc#1104888). - ext2, dax: set ext2_dax_aops for dax files (bsc#1112554). - ext2: auto disable dax instead of failing mount (bsc#1104888). - ext4, dax: add ext4_bmap to ext4_dax_aops (bsc#1104888). - ext4, dax: introduce ext4_dax_aops (bsc#1104888). - ext4, dax: set ext4_dax_aops for dax files (bsc#1104888). - ext4: auto disable dax instead of failing mount (bsc#1104888). - ext4: avoid arithemetic overflow that can trigger a BUG (bsc#1112736). - ext4: avoid divide by zero fault when deleting corrupted inline directories (bsc#1112735). - ext4: check for NUL characters in extended attribute's name (bsc#1112732). - ext4: check to make sure the rename(2)'s destination is not freed (bsc#1112734). - ext4: do not mark mmp buffer head dirty (bsc#1112743). - ext4: fix online resize's handling of a too-small final block group (bsc#1112739). - ext4: fix online resizing for bigalloc file systems with a 1k block size (bsc#1112740). - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bsc#1112733). - ext4: recalucate superblock checksum after updating free blocks/inodes (bsc#1112738). - ext4: reset error code in ext4_find_entry in fallback (bsc#1112731). - ext4: show test_dummy_encryption mount option in /proc/mounts (bsc#1112741). - ext4: sysfs: print ext4_super_block fields as little-endian (bsc#1106229). - extcon: Release locking when sending the notification of connector state (bsc#1051510). - f2fs: remove unneeded memory footprint accounting (bsc#1106233). - f2fs: remove unneeded memory footprint accounting (bsc#1106297). - f2fs: validate before set/clear free nat bitmap (bsc#1106231). - f2fs: validate before set/clear free nat bitmap (bsc#1106297). - fat: fix memory allocation failure handling of match_strdup() (bsc#1051510). - fb: fix lost console when the user unplugs a USB adapter (bsc#1051510). - fbdev/omapfb: fix omapfb_memory_read infoleak (bsc#1051510). - fbdev/via: fix defined but not used warning (bsc#1051510). - fbdev: Distinguish between interlaced and progressive modes (bsc#1051510). - fbdev: omapfb: off by one in omapfb_register_client() (bsc#1051510). - filesystem-dax: Introduce dax_lock_mapping_entry() (bsc#1107783). - filesystem-dax: Set page->index (bsc#1107783). - firmware, DMI: Add function to look up a handle and return DIMM size (bsc#1099125). - firmware: raspberrypi: Register hwmon driver (bsc#1108468). - fix __legitimize_mnt()/mntput() race (bsc#1106297). - fix a page leak in vhost_scsi_iov_to_sgl() error recovery (bsc#1051510). - fix mntput/mntput race (bsc#1106297). - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (bsc#1051510). - fs, dax: prepare for dax-specific address_space_operations (bsc#1104888). - fs, dax: use page->mapping to warn if truncate collides with a busy page (bsc#1104888). - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed (bsc#1051510). - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes). - fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table (bsc#1106297). - fs/quota: Fix spectre gadget in do_quotactl (bsc#1112745). - fs: dcache: Avoid livelock between d_alloc_parallel and __d_add (git-fixes). - fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes). - fuse: Add missed unlock_page() to fuse_readpages_fill() (bsc#1106291). - fuse: Do not access pipe->buffers without pipe_lock() (bsc#1051510). - fuse: Fix oops at process_init_reply() (bsc#1106291). - fuse: fix double request_end() (bsc#1106291). - fuse: fix initial parallel dirops (bsc#1106291). - fuse: fix unlocked access to processing queue (bsc#1106291). - fuse: umount should wait for all requests (bsc#1106291). - gen_stats: Fix netlink stats dumping in the presence of padding (netfilter-stable-18_07_23). - genirq: Add handle_fasteoi_{level,edge}_irq flow handlers (bsc#1105378). - genirq: Export more irq_chip_*_parent() functions (bsc#1105378). - getname_kernel() needs to make sure that ->name != ->iname in long case (git-fixes). - getxattr: use correct xattr length (bsc#1106235). - getxattr: use correct xattr length (bsc#1106297). - gpio: Add gpio driver support for ThunderX and OCTEON-TX (bsc#1105378). - gpio: Fix crash due to registration race (bsc#1051510). - gpio: Fix wrong rounding in gpio-menz127 (bsc#1051510). - gpio: adp5588: Fix sleep-in-atomic-context bug (bsc#1051510). - gpio: mb86s70: Revert 'Return error if requesting an already assigned gpio' (bsc#1051510). - gpio: ml-ioh: Fix buffer underwrite on probe error path (bsc#1051510). - gpio: pxa: Fix potential NULL dereference (bsc#1051510). - gpio: tegra: Move driver registration to subsys_init level (bsc#1051510). - gpio: thunderx: fix error return code in thunderx_gpio_probe() (bsc#1105378). - gpio: thunderx: remove unused .map() hook from irq_domain_ops (bsc#1105378). - gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall (bsc#1051510). - gpiolib-acpi: make sure we trigger edge events at least once on boot (bsc#1051510). - gpiolib: Free the last requested descriptor (bsc#1051510). - gpiolib: Mark gpio_suffixes array with __maybe_unused (bsc#1051510). - gpiolib: acpi: Switch to cansleep version of GPIO library call (bsc#1051510). - gpu: host1x: Check whether size of unpin isn't 0 (bsc#1051510). - gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes (bsc#1051510). - gpu: ipu-v3: default to id 0 on missing OF alias (bsc#1051510). - hfs: prevent crash on exit from failed search (bsc#1051510). - hfsplus: do not return 0 when fill_super() failed (bsc#1051510). - hfsplus: stop workqueue when fill_super() failed (bsc#1051510). - hotplug/cpu: Add operation queuing function (). - hotplug/cpu: Conditionally acquire/release DRC index (). - hotplug/cpu: Provide CPU readd operation (). - hv: Synthetic typo correction (bsc#1107207). - hv: add SPDX license id to Kconfig (bsc#1107207). - hv: add SPDX license to trace (bsc#1107207). - hv: avoid crash in vmbus sysfs files (bsc#1108377). - hv_balloon: trace post_status (bsc#1107207). - hv_netvsc: Add NetVSP v6 and v6.1 into version negotiation (bsc#1107207). - hv_netvsc: Add handlers for ethtool get/set msg level (bsc#1107207). - hv_netvsc: Add per-cpu ethtool stats for netvsc (bsc#1107207). - hv_netvsc: Add range checking for rx packet offset and length (bsc#1107207). - hv_netvsc: Clean up extra parameter from rndis_filter_receive_data() (bsc#1107207). - hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe() (bsc#1107207). - hv_netvsc: Fix the return status in RX path (bsc#1107207). - hv_netvsc: Fix the variable sizes in ipsecv2 and rsc offload (bsc#1107207). - hv_netvsc: Pass net_device parameter to revoke and teardown functions (bsc#1107207). - hv_netvsc: add trace points (bsc#1107207). - hv_netvsc: fix bogus ifalias on network device (bsc#1107207). - hv_netvsc: fix network namespace issues with VF support (bsc#1107207). - hv_netvsc: fix schedule in RCU context (). - hv_netvsc: fix schedule in RCU context (bsc#1107207). - hv_netvsc: fix vf serial matching with pci slot info (bsc#1107207). - hv_netvsc: ignore devices that are not PCI (bsc#1107207). - hv_netvsc: move VF to same namespace as netvsc device (bsc#1107207). - hv_netvsc: pair VF based on serial number (bsc#1107207). - hv_netvsc: pass netvsc_device to rndis halt (bsc#1107207). - hv_netvsc: propogate Hyper-V friendly name into interface alias (bsc#1107207). - hv_netvsc: select needed ucs2_string routine (bsc#1107207). - hv_netvsc: simplify receive side calling arguments (bsc#1107207). - hv_netvsc: typo in NDIS RSS parameters structure (bsc#1107207). - hv_vmbus: Correct the stale comments regarding cpu affinity (bsc#1107207). - hwmon: (adt7475) Make adt7475_read_word() return errors (bsc#1051510). - hwmon: (ina2xx) fix sysfs shunt resistor read access (bsc#1051510). - hwmon: (nct6775) Set weight source to zero correctly (bsc#1051510). - hwmon: Add support for RPi voltage sensor (bsc#1108468). - hwmon: rpi: add module alias to raspberrypi-hwmon (bsc#1108468). - hwrng: core - document the quality field (bsc#1051510). - hyper-v: use GFP_KERNEL for hv_context.hv_numa_map (bsc#1107207). - hypfs_kill_super(): deal with failed allocations (bsc#1051510). - i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes (bsc#1051510). - i2c: davinci: Avoid zero value of CLKH (bsc#1051510). - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bsc#1051510). - i2c: i801: Add missing documentation entries for Braswell and Kaby Lake (bsc#1051510). - i2c: i801: Add support for Intel Cedar Fork (bsc#1051510). - i2c: i801: Add support for Intel Ice Lake (bsc#1051510). - i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus (bsc#1051510). - i2c: i801: Consolidate chipset names in documentation and Kconfig (bsc#1051510). - i2c: i801: fix DNV's SMBCTRL register offset (bsc#1051510). - i2c: imx: Fix race condition in dma read (bsc#1051510). - i2c: rcar: cleanup DMA for all kinds of failure (bsc#1051510). - i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP (bsc#1051510). - i2c: uniphier: issue STOP only for last message or I2C_M_STOP (bsc#1051510). - i2c: xiic: Make the start and the byte count write atomic (bsc#1051510). - i2c: xlp9xx: Fix case where SSIF read transaction completes early (bsc#1105907). - i2c: xlp9xx: Fix issue seen when updating receive length (bsc#1105907). - i2c: xlp9xx: Make sure the transfer size is not more than I2C_SMBUS_BLOCK_SIZE (bsc#1105907). - i40e: fix condition of WARN_ONCE for stat strings (bsc#1107522). - ib_srpt: Fix a use-after-free in srpt_close_ch() (bsc#1046306 ). - ibmvnic: Include missing return code checks in reset function (bsc#1107966). - ieee802154: ca8210: fix uninitialised data read (bsc#1051510). - ieee802154: fix gcc-4.9 warnings (bsc#1051510). - ieee802154: mrf24j40: fix incorrect mask in mrf24j40_stop (bsc#1051510). - iio: 104-quad-8: Fix off-by-one error in register selection (bsc#1051510). - iio: ad9523: Fix displayed phase (bsc#1051510). - iio: ad9523: Fix return value for ad952x_store() (bsc#1051510). - iio: adc: at91: fix acking DRDY irq on simple conversions (bsc#1051510). - iio: adc: at91: fix wrong channel number in triggered buffer mode (bsc#1051510). - iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() (bsc#1051510). - iio: adc: ina2xx: avoid kthread_stop() with stale task_struct (bsc#1051510). - iio: adc: sun4i-gpadc: select REGMAP_IRQ (bsc#1051510). - iio: sca3000: Fix an error handling path in 'sca3000_probe()' (bsc#1051510). - iio: sca3000: Fix missing return in switch (bsc#1051510). - ima: based on policy verify firmware signatures (pre-allocated buffer) (bsc#1051510). - include/rdma/opa_addr.h: Fix an endianness issue (bsc#1046306 ). - input: rohm_bu21023: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - intel_th: Fix device removal logic (bsc#1051510). - intel_th: pci: Add Ice Lake PCH support (bsc#1051510). - iommu/amd: Add support for IOMMU XT mode (). - iommu/amd: Add support for higher 64-bit IOMMU Control Register (). - iommu/amd: Clear memory encryption mask from physical address (bsc#1106105). - iommu/amd: Finish TLB flush in amd_iommu_unmap() (bsc#1106105). - iommu/amd: Return devid as alias for ACPI HID devices (bsc#1106105). - iommu/amd: make sure TLB to be flushed before IOVA freed (bsc#1106105). - iommu/arm-smmu-v3: Do not free page table ops twice (bsc#1106237). - iommu/arm-smmu: Error out only if not enough context interrupts (bsc#1106237). - iommu/vt-d: Add definitions for PFSID (bsc#1106237). - iommu/vt-d: Fix a potential memory leak (bsc#1106105). - iommu/vt-d: Fix dev iotlb pfsid use (bsc#1106237). - iommu/vt-d: Fix scatterlist offset handling (bsc#1106237). - iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105). - ioremap: Update pgtable free interfaces with addr (bsc#1110006). - ip: hash fragments consistently (netfilter-stable-18_07_27). - ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull (netfilter-stable-18_07_27). - ipc/shm: fix shmat() nil address after round-down when remapping (bsc#1090078). - ipmi/powernv: Fix error return code in ipmi_powernv_probe() (git-fixes). - ipmi: Fix some counter issues (bsc#1105907). - ipmi: Move BT capabilities detection to the detect call (bsc#1106779). - ipmi: Remove ACPI SPMI probing from the SSIF (I2C) driver (bsc#1105907). - ipmi:bt: Set the timeout before doing a capabilities check (bsc#1051510). - ipmi:ssif: Add support for multi-part transmit messages > 2 parts (bsc#1103308). - ipv4: Return EINVAL when ping_group_range sysctl does not map to user ns (netfilter-stable-18_07_23). - ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() (git-fixes). - ipv4: remove BUG_ON() from fib_compute_spec_dst (netfilter-stable-18_08_01). - ipv6: fix useless rol32 call on hash (netfilter-stable-18_07_23). - ipv6: ila: select CONFIG_DST_CACHE (netfilter-stable-18_07_23). - ipv6: make DAD fail with enhanced DAD when nonce length differs (netfilter-stable-18_07_23). - ipv6: sr: fix passing wrong flags to crypto_alloc_shash() (networking-stable-18_07_19). - ipvlan: fix IFLA_MTU ignored on NEWLINK (networking-stable-18_07_19). - irq/core: Fix boot crash when the irqaffinity= boot parameter is passed on CPUMASK_OFFSTACK=y kernels(v1) (bsc#1051510). - irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP (bsc#1051510). - irqdomain: Add irq_domain_{push,pop}_irq() functions (bsc#1105378). - irqdomain: Check for NULL function pointer in irq_domain_free_irqs_hierarchy() (bsc#1105378). - irqdomain: Factor out code to add and remove items to and from the revmap (bsc#1105378). - irqdomain: Prevent potential NULL pointer dereference in irq_domain_push_irq() (bsc#1105378). - irqdomain: Update the comments of fwnode field of irq_domain structure (bsc#1051510). - isdn: Disable IIOCDBGVAR (bsc#1051510). - iw_cxgb4: remove duplicate memcpy() in c4iw_create_listen() (bsc#1046543). - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1051510). - iwlwifi: mvm: Allow TKIP for AP mode (bsc#1051510). - iwlwifi: mvm: check for n_profiles validity in EWRD ACPI (bsc#1051510). - iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface (bsc#1051510). - iwlwifi: mvm: open BA session only when sta is authorized (bsc#1051510). - iwlwifi: mvm: send BCAST management frames to the right station (bsc#1051510). - iwlwifi: pcie gen2: check iwl_pcie_gen2_set_tb() return value (bsc#1051510). - iwlwifi: pcie: do not access periphery registers when not available (bsc#1051510). - iwlwifi: pcie: gen2: build A-MSDU only for GSO (bsc#1051510). - ixgbe: Refactor queue disable logic to take completion time into account (bsc#1101557). - ixgbe: Reorder Tx/Rx shutdown to reduce time needed to stop device (bsc#1101557). - jbd2: fix use after free in jbd2_log_do_checkpoint() (bsc#1113257). - kABI: Hide get_msr_feature() in kvm_x86_ops (bsc#1106240). - kABI: protect eswitch.h include (kabi). - kABI: protect struct nf_conn (kabi). - kABI: protect struct vsock_sock (kabi). - kABI: reexport tcp_send_ack (kabi). - kABI: reexport vsock_pending_work (kabi). - kabi fix for check_disk_size_change() (bsc#1098459). - kabi protect enum mem_type (bsc#1099125). - kabi protect hnae_ae_ops (bsc#1107924). - kabi protect struct kvm_sync_regs (bsc#1106948). - kabi/severities: Whitelist libceph, rbd, and ceph (bsc#1096748). - kabi/severities: add qeth inter-module symbols to ignore list. - kabi/severities: ignore __xive_vm_h_* KVM internal symbols. - kabi/severities: ignore ppc64 realmode helpers. KVM fixes remove exports of realmode_pfn_to_page iommu_tce_xchg_rm mm_iommu_lookup_rm mm_iommu_ua_to_hpa_rm. Some are no longer used and others are no longer exported because the code was consolideted in one place. These helpers are to be called in realmode and linking to them from non-KVM modules is a bug. Hence removing them does not break KABI. - kabi: move s390 mm_context_t lock to mm_struct and ignore the change (bsc#1103421). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bsc#1105536). - kernfs: update comment about kernfs_path() return value (bsc#1051510). - kprobes/x86: Disable preemption in ftrace-based jprobes (bsc#1110006). - kprobes/x86: Fix %p uses in error messages (bsc#1110006). - kprobes/x86: Prohibit probing on exception masking instructions (bsc#1110006). - kprobes/x86: Release insn_slot in failure path (bsc#1110006). - ksm: fix unlocked iteration over vmas in cmp_and_merge_page() (VM Functionality bsc#1111806). - kvm, mm: account shadow page tables to kmemcg (bsc#1110006). - kvm/x86: kABI fix for vm_alloc/vm_free changes (bsc#1111506). - kvm: Make VM ioctl do valloc for some archs (bsc#1111506). - kvm: arm64: Convert kvm_set_s2pte_readonly() from inline asm to cmpxchg() (bsc#1108010). - kvm: nVMX: Fix fault vector for VMX operation at CPL > 0 (bsc#1106105). - kvm: nVMX: Use nested_run_pending rather than from_vmentry (bsc#1106240). - kvm: x86: Set highest physical address bits in non-present/reserved SPTEs (bsc#1106240). - kvm: x86: factor out kvm.arch.hyperv (de)init (bsc#1107207). - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl (bsc#1110006). - kvm: x86: hyperv: delete dead code in kvm_hv_hypercall() (bsc#1107207). - kvm: x86: hyperv: guest->host event signaling via eventfd (bsc#1107207). - kvm: x86: vmx: fix vpid leak (bsc#1106240). - kvmclock: fix TSC calibration for nested guests (bsc#1110006). - l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache (netfilter-stable-18_08_17). - lan78xx: Check for supported Wake-on-LAN modes (bsc#1051510). - lan78xx: Lan7801 Support for Fixed PHY (bsc#1085262). - lan78xx: Set ASD in MAC_CR when EEE is enabled (bsc#1085262). - lan78xx: remove redundant initialization of pointer 'phydev' (bsc#1085262). - leds: max8997: use mode when calling max8997_led_set_mode (bsc#1051510). - lib/bug.c: exclude non-BUG/WARN exceptions from report_bug() (bsc#1110006). - lib/iov_iter: Fix pipe handling in _copy_to_iter_mcsafe() (bsc#1098782). - lib/rhashtable: consider param->min_size when setting initial table size (bsc#1051510). - lib/test_hexdump.c: fix failure on big endian cpu (bsc#1051510). - lib/ubsan.c: s/missaligned/misaligned/ (bsc#1051510). - lib/ubsan: add type mismatch handler for new GCC/Clang (bsc#1051510). - lib/vsprintf: Remove atomic-unsafe support for %pCr (bsc#1051510). - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() (bsc#1051510). - libata: Fix command retry decision (bsc#1051510). - libata: Fix compile warning with ATA_DEBUG enabled (bsc#1051510). - libbpf: Makefile set specified permission mode (bsc#1083647). - libceph: check authorizer reply/challenge length before reading (bsc#1096748). - libceph: factor out __ceph_x_decrypt() (bsc#1096748). - libceph: factor out __prepare_write_connect() (bsc#1096748). - libceph: factor out encrypt_authorizer() (bsc#1096748). - libceph: store ceph_auth_handshake pointer in ceph_connection (bsc#1096748). - libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() (bsc#1096748). - libertas: call into generic suspend code before turning off power (bsc#1051510). - libertas: fix suspend and resume for SDIO connected cards (bsc#1051510). - libnvdimm, btt: fix uninitialized err_lock (bsc#1103961). - libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7 (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm, nfit: enable support for volatile ranges (bsc#1103961). - libnvdimm, nfit: move the check on nd_reserved2 to the endpoint (bsc#1103961). - libnvdimm, pmem: Fix memcpy_mcsafe() return code handling in nsio_rw_bytes() (bsc#1098782). - libnvdimm, pmem: Restore page attributes when clearing errors (bsc#1107783). - libnvdimm: Use max contiguous area for namespace size (git-fixes). - libnvdimm: fix ars_status output length calculation (bsc#1104890). - libnvdimm: rename nd_sector_size_{show,store} to nd_size_select_{show,store} (bsc#1103961). - liquidio: fix hang when re-binding VF host drv after running DPDK VF driver (bsc#1067126). - liquidio: fix kernel panic in VF driver (bsc#1067126). - livepatch: Remove reliable stacktrace check in klp_try_switch_task() (bsc#1071995). - livepatch: Validate module/old func name length (bsc#1071995). - livepatch: create and include UAPI headers (). - llc: use refcount_inc_not_zero() for llc_sap_find() (netfilter-stable-18_08_17). - lockd: fix 'list_add double add' caused by legacy signal interface (git-fixes). - loop: add recursion validation to LOOP_CHANGE_FD (bsc#1112711). - loop: do not call into filesystem while holding lo_ctl_mutex (bsc#1112710). - loop: fix LOOP_GET_STATUS lock imbalance (bsc#1113284). - mac80211: Fix station bandwidth setting after channel switch (bsc#1051510). - mac80211: Run TXQ teardown code before de-registering interfaces (bsc#1051510). - mac80211: add stations tied to AP_VLANs during hw reconfig (bsc#1051510). - mac80211: always account for A-MSDU header changes (bsc#1051510). - mac80211: avoid kernel panic when building AMSDU from non-linear SKB (bsc#1051510). - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bsc#1051510). - mac80211: do not Tx a deauth frame if the AP forbade Tx (bsc#1051510). - mac80211: do not convert to A-MSDU if frag/subframe limited (bsc#1051510). - mac80211: fix a race between restart and CSA flows (bsc#1051510). - mac80211: fix an off-by-one issue in A-MSDU max_subframe computation (bsc#1051510). - mac80211: fix pending queue hang due to TX_DROP (bsc#1051510). - mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys (bsc#1051510). - mac80211: mesh: fix HWMP sequence numbering to follow standard (bsc#1051510). - mac80211: minstrel: fix using short preamble CCK rates on HT clients (bsc#1051510). - mac80211: restrict delayed tailroom needed decrement (bsc#1051510). - mac80211: shorten the IBSS debug messages (bsc#1051510). - mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bsc#1051510). - mac80211_hwsim: require at least one channel (bsc#1051510). - mach64: detect the dot clock divider correctly on sparc (bsc#1051510). - macros.kernel-source: pass -b properly in kernel module package (bsc#1107870). - mailbox: xgene-slimpro: Fix potential NULL pointer dereference (bsc#1051510). - make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes). - md-cluster: clear another node's suspend_area after the copy is finished (bsc#1106333). - md-cluster: do not send msg if array is closing (bsc#1106333). - md-cluster: release RESYNC lock after the last resync message (bsc#1106688). - md-cluster: show array's status more accurate (bsc#1106333). - md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes). - md/raid1: add error handling of read error from FailFast device (git-fixes). - md/raid5-cache: disable reshape completely (git-fixes). - md/raid5: fix data corruption of replacements after originals dropped (git-fixes). - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes). - media: Revert '[media] tvp5150: fix pad format frame height' (bsc#1051510). - media: af9035: prevent buffer overflow on write (bsc#1051510). - media: cx231xx: fix potential sign-extension overflow on large shift (bsc#1051510). - media: davinci: vpif_display: Mix memory leak on probe error path (bsc#1051510). - media: dvb: fix compat ioctl translation (bsc#1051510). - media: em28xx: fix input name for Terratec AV 350 (bsc#1051510). - media: em28xx: use a default format if TRY_FMT fails (bsc#1051510). - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() (bsc#1051510). - media: fsl-viu: fix error handling in viu_of_probe() (bsc#1051510). - media: helene: fix xtal frequency setting at power on (bsc#1051510). - media: mem2mem: Remove excessive try_run call (bsc#1051510). - media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data (bsc#1051510). - media: pci: cx23885: handle adding to list failure (bsc#1051510). - media: rtl28xxu: be sure that it won't go past the array size (bsc#1051510). - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power (bsc#1051510). - media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions (bsc#1051510). - media: soc_camera: ov772x: correct setting of banding filter (bsc#1051510). - media: tm6000: add error handling for dvb_register_adapter (bsc#1051510). - media: tvp5150: avoid going past array on v4l2_querymenu() (bsc#1051510). - media: tvp5150: fix switch exit in set control handler (bsc#1051510). - media: tvp5150: fix width alignment during set_selection() (bsc#1051510). - media: tw686x: Fix oops on buffer alloc failure (bsc#1051510). - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1051510). - media: v4l2-mem2mem: Fix missing v4l2_m2m_try_run call (bsc#1051510). - media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD (bsc#1051510). - media: videobuf-dma-sg: Fix dma_{sync,unmap}_sg() calls (bsc#1051510). - media: videobuf2-core: check for q->error in vb2_core_qbuf() (bsc#1051510). - media: vsp1: Fix YCbCr planar formats pitch calculation (bsc#1051510). - mei: bus: type promotion bug in mei_nfc_if_version() (bsc#1051510). - mei: do not update offset in write (bsc#1051510). - mei: ignore not found client in the enumeration (bsc#1051510). - mei: me: enable asynchronous probing (). - memcg, thp: do not invoke oom killer on thp charges (bsc#1089663). - memory: tegra: Apply interrupts mask per SoC (bsc#1051510). - memory: tegra: Do not handle spurious interrupts (bsc#1051510). - merge hyperv part of f5caf621 - mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - mfd: arizona: Correct calling of runtime_put_sync (bsc#1051510). - mfd: arizona: Do not use regmap_read_poll_timeout (bsc#1051510). - mfd: intel-lpss: Add Ice Lake PCI IDs (bsc#1051510). - mfd: lpc_ich: Do not touch SPI-NOR write protection bit on Apollo Lake (bsc#1051510). - mfd: sm501: Set coherent_dma_mask when creating subdevices (bsc#1051510). - mfd: ti_am335x_tscadc: Fix struct clk memory leak (bsc#1051510). - mlxsw: core_acl_flex_actions: Return error for conflicting actions (netfilter-stable-18_08_17). - mm, dax: introduce pfn_t_special() (bsc#1104888). - mm, madvise_inject_error: Disable MADV_SOFT_OFFLINE for ZONE_DEVICE pages (bsc#1107783). - mm, madvise_inject_error: Let memory_failure() optionally take a page reference (bsc#1107783). - mm, memory_failure: Collect mapping size in collect_procs() (bsc#1107783). - mm, memory_failure: Teach memory_failure() about dev_pagemap pages (bsc#1107783). - mm, numa: Migrate pages to local nodes quicker early in the lifetime of a task (bsc#1101669 optimise numa balancing for fast migrate). - mm, numa: Remove rate-limiting of automatic numa balancing migration (bsc#1101669 optimise numa balancing for fast migrate). - mm, numa: Remove rate-limiting of automatic numa balancing migration kabi (bsc#1101669 optimise numa balancing for fast migrate). - mm, page_alloc: double zone's batchsize (bsc#971975 VM performance -- page allocator). - mm/huge_memory.c: fix data loss when splitting a file pmd (bsc#1107074). - mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported (bsc#1106697). - mm/migrate: Use spin_trylock() while resetting rate limit (). - mm/vmalloc: add interfaces to free unmapped page table (bsc#1110006). - mm/vmscan: wake up flushers for legacy cgroups too (bsc#1107061). - mm: /proc/pid/pagemap: hide swap entries from unprivileged users (Git-fixes bsc#1109907). - mm: Preserve _PAGE_DEVMAP across mprotect() calls (bsc#1111028). - mm: fix BUG_ON() in vmf_insert_pfn_pud() from VM_MIXEDMAP removal (bsc#1111841). - mm: fix devmem_is_allowed() for sub-page System RAM intersections (bsc#1106800). - mm: memcg: fix use after free in mem_cgroup_iter() (bsc#1107065). - mmc: block: avoid multiblock reads for the last sector in SPI mode (bsc#1051510). - mmc: omap_hsmmc: fix wakeirq handling on removal (bsc#1051510). - mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips (bsc#1051510). - mmc: sdhci: do not try to use 3.3V signaling if not supported (bsc#1051510). - mmc: tegra: prevent HS200 on Tegra 3 (bsc#1051510). - modpost: ignore livepatch unresolved relocations (). - module: exclude SHN_UNDEF symbols from kallsyms api (bsc#1071995). - move a hyperv related patch to correct place in series.conf - move changes without Git-commit out of sorted section - mwifiex: handle race during mwifiex_usb_disconnect (bsc#1051510). - net/9p/client.c: version pointer uninitialized (bsc#1051510). - net/9p/trans_fd.c: fix race by holding the lock (bsc#1051510). - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() (bsc#1051510). - net/9p: Switch to wait_event_killable() (bsc#1051510). - net/9p: fix error path of p9_virtio_probe (bsc#1051510). - net/ipv4: Set oif in fib_compute_spec_dst (netfilter-stable-18_07_23). - net/mlx5: E-Switch, Avoid setup attempt if not being e-switch manager (networking-stable-18_07_19). - net/mlx5e: Avoid dealing with vport representors if not being e-switch manager (networking-stable-18_07_19). - net/packet: fix use-after-free (networking-stable-18_07_19). - net: add support for Cavium PTP coprocessor (bsc#1110096). - net: bcmgenet: Fix sparse warnings in bcmgenet_put_tx_csum() (bsc#1051510). - net: bcmgenet: Fix unmapping of fragments in bcmgenet_xmit() (bsc#1051510). - net: bcmgenet: correct bad merge (bsc#1051510). - net: bcmgenet: enable loopback during UniMAC sw_reset (bsc#1051510). - net: bcmgenet: prevent duplicate calls of bcmgenet_dma_teardown (bsc#1051510). - net: cavium: fix NULL pointer dereference in cavium_ptp_put (bsc#1110096). - net: cavium: use module_pci_driver to simplify the code (bsc#1110096). - net: dccp: avoid crash in ccid3_hc_rx_send_feedback() (networking-stable-18_07_19). - net: dccp: switch rx_tstamp_last_feedback to monotonic clock (networking-stable-18_07_19). - net: diag: Do not double-free TCP_NEW_SYN_RECV sockets in tcp_abort (netfilter-stable-18_07_23). - net: dsa: Do not suspend/resume closed slave_dev (netfilter-stable-18_08_04). - net: ena: Eliminate duplicate barriers on weakly-ordered archs (bsc#1108093). - net: ena: Fix use of uninitialized DMA address bits field (netfilter-stable-18_08_01). - net: ena: fix device destruction to gracefully free resources (bsc#1108093). - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108093). - net: ena: fix incorrect usage of memory barriers (bsc#1108093). - net: ena: fix missing calls to READ_ONCE (bsc#1108093). - net: ena: fix missing lock during device destruction (bsc#1108093). - net: ena: fix potential double ena_destroy_device() (bsc#1108093). - net: ena: fix surprise unplug NULL dereference kernel crash (bsc#1108093). - net: ethernet: mvneta: Fix napi structure mixup on armada 3700 (networking-stable-18_08_21). - net: fix amd-xgbe flow-control issue (netfilter-stable-18_08_01). - net: fix use-after-free in GRO with ESP (networking-stable-18_07_19). - net: hns3: Fix MSIX allocation issue for VF (bsc#1104353 ). - net: hns3: Fix comments for hclge_get_ring_chain_from_mbx (bsc#1104353). - net: hns3: Fix desc num set to default when setting channel (bsc#1104353). - net: hns3: Fix for command format parsing error in hclge_is_all_function_id_zero (bsc#1104353). - net: hns3: Fix for information of phydev lost problem when down/up (bsc#1104353). - net: hns3: Fix for l4 checksum offload bug (bsc#1104353 ). - net: hns3: Fix for mac pause not disable in pfc mode (bsc#1104353). - net: hns3: Fix for mailbox message truncated problem (bsc#1104353). - net: hns3: Fix for phy link issue when using marvell phy driver (bsc#1104353). - net: hns3: Fix for reset_level default assignment probelm (bsc#1104353). - net: hns3: Fix for using wrong mask and shift in hclge_get_ring_chain_from_mbx (bsc#1104353). - net: hns3: Fix for waterline not setting correctly (bsc#1104353). - net: hns3: Fix get_vector ops in hclgevf_main module (bsc#1104353). - net: hns3: Fix return value error in hns3_reset_notify_down_enet (bsc#1104353). - net: hns3: Fix warning bug when doing lp selftest (bsc#1104353 ). - net: hns3: Prevent sending command during global or core reset (bsc#1104353). - net: hns3: Standardize the handle of return value (bsc#1104353 ). - net: hns3: add unlikely for error check (bsc#1104353 ). - net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES (bsc#1104353). - net: hns3: fix return value error while hclge_cmd_csq_clean failed (bsc#1104353). - net: hns3: modify hnae_ to hnae3_ (bsc#1104353). - net: hns3: remove some redundant assignments (bsc#1104353 ). - net: hns3: remove unnecessary ring configuration operation while resetting (bsc#1104353). - net: hns3: simplify hclge_cmd_csq_clean (bsc#1104353 ). - net: hns: add netif_carrier_off before change speed and duplex (bsc#1107924). - net: hns: add the code for cleaning pkt in chip (bsc#1107924). - net: mdio-mux: bcm-iproc: fix wrong getter and setter pair (netfilter-stable-18_08_01). - net: mvneta: fix mvneta_config_rss on armada 3700 (networking-stable-18_08_21). - net: mvneta: fix the Rx desc DMA address in the Rx path (networking-stable-18_07_19). - net: phy: consider PHY_IGNORE_INTERRUPT in phy_start_aneg_priv (netfilter-stable-18_07_27). - net: phy: fix flag masking in __set_phy_supported (netfilter-stable-18_07_23). - net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags (git-fixes). - net: skb_segment() should not return NULL (netfilter-stable-18_07_27). - net: stmmac: Fix WoL for PCI-based setups (netfilter-stable-18_08_04). - net: stmmac: mark PM functions as __maybe_unused (git-fixes). - net: sungem: fix rx checksum support (networking-stable-18_07_19). - net: systemport: Fix CRC forwarding check for SYSTEMPORT Lite (netfilter-stable-18_07_23). - net: thunder: change q_len's type to handle max ring size (bsc#1110096). - net: thunderx: Set max queue count taking XDP_TX into account (bsc#1110096). - net: thunderx: add MAC address filter tracking for LMAC (bsc#1110096). - net: thunderx: add XCAST messages handlers for PF (bsc#1110096). - net: thunderx: add multicast filter management support (bsc#1110096). - net: thunderx: add ndo_set_rx_mode callback implementation for VF (bsc#1110096). - net: thunderx: add new messages for handle ndo_set_rx_mode callback (bsc#1110096). - net: thunderx: add timestamping support (bsc#1110096). - net: thunderx: add workqueue control structures for handle ndo_set_rx_mode request (bsc#1110096). - net: thunderx: check for failed allocation lmac->dmacs (bsc#1110096). - net: thunderx: fix double free error (bsc#1110096). - net: thunderx: move filter register related macro into proper place (bsc#1110096). - net: thunderx: prevent concurrent data re-writing by nicvf_set_rx_mode (bsc#1110096). - net: thunderx: remove a couple of redundant assignments (bsc#1110096). - net: thunderx: rework mac addresses list to u64 array (bsc#1110096). - net_sched: Fix missing res info when create new tc_index filter (netfilter-stable-18_08_17). - net_sched: blackhole: tell upper qdisc about dropped packets (networking-stable-18_07_19). - netfilter: do not set F_IFACE on ipv6 fib lookups (netfilter-stable-18_06_25). - netfilter: ip6t_rpfilter: provide input interface for route lookup (netfilter-stable-18_06_25). - netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses (git-fixes). - netfilter: nat: Revert 'netfilter: nat: convert nat bysrc hash to rhashtable' (netfilter-stable-17_11_16). - netfilter: nf_tables: add missing netlink attrs to policies (netfilter-stable-18_06_27). - netfilter: nf_tables: do not assume chain stats are set when jumplabel is set (netfilter-stable-18_06_27). - netfilter: nf_tables: fix memory leak on error exit return (netfilter-stable-18_06_27). - netfilter: nf_tables: nft_compat: fix refcount leak on xt module (netfilter-stable-18_06_27). - netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain() (netfilter-stable-18_06_25). - netfilter: nft_compat: fix handling of large matchinfo size (netfilter-stable-18_06_27). - netfilter: nft_compat: prepare for indirect info storage (netfilter-stable-18_06_27). - netfilter: nft_meta: fix wrong value dereference in nft_meta_set_eval (netfilter-stable-18_06_27). - netlink: Do not shift on 64 for ngroups (git-fixes). - netlink: Do not shift with UB on nlk->ngroups (netfilter-stable-18_08_01). - netlink: Do not subscribe to non-existent groups (netfilter-stable-18_08_01). - netlink: Fix spectre v1 gadget in netlink_create() (netfilter-stable-18_08_04). - nfs/filelayout: fix oops when freeing filelayout segment (bsc#1105190). - nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds (git-fixes). - nfs41: do not return ENOMEM on LAYOUTUNAVAILABLE (git-fixes). - nfsd: remove blocked locks on client teardown (git-fixes). - nl80211: Add a missing break in parse_station_flags (bsc#1051510). - nl80211: check nla_parse_nested() return values (bsc#1051510). - nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Split label init out from the logic for getting config data (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Use namespace index data to reduce number of label reads needed (bsc#1111921, bsc#1113408, bsc#1113972). - nvme: call nvme_complete_rq when nvmf_check_ready fails for mpath I/O (bsc#1107685). - nvme: register ns_id attributes as default sysfs groups (bsc#1105247). - nvme_fc: add 'nvme_discovery' sysfs attribute to fc transport device (bsc#1044189). - objtool, kprobes/x86: Sync the latest asm/insn.h header with tools/objtool/arch/x86/include/asm/insn.h (bsc#1110006). - of: add helper to lookup compatible child node (bsc#1106110) - orangefs: fix deadlock; do not write i_size in read_iter (bsc#1051510). - orangefs: initialize op on loop restart in orangefs_devreq_read (bsc#1051510). - orangefs: use list_for_each_entry_safe in purge_waiting_ops (bsc#1051510). - orangefs_kill_sb(): deal with allocation failures (bsc#1051510). - ovl: Sync upper dirty data when syncing overlayfs (git-fixes). - ovl: fix format of setxattr debug (git-fixes). - parport: sunbpp: fix error return code (bsc#1051510). - partitions/aix: append null character to print data from disk (bsc#1051510). - partitions/aix: fix usage of uninitialized lv_info and lvname structures (bsc#1051510). - perf/x86/amd/ibs: Do not access non-started event (bsc#1110006). - perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr (bsc#1110006). - perf/x86/intel/lbr: Fix incomplete LBR call stack (bsc#1110006). - perf/x86/intel/uncore: Correct fixed counter index check for NHM (bsc#1110006). - perf/x86/intel/uncore: Correct fixed counter index check in generic code (bsc#1110006). - perf/x86/intel/uncore: Fix Skylake UPI event format (bsc#1110006). - perf/x86/intel: Do not accidentally clear high bits in bdw_limit_period() (bsc#1110006). - perf/x86/intel: Fix event update for auto-reload (bsc#1110006). - perf/x86/intel: Fix large period handling on Broadwell CPUs (bsc#1110006). - perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs (bsc#1110006). - perf/x86/intel: Properly save/restore the PMU state in the NMI handler (bsc#1110006). - perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver (bsc#1110006). - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* (bsc#1110006). - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() (bsc#1110006). - pinctrl/amd: only handle irq if it is pending and unmasked (bsc#1051510). - pinctrl: cannonlake: Fix HOSTSW_OWN register offset of H variant (bsc#1051510). - pipe: actually allow root to exceed the pipe buffer limits (bsc#1106297). - pipe: match pipe_max_size data type with procfs (git-fixes). - platform/x86: alienware-wmi: Correct a memory leak (bsc#1051510). - platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 (bsc#1051510). - platform/x86: thinkpad_acpi: Proper model/release matching (bsc#1051510). - platform/x86: toshiba_acpi: Fix defined but not used build warnings (bsc#1051510). - pmem: Switch to copy_to_iter_mcsafe() (bsc#1098782). - pnfs/blocklayout: off by one in bl_map_stripe() (git-fixes). - power: gemini-poweroff: Avoid more spurious poweroffs (bsc#1051510). - power: generic-adc-battery: check for duplicate properties copied from iio channels (bsc#1051510). - power: generic-adc-battery: fix out-of-bounds write when copying channel properties (bsc#1051510). - power: remove possible deadlock when unregistering power_supply (bsc#1051510). - power: supply: axp288_charger: Fix initial constant_charge_current value (bsc#1051510). - power: supply: max77693_charger: fix unintentional fall-through (bsc#1051510). - power: vexpress: fix corruption in notifier registration (bsc#1051510). - powernv/pseries: consolidate code for mce early handling (bsc#1094244). - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032, git-fixes). - powerpc/64s: Fix DT CPU features Power9 DD2.1 logic (bsc#1055117). - powerpc/64s: Fix compiler store ordering to SLB shadow area (bsc#1094244). - powerpc/64s: move machine check SLB flushing to mm/slb.c (bsc#1094244). - powerpc/fadump: cleanup crash memory ranges support (bsc#1103269). - powerpc/fadump: re-register firmware-assisted dump if already registered (bsc#1108170, bsc#1108823). - powerpc/firmware: Add definitions for new drc-info firmware feature (bsc#1109158). - powerpc/kprobes: Fix call trace due to incorrect preempt count (bsc#1065729). - powerpc/kvm/booke: Fix altivec related build break (bsc#1061840). - powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840). - powerpc/lib: Fix the feature fixup tests to actually work (bsc#1065729). - powerpc/mce: Fix SLB rebolting during MCE recovery path (bsc#1094244). - powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb (bsc#1091800). - powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840). - powerpc/numa: Skip onlining a offline node in kdump path (bsc#1109784). - powerpc/numa: Use associativity if VPHN hcall is successful (bsc#1110363). - powerpc/perf: Fix IMC allocation routine (bsc#1054914). - powerpc/perf: Fix memory allocation for core-imc based on num_possible_cpus() (bsc#1054914). - powerpc/perf: Remove sched_task function defined for thread-imc (bsc#1054914). - powerpc/pkeys: Fix reading of ibm, processor-storage-keys property (bsc#1109244). - powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1055120). - powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840). - powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840). - powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840). - powerpc/powernv/npu: Do a PID GPU TLB flush when invalidating a large address range (bsc#1055120). - powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840). - powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840). - powerpc/powernv: Rework TCE level allocation (bsc#1061840). - powerpc/pseries/mm: Introducing FW_FEATURE_BLOCK_REMOVE (bsc#1109158). - powerpc/pseries/mm: call H_BLOCK_REMOVE (bsc#1109158). - powerpc/pseries/mm: factorize PTE slot computation (bsc#1109158). - powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX (bsc#1094244). - powerpc/pseries: Defer the logging of rtas error to irq work queue (bsc#1094244). - powerpc/pseries: Define MCE error event section (bsc#1094244). - powerpc/pseries: Disable CPU hotplug across migrations (bsc#1065729). - powerpc/pseries: Display machine check error details (bsc#1094244). - powerpc/pseries: Dump the SLB contents on SLB MCE errors (bsc#1094244). - powerpc/pseries: Fix 'OF: ERROR: Bad of_node_put() on /cpus' during DLPAR (bsc#1113295). - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes). - powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug (bsc#1079524, git-fixes). - powerpc/pseries: Fix duplicate firmware feature for DRC_INFO (bsc#1109158). - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler (bsc#1094244). - powerpc/pseries: Flush SLB contents on SLB MCE errors (bsc#1094244). - powerpc/pseries: Remove prrn_work workqueue (bsc#1102495, bsc#1109337). - powerpc/pseries: Remove unneeded uses of dlpar work queue (bsc#1102495, bsc#1109337). - powerpc/pseries: fix EEH recovery of some IOV devices (bsc#1078720, git-fixes). - powerpc/rtas: Fix a potential race between CPU-Offline Migration (bsc#1111870). - powerpc/tm: Avoid possible userspace r1 corruption on reclaim (bsc#1109333). - powerpc/tm: Fix userspace r13 corruption (bsc#1109333). - powerpc/topology: Get topology for shared processors at boot (bsc#1104683). - powerpc/xive: Fix trying to 'push' an already active pool VP (bsc#1085030, git-fixes). - powerpc/xive: Move definition of ESB bits (bsc#1061840). - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840). - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157, git-fixes). - powerpc: Avoid code patching freed init sections (bsc#1107735). - powerpc: Fix size calculation using resource_size() (bsc#1012382). - powerpc: KABI add aux_ptr to hole in paca_struct to extend it with additional members (bsc#1094244). - powerpc: KABI: move mce_data_buf into paca_aux (bsc#1094244). - powerpc: make feature-fixup tests fortify-safe (bsc#1065729). - powerpc: pseries: remove dlpar_attach_node dependency on full path (bsc#1113295). - ppp: Destroy the mutex when cleanup (bsc#1051510). - ppp: fix __percpu annotation (bsc#1051510). - printk/tracing: Do not trace printk_nmi_enter() (bsc#1112208). - printk: drop in_nmi check from printk_safe_flush_on_panic() (bsc#1112170). - proc: restrict kernel stack dumps to root (git-fixes). blacklist.conf: - pstore: Fix incorrect persistent ram buffer mapping (bsc#1051510). - ptp: fix missing break in switch (bsc#1105355). - ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE (bsc#1105355). - ptr_ring: fix up after recent ptr_ring changes (bsc#1105355). - ptr_ring: prevent integer overflow when calculating size (bsc#1105355). - ptrace,x86: Make user_64bit_mode() available to 32-bit builds (bsc#1110006). - pwm: tiehrpwm: Fix disabling of output of PWMs (bsc#1051510). - qed: Add missing device config for RoCE EDPM in UFP mode (bsc#1109217). - qed: Avoid sending mailbox commands when MFW is not responsive (bsc#1050536). - qed: Do not add VLAN 0 tag to untagged frames in multi-function mode (bsc#1050536). - qed: Fix populating the invalid stag value in multi function mode (bsc#1050536). - qed: Fix shmem structure inconsistency between driver and the mfw (bsc#1110561). - qed: Prevent a possible deadlock during driver load and unload (bsc#1050536). - qed: Wait for MCP halt and resume commands to take place (bsc#1050536). - qed: Wait for ready indication before rereading the shmem (bsc#1050536). - qlcnic: fix Tx descriptor corruption on 82xx devices (bsc#1050540). - qlge: Fix netdev features configuration (bsc#1098822). - qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface (bsc#1051510). - qmi_wwan: set DTR for modems in forced USB2 mode (bsc#1051510). - qrtr: add MODULE_ALIAS macro to smd (bsc#1051510). - r8152: Check for supported Wake-on-LAN Modes (bsc#1051510). - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED (bsc#1051510). - r8169: add support for NCube 8168 network card (bsc#1051510). - race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes). - random: add new ioctl RNDRESEEDCRNG (bsc#1051510). - random: fix possible sleeping allocation from irq context (bsc#1051510). - random: mix rdrand with entropy sent in from userspace (bsc#1051510). - random: rate limit unseeded randomness warnings (git-fixes). - random: set up the NUMA crng instances after the CRNG is fully initialized (bsc#1051510). - rculist: Improve documentation for list_for_each_entry_from_rcu() (bsc#1084760). - rculist: add list_for_each_entry_from_rcu() (bsc#1084760). - readahead: stricter check for bdi io_pages (VM Functionality, git fixes). - regulator: fix crash caused by null driver data (bsc#1051510). - reiserfs: add check to detect corrupted directory entry (bsc#1109818). - reiserfs: do not panic on bad directory entries (bsc#1109818). - reiserfs: fix broken xattr handling (heap corruption, bad retval) (bsc#1106236). - rename a hv patch to reduce conflicts in -AZURE - rename/renumber hv patches to simplify upcoming upstream merges Good Bye automerge. Hello Conflicts. - rename/renumber hv patches to simplify upcoming upstream merges No code changes. - reorder a qedi patch to allow further work in this branch - resort series.conf - resource: Include resource end in walk_*() interfaces (bsc#1114279). - rhashtable: add schedule points (bsc#1051510). - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() (bsc#1051510). - root dentries need RCU-delayed freeing (bsc#1106297). - rpc_pipefs: fix double-dput() (bsc#1051510). - rpm/kernel-binary.spec.in: fix call of split-modules split-modules is called with some parameters depending on config options. But since we do not use backslash consistelny, the call to split-modules might be evaluated so that also the following cat command is appended. Avoid this behaviour by using backslashes everywhere and add %nil to the end. This perhaps never happens, but stay on the safe side. - rpm/mkspec: build dtbs for architectures marked -!needs_updating - rpm/mkspec: fix ppc64 kernel-source build. - rpmsg: Correct support for MODULE_DEVICE_TABLE() (git-fixes). - rsi: Fix 'invalid vdd' warning in mmc (bsc#1051510). - rtc: bq4802: add error handling for devm_ioremap (bsc#1051510). - rtnetlink: add rtnl_link_state check in rtnl_configure_link (netfilter-stable-18_07_27). - rxrpc: Fix user call ID check in rxrpc_service_prealloc_one (netfilter-stable-18_08_04). - s390/crypto: Fix return code checking in cbc_paes_crypt() (bsc#1108323, LTC#171709). - s390/entry.S: use assembler alternatives (bsc#1103421). - s390/lib: use expoline for all bcr instructions (git-fixes, bsc#1103421). - s390/mm: fix local TLB flushing vs. detach of an mm address space (bsc#1103421). - s390/mm: fix race on mm->context.flush_mm (bsc#1103421). - s390/pci: fix out of bounds access during irq setup (bsc#1108323, LTC#171068). - s390/qdio: reset old sbal_state flags (LTC#171525, bsc#1106948). - s390/qeth: consistently re-enable device features (bsc#1104482, LTC#170340). - s390/qeth: do not clobber buffer on async TX completion (bsc#1104482, LTC#170340). - s390/qeth: rely on kernel for feature recovery (bsc#1104482, LTC#170340). - s390/qeth: use vzalloc for QUERY OAT buffer (LTC#171527, bsc#1106948). - s390/runtime instrumentation: simplify task exit handling (bsc#1103421). - s390: Prevent hotplug rwsem recursion (bsc#1105731). - s390: always save and restore all registers on context switch (bsc#1103421). - s390: detect etoken facility (bsc#1103421). - s390: fix br_r1_trampoline for machines without exrl (git-fixes, bsc#1103421). - s390: fix compat system call table (bsc#1103421). - s390: fix handling of -1 in set{,fs}id16 syscalls (bsc#1103421). - s390: use expoline thunks for all branches generated by the BPF JIT (bsc#1103421). - samples/bpf: adjust rlimit RLIMIT_MEMLOCK for xdp1 (bsc#1083647). - sched/fair: Fix bandwidth timer clock drift condition (Git-fixes). - sched/fair: Fix vruntime_normalized() for remote non-migration wakeup (git-fixes). - sched/isolcpus: Fix 'isolcpus=' boot parameter handling when !CONFIG_CPUMASK_OFFSTACK (bsc#1107207). - sched/numa: Avoid task migration for small NUMA improvement (bsc#1101669 optimise numa balancing for fast migrate). - sched/numa: Do not move imbalanced load purely on the basis of an idle CPU (bsc#1101669 optimise numa balancing for fast migrate). - sched/numa: Evaluate move once per node (bsc#1101669 optimise numa balancing for fast migrate). - sched/numa: Limit the conditions where scan period is reset (). - sched/numa: Pass destination CPU as a parameter to migrate_task_rq (bsc#1101669 optimise numa balancing for fast migrate). - sched/numa: Pass destination CPU as a parameter to migrate_task_rq kabi (bsc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove numa_has_capacity() (bsc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove unused task_capacity from 'struct numa_stats' (bsc#1101669 optimise numa balancing for fast migrate). - sched/numa: Reset scan rate whenever task moves across nodes (bsc#1101669 optimise numa balancing for fast migrate). - sched/numa: Stop comparing tasks for NUMA placement after selecting an idle core (bsc#1101669 optimise numa balancing for fast migrate). - sched/numa: Stop multiple tasks from moving to the CPU at the same time (bsc#1101669 optimise numa balancing for fast migrate). - sched/numa: Stop multiple tasks from moving to the CPU at the same time kabi (bsc#1101669 optimise numa balancing for fast migrate). - sched/numa: remove unused code from update_numa_stats() (bsc#1101669 optimise numa balancing for fast migrate). - sched/numa: remove unused nr_running field (bsc#1101669 optimise numa balancing for fast migrate). - scripts/git_sort/git_sort.py: Add fixes branch from mkp/scsi.git. - scripts/git_sort/git_sort.py: add libnvdimm-for-next branch - scripts/git_sort/git_sort.py: add mkp 4.20/scsi-queue - scripts: modpost: check memory allocation results (bsc#1051510). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: cxlflash: Abstract hardware dependent assignments (). - scsi: cxlflash: Acquire semaphore before invoking ioctl services (). - scsi: cxlflash: Adapter context init can return error (). - scsi: cxlflash: Adapter context support for OCXL (). - scsi: cxlflash: Add argument identifier names (). - scsi: cxlflash: Add include guards to backend.h (). - scsi: cxlflash: Avoid clobbering context control register value (). - scsi: cxlflash: Enable OCXL operations (). - scsi: cxlflash: Explicitly cache number of interrupts per context (). - scsi: cxlflash: Handle spurious interrupts (). - scsi: cxlflash: Hardware AFU for OCXL (). - scsi: cxlflash: Introduce OCXL backend (). - scsi: cxlflash: Introduce OCXL context state machine (). - scsi: cxlflash: Introduce object handle fop (). - scsi: cxlflash: Isolate external module dependencies (). - scsi: cxlflash: Limit the debug logs in the IO path (). - scsi: cxlflash: MMIO map the AFU (). - scsi: cxlflash: Preserve number of interrupts for master contexts (). - scsi: cxlflash: Read host AFU configuration (). - scsi: cxlflash: Read host function configuration (). - scsi: cxlflash: Register for translation errors (). - scsi: cxlflash: Remove commmands from pending list on timeout (). - scsi: cxlflash: Remove embedded CXL work structures (). - scsi: cxlflash: Setup AFU PASID (). - scsi: cxlflash: Setup AFU acTag range (). - scsi: cxlflash: Setup LISNs for master contexts (). - scsi: cxlflash: Setup LISNs for user contexts (). - scsi: cxlflash: Setup OCXL transaction layer (). - scsi: cxlflash: Setup function OCXL link (). - scsi: cxlflash: Setup function acTag range (). - scsi: cxlflash: Staging to support future accelerators (). - scsi: cxlflash: Support AFU interrupt management (). - scsi: cxlflash: Support AFU interrupt mapping and registration (). - scsi: cxlflash: Support AFU reset (). - scsi: cxlflash: Support AFU state toggling (). - scsi: cxlflash: Support adapter context discovery (). - scsi: cxlflash: Support adapter context mmap and release (). - scsi: cxlflash: Support adapter context polling (). - scsi: cxlflash: Support adapter context reading (). - scsi: cxlflash: Support adapter file descriptors for OCXL (). - scsi: cxlflash: Support file descriptor mapping (). - scsi: cxlflash: Support image reload policy modification (). - scsi: cxlflash: Support process element lifecycle (). - scsi: cxlflash: Support process specific mappings (). - scsi: cxlflash: Support reading adapter VPD data (). - scsi: cxlflash: Support starting an adapter context (). - scsi: cxlflash: Support starting user contexts (). - scsi: cxlflash: Synchronize reset and remove ops (). - scsi: cxlflash: Use IDR to manage adapter contexts (). - scsi: cxlflash: Use local mutex for AFU serialization (). - scsi: cxlflash: Yield to active send threads (). - scsi: fcoe: hold disc_mutex when traversing rport lists (bsc#1077989). - scsi: hisi_sas: Add SATA FIS check for v3 hw (). - scsi: hisi_sas: Add a flag to filter PHY events during reset (). - scsi: hisi_sas: Add missing PHY spinlock init (). - scsi: hisi_sas: Adjust task reject period during host reset (). - scsi: hisi_sas: Drop hisi_sas_slot_abort() (). - scsi: hisi_sas: Fix the conflict between dev gone and host reset (). - scsi: hisi_sas: Fix the failure of recovering PHY from STP link timeout (). - scsi: hisi_sas: Implement handlers of PCIe FLR for v3 hw (). - scsi: hisi_sas: Only process broadcast change in phy_bcast_v3_hw() (). - scsi: hisi_sas: Pre-allocate slot DMA buffers (). - scsi: hisi_sas: Release all remaining resources in clear nexus ha (). - scsi: hisi_sas: Tidy hisi_sas_task_prep() (). - scsi: hisi_sas: Use dmam_alloc_coherent() (). - scsi: hisi_sas: add memory barrier in task delivery function (). - scsi: hisi_sas: relocate some common code for v3 hw (). - scsi: hisi_sas: tidy channel interrupt handler for v3 hw (). - scsi: hisi_sas: tidy host controller reset function a bit (). - scsi: hpsa: limit transfer length to 1MB, not 512kB (bsc#1102346). - scsi: ipr: Eliminate duplicate barriers (). - scsi: ipr: System hung while dlpar adding primary ipr adapter back (bsc#1109336). - scsi: ipr: Use dma_pool_zalloc() (). - scsi: ipr: fix incorrect indentation of assignment statement (). - scsi: libfc: Add lockdep annotations (bsc#1077989). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: fixup 'sleeping function called from invalid context' (bsc#1077989). - scsi: libfc: fixup lockdep annotations (bsc#1077989). - scsi: libfc: hold disc_mutex in fc_disc_stop_rports() (bsc#1077989). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: lpfc: Correct MDS diag and nvmet configuration (bsc#1106636). - scsi: mpt3sas: Fix calltrace observed while running IO reset (bsc#1077989). - scsi: netvsc: Use the vmbus function to calculate ring buffer percentage (bsc#1107207). - scsi: qedi: Add the CRC size within iSCSI NVM image (bsc#1110538). - scsi: qedi: Initialize the stats mutex lock (bsc#1110538). - scsi: qla2xxx: Add appropriate debug info for invalid RX_ID (bsc#1108870). - scsi: qla2xxx: Add logic to detect ABTS hang and response completion (bsc#1108870). - scsi: qla2xxx: Add longer window for chip reset (bsc#1086327,). - scsi: qla2xxx: Add mode control for each physical port (bsc#1108870). - scsi: qla2xxx: Add support for ZIO6 interrupt threshold (bsc#1108870). - scsi: qla2xxx: Allow FC-NVMe underrun to be handled by transport (bsc#1108870). - scsi: qla2xxx: Check for Register disconnect (bsc#1108870). - scsi: qla2xxx: Cleanup for N2N code (bsc#1086327,). - scsi: qla2xxx: Decrement login retry count for only plogi (bsc#1108870). - scsi: qla2xxx: Defer chip reset until target mode is enabled (bsc#1108870). - scsi: qla2xxx: Fix ISP recovery on unload (bsc#1086327,). - scsi: qla2xxx: Fix Management Server NPort handle reservation logic (bsc#1086327,). - scsi: qla2xxx: Fix N2N link re-connect (bsc#1086327,). - scsi: qla2xxx: Fix NVMe Target discovery (bsc#1108870). - scsi: qla2xxx: Fix NVMe session hang on unload (bsc#1108870). - scsi: qla2xxx: Fix Remote port registration (bsc#1108870). - scsi: qla2xxx: Fix deadlock between ATIO and HW lock (bsc#1108870). - scsi: qla2xxx: Fix double increment of switch scan retry count (bsc#1108870). - scsi: qla2xxx: Fix driver hang when FC-NVMe LUNs are configured (bsc#1108870). - scsi: qla2xxx: Fix dropped srb resource (bsc#1108870). - scsi: qla2xxx: Fix duplicate switch database entries (bsc#1108870). - scsi: qla2xxx: Fix duplicate switch's Nport ID entries (bsc#1108870). - scsi: qla2xxx: Fix early srb free on abort (bsc#1108870). - scsi: qla2xxx: Fix for double free of SRB structure (bsc#1108870). - scsi: qla2xxx: Fix iIDMA error (bsc#1108870). - scsi: qla2xxx: Fix incorrect port speed being set for FC adapters (bsc#1108870). - scsi: qla2xxx: Fix issue reported by static checker for qla2x00_els_dcmd2_sp_done() (bsc#1086327,). - scsi: qla2xxx: Fix login retry count (bsc#1086327,). - scsi: qla2xxx: Fix memory leak for allocating abort IOCB (bsc#1111830). - scsi: qla2xxx: Fix out of order Termination and ABTS response (bsc#1108870). - scsi: qla2xxx: Fix port speed display on chip reset (bsc#1108870). - scsi: qla2xxx: Fix premature command free (bsc#1108870). - scsi: qla2xxx: Fix process response queue for ISP26XX and above (bsc#1108870). - scsi: qla2xxx: Fix race between switch cmd completion and timeout (bsc#1086327,). - scsi: qla2xxx: Fix race condition for resource cleanup (bsc#1108870). - scsi: qla2xxx: Fix re-using LoopID when handle is in use (bsc#1108870). - scsi: qla2xxx: Fix recursive mailbox timeout (bsc#1108870). - scsi: qla2xxx: Fix redundant fc_rport registration (bsc#1086327,). - scsi: qla2xxx: Fix session state stuck in Get Port DB (bsc#1086327,). - scsi: qla2xxx: Fix stalled relogin (bsc#1086327,). - scsi: qla2xxx: Fix stuck session in PLOGI state (bsc#1108870). - scsi: qla2xxx: Fix unintended Logout (bsc#1086327,). - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1086327,). - scsi: qla2xxx: Force fw cleanup on ADISC error (bsc#1108870). - scsi: qla2xxx: Increase abort timeout value (bsc#1108870). - scsi: qla2xxx: Migrate NVME N2N handling into state machine (bsc#1086327,). - scsi: qla2xxx: Move ABTS code behind qpair (bsc#1108870). - scsi: qla2xxx: Move log messages before issuing command to firmware (bsc#1108870). - scsi: qla2xxx: Move rport registration out of internal work_list (bsc#1108870). - scsi: qla2xxx: Move {get|rel}_sp to base_qpair struct (bsc#1108870). - scsi: qla2xxx: Prevent sysfs access when chip is down (bsc#1086327,). - scsi: qla2xxx: Reduce holding sess_lock to prevent CPU lock-up (bsc#1108870). - scsi: qla2xxx: Reject bsg request if chip is down (bsc#1108870). - scsi: qla2xxx: Remove ASYNC GIDPN switch command (bsc#1108870). - scsi: qla2xxx: Remove all rports if fabric scan retry fails (bsc#1108870). - scsi: qla2xxx: Remove redundant check for fcport deletion (bsc#1108870). - scsi: qla2xxx: Remove stale ADISC_DONE event (bsc#1108870). - scsi: qla2xxx: Remove stale debug trace message from tcm_qla2xxx (bsc#1108870). - scsi: qla2xxx: Return switch command on a timeout (bsc#1108870). - scsi: qla2xxx: Save frame payload size from ICB (bsc#1086327,). - scsi: qla2xxx: Serialize mailbox request (bsc#1108870). - scsi: qla2xxx: Silent erroneous message (bsc#1086327,). - scsi: qla2xxx: Spinlock recursion in qla_target (bsc#1086327,). - scsi: qla2xxx: Terminate Plogi/PRLI if WWN is 0 (bsc#1108870). - scsi: qla2xxx: Turn off IOCB timeout timer on IOCB completion (bsc#1108870). - scsi: qla2xxx: Update driver to version 10.00.00.09-k (bsc#1108870). - scsi: qla2xxx: Update driver version to 10.00.00.08-k (bsc#1086327,). - scsi: qla2xxx: Update driver version to 10.00.00.10-k (bsc#1108870). - scsi: qla2xxx: Update driver version to 10.00.00.11-k (bsc#1108870). - scsi: qla2xxx: Update rscn_rcvd field to more meaningful scan_needed (bsc#1108870). - scsi: qla2xxx: Use correct qpair for ABTS/CMD (bsc#1108870). - scsi: qla2xxx: do not allow negative thresholds (bsc#1108870). - scsi: qla2xxx: shutdown chip if reset fail (bsc#1108870). - scsi: storsvc: do not set a bounce limit (bsc#1107207). - scsi: storvsc: Avoid allocating memory for temp cpumasks (bsc#1107207). - scsi: storvsc: Select channel based on available percentage of ring buffer to write (bsc#1107207). - scsi: storvsc: Set up correct queue depth values for IDE devices (bsc#1107207). - scsi: target: prefer dbroot of /etc/target over /var/target (bsc#1111928). - scsi: vmbus: Add function to report available ring buffer to write in total ring size percentage (bsc#1107207). - scsi_debug: call resp_XXX function after setting host_scribble (bsc#1069138). - scsi_debug: reset injection flags for every_nth > 0 (bsc#1069138). - security: check for kstrdup() failure in lsm_append() (bsc#1051510). - selftests/bpf/test_maps: exit child process without error in ENOMEM case (bsc#1083647). - selftests/bpf: fix a typo in map in map test (bsc#1083647). - selftests/x86: Add tests for User-Mode Instruction Prevention (bsc#1110006). - selftests/x86: Add tests for the STR and SLDT instructions (bsc#1110006). - serial: 8250: Do not service RX FIFO if interrupts are disabled (bsc#1051510). - serial: 8250: Fix clearing FIFOs in RS485 mode again (bsc#1051510). - serial: 8250_dw: Add ACPI support for uart on Broadcom SoC (bsc#1051510). - serial: 8250_dw: always set baud rate in dw8250_set_termios (bsc#1051510). - serial: 8250_exar: Read INT0 from slave device, too (bsc#1051510). - serial: core: mark port as initialized after successful IRQ change (bsc#1051510). - serial: cpm_uart: return immediately from console poll (bsc#1051510). - serial: enable spi in sc16is7xx driver References: bsc#1105672 - serial: imx: restore handshaking irq for imx1 (bsc#1051510). - serial: make sc16is7xx driver supported References: bsc#1105672 - serial: pxa: Fix an error handling path in 'serial_pxa_probe()' (bsc#1051510). - serial: sh-sci: Stop RX FIFO timer during port shutdown (bsc#1051510). - serial: xuartps: fix typo in cdns_uart_startup (bsc#1051510). - series.conf: moved some Xen patches to the sorted region xen/blkfront: correct purging of persistent grants (bsc#1112514). - signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006). - slab: __GFP_ZERO is incompatible with a constructor (bsc#1107060). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - smsc75xx: Check for Wake-on-LAN modes (bsc#1051510). - smsc95xx: Check for Wake-on-LAN modes (bsc#1051510). - soc/tegra: pmc: Fix child-node lookup (bsc#1051510). - soc: fsl: qe: Fix copy/paste bug in ucc_get_tdm_sync_shift() (bsc#1051510). - soc: mediatek: pwrap: fix cipher init setting error (bsc#1051510). - sock_diag: fix use-after-free read in __sk_free (bsc#1051510). - soreuseport: initialise timewait reuseport field (bsc#1051510). - sound: do not call skl_init_chip() to reset intel skl soc (bsc#1051510). - sound: enable interrupt after dma buffer initialization (bsc#1051510). - spi-nor: intel-spi: Fix number of protected range registers for BYT/LPT (). - spi/bcm63xx-hsspi: keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: switch back to reading flash using smaller chunks (bsc#1051510). - spi: cadence: Change usleep_range() to udelay(), for atomic context (bsc#1051510). - spi: davinci: fix a NULL pointer dereference (bsc#1051510). - spi: pxa2xx: Add support for Intel Ice Lake (bsc#1051510). - spi: rspi: Fix interrupted DMA transfers (bsc#1051510). - spi: rspi: Fix invalid SPI use during system suspend (bsc#1051510). - spi: sh-msiof: Fix handling of write value for SISTR register (bsc#1051510). - spi: sh-msiof: Fix invalid SPI use during system suspend (bsc#1051510). - spi: sh-msiof: fix deferred probing (bsc#1051510). - spi: tegra20-slink: explicitly enable/disable clock (bsc#1051510). - squashfs metadata 2: electric boogaloo (bsc#1051510). - squashfs: be more careful about metadata corruption (bsc#1051510). - squashfs: more metadata hardening (bsc#1051510). - squashfs: more metadata hardening (bsc#1051510). - sr9800: Check for supported Wake-on-LAN modes (bsc#1051510). - sr: get/drop reference to device in revalidate and check_events (bsc#1109979). - staging: bcm2835-audio: Check if workqueue allocation failed (). - staging: bcm2835-audio: Deliver indirect-PCM transfer error (). - staging: bcm2835-audio: Disconnect and free vchi_instance on module_exit() (). - staging: bcm2835-audio: Do not leak workqueue if open fails (). - staging: bcm2835-audio: constify snd_pcm_ops structures (). - staging: bcm2835-audio: make snd_pcm_hardware const (). - staging: bcm2835-camera: fix timeout handling in wait_for_completion_timeout (bsc#1051510). - staging: bcm2835-camera: handle wait_for_completion_timeout return properly (bsc#1051510). - staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice (bsc#1051510). - staging: comedi: ni_mio_common: protect register write overflow (bsc#1051510). - staging: lustre: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1051510). - staging: lustre: disable preempt while sampling processor id (bsc#1051510). - staging: lustre: fix bug in osc_enter_cache_try (bsc#1051510). - staging: lustre: ldlm: free resource when ldlm_lock_create() fails (bsc#1051510). - staging: lustre: libcfs: Prevent harmless read underflow (bsc#1051510). - staging: lustre: libcfs: fix test for libcfs_ioctl_hdr minimum size (bsc#1051510). - staging: lustre: llite: correct removexattr detection (bsc#1051510). - staging: lustre: llite: initialize xattr->xe_namelen (bsc#1051510). - staging: lustre: lmv: correctly iput lmo_root (bsc#1051510). - staging: lustre: lov: use correct env in lov_io_data_version_end() (bsc#1051510). - staging: lustre: o2iblnd: Fix FastReg map/unmap for MLX5 (bsc#1051510). - staging: lustre: o2iblnd: Fix crash in kiblnd_handle_early_rxs() (bsc#1051510). - staging: lustre: o2iblnd: fix race at kiblnd_connect_peer (bsc#1051510). - staging: lustre: obd_mount: use correct niduuid suffix (bsc#1051510). - staging: lustre: obdclass: return -EFAULT if copy_from_user() fails (bsc#1051510). - staging: lustre: ptlrpc: kfree used instead of kvfree (bsc#1051510). - staging: lustre: remove invariant in cl_io_read_ahead() (bsc#1051510). - staging: lustre: statahead: remove incorrect test on agl_list_empty() (bsc#1051510). - staging: rts5208: fix missing error check on call to rtsx_write_register (bsc#1051510). - staging: vc04_services: Fix platform_no_drv_owner.cocci warnings (). - staging: vc04_services: bcm2835-audio Format multiline comment (). - staging: vc04_services: bcm2835-audio: Add blank line after declaration (). - staging: vc04_services: bcm2835-audio: Change to unsigned int * (). - staging: vc04_services: bcm2835-audio: add SPDX identifiers (). - staging: vc04_services: bcm2835-audio: remove redundant license text (). - staging: vc04_services: please do not use multiple blank lines (). - stm: Potential read overflow in stm_char_policy_set_ioctl() (bsc#1051510). - stmmac: fix DMA channel hang in half-duplex mode (networking-stable-18_07_19). - string: drop __must_check from strscpy() and restore strscpy() usages in cgroup (bsc#1051510). - strparser: Remove early eaten to fix full tcp receive buffer stall (networking-stable-18_07_19). - sunxi-rsb: Include OF based modalias in device uevent (bsc#1051510). - switchtec: Fix Spectre v1 vulnerability (bsc#1051510). - sys: do not hold uts_sem while accessing userspace memory (bsc#1106995). - sysfs: Do not return POSIX ACL xattrs via listxattr (git-fixes). - target: log Data-Out timeouts as errors (bsc#1095805). - target: log NOP ping timeouts as errors (bsc#1095805). - target: split out helper for cxn timeout error stashing (bsc#1095805). - target: stash sess_err_stats on Data-Out timeout (bsc#1095805). - target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805). - target_core_rbd: break up free_device callback (bsc#1105524). - target_core_rbd: use RCU in free_device (bsc#1105524). - team: Forbid enslaving team device to itself (bsc#1051510). - thermal: of-thermal: disable passive polling when thermal zone is disabled (bsc#1051510). - thermal: thermal_hwmon: Convert to hwmon_device_register_with_info() (bsc#1103363). - thermal_hwmon: Pass the originating device down to hwmon_device_register_with_info (bsc#1103363). - thermal_hwmon: Sanitize attribute name passed to hwmon (bsc#1103363). - ti: ethernet: cpdma: Use correct format for genpool_* (bsc#1051510). - tools build: fix # escaping in .cmd files for future Make (git-fixes). - tools/hv: Fix IP reporting by KVP daemon with SRIOV (bsc#1107207). - tools/power turbostat: Read extended processor family from CPUID (bsc#1051510). - tools/power turbostat: fix -S on UP systems (bsc#1051510). - tools/vm/page-types.c: fix 'defined but not used' warning (bsc#1051510). - tools/vm/slabinfo.c: fix sign-compare warning (bsc#1051510). - tools: hv: fcopy: set 'error' in case an unknown operation was requested (bsc#1107207). - tools: hv: fix compiler warnings about major/target_fname (bsc#1107207). - tools: hv: include string.h in hv_fcopy_daemon (bsc#1107207). - tools: hv: update lsvmbus to be compatible with python3 (bsc#1107207). - tools: usb: ffs-test: Fix build on big endian systems (bsc#1051510). - tpm: Introduce flag TPM_TRANSMIT_RAW (bsc#1082555). - tpm: cmd_ready command can be issued only after granting locality (bsc#1082555). - tpm: fix race condition in tpm_common_write() (bsc#1082555). - tpm: fix use after free in tpm2_load_context() (bsc#1082555). - tpm: separate cmd_ready/go_idle from runtime_pm (bsc#1082555). - tpm: tpm_crb: relinquish locality on error path (bsc#1082555). - tpm: vtpm_proxy: Implement request_locality function (bsc#1082555). - tracepoint: Do not warn on ENOMEM (bsc#1051510). - tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} (bsc#1110006). - tracing: Add barrier to trace_printk() buffer nesting modification (bsc#1112219). - tsl2550: fix lux1_input error in low light (bsc#1051510). - tty/ldsem: Add lockdep asserts for ldisc_sem (bsc#1105428). - tty/ldsem: Convert to regular lockdep annotations (bsc#1105428). - tty/ldsem: Decrement wait_readers on timeouted down_read() (bsc#1105428). - tty/ldsem: Wake up readers after timed out down_write() (bsc#1105428). - tty: Do not block on IO when ldisc change is pending (bsc#1105428). - tty: Drop tty->count on tty_reopen() failure (bsc#1051510). - tty: Hold tty_ldisc_lock() during tty_reopen() (bsc#1105428). - tty: Simplify tty->count math in tty_reopen() (bsc#1105428). - tty: fix data race between tty_init_dev and flush of buf (bsc#1105428). - tty: fix termios input-speed encoding (bsc#1051510). - tty: fix termios input-speed encoding when using BOTHER (bsc#1051510). - tty: rocket: Fix possible buffer overwrite on register_PCI (bsc#1051510). - tty: serial: 8250: Revert NXP SC16C2552 workaround (bsc#1051510). - tty: serial: exar: Relocate sleep wake-up handling (bsc#1051510). - tty: serial: lpuart: avoid leaking struct tty_struct (bsc#1051510). - tty: vt_ioctl: fix potential Spectre v1 (bsc#1051510). - uart: fix race between uart_put_char() and uart_shutdown() (bsc#1051510). - ubifs: Check data node size before truncate (bsc#1051510). - ubifs: Check for name being NULL while mounting (bsc#1051510). - ubifs: Fix directory size calculation for symlinks (bsc#1106230). - ubifs: Fix memory leak in lprobs self-check (bsc#1051510). - ubifs: Fix synced_i_size calculation for xattr inodes (bsc#1051510). - ubifs: xattr: Do not operate on deleted inodes (bsc#1051510). - udl-kms: avoid division (bsc#1051510). - udl-kms: change down_interruptible to down (bsc#1051510). - udl-kms: fix crash due to uninitialized memory (bsc#1051510). - udl-kms: handle allocation failure (bsc#1051510). - udlfb: set optimal write delay (bsc#1051510). - udp: Unbreak modules that rely on external __skb_recv_udp() availability (bsc#1109151). - uio, lib: Fix CONFIG_ARCH_HAS_UACCESS_MCSAFE compilation (bsc#1098782). - uio: potential double frees if __uio_register_device() fails (bsc#1051510). - uio_hv_generic: fix subchannel ring mmap (bsc#1107207). - uio_hv_generic: make ring buffer attribute for primary channel (bsc#1107207). - uio_hv_generic: set size of ring buffer attribute (bsc#1107207). - uio_hv_generic: support sub-channels (bsc#1107207). - uio_hv_generic: use correct channel in isr (bsc#1107207). - uprobes/x86: Prohibit probing on MOV SS instruction (bsc#1110006). - uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn() (bsc#1051510). - uprobes: Use synchronize_rcu() not synchronize_sched() (bsc#1051510). - usb/phy: fix PPC64 build errors in phy-fsl-usb.c (bsc#1051510). - usb: Avoid use-after-free by flushing endpoints early in usb_set_interface() (bsc#1051510). - usb: Do not die twice if PCI xhci host is not responding in resume (bsc#1051510). - usb: cdc_acm: Do not leak URB buffers (bsc#1051510). - usb: chipidea: Prevent unbalanced IRQ disable (bsc#1051510). - usb: dwc2: Turn on uframe_sched on 'amlogic' platforms (bsc#1102881). - usb: dwc2: Turn on uframe_sched on 'bcm' platforms (bsc#1102881). - usb: dwc2: Turn on uframe_sched on 'his' platforms (bsc#1102881). - usb: dwc2: Turn on uframe_sched on 'stm32f4x9_fsotg' platforms (bsc#1102881). - usb: dwc2: fix isoc split in transfer with no data (bsc#1051510). - usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() (bsc#1051510). - usb: dwc3: change stream event enable bit back to 13 (bsc#1051510). - usb: dwc3: pci: add support for Intel IceLake (bsc#1051510). - usb: gadget: composite: fix delayed_status race condition when set_interface (bsc#1051510). - usb: gadget: dwc2: fix memory leak in gadget_init() (bsc#1051510). - usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] (bsc#1051510). - usb: gadget: fsl_udc_core: check allocation return value and cleanup on failure (bsc#1051510). - usb: gadget: fsl_udc_core: fixup struct_udc_setup documentation (bsc#1051510). - usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() (bsc#1051510). - usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() (bsc#1051510). - usb: gadget: udc: renesas_usb3: fix maxpacket size of ep0 (bsc#1051510). - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame() (bsc#1051510). - usb: misc: uss720: Fix two sleep-in-atomic-context bugs (bsc#1051510). - usb: musb: dsps: do not disable CPPI41 irq in driver teardown (bsc#1051510). - usb: uas: add support for more quirk flags (bsc#1051510). - usb: wusbcore: security: cast sizeof to int for comparison (bsc#1051510). - usb: xhci-mtk: resume USB3 roothub first (bsc#1051510). - usb: xhci: increase CRS timeout value (bsc#1051510). - usbip: tools: fix atoi() on non-null terminated string (bsc#1051510). - use the new async probing feature for the hyperv drivers (bsc#1107207). - userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (bsc#1109739). - userns: move user access out of the mutex (bsc#1051510). - uwb: hwa-rc: fix memory leak at probe (bsc#1051510). - vfio/pci: Virtualize Maximum Payload Size (bsc#1051510). - vfio/pci: Virtualize Maximum Read Request Size (bsc#1051510). - vfio/type1: Fix task tracking for QEMU vCPU hotplug (bsc#1051510). - vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page (bsc#1110006). - vfs: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes). - vhost: correctly check the iova range when waking virtqueue (bsc#1051510). - vhost: do not try to access device IOTLB when not initialized (bsc#1051510). - vhost: reset metadata cache when initializing new IOTLB (netfilter-stable-18_08_17). - vhost: use mutex_lock_nested() in vhost_dev_lock_vqs() (bsc#1051510). - vhost_net: validate sock before trying to put its fd (networking-stable-18_07_19). - video: fbdev: pxafb: clear allocated memory for video modes (bsc#1051510). - video: goldfishfb: fix memory leak on driver remove (bsc#1051510). - virtio: pci-legacy: Validate queue pfn (bsc#1051510). - vmbus: do not return values for uninitalized channels (bsc#1051510). - vmbus: do not return values for uninitalized channels (bsc#1107207). - vmci: type promotion bug in qp_host_get_user_memory() (bsc#1105355). - vmw_balloon: VMCI_DOORBELL_SET does not check status (bsc#1051510). - vmw_balloon: do not use 2MB without batching (bsc#1051510). - vmw_balloon: fix VMCI use when balloon built into kernel (bsc#1051510). - vmw_balloon: fix inflation of 64-bit GFNs (bsc#1051510). - vmw_balloon: remove inflation rate limiting (bsc#1051510). - vsock: split dwork to avoid reinitializations (netfilter-stable-18_08_17). - vti4: Do not count header length twice on tunnel setup (bsc#1051510). - vti6: fix PMTU caching and reporting on xmit (bsc#1051510). - vti6: remove !skb->ignore_df check from vti6_xmit() (bsc#1051510). - vxlan: add new fdb alloc and create helpers (netfilter-stable-18_07_27). - vxlan: fix default fdb entry netlink notify ordering during netdev create (netfilter-stable-18_07_27). - vxlan: make netlink notify in vxlan_fdb_destroy optional (netfilter-stable-18_07_27). - wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of qe_muram_alloc (bsc#1051510). - watchdog: Mark watchdog touch functions as notrace (git-fixes). - wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() (bsc#1051510). - wlcore: Set rx_status boottime_ns field on rx (bsc#1051510). - x86-64/realmode: Add instruction suffix (bsc#1110006). - x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available (). - x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present (bsc#1110006). - x86/CPU: Add a microcode loader callback (bsc#1110006). - x86/CPU: Check CPU feature bits after microcode upgrade (bsc#1110006). - x86/CPU: Modify detect_extended_topology() to return result (). - x86/EISA: Do not probe EISA bus for Xen PV guests (bsc#1110006). - x86/Hyper-V/hv_apic: Build the Hyper-V APIC conditionally (bsc#1107207). - x86/Hyper-V/hv_apic: Include asm/apic.h (bsc#1107207). - x86/KVM/VMX: Do not set l1tf_flush_l1d from vmx_handle_external_intr() (bsc#1110006). - x86/KVM/VMX: Do not set l1tf_flush_l1d to true from vmx_l1d_flush() (bsc#1110006). - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() (bsc#1110006). - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' (bsc#1110006). - x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount (bsc#1110006). - x86/LDT: Avoid warning in 32-bit builds with older gcc (bsc#1110006). - x86/MCE/AMD: Define a function to get SMCA bank type (bsc#1110006). - x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read() (bsc#1110006). - x86/MCE: Remove min interval polling limitation (bsc#1110006). - x86/MCE: Report only DRAM ECC as memory errors on AMD systems (bsc#1110006). - x86/MCE: Serialize sysfs changes (bsc#1110006). - x86/PCI: Make broadcom_postcore_init() check acpi_disabled (bsc#1110006). - x86/acpi: Prevent X2APIC id 0xffffffff from being accounted (bsc#1110006). - x86/alternatives: Fixup alternative_call_2 (bsc#1110006). - x86/apic/vector: Fix off by one in error path (bsc#1110006). - x86/apic: Fix restoring boot IRQ mode in reboot and kexec/kdump (bsc#1110006). - x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified (bsc#1110006). - x86/apic: Split disable_IO_APIC() into two functions to fix CONFIG_KEXEC_JUMP=y (bsc#1110006). - x86/apic: Split out restore_boot_irq_mode() from disable_IO_APIC() (bsc#1110006). - x86/asm/memcpy_mcsafe: Add labels for __memcpy_mcsafe() write fault handling (bsc#1098782). - x86/asm/memcpy_mcsafe: Add write-protection-fault handling (bsc#1098782). - x86/asm/memcpy_mcsafe: Define copy_to_iter_mcsafe() (bsc#1098782). - x86/asm/memcpy_mcsafe: Fix copy_to_user_mcsafe() exception handling (bsc#1098782). - x86/asm/memcpy_mcsafe: Provide original memcpy_mcsafe_unrolled (bsc#1098782). - x86/asm/memcpy_mcsafe: Remove loop unrolling (bsc#1098782). - x86/asm/memcpy_mcsafe: Return bytes remaining (bsc#1098782). - x86/asm: Add _ASM_ARG* constants for argument registers to asm/asm.h (bsc#1110006). - x86/asm: Allow again using asm.h when building for the 'bpf' clang target (bsc#1110006). - x86/asm: Do not use the confusing '.ifeq' directive (bsc#1110006). - x86/boot/64: Verify alignment of the LOAD segment (bsc#1110006). - x86/boot/KASLR: Work around firmware bugs by excluding EFI_BOOT_SERVICES_* and EFI_LOADER_* from KASLR's choice (bsc#1112878). - x86/boot/compressed/64: Print error if 5-level paging is not supported (bsc#1110006). - x86/boot: Fix if_changed build flip/flop bug (bsc#1110006). - x86/boot: Fix kexec booting failure in the SEV bit detection code (bsc#1110301). - x86/boot: Move EISA setup to a separate file (bsc#1110006). - x86/boot: Relocate definition of the initial state of CR0 (bsc#1110006). - x86/build/64: Force the linker to use 2MB page size (bsc#1109603). - x86/build: Beautify build log of syscall headers (bsc#1110006). - x86/cpu/AMD: Apply the Erratum 688 fix when the BIOS does not (bsc#1110006). - x86/cpu/intel: Add missing TLB cpuid values (bsc#1110006). - x86/cpufeature: Add User-Mode Instruction Prevention definitions (bsc#1110006). - x86/cpufeatures: Add Intel PCONFIG cpufeature (bsc#1110006). - x86/cpufeatures: Add Intel Total Memory Encryption cpufeature (bsc#1110006). - x86/debug: Handle warnings before the notifier chain, to fix KGDB crash (bsc#1110006). - x86/decoder: Add new TEST instruction pattern (bsc#1110006). - x86/dumpstack: Save first regs set for the executive summary (bsc#1110006). - x86/dumpstack: Unify show_regs() (bsc#1110006). - x86/efi: Fix efi_call_phys_epilog() with CONFIG_X86_5LEVEL=y (bsc#1110006). - x86/eisa: Add missing include (bsc#1110006). - x86/entry/64: Add two more instruction suffixes (bsc#1110006). - x86/entry/64: Remove %ebx handling from error_entry/exit (bsc#1102715). - x86/entry/64: Use 'xorl' for faster register clearing (bsc#1110006). - x86/entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit() (bsc#1110006). - x86/entry: Reduce the code footprint of the 'idtentry' macro (bsc#1110006). - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() (bsc#1110006). - x86/espfix/64: Fix espfix double-fault handling on 5-level systems (bsc#1110006). - x86/events/intel/ds: Fix bts_interrupt_threshold alignment (git-fixes c1961a4631da). - x86/fpu/debug: Remove unused 'x86_fpu_state' and 'x86_fpu_deactivate_state' tracepoints (bsc#1110006). - x86/fpu: Make XSAVE check the base CPUID features before enabling (bsc#1110006). - x86/fpu: Parse clearcpuid= as early XSAVE argument (bsc#1110006). - x86/fpu: Remove second definition of fpu in __fpu__restore_sig() (bsc#1110006). - x86/fpu: Remove the explicit clearing of XSAVE dependent features (bsc#1110006). - x86/headers/UAPI: Use __u64 instead of u64 in uapi/asm/hyperv.h (bsc#1107207). - x86/hyper-V: Allocate the IDT entry early in boot (bsc#1107207). - x86/hyper-v: Check cpumask_to_vpset() return value in hyperv_flush_tlb_others_ex() (bsc#1107207). - x86/hyper-v: Check for VP_INVAL in hyperv_flush_tlb_others() (bsc#1107207). - x86/hyper-v: Fix the circular dependency in IPI enlightenment (bsc#1107207). - x86/hyper-v: Fix wrong merge conflict resolution (bsc#1107207). - x86/hyper-v: Implement hv_do_fast_hypercall16 (bsc#1107207). - x86/hyper-v: Trace PV IPI send (bsc#1107207). - x86/hyper-v: Use 'fast' hypercall for HVCALL_SEND_IPI (bsc#1107207). - x86/hyper-v: Use cheaper HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE} hypercalls when possible (bsc#1107207). - x86/hyper-v: Use cheaper HVCALL_SEND_IPI hypercall when possible (bsc#1107207). - x86/hyper-v: allocate and use Virtual Processor Assist Pages (bsc#1107207). - x86/hyper-v: define struct hv_enlightened_vmcs and clean field bits (bsc#1107207). - x86/hyper-v: detect nested features (bsc#1107207). - x86/hyper-v: move definitions from TLFS to hyperv-tlfs.h (bsc#1107207). - x86/hyper-v: move hyperv.h out of uapi (bsc#1107207). - x86/hyper-v: move struct hv_flush_pcpu{,ex} definitions to common header (bsc#1107207). - x86/hyper-v: rename ipi_arg_{ex,non_ex} structures (bsc#1107207). - x86/hyperv: Add a function to read both TSC and TSC page value simulateneously (bsc#1107207). - x86/hyperv: Add interrupt handler annotations (bsc#1107207). - x86/hyperv: Check for required priviliges in hyperv_init() (bsc#1107207). - x86/hyperv: Check for required priviliges in hyperv_init() (bsc#1110006). - x86/hyperv: Redirect reenlightment notifications on CPU offlining (bsc#1107207). - x86/hyperv: Reenlightenment notifications support (bsc#1107207). - x86/idt: Load idt early in start_secondary (bsc#1110006). - x86/init: fix build with CONFIG_SWAP=n (bsc#1106121). - x86/intel_rdt: Enable CMT and MBM on new Skylake stepping (bsc#1110006). - x86/intel_rdt: Fix incorrect returned value when creating rdgroup sub-directory in resctrl file system (bsc#1110006). - x86/intel_rdt: Fix potential deadlock during resctrl mount (bsc#1110006). - x86/intel_rdt: Fix potential deadlock during resctrl unmount (bsc#1110006). - x86/irq: Count Hyper-V reenlightenment interrupts (bsc#1107207). - x86/irq: Remove an old outdated comment about context tracking races (bsc#1110006). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772). - x86/kasan/64: Teach KASAN about the cpu_entry_area (kasan). - x86/kasan: Panic if there is not enough memory to boot (bsc#1110006). - x86/kexec: Avoid double free_page() upon do_kexec_load() failure (bsc#1110006). - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279). - x86/kexec: Make kexec (mostly) work in 5-level paging mode (bsc#1110006). - x86/kprobes: Fix kernel crash when probing .entry_trampoline code (bsc#1110006). - x86/kvm/hyper-v: add reenlightenment MSRs support (bsc#1107207). - x86/kvm/hyper-v: inject #GP only when invalid SINTx vector is unmasked (bsc#1107207). - x86/kvm/hyper-v: remove stale entries from vec_bitmap/auto_eoi_bitmap on vector change (bsc#1107207). - x86/kvm/vmx: Remove duplicate l1d flush definitions (bsc#1110006). - x86/kvm: fix LAPIC timer drift when guest uses periodic mode (bsc#1106240). - x86/kvm: rename HV_X64_MSR_APIC_ASSIST_PAGE to HV_X64_MSR_VP_ASSIST_PAGE (bsc#1107207). - x86/mce/AMD: Get address from already initialized block (bsc#1110006). - x86/mce: Add notifier_block forward declaration (bsc#1110006). - x86/mce: Check for alternate indication of machine check recovery on Skylake (bsc#1110006). - x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out() (bsc#1110006). - x86/mce: Fix incorrect 'Machine check from unknown source' message (bsc#1110006). - x86/mce: Fix set_mce_nospec() to avoid #GP fault (bsc#1107783). - x86/mce: Improve error message when kernel cannot recover (bsc#1110006). - x86/mce: Improve error message when kernel cannot recover (bsc#1110301). - x86/mcelog: Get rid of RCU remnants (git-fixes 5de97c9f6d85). - x86/memory_failure: Introduce {set, clear}_mce_nospec() (bsc#1107783). - x86/microcode/intel: Check microcode revision before updating sibling threads (bsc#1110006). - x86/microcode/intel: Fix memleak in save_microcode_patch() (bsc#1110006). - x86/microcode/intel: Look into the patch cache first (bsc#1110006). - x86/microcode/intel: Save microcode patch unconditionally (bsc#1110006). - x86/microcode/intel: Writeback and invalidate caches before updating microcode (bsc#1110006). - x86/microcode: Allow late microcode loading with SMT disabled (bsc#1110006). - x86/microcode: Attempt late loading only when new microcode is present (bsc#1110006). - x86/microcode: Do not exit early from __reload_late() (bsc#1110006). - x86/microcode: Do not upload microcode if CPUs are offline (bsc#1110006). - x86/microcode: Fix CPU synchronization routine (bsc#1110006). - x86/microcode: Get rid of struct apply_microcode_ctx (bsc#1110006). - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date (bsc#1110006). - x86/microcode: Make the late update update_lock a raw lock for RT (bsc#1110006). - x86/microcode: Propagate return value from updating functions (bsc#1110006). - x86/microcode: Request microcode on the BSP (bsc#1110006). - x86/microcode: Synchronize late microcode loading (bsc#1110006). - x86/microcode: Update the new microcode revision unconditionally (bsc#1110006). - x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() (bsc#1110006). - x86/mm/64: Rename the register_page_bootmem_memmap() 'size' parameter to 'nr_pages' (bsc#1110006). - x86/mm/kasan: Do not use vmemmap_populate() to initialize shadow (kasan). - x86/mm/kmmio: Fix mmiotrace for page unaligned addresses (bsc#1110006). - x86/mm/kmmio: Make the tracer robust against L1TF (bsc#1110006). - x86/mm/memory_hotplug: determine block size based on the end of boot memory (bsc#1108243). - x86/mm/pat: Make set_memory_np() L1TF safe (bsc#1110006). - x86/mm/pat: Prepare {reserve, free}_memtype() for 'decoy' addresses (bsc#1107783). - x86/mm/pti: Add an overflow check to pti_clone_pmds() (bsc#1110006). - x86/mm/pti: Fix PTI comment in entry_SYSCALL_64() (bsc#1110006). - x86/mm/tlb: Always use lazy TLB mode (bsc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/mm/tlb: Leave lazy TLB mode at page table free time (bsc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/mm/tlb: Make lazy TLB mode lazier (bsc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/mm/tlb: Only send page table free TLB flush to lazy TLB CPUs (bsc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/mm/tlb: Restructure switch_mm_irqs_off() (bsc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/mm/tlb: Skip atomic operations for 'init_mm' in switch_mm_irqs_off() (bsc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/mm: Add TLB purge to free pmd/pte page interfaces (bsc#1110006). - x86/mm: Define _PAGE_TABLE using _KERNPG_TABLE (bsc#1110006). - x86/mm: Disable ioremap free page handling on x86-PAE (bsc#1110006). - x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init (bsc#1110006). - x86/mm: Drop TS_COMPAT on 64-bit exec() syscall (bsc#1110006). - x86/mm: Expand static page table for fixmap space (bsc#1110006). - x86/mm: Fix ELF_ET_DYN_BASE for 5-level paging (bsc#1110006). - x86/mm: Fix bogus warning during EFI bootup, use boot_cpu_has() instead of this_cpu_has() in build_cr3_noflush() (bsc#1110006). - x86/mm: Relocate page fault error codes to traps.h (bsc#1110006). - x86/mm: Remove in_nmi() warning from vmalloc_fault() (bsc#1110006). - x86/mm: implement free pmd/pte page interfaces (bsc#1110006). - x86/mpx: Do not allow MPX if we have mappings above 47-bit (bsc#1110006). - x86/nmi: Fix NMI uaccess race against CR3 switching (bsc#1110006). - x86/numa_emulation: Fix emulated-to-physical node mapping (bsc#1110006). - x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() (bsc#1110006). - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear (bsc#1110006). - x86/paravirt: Fix some warning messages (bsc#1065600). - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (bsc#1065600). - x86/paravirt: Remove 'noreplace-paravirt' cmdline option (bsc#1110006). - x86/percpu: Fix this_cpu_read() (bsc#1110006). - x86/pgtable: Do not set huge PUD/PMD on non-leaf entries (bsc#1110006). - x86/pkeys: Do not special case protection key 0 (bsc#1110006). - x86/pkeys: Override pkey when moving away from PROT_EXEC (bsc#1110006). - x86/platform/UV: Add adjustable set memory block size function (bsc#1108243). - x86/platform/UV: Add kernel parameter to set memory block size (bsc#1108243). - x86/platform/UV: Mark memblock related init code and data correctly (bsc#1108243). - x86/platform/UV: Use new set memory block size function (bsc#1108243). - x86/power: Fix swsusp_arch_resume prototype (bsc#1110006). - x86/process: Do not mix user/kernel regs in 64bit __show_regs() (bsc#1110006). - x86/process: Re-export start_thread() (bsc#1110006). - x86/pti: Check the return value of pti_user_pagetable_walk_p4d() (bsc#1110006). - x86/pti: Check the return value of pti_user_pagetable_walk_pmd() (bsc#1110006). - x86/retpoline/checksum32: Convert assembler indirect jumps (bsc#1110006). - x86/retpoline/irq32: Convert assembler indirect jumps (bsc#1110006). - x86/smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread (bsc#1110006). - x86/smpboot: Do not use mwait_play_dead() on AMD systems (bsc#1110006). - x86/spectre: Add missing family 6 check to microcode check (git-fixes a5b296636453). - x86/spectre: Fix spelling mistake: 'vunerable'-> 'vulnerable' (bsc#1110006). - x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32-bit kernels (bsc#1110006). - x86/speculation/l1tf: Exempt zeroed PTEs from inversion (bsc#1110006). - x86/speculation/l1tf: Extend 64bit swap file size limit (bsc#1110006). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bsc#1105536). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bsc#1105536). - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bsc#1110006). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bsc#1105536). - x86/speculation/l1tf: Invert all not present mappings (bsc#1110006). - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (bsc#1110006). - x86/speculation/l1tf: Protect PAE swap entries against L1TF (bsc#1110006). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bsc#1105536). - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (bsc#1110006). - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369). - x86/time: Correct the attribute on jiffies' definition (bsc#1110006). - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations (bsc#1110006). - x86/tsc: Add missing header to tsc_msr.c (bsc#1110006). - x86/tsc: Allow TSC calibration without PIT (bsc#1110006). - x86/tsc: Prevent 32bit truncation in calc_hpet_ref() (bsc#1110006). - x86/vdso: Fix asm constraints on vDSO syscall fallbacks (bsc#1110006). - x86/vdso: Fix lsl operand order (bsc#1110006). - x86/vdso: Fix lsl operand order (bsc#1110301). - x86/vdso: Fix vDSO syscall fallback asm constraint regression (bsc#1110006). - x86/xen/efi: Initialize only the EFI struct members used by Xen (bsc#1107945). - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths (bsc#1065600). - x86/xen: Delay get_cpu_cap until stack canary is established (bsc#1110006). - x86/xen: Drop 5-level paging support code from the XEN_PV code (bsc#1110006). - x86/xen: Reset VCPU0 info pointer after shared_info remap (bsc#1110006). - x86/xen: do not write ptes directly in 32-bit PV guests (bsc#1110006). - x86: Add check for APIC access address for vmentry of L2 guests (bsc#1110006). - x86: Call fixup_exception() before notify_die() in math_error() (bsc#1110006). - x86: Delay skip of emulated hypercall instruction (bsc#1107207). - x86: Delay skip of emulated hypercall instruction (bsc#1110006). - x86: PM: Make APM idle driver initialize polling state (bsc#1110006). - x86: i8259: Add missing include file (bsc#1110006). - x86: irq_remapping: Move irq remapping mode enum (). - x86: kvm: avoid unused variable warning (bsc#1110006). - x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110006). - x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110301). - xen-netfront: fix bug concerning replacement of MAX_SKB_FRAGS with XEN_NETIF_NR_SLOTS_MIN (bsc#1104824). - xen-netfront: fix queue name setting (bsc#1065600). - xen-netfront: fix warn message as irq device name has '/' (bsc#1065600). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bsc#1065600). - xen/PVH: Set up GS segment for stack canary (bsc#1110006). - xen/blkback: do not keep persistent grants too long (bsc#1085042). - xen/blkback: move persistent grants flags to bool (bsc#1085042). - xen/blkback: remove unused pers_gnts_lock from struct (bsc#1085042). - xen/blkfront: cleanup stale persistent grants (bsc#1085042). - xen/blkfront: reorder tests in xlblk_init() (bsc#1085042). - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() (bsc#1065600). - xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code (bsc#1110006). - xen: Fix {set,clear}_foreign_p2m_mapping on autotranslating guests (bsc#1110006). - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bsc#1065600). - xen: avoid crash in disable_hotplug_cpu (bsc#1106594). - xen: issue warning message when out of grant maptrack entries (bsc#1105795). - xen: xenbus_dev_frontend: Fix XS_TRANSACTION_END handling (bsc#1065600). - xen: xenbus_dev_frontend: Really return response string (bsc#1065600). - xenbus: track caller request id (bsc#1065600). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs, dax: introduce xfs_dax_aops (bsc#1104888). - xfs: Fix per-inode DAX flag inheritance (Git-fixes bsc#1109511). - xfs: Remove dead code from inode recover function (bsc#1105396). - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344). - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344). - xfs: add a xfs_iext_update_extent helper (bsc#1095344). - xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space (bsc#1095344). - xfs: add comments documenting the rebalance algorithm (bsc#1095344). - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node (bsc#1095344). - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all (bsc#1095344). - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: do not fail when converting shortform attr to long form during ATTR_REPLACE (bsc#1105025). - xfs: do not rely on extent indices in xfs_bmap_collapse_extents (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_insert_extents (bsc#1095344). - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344). - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344). - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344). - xfs: fix type usage (bsc#1095344). - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344). - xfs: inline xfs_shift_file_space into callers (bsc#1095344). - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344). - xfs: iterate backwards in xfs_reflink_cancel_cow_blocks (bsc#1095344). - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344). - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344). - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real (bsc#1095344). - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344). - xfs: move pre/post-bmap tracing into xfs_iext_update_extent (bsc#1095344). - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344). - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344). - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344). - xfs: move xfs_iext_insert tracepoint to report useful information (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344). - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344). - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344). - xfs: preserve i_rdev when recycling a reclaimable inode (bsc#1095344). - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: refactor xfs_del_extent_real (bsc#1095344). - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344). - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344). - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: remove a superflous assignment in xfs_iext_remove_node (bsc#1095344). - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all (bsc#1095344). - xfs: remove if_rdev (bsc#1095344). - xfs: remove post-bmap tracing in xfs_bmap_local_to_extents (bsc#1095344). - xfs: remove support for inlining data/extents into the inode fork (bsc#1095344). - xfs: remove the never fully implemented UUID fork format (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344). - xfs: remove xfs_bmbt_get_state (bsc#1095344). - xfs: remove xfs_bmse_shift_one (bsc#1095344). - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344). - xfs: repair malformed inode items during log recovery (bsc#1105396). - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344). - xfs: replace xfs_qm_get_rtblks with a direct call to xfs_bmap_count_leaves (bsc#1095344). - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344). - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent (bsc#1095344). - xfs: rewrite xfs_bmap_first_unused to make better use of xfs_iext_get_extent (bsc#1095344). - xfs: simplify the xfs_getbmap interface (bsc#1095344). - xfs: simplify xfs_reflink_convert_cow (bsc#1095344). - xfs: split xfs_bmap_shift_extents (bsc#1095344). - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344). - xfs: trivial indentation fixup for xfs_iext_remove_node (bsc#1095344). - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344). - xfs: use a b+tree for the in-core extent list (bsc#1095344). - xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay} (bsc#1095344). - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344). - xfs: use xfs_bmap_del_extent_delay for the data fork as well (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at (bsc#1095344). - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344). - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344). - xhci: Add missing CAS workaround for Intel Sunrise Point xHCI (bsc#1051510). - xhci: Do not print a warning when setting link state for disabled ports (bsc#1051510). - xhci: Fix use after free for URB cancellation on a reallocated endpoint (bsc#1051510). - zram: fix null dereference of handle (bsc#1105355). ----------------------------------------- Patch: SUSE-2018-2825 Released: Mon Dec 3 15:35:02 2018 Summary: Security update for pam Severity: important References: 1115640,CVE-2018-17953 Description: This update for pam fixes the following issue: Security issue fixed: - CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640). ----------------------------------------- Patch: SUSE-2018-2838 Released: Wed Dec 5 09:31:01 2018 Summary: Recommended update for dracut Severity: moderate References: 1055834,1090884 Description: This update for dracut fixes the following issues: - 98dracut-systemd: Start systemd-vconsole-setup before dracut-cmdline-ask (bsc#1055834) - Mark the DASD udev rules host-only and handle backslashes in paths for hostonly files (bsc#1090884) ----------------------------------------- Patch: SUSE-2018-2860 Released: Thu Dec 6 14:06:58 2018 Summary: Recommended update for open-iscsi Severity: moderate References: 1102589,1107753 Description: This update for open-iscsi fixes the following issues: - iscsiuio: Do not flush tx queue on each uio interrupt. This makes ping to such NICs work better (bsc#1102589) - Not allow multiple sessions just because they were started in parallel (bsc#1107753) ----------------------------------------- Patch: SUSE-2018-2861 Released: Thu Dec 6 14:32:01 2018 Summary: Security update for ncurses Severity: important References: 1103320,1115929,CVE-2018-19211 Description: This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Non-security issue fixed: - Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320). ----------------------------------------- Patch: SUSE-2018-2873 Released: Fri Dec 7 13:27:36 2018 Summary: Recommended update for python-cffi Severity: moderate References: 1111657 Description: This update for python-cffi fixes the following issues: - Fix the testsuite of python-cffi like upstream to solve corruption at build (bsc#1111657) ----------------------------------------- Patch: SUSE-2018-2882 Released: Mon Dec 10 08:07:44 2018 Summary: Security update for cups Severity: important References: 1115750,CVE-2018-4700 Description: This update for cups fixes the following issues: Security issue fixed: - CVE-2018-4700: Fixed extremely predictable cookie generation that is effectively breaking the CSRF protection of the CUPS web interface (bsc#1115750). ----------------------------------------- Patch: SUSE-2018-2888 Released: Mon Dec 10 15:57:46 2018 Summary: Security update for samba Severity: moderate References: 1068059,1087303,1087931,1101499,1102230,1116319,1116320,1116322,1116324,CVE-2018-14629,CVE-2018-16841,CVE-2018-16851,CVE-2018-16853 Description: This update for samba fixes the following issues: Update to samba version 4.7.11. Security issues fixed: - CVE-2018-14629: Fixed CNAME loops in Samba AD DC DNS server (bsc#1116319). - CVE-2018-16841: Fixed segfault on PKINIT when mis-matching principal (bsc#1116320). - CVE-2018-16851: Fixed NULL pointer de-reference in Samba AD DC LDAP server (bsc#1116322). - CVE-2018-16853: Mark MIT support for the AD DC experimental (bsc#1116324). Non-security issues fixed: - Fixed do not take over stderr when there is no log file (bsc#1101499). - Fixed ctdb_mutex_ceph_rados_helper deadlock; (bsc#1102230). - Fixed ntlm authentications with 'winbind use default domain = yes'; (bsc#1068059). - Fixed idmap_rid to have primary group other than 'Domain Users'; (bsc#1087931). - Fixed windows domain with one way trust that was not working (bsc#1087303). ----------------------------------------- Patch: SUSE-2018-2903 Released: Tue Dec 11 21:47:23 2018 Summary: Recommended update for yast2-installation Severity: moderate References: 1098571,1105758,1112769 Description: This update for yast2-installation provides the following fixes: - Writing security settings in first AY installation stage, So other modules can rely on these settings now. (bsc#1112769) - Updated document for add_on_products.xml: Added tag 'confirm_license' to handle Add-On-products licenses which will be added while installation. (bsc#1105758) - Dialog complex_welcome: Translate the help button if the language has been changed. (bsc#1098571) - Remember the selected role. (fate#325834) ----------------------------------------- Patch: SUSE-2018-2904 Released: Tue Dec 11 21:47:31 2018 Summary: Recommended update for yast2-packager Severity: moderate References: 1116226 Description: This update for yast2-packager fixes the following issues: - sw_single_wrapper: fixed invalid variable reset causing a possible command injection vulnerability via environment variable (bsc#1116226) ----------------------------------------- Patch: SUSE-2018-2921 Released: Wed Dec 12 19:09:37 2018 Summary: Recommended update for wicked Severity: moderate References: 1026807,1084527,1085786,1095818,1102871,1107579,1109147,972463 Description: This update for wicked fixes the following issues: - wickedd: fix netdev detection bootstrap race (bsc#1107579) - wireless: fix eap peap auth mapping for wpa-supplicant (bsc#1026807) - firewall: do not assign default zone, but pass as is (bsc#1109147) - nanny: fix memory leaks on fast create-delete calls (bsc#1095818) - extensions: do not use /etc/HOSTNAME artifact (bsc#972463) - ethtool: add missing pause support (bsc#1102871) - man: improved create-cid docs in wicked-config(5) (bsc#1084527) - ethtool: streamline options available on all devices (bsc#1085786) - and several other minor bug fixes - wickedd: fix netdev detection bootstrap race (bsc#1107579) - compat: fix ifcfg parsing crash if network/config is missed ----------------------------------------- Patch: SUSE-2018-2922 Released: Wed Dec 12 19:09:45 2018 Summary: Recommended update for suse-module-tools Severity: moderate References: 1036463,1105495,1111183,1111300 Description: This update for suse-module-tools fixes the following issues: - Use /etc/modules-load.d/sg.conf for sg driver autoloading (bsc#1036463) - modsign-verify: support for parsing PKCS#7 signatures (bsc#1111300, bsc#1105495) - Fix logic for unsupported modules by allowing only if kernel-default-extra from SLE-WE module is installed (bsc#1111183) - Add udev rule 81-sg.rules to make sure the sg module is always loaded (bsc#1036463) - Use path dependency that is not parsed by obs to ensure we are not pulling systemd everywhere - Grep os-release and not deprecated SuSE-release ----------------------------------------- Patch: SUSE-2018-2938 Released: Fri Dec 14 13:59:41 2018 Summary: Recommended update for yast2-storage-ng Severity: moderate References: 1115508 Description: This update for yast2-storage-ng fixes the following issues: - SkipListValue.size_k returns the correct value. (bsc#1115508) ----------------------------------------- Patch: SUSE-2018-2945 Released: Fri Dec 14 16:43:57 2018 Summary: Security update for tcpdump Severity: moderate References: 1117267,CVE-2018-19519 Description: This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2018-19519: Fixed a stack-based buffer over-read in the print_prefix function (bsc#1117267) ----------------------------------------- Patch: SUSE-2018-2961 Released: Mon Dec 17 19:51:40 2018 Summary: Recommended update for psmisc Severity: moderate References: 1098697,1112780 Description: This update for psmisc provides the following fix: - Make the fuser option -m work even with mountinfo. (bsc#1098697) - Support also btrFS entries in mountinfo, that is use stat(2) to determine the device of the mounted subvolume (bsc#1098697, bsc#1112780) ----------------------------------------- Patch: SUSE-2018-2962 Released: Mon Dec 17 19:51:53 2018 Summary: Recommended update for dracut Severity: moderate References: 1053248,937555 Description: This update for dracut provides the following fix: - emergency mode: Bring shell and all vital information to all ttys specified as console devices. (fate#325386, bsc#1053248, bsc#937555) ----------------------------------------- Patch: SUSE-2018-2966 Released: Mon Dec 17 19:52:40 2018 Summary: Recommended update for libgcrypt Severity: moderate References: 1117355 Description: This update for libgcrypt fixes the following issues: - Fail selftests when checksum file is missing in FIPS mode only (bsc#1117355) ----------------------------------------- Patch: SUSE-2018-2969 Released: Mon Dec 17 19:53:26 2018 Summary: Recommended update for release-notes-sles Severity: moderate References: 1098653,1100347,1106505,1106545,1108576,1114218,1114477 Description: This update for release-notes-sles fixes the following issues: - New notes: * Support for Socket-Based Services Activation (fate#319428) * GPG does not support GPG V3 keys anymore, resulting in zypper/rpm warnings (fate#326526) * Product registration changes for HPC customers (fate#326567) * KIWI has been updated to 9.15.3 (fate#326646) * MPI implementations identify in mpi-selector's list command by name only (FATE#326857, requested via bsc#1098653) * No documentation installed in SLES JeOS by default (fate#326859, bsc#1114218) - Changed notes and fixes: * Fixed btrfs/journaling footnote number (bsc#1106505) * Mark SES/SOC/SLERT/Manager as SLE 12-based (bsc#1106545) * Mark live migration note as applying to both KVM and Xen (bsc#1108576) [Under TechInfo, add a new Virtualization section under which the existing Xen and KVM sections are now grouped; move the existing Live Migration note there, as it applies to both KVM and Xen] * Support for AMD Secure Encrypted Virtualization (fate#322124) * lshw has been added (fate#322439, bsc#1100347) * GPU virtualization under KVM (virtio-gpu) (fate#325725) ----------------------------------------- Patch: SUSE-2018-2972 Released: Mon Dec 17 19:54:05 2018 Summary: Recommended update for perl-Bootloader Severity: low References: 1079321,1108777,994322 Description: This update for perl-Bootloader fixes the following issues: - Create temporary files in /tmp (bsc#1108777) - Work without /etc/default/grub_installdevice (bsc#1079321, bsc#994322) ----------------------------------------- Patch: SUSE-2018-2978 Released: Tue Dec 18 16:33:23 2018 Summary: Recommended update for suse-module-tools Severity: important References: 1116665,1119371 Description: This update for suse-module-tools fixes the following issues: - Move 'weak-modules' script to -legacy subpackage to avoid dependency on binutils (bsc#1116665, bsc#1119371) - Require mkinitrd (provided also by dracut) directly instead of file requires. This is fixing image build failures ----------------------------------------- Patch: SUSE-2018-2984 Released: Wed Dec 19 11:32:39 2018 Summary: Security update for perl Severity: moderate References: 1114674,1114675,1114681,1114686,CVE-2018-18311,CVE-2018-18312,CVE-2018-18313,CVE-2018-18314 Description: This update for perl fixes the following issues: Secuirty issues fixed: - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). - CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun (bsc#1114675). - CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0 chars (bsc#1114681). - CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686). ----------------------------------------- Patch: SUSE-2018-2986 Released: Wed Dec 19 13:53:22 2018 Summary: Security update for libnettle Severity: moderate References: 1118086,CVE-2018-16869 Description: This update for libnettle fixes the following issues: Security issues fixed: - CVE-2018-16869: Fixed a leaky data conversion exposing a manager oracle (bsc#1118086) ----------------------------------------- Patch: SUSE-2018-3036 Released: Fri Dec 21 17:36:09 2018 Summary: Recommended update for polkit-default-privs Severity: moderate References: 1083066,1088648,1118117 Description: This update for polkit-default-privs fixes the following issues: - Backport relaxed polkit rules regarding blueman settings and locally logged-in users should be able to run blueman without any password entry (bsc#1083066) - Backport of tuned polkit rules extensions for SLE-15-SP1 (bsc#1088648, bsc#1118117) ----------------------------------------- Patch: SUSE-2018-3041 Released: Fri Dec 21 17:37:08 2018 Summary: Recommended update for grub2 Severity: moderate References: 1110073 Description: This update for grub2 fixes the following issues: - Support NVDIMM device names (bsc#1110073) ----------------------------------------- Patch: SUSE-2018-3044 Released: Fri Dec 21 18:47:21 2018 Summary: Security update for MozillaFirefox, mozilla-nspr and mozilla-nss Severity: important References: 1097410,1106873,1119069,1119105,CVE-2018-0495,CVE-2018-12384,CVE-2018-12404,CVE-2018-12405,CVE-2018-17466,CVE-2018-18492,CVE-2018-18493,CVE-2018-18494,CVE-2018-18498 Description: This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20 (bsc#1119105) ----------------------------------------- Patch: SUSE-2018-3058 Released: Fri Dec 28 17:47:09 2018 Summary: Recommended update for nfs-utils Severity: moderate References: 1109792,1116221 Description: This update for nfs-utils fixes the following issues: - Fixes for systemd integration between systemd and rpc-statd or any of its dependencies (bsc#1116221) - Allow rpc.statd to survive 'systemctl isolate ...' (bsc#1116221) - Remove README.NFSv4 as outdated and unhelpful (bsc#1109792) ----------------------------------------- Patch: SUSE-2018-3064 Released: Fri Dec 28 18:39:08 2018 Summary: Security update for containerd, docker and go Severity: important References: 1047218,1074971,1080978,1081495,1084533,1086185,1094680,1095817,1098017,1102522,1104821,1105000,1108038,1113313,1113978,1114209,1118897,1118898,1118899,1119634,1119706,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2018-7187 Description: This update for containerd, docker and go fixes the following issues: containerd and docker: - Add backport for building containerd (bsc#1102522, bsc#1113313) - Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. (bsc#1102522) - Enable seccomp support on SLE12 (fate#325877) - Update to containerd v1.1.1, which is the required version for the Docker v18.06.0-ce upgrade. (bsc#1102522) - Put containerd under the podruntime slice (bsc#1086185) - 3rd party registries used the default Docker certificate (bsc#1084533) - Handle build breakage due to missing 'export GOPATH' (caused by resolution of boo#1119634). I believe Docker is one of the only packages with this problem. go: - golang: arbitrary command execution via VCS path (bsc#1081495, CVE-2018-7187) - Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely (because GOPATH is also set automatically) (boo#1119634) - Fix a regression that broke go get for import path patterns containing '...' (bsc#1119706) Additionally, the package go1.10 has been added. ----------------------------------------- Patch: SUSE-2019-13 Released: Wed Jan 2 20:27:37 2019 Summary: Recommended update for yast2-network Severity: moderate References: 1039307 Description: This update for yast2-network fixes the following issues: - YaST can now obtain NTP-Servers through DHCP (fate#323454, bsc#1039307) ----------------------------------------- Patch: SUSE-2019-14 Released: Wed Jan 2 20:27:46 2019 Summary: Recommended update for yast2-registration Severity: moderate References: 1060151,1091825 Description: This update for yast2-registration fixes the following issues: - Fixes an issue when the base product registration code is being used for extensions (bsc#1091825) - Improved error messages (bsc#1060151) ----------------------------------------- Patch: SUSE-2019-15 Released: Thu Jan 3 11:28:11 2019 Summary: Security update for polkit Severity: moderate References: 1118277,CVE-2018-19788 Description: This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-19788: Fixed handling of UIDs over MAX_UINT (bsc#1118277) ----------------------------------------- Patch: SUSE-2019-23 Released: Mon Jan 7 16:30:33 2019 Summary: Security update for gpg2 Severity: moderate References: 1120346,CVE-2018-1000858 Description: This update for gpg2 fixes the following issue: Security issue fixed: - CVE-2018-1000858: Fixed a Cross Site Request Forgery(CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF (bsc#1120346). ----------------------------------------- Patch: SUSE-2019-44 Released: Tue Jan 8 13:07:32 2019 Summary: Recommended update for acl Severity: low References: 953659 Description: This update for acl fixes the following issues: - test: Add helper library to fake passwd/group files. - quote: Escape literal backslashes. (bsc#953659) ----------------------------------------- Patch: SUSE-2019-56 Released: Thu Jan 10 15:04:46 2019 Summary: Recommended update for apparmor Severity: moderate References: 1111345 Description: This update for apparmor fixes the following issues: - Update the last dnsmasq fix for logfiles when running under apparmor (bsc#1111345) ----------------------------------------- Patch: SUSE-2019-62 Released: Thu Jan 10 20:30:58 2019 Summary: Recommended update for xfsprogs Severity: moderate References: 1119063 Description: This update for xfsprogs fixes the following issues: - Fix root inode's parent when it's bogus for sf directory (xfs repair). (bsc#1119063) ----------------------------------------- Patch: SUSE-2019-82 Released: Fri Jan 11 17:16:48 2019 Summary: Recommended update for suse-build-key Severity: moderate References: 1044232 Description: This update for suse-build-key fixes the following issues: - Include the SUSE PTF GPG key in the key directory to avoid it being stripped via %doc stripping in CAASP. (bsc#1044232) ----------------------------------------- Patch: SUSE-2019-83 Released: Fri Jan 11 17:17:00 2019 Summary: Recommended update for yast2-storage-ng Severity: moderate References: 1059972 Description: This update for yast2-storage-ng provides the following fix: - partitioner: Do not allow to create BTRFS subvolumes with unsafe characters in the path. (bsc#1059972) ----------------------------------------- Patch: SUSE-2019-91 Released: Tue Jan 15 14:14:43 2019 Summary: Recommended update for mozilla-nss Severity: moderate References: 1090767,1121045,1121207 Description: This update for mozilla-nss fixes the following issues: - The hmac packages used in FIPS certification inadvertently removed in last update: re-added. (bsc#1121207) - Added 'Suggest:' for libfreebl3 and libsoftokn3 respective -hmac packages to avoid dependency issues during updates (bsc#1090767, bsc#1121045) ----------------------------------------- Patch: SUSE-2019-93 Released: Tue Jan 15 14:48:33 2019 Summary: Security update for wget Severity: important References: 1120382,CVE-2018-20483 Description: This update for wget fixes the following issues: Security issue fixed: - CVE-2018-20483: Fixed an information disclosure through file metadata (bsc#1120382) ----------------------------------------- Patch: SUSE-2019-94 Released: Tue Jan 15 14:49:04 2019 Summary: Security update for krb5 Severity: important References: 1120489,CVE-2018-20217 Description: This update for krb5 fixes the following issues: Security issue fixed: - CVE-2018-20217: Fixed an assertion issue with older encryption types (bsc#1120489) ----------------------------------------- Patch: SUSE-2019-98 Released: Tue Jan 15 18:01:49 2019 Summary: Recommended update for yast2-users Severity: moderate References: 1118617 Description: This update for yast2-users provides the following fixes: - Allow the root user to use a public key for authentication. (fate#324690) - Improve public key selector help. (fate#324690) - Add public keys handling support in an installed system. (fate#324690) - Improve the label for importing public SSH keys to clearly state it is about SSH. (bsc#1118617) ----------------------------------------- Patch: SUSE-2019-102 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Severity: moderate References: 1120402 Description: This update for timezone fixes the following issues: - Update 2018i: São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------- Patch: SUSE-2019-104 Released: Tue Jan 15 18:03:13 2019 Summary: Recommended update for chrony Severity: moderate References: 1117147 Description: This update for chrony fixes the following issues: - Generate chronyd sysconfig file. (bsc#1117147) ----------------------------------------- Patch: SUSE-2019-122 Released: Fri Jan 18 12:35:45 2019 Summary: Recommended update for libstorage-ng Severity: moderate References: 1059972 Description: This update for libstorage-ng provides the following fixes: - Avoid thread unsafe strerror function. - Create crypttab, lock and log with proper permissions. (bsc#1059972) - Add missing quoting. (bsc#1059972) - Fix some audit issues. - Use exceptions to handle errors. ----------------------------------------- Patch: SUSE-2019-123 Released: Fri Jan 18 12:35:57 2019 Summary: Recommended update for yast2-bootloader Severity: moderate References: 1111236 Description: This update for yast2-bootloader fixes the following issues: - Do not crash if an unknown device is found in a cloned configuration. (bsc#1111236) ----------------------------------------- Patch: SUSE-2019-126 Released: Fri Jan 18 14:19:47 2019 Summary: Security update for openssh Severity: important References: 1121571,1121816,1121818,1121821,CVE-2018-20685,CVE-2019-6109,CVE-2019-6110,CVE-2019-6111 Description: This update for openssh fixes the following issues: Security issues fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816) - CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818) - CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821) ----------------------------------------- Patch: SUSE-2019-137 Released: Mon Jan 21 15:52:45 2019 Summary: Security update for systemd Severity: important References: 1005023,1045723,1076696,1080919,1093753,1101591,1111498,1114933,1117063,1119971,1120323,CVE-2018-16864,CVE-2018-16865,CVE-2018-16866,CVE-2018-6954 Description: This update for systemd provides the following fixes: Security issues fixed: - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323) - CVE-2018-16866: Fixed an information leak in journald (bsc#1120323) - CVE-2018-6954: Fix mishandling of symlinks present in non-terminal path components (bsc#1080919) - Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971) Non-security issues fixed: - pam_systemd: Fix 'Cannot create session: Already running in a session' (bsc#1111498) - systemd-vconsole-setup: vconsole setup fails, fonts will not be copied to tty (bsc#1114933) - systemd-tmpfiles-setup: symlinked /tmp to /var/tmp breaking multiple units (bsc#1045723) - Fixed installation issue with /etc/machine-id during update (bsc#1117063) - btrfs: qgroups are assigned to parent qgroups after reboot (bsc#1093753) - logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591) - udev: Downgrade message when settting inotify watch up fails. (bsc#1005023) - udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696) ----------------------------------------- Patch: SUSE-2019-141 Released: Tue Jan 22 08:29:12 2019 Summary: Recommended update for polkit-default-privs Severity: moderate References: 1119394,984817 Description: This update for polkit-default-privs fixes the following issues: - Backport of additional flatpak rule (bsc#1119394, bsc#984817) ----------------------------------------- Patch: SUSE-2019-147 Released: Wed Jan 23 17:57:31 2019 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1121446 Description: This update for ca-certificates-mozilla fixes the following issues: The package was updated to the 2.30 version of the Mozilla NSS Certificate store. (bsc#1121446) Removed Root CAs: - AC Raiz Certicamara S.A. - Certplus Root CA G1 - Certplus Root CA G2 - OpenTrust Root CA G1 - OpenTrust Root CA G2 - OpenTrust Root CA G3 - Visa eCommerce Root Added Root CAs: - Certigna Root CA (email and server auth) - GTS Root R1 (server auth) - GTS Root R2 (server auth) - GTS Root R3 (server auth) - GTS Root R4 (server auth) - OISTE WISeKey Global Root GC CA (email and server auth) - UCA Extended Validation Root (server auth) - UCA Global G2 Root (email and server auth) ----------------------------------------- Patch: SUSE-2019-150 Released: Wed Jan 23 17:58:45 2019 Summary: Security update for the Linux Kernel Severity: important References: 1024718,1046299,1050242,1050244,1051510,1055120,1055121,1055186,1058115,1060463,1065600,1065729,1068273,1078248,1079935,1082387,1082555,1082653,1083647,1085535,1086282,1086283,1086423,1087082,1087978,1088386,1089350,1090888,1091405,1094244,1097593,1097755,1102875,1102877,1102879,1102882,1102896,1103257,1104353,1104427,1104824,1104967,1105168,1106105,1106110,1106237,1106240,1106615,1106913,1107256,1107385,1107866,1108270,1108468,1109272,1109772,1109806,1110006,1110558,1110998,1111062,1111174,1111183,1111188,1111469,1111696,1111795,1111809,1112963,1113295,1113412,1113501,1113677,1113722,1113769,1114015,1114178,1114279,1114385,1114576,1114577,1114578,1114579,1114580,1114581,1114582,1114583,1114584,1114585,1114839,1114871,1115074,1115269,1115431,1115433,1115440,1115567,1115709,1115976,1116040,1116183,1116336,1116692,1116693,1116698,1116699,1116700,1116701,1116803,1116841,1116862,1116863,1116876,1116877,1116878,1116891,1116895,1116899,1116950,1117115,1117162,1117165,1117168,1117172,1117174,1117181,1117184,1117186,1117188,1117189,1117349,1117561,1117656,1117788,1117789,1117790,1117791,1117792,1117794,1117795,1117796,1117798,1117799,1117801,1117802,1117803,1117804,1117805,1117806,1117807,1117808,1117815,1117816,1117817,1117818,1117819,1117820,1117821,1117822,1117953,1118102,1118136,1118137,1118138,1118140,1118152,1118215,1118316,1118319,1118320,1118428,1118484,1118505,1118752,1118760,1118761,1118762,1118766,1118767,1118768,1118769,1118771,1118772,1118773,1118774,1118775,1118798,1118809,1118962,1119017,1119086,1119212,1119322,1119410,1119714,1119749,1119804,1119946,1119947,1119962,1119968,1119974,1120036,1120053,1120054,1120055,1120058,1120088,1120092,1120094,1120096,1120097,1120173,1120214,1120223,1120228,1120230,1120232,1120234,1120235,1120238,1120594,1120598,1120600,1120601,1120602,1120603,1120604,1120606,1120612,1120613,1120614,1120615,1120616,1120617,1120618,1120620,1120621,1120632,1120633,1120743,1120954,1121017,1121058,1121263,1121273,1121477,1121483,1121599,1121621,1121714,1121715,1121973,CVE-2018-12232,CVE-2018-14625,CVE-2018-16862,CVE-2018-16884,CVE-2018-18281,CVE-2018-18397,CVE-2018-19407,CVE-2018-19824,CVE-2018-19854,CVE-2018-19985,CVE-2018-20169,CVE-2018-9568 Description: The SUSE Linux Enterprise 15 kernel for Azure was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-12232: In net/socket.c there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593). - CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615). - CVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). The following non-security bugs were fixed: - ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567). - ACPICA: Tables: Add WSMT support (bsc#1089350). - ACPI / CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115). - ACPI / CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115). - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510). - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510). - ACPI, nfit: Fix ARS overflow continuation (bsc#1116895). - ACPI/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279). - ACPI/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279). - ACPI / platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510). - ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510). - act_ife: fix a potential use-after-free (networking-stable-18_09_11). - aio: fix spectre gadget in lookup_ioctx (bsc#1120594). - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510). - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510). - ALSA: control: Fix race between adding and removing a user element (bsc#1051510). - ALSA: cs46xx: Potential NULL dereference in probe (bsc#1051510). - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - ALSA: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - ALSA: fireface: fix for state to fetch PCM frames (bsc#1051510). - ALSA: fireface: fix reference to wrong register for clock configuration (bsc#1051510). - ALSA: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510). - ALSA: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510). - ALSA: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510). - ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510). - ALSA: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510). - ALSA: hda: Add support for AMD Stoney Ridge (bsc#1051510). - ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510). - ALSA: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510). - ALSA: hda: fix front speakers on Huawei MBXP (bsc#1051510). - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510). - ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510). - ALSA: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510). - ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510). - ALSA: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510). - ALSA: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510). - ALSA: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510). - ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510). - ALSA: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510). - ALSA: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510). - ALSA: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510). - ALSA: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510). - ALSA: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510). - ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510). - ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510). - ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510). - ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510). - ALSA: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510). - ALSA: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510). - ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510). - ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510). - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510). - ALSA: hda/realtek - Support ALC300 (bsc#1051510). - ALSA: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510). - ALSA: hda/tegra: clear pending irq handlers (bsc#1051510). - ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510). - ALSA: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510). - ALSA: pcm: Fix interval evaluation with openmin/max (bsc#1051510). - ALSA: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510). - ALSA: pcm: Fix starvation on down_write_nonblock() (bsc#1051510). - ALSA: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510). - ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510). - ALSA: trident: Suppress gcc string warning (bsc#1051510). - ALSA: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510). - ALSA: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510). - ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510). - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510). - ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510). - ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510). - ALSA: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - apparmor: do not try to replace stale label in ptrace access check (git-fixes). - apparmor: do not try to replace stale label in ptraceme check (git-fixes). - apparmor: Fix uninitialized value in aa_split_fqname (git-fixes). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612). - arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613). - arm64: cpu_errata: include required headers (bsc#1120615). - arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633). - arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632). - arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998). - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998). - arm64: KVM: Tighten guest core register access from userspace (bsc#1110998). - arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614). - arm64: lse: remove -fcall-used-x0 flag (bsc#1120618). - arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617). - arm64/numa: Report correct memblock range for the dummy node (bsc#1120620). - arm64/numa: Unify common error path in numa_init() (bsc#1120621). - arm64: remove no-op -p linker flag (bsc#1120616). - arm: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510). - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535) - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510). - ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510). - ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510). - ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510). - ASoC: rsnd: fixup clock start checker (bsc#1051510). - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510). - ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510). - ata: Fix racy link clearance (bsc#1107866). - ataflop: fix error handling during setup (bsc#1051510). - ath10k: do not assume this is a PCI dev in generic code (bsc#1051510). - ath10k: schedule hardware restart if WMI command times out (bsc#1051510). - ath6kl: Only use match sets when firmware supports it (bsc#1051510). - b43: Fix error in cordic routine (bsc#1051510). - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510). - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510). - bcache: fix miss key refill->end in writeback (Git-fixes). - bcache: trace missed reading by cache_missed (Git-fixes). - bitops: protect variables in bit_clear_unless() macro (bsc#1051510). - bitops: protect variables in set_mask_bits() macro (bsc#1051510). - blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes). - block: allow max_discard_segments to be stacked (Git-fixes). - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes). - block: copy ioprio in __bio_clone_fast() (bsc#1082653). - block: really disable runtime-pm for blk-mq (Git-fixes). - block: reset bi_iter.bi_done after splitting bio (Git-fixes). - block: respect virtual boundary mask in bvecs (bsc#1113412). - block/swim: Fix array bounds check (Git-fixes). - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510). - Bluetooth: SMP: fix crash in unpairing (bsc#1051510). - bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ). - bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282). - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16). - bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ). - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16). - bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242). - bonding: avoid possible dead-lock (networking-stable-18_10_16). - bonding: fix length of actor system (networking-stable-18_11_02). - bonding: fix warning message (networking-stable-18_10_16). - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16). - bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647). - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647). - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24). - bpf: use per htab salt for bucket hash (git-fixes). - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647). - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510). - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510). - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510). - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02). - Btrfs: Always try all copies when reading extent buffers (git-fixes). - Btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469). - Btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469). - Btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469). - Btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469). - Btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469). - Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136). - Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137). - Btrfs: fix cur_offset in the error case for nocow (bsc#1118140). - Btrfs: fix data corruption due to cloning of eof block (bsc#1116878). - Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876). - Btrfs: fix deadlock when writing out free space caches (bsc#1116700). - Btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469). - Btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes). - Btrfs: fix error handling in btrfs_truncate() (bsc#1111469). - Btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469). - Btrfs: fix fsync of files with multiple hard links in new directories (1120173). - Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877). - Btrfs: Fix memory barriers usage with device stats counters (git-fixes). - Btrfs: fix null pointer dereference on compressed write path error (bsc#1116698). - Btrfs: fix use-after-free during inode eviction (bsc#1116701). - Btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469). - Btrfs: fix use-after-free when dumping free space (bsc#1116862). - Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692). - Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693). - Btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469). - Btrfs: get rid of unused orphan infrastructure (bsc#1111469). - Btrfs: make sure we create all new block groups (bsc#1116699). - Btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469). - Btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863). - Btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036). - Btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469). - Btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469). - Btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469). - Btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188). - Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138). - Btrfs: stop creating orphan items for truncate (bsc#1111469). - Btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875). - Btrfs: update stale comments referencing vmtruncate() (bsc#1111469). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510). - can: flexcan: flexcan_irq(): fix indention (bsc#1051510). - can: hi311x: Use level-triggered interrupt (bsc#1051510). - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510). - can: rcar_can: Fix erroneous registration (bsc#1051510). - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510). - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510). - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510). - cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121273). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510). - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510). - char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058). - char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058). - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510). - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510). - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510). - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510). - clk: mmp: Off by one in mmp_clk_add() (bsc#1051510). - clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510). - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510). - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510). - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510). - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes). - config: arm64: enable erratum 1024718 - configfs: replace strncpy with memcpy (bsc#1051510). - cpufeature: avoid warning when compiling with clang (Git-fixes). - cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115). - cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115). - cpupower: remove stringop-truncation waring (git-fixes). - crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510). - crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command (). - crypto: ccp - Add GET_ID SEV command (). - crypto: ccp - Add psp enabled message when initialization succeeds (). - crypto: ccp - Add support for new CCP/PSP device ID (). - crypto: ccp - Allow SEV firmware to be chosen based on Family and Model (). - crypto: ccp - Fix static checker warning (). - crypto: ccp - Remove unused #defines (). - crypto: ccp - Support register differences between PSP devices (). - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510). - dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111). - dax: Check page->mapping isn't NULL (bsc#1120054). - dax: Do not access a freed inode (bsc#1120055). - device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510). - device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510). - disable stringop truncation warnings for now (git-fixes). - dm: allocate struct mapped_device with kvzalloc (Git-fixes). - dm cache: destroy migration_cache if cache target registration failed (Git-fixes). - dm cache: fix resize crash if user does not reload cache table (Git-fixes). - dm cache metadata: ignore hints array being too small during resize (Git-fixes). - dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes). - dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes). - dm cache: only allow a single io_mode cache feature to be requested (Git-fixes). - dm crypt: do not decrease device limits (Git-fixes). - dm: fix report zone remapping to account for partition offset (Git-fixes). - dm integrity: change 'suspending' variable from bool to int (Git-fixes). - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes). - dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes). - dm linear: fix linear_end_io conditional definition (Git-fixes). - dm thin: handle running out of data space vs concurrent discard (Git-fixes). - dm thin metadata: remove needless work from __commit_transaction (Git-fixes). - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes). - dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes). - dm writecache: report start_sector in status line (Git-fixes). - dm zoned: fix metadata block ref counting (Git-fixes). - dm zoned: fix various dmz_get_mblock() issues (Git-fixes). - doc/README.SUSE: correct GIT url No more gitorious, github we use. - Documentation/l1tf: Fix typos (bsc#1051510). - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510). - drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749). - drivers/net/usb/r8152: remove the unneeded variable 'ret' in rtl8152_system_suspend (bsc#1119749). - drivers/tty: add missing of_node_put() (bsc#1051510). - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510). - drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722) - drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722) - drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722) - drm/ast: change resolution may cause screen blurred (boo#1112963). - drm/ast: fixed cursor may disappear sometimes (bsc#1051510). - drm/ast: Fix incorrect free on ioregs (bsc#1051510). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/dp_mst: Check if primary mstb is null (bsc#1051510). - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722) - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722) - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510). - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510). - drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722) - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510). - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510). - drm/i915/glk: Remove 99% limitation (bsc#1051510). - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510). - drm/i915: Large page offsets for pread/pwrite (bsc#1051510). - drm/i915: Mark pin flags as u64 (bsc#1051510). - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510). - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510). - drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722) - drm/meson: add support for 1080p25 mode (bsc#1051510). - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510). - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510). - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510). - drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722) - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510). - drm: rcar-du: Fix external clock error checks (bsc#1113722) - drm: rcar-du: Fix vblank initialization (bsc#1113722) - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510). - drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722) - drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722) - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722) - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722) - dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes). - dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes). - dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes). - dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes). - dt-bindings: iio: update STM32 timers clock names (git-fixes). - dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes). - dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes). - dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes). - dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes). - dt-bindings: pwm: renesas: tpu: Fix 'compatible' prop description (git-fixes). - dt-bindings: pwm: Update STM32 timers clock names (git-fixes). - dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes). - EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279). - EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279). - efi: Move some sysfs files to be read-only by root (bsc#1051510). - ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017). - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773). - ext2: fix potential use after free (bsc#1118775). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794). - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803). - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804). - ext4: fix possible use after free in ext4_quota_enable (bsc#1120602). - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789). - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603). - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - extable: Consolidate *kernel_text_address() functions (bsc#1120092). - extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722) - fbdev: fix broken menu dependencies (bsc#1113722) - firmware: add firmware_request_nowarn() - load firmware without warnings (). - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ). - firmware: dcdbas: include linux/io.h (bsc#1089350). - Fix kABI for 'Ensure we commit after writeback is complete' (bsc#1111809). - Fix the breakage of KMP build on x86_64 (bsc#1121017) The backport of the commit 4cd24de3a098 broke KMP builds because of the failure of make kernelrelease call in spec file. Clear the blacklist and backport the fix from the upstream. - Fix tracing sample code warning (git-fixes). - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510). - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes). - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes). - fs: fix lost error code in dio_complete (bsc#1118762). - fs: Make extension of struct super_block transparent (bsc#1117822). - fsnotify: Fix busy inodes during unmount (bsc#1117822). - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074). - fs/xfs: Use %pS printk format for direct addresses (git-fixes). - ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172). - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174). - ftrace: Remove incorrect setting of glob search field (bsc#1117184). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes). - fuse: fix use-after-free in fuse_direct_IO() (git-fixes). - fuse: set FR_SENT while locked (git-fixes). - gcc-plugins: Add include required by GCC release 8 (git-fixes). - gcc-plugins: Use dynamic initializers (git-fixes). - genirq: Fix race on spurious interrupt detection (bsc#1051510). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769). - gfs2: Fix loop in gfs2_rbm_find (bsc#1120601). - gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600). - gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768). - gfs2: Put bitmap buffers in put_super (bsc#1118772). - git_sort.py: Remove non-existent remote tj/libata - gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes). - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510). - gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510). - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510). - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510). - gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510). - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes). - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24). - HID: Add quirk for Primax PIXART OEM mice (bsc#1119410). - HID: hiddev: fix potential Spectre v1 (bsc#1051510). - HID: input: Ignore battery reported by Symbol DS4308 (bsc#1051510). - HID: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510). - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510). - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11). - hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510). - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510). - hwmon: (ina2xx) Fix current value calculation (bsc#1051510). - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510). - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510). - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510). - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510). - hwmon: (raspberrypi) Fix initial notify (bsc#1051510). - hwmon: (w83795) temp4_type has writable permission (bsc#1051510). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - i2c: axxia: properly handle master timeout (bsc#1051510). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510). - IB/hfi1: Add mtu check for operational data VLs (bsc#1060463 ). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ibmvnic: remove ndo_poll_controller (). - ibmvnic: Update driver queues after change in ring size support (). - IB/rxe: support for 802.1q VLAN on the listener (bsc#1082387). - ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510). - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510). - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510). - iio: ad5064: Fix regulator handling (bsc#1051510). - iio:st_magn: Fix enable device after trigger (bsc#1051510). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510). - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510). - Include modules.fips in kernel-binary as well as kernel-binary-base (). - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16). - initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes). - Input: add official Raspberry Pi's touchscreen driver (). - Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510). - Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510). - Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510). - Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510). - Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510). - Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510). - Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510). - Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510). - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510). - Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510). - Input: xpad - add PDP device id 0x02a4 (bsc#1051510). - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510). - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510). - Input: xpad - fix some coding style issues (bsc#1051510). - Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510). - integrity/security: fix digsig.c build error with header file (bsc#1051510). - intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02). - ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11). - ipmi: Fix timer race with module unload (bsc#1051510). - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21). - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (networking-stable-18_11_21). - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21). - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24). - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02). - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16). - iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510). - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510). - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510). - iwlwifi: fix LED command capability bit (bsc#1119086). - iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086). - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086). - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510). - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086). - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510). - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510). - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510). - iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086). - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510). - iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767). - jump_label: Split out code under the hotplug lock (bsc#1106913). - kabi fix for 'NFSv4.1: Fix up replays of interrupted requests' (git-fixes). - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - kabi: mask raw in struct bpf_reg_state (bsc#1083647). - kabi: powerpc: Revert npu callback signature change (bsc#1055120). - kabi protect hnae_ae_ops (bsc#1104353). - kabi: protect struct fib_nh_exception (kabi). - kabi: protect struct rtable (kabi). - kbuild: allow to use GCC toolchain not in Clang search path (git-fixes). - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510). - kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes). - kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes). - kbuild: move '_all' target out of $(KBUILD_SRC) conditional (bsc#1114279). - kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes). - Kbuild: suppress packed-not-aligned warning for default setting only (git-fixes). - kbuild: verify that $DEPMOD is installed (git-fixes). - kdb: use memmove instead of overlapping memcpy (bsc#1120954). - kernfs: Replace strncpy with memcpy (bsc#1120053). - keys: Fix the use of the C++ keyword 'private' in uapi/linux/keyctl.h (Git-fixes). - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510). - kobject: Replace strncpy with memcpy (git-fixes). - kprobes: Make list and blacklist root user read only (git-fixes). - KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998). - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240). - KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240). - KVM: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484). - KVM: s390: vsie: copy wrapping keys to right place (git-fixes). - KVM: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279). - KVM: VMX: re-add ple_gap module parameter (bsc#1106240). - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086). - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891). - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962). - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899). - lib/raid6: Fix arm64 test build (bsc#1051510). - lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510). - Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715). - linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510). - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02). - locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes). - locking/static_keys: Improve uninitialized key warning (bsc#1106913). - mac80211: Always report TX status (bsc#1051510). - mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510). - mac80211: fix reordering of buffered broadcast packets (bsc#1051510). - mac80211: fix TX status reporting for ieee80211s (bsc#1051510). - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510). - mac80211_hwsim: fix module init error paths for netlink (bsc#1051510). - mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510). - mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510). - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510). - mach64: fix display corruption on big endian machines (bsc#1113722) - mach64: fix image corruption due to reading accelerator registers (bsc#1113722) - mailbox: PCC: handle parse error (bsc#1051510). - Mark HI and TASKLET softirq synchronous (git-fixes). - md: allow metadata updates while suspending an array - fix (git-fixes). - MD: fix invalid stored role for a disk - try2 (git-fixes). - md: fix raid10 hang issue caused by barrier (git-fixes). - media: em28xx: Fix use-after-free when disconnecting (bsc#1051510). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510). - media: omap3isp: Unregister media device as first (bsc#1051510). - memory_hotplug: cond_resched in __remove_pages (bnc#1114178). - mfd: menelaus: Fix possible race condition and leak (bsc#1051510). - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510). - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21). - mmc: bcm2835: reset host on timeout (bsc#1051510). - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510). - mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510). - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510). - mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752). - mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752). - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510). - mmc: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510). - mmc: omap_hsmmc: fix DMA API warning (bsc#1051510). - mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510). - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm: do not warn about large allocations for slab (git fixes (slab)). - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677). - mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962). - mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599). - mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599). - mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599). - mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)). - mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599). - mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599). - mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: migration: fix migration of huge PMD shared pages (bnc#1086423). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: rework memcg kernel stack accounting (bnc#1113677). - mm: sections are not offlined during memory hotremove (bnc#1119968). - mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem). - mm/vmstat.c: fix NUMA statistics updates (git fixes). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820). - mount: Retest MNT_LOCKED in do_umount (bsc#1117818). - Move dell_rbu fix to sorted section (bsc#1087978). - mtd: cfi: convert inline functions to macros (git-fixes). - mtd: Fix comparison in map_word_andequal() (git-fixes). - namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766). - nbd: do not allow invalid blocksize settings (Git-fixes). - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24). - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679). - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24). - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16). - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02). - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21). - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11). - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510). - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes). - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16). - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16). - net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes). - net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561). - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561). - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561). - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561). - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561). - net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561). - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561). - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561). - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561). - net: ena: minor performance improvement (bsc#1111696 bsc#1117561). - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561). - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561). - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02). - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21). - net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353). - net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353). - net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353). - net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353). - net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353). - net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ). - net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353). - net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353). - net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353). - net: hns3: Check hdev state when getting link status (bsc#1104353). - net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353). - net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353). - net: hns3: Fix error of checking used vlan id (bsc#1104353 ). - net: hns3: Fix ets validate issue (bsc#1104353). - net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353). - net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353). - net: hns3: Fix for packet buffer setting bug (bsc#1104353 ). - net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353). - net: hns3: Fix for setting speed for phy failed problem (bsc#1104353). - net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ). - net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353). - net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353). - net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353). - net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ). - net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353). - net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353). - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16). - net: hp100: fix always-true check for link up state (networking-stable-18_09_24). - net: ibm: fix return type of ndo_start_xmit function (). - net/ibmnvic: Fix deadlock problem in reset (). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02). - net: ipv4: do not let PMTU updates increase route MTU (git-fixes). - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02). - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16). - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299). - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18). - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21). - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16). - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18). - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16). - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18). - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18). - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02). - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16). - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16). - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16). - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21). - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18). - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510). - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11). - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11). - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24). - net: sched: Fix for duplicate class dump (networking-stable-18_11_02). - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11). - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02). - net: smsc95xx: Fix MTU range (networking-stable-18_11_21). - net: socket: fix a missing-check bug (networking-stable-18_11_02). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02). - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16). - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16). - net: systemport: Protect stop from timeout (networking-stable-18_11_21). - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02). - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16). - net: usb: r8152: constify usb_device_id (bsc#1119749). - net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749). - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11). - nfs: Avoid RCU usage in tracepoints (git-fixes). - nfs: commit direct writes even if they fail partially (git-fixes). - nfsd4: permit layoutget of executable-only files (git-fixes). - nfsd: check for use of the closed special stateid (git-fixes). - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes). - nfsd: deal with revoked delegations appropriately (git-fixes). - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes). - nfsd: Fix another OPEN stateid race (git-fixes). - nfsd: fix corrupted reply to badly ordered compound (git-fixes). - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes). - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes). - nfs: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes). - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes). - nfs: Ensure we commit after writeback is complete (bsc#1111809). - nfs: Fix an incorrect type in struct nfs_direct_req (git-fixes). - nfs: Fix a typo in nfs_rename() (git-fixes). - nfs: Fix typo in nomigration mount option (git-fixes). - nfs: Fix unstable write completion (git-fixes). - nfsv4.0 fix client reference leak in callback (git-fixes). - nfsv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes). - nfsv4.1 fix infinite loop on I/O (git-fixes). - nfsv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes). - nfsv4.1: Fix up replays of interrupted requests (git-fixes). - nfsv4: Fix a typo in nfs41_sequence_process (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510). - nospec: Allow index argument to have const-qualified type (git-fixes) - nospec: Include <asm/barrier.h> dependency (bsc#1114279). - nospec: Kill array_index_nospec_mask_check() (git-fixes). - nvme-fc: resolve io failures during connect (bsc#1116803). - nvme: Free ctrl device name on init failure (). - nvme-multipath: zero out ANA log buffer (bsc#1105168). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - objtool: Detect RIP-relative switch table references (bsc#1058115). - objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115). - objtool: Fix another switch table detection issue (bsc#1058115). - objtool: Fix double-free in .cold detection error path (bsc#1058115). - objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115). - objtool: Fix 'noreturn' detection for recursive sibling calls (bsc#1058115). - objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115). - objtool: Support GCC 8's cold subfunctions (bsc#1058115). - objtool: Support GCC 8 switch tables (bsc#1058115). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817). - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816). - ocfs2: fix ocfs2 read block panic (bsc#1117815). - ocfs2: free up write context when direct IO failed (bsc#1117821). - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808). - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02). - panic: avoid deadlocks in re-entrant console drivers (bsc#1088386). - PCI: Add ACS quirk for Ampere root ports (bsc#1120058). - PCI: Add ACS quirk for APM X-Gene devices (bsc#1120058). - PCI: Add Device IDs for Intel GPU 'spurious interrupt' quirk (bsc#1051510). - PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510). - PCI: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058). - PCI: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058). - PCI: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058). - PCI: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit: 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510) - PCI: Export pcie_has_flr() (bsc#1120058). - PCI: hv: Use effective affinity mask (bsc#1109772). - PCI: imx6: Fix link training status detection in link up check (bsc#1109806). - PCI: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058). - PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806). - PCI: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058). - PCI: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058). - PCI: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058). - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510). - PCI: vmd: Assign vector zero to all bridges (bsc#1109806). - PCI: vmd: Detach resources after stopping root bus (bsc#1109806). - PCI: vmd: White list for fast interrupt handlers (bsc#1109806). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510). - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279). - perf: fix invalid bit in diagnostic entry (git-fixes). - perf tools: Fix tracing_path_mount proper path (git-fixes). - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510). - pinctrl: meson: fix pinconf bias disable (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510). - platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510). - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510). - pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes). - pNFS: Do not release the sequence slot until we've processed layoutget on open (git-fixes). - pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes). - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729). - powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes). - powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729). - powerpc/boot: Fix build failures with -j 1 (bsc#1065729). - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729). - powerpc/mm: Fix typo in comments (bsc#1065729). - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248). - powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120). - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729). - powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes). - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729). - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729). - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121). - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120). - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120). - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120). - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120). - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120). - powerpc/pseries: Fix DTL buffer registration (bsc#1065729). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510). - power: supply: olpc_battery: correct the temperature units (bsc#1051510). - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24). - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168). - provide linux/set_memory.h (bsc#1113295). - ptp: fix Spectre v1 vulnerability (bsc#1051510). - ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913). - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510). - pxa168fb: prepare the clock (bsc#1051510). - qed: Add driver support for 20G link speed (bsc#1110558). - qed: Add support for virtual link (bsc#1111795). - qede: Add driver support for 20G link speed (bsc#1110558). - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510). - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510). - r8152: add byte_enable for ocp_read_word function (bsc#1119749). - r8152: add Linksys USB3GIGV1 id (bsc#1119749). - r8152: add r8153_phy_status function (bsc#1119749). - r8152: adjust lpm settings for RTL8153 (bsc#1119749). - r8152: adjust rtl8153_runtime_enable function (bsc#1119749). - r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749). - r8152: adjust U2P3 for RTL8153 (bsc#1119749). - r8152: avoid rx queue more than 1000 packets (bsc#1119749). - r8152: check if disabling ALDPS is finished (bsc#1119749). - r8152: correct the definition (bsc#1119749). - r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749). - r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749). - r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749). - r8152: move calling delay_autosuspend function (bsc#1119749). - r8152: move the default coalesce setting for RTL8153 (bsc#1119749). - r8152: move the initialization to reset_resume function (bsc#1119749). - r8152: move the setting of rx aggregation (bsc#1119749). - r8152: replace napi_complete with napi_complete_done (bsc#1119749). - r8152: set rx mode early when linking on (bsc#1119749). - r8152: split rtl8152_resume function (bsc#1119749). - r8152: support new chip 8050 (bsc#1119749). - r8152: support RTL8153B (bsc#1119749). - r8169: fix NAPI handling under high load (networking-stable-18_11_02). - rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes). - rcu: Allow for page faults in NMI handlers (bsc#1120092). - RDMA/bnxt_re: Add missing spin lock initialization (bsc#1050244 ). - RDMA/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244). - RDMA/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283). - RDMA/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283). - RDMA/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ). - rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387). - rds: fix two RCU related problems (networking-stable-18_09_18). - remoteproc: qcom: Fix potential device node leaks (bsc#1051510). - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510). - reset: imx7: Fix always writing bits as 0 (bsc#1051510). - reset: remove remaining WARN_ON() in <linux/reset.h> (Git-fixes). - Revert 'ceph: fix dentry leak in splice_dentry()' (bsc#1114839). - Revert commit ef9209b642f 'staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c' (bsc#1051510). - Revert 'iommu/io-pgtable-arm: Check for v7s-incapable systems' (bsc#1106105). - Revert 'PCI/ASPM: Do not initialize link state when aspm_disabled is set' (bsc#1051510). - Revert 'powerpc/64: Fix checksum folding in csum_add()' (bsc#1065729). - Revert 'scsi: lpfc: ls_rjt erroneus FLOGIs' (bsc#1119322). - Revert 'usb: dwc3: gadget: skip Set/Clear Halt when invalid' (bsc#1051510). - Revert wlcore patch to follow stable tree develpment - ring-buffer: Allow for rescheduling when removing pages (bsc#1120238). - ring-buffer: Do no reuse reader page if still in use (bsc#1120096). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - rpm/kernel-binary.spec.in: add macros.s into kernel-*-devel Starting with 4.20-rc1, file arch/*/kernel/macros.s is needed to build out of tree modules. Add it to kernel-${flavor}-devel packages if it exists. - rpm/kernel-binary.spec.in: allow unsupported modules for -extra (bsc#1111183). SLE-15 and later only. - rpm: use syncconfig instead of silentoldconfig where available Since mainline commit 0085b4191f3e ('kconfig: remove silentoldconfig target'), 'make silentoldconfig' can be no longer used. Use 'make syncconfig' instead if available. - rtc: hctosys: Add missing range error reporting (bsc#1051510). - rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510). - rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510). - rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510). - rtl8xxxu: Fix missing break in switch (bsc#1051510). - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02). - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16). - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16). - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes). - s390/dasd: simplify locking in dasd_times_out (bsc#1104967,). - s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112). - s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112). - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235). - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes). - s390/mm: correct allocate_pgste proc_handler callback (git-fixes). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682). - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953). - s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682). - s390/qeth: handle failure on workqueue creation (git-fixes). - s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960). - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959). - s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960). - s390: revert ELF_ET_DYN_BASE base changes (git-fixes). - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes). - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273). - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273). - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273). - sbitmap: fix race in wait batch accounting (Git-fixes). - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913). - sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c (Git fixes (scheduler)). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228). - scripts/git-pre-commit: make executable. - scripts/git_sort/git_sort.py: add mkp/scsi.git 4.21/scsi-queue - scripts/git_sort/git_sort.py: change SCSI git repos to make series sorting more failsafe. - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578). - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580). - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015). - scsi: lpfc: add Trunking support (bsc#1114015). - scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215). - scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215). - scsi: lpfc: Correct errors accessing fw log (bsc#1114015). - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015). - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015). - scsi: lpfc: Correct LCB RJT handling (bsc#1114015). - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015). - scsi: lpfc: Correct race with abort on completion path (bsc#1114015). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015). - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015). - scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215). - scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215). - scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322). - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015). - scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215). - scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215). - scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215). - scsi: lpfc: Fix errors in log messages (bsc#1114015). - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015). - scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215). - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015). - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015). - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015). - scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215). - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015). - scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215). - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015). - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015). - scsi: lpfc: reduce locking when updating statistics (bsc#1114015). - scsi: lpfc: refactor mailbox structure context fields (bsc#1118215). - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015). - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015). - scsi: lpfc: rport port swap discovery issue (bsc#1118215). - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215). - scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581). - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582). - scsi: sg: fix minor memory leak in error path (bsc#1114584). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: target: Fix fortify_panic kernel exception (bsc#1114576). - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577). - scsi: target: tcmu: add read length support (bsc#1097755). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588). - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02). - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21). - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11). - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21). - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21). - sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16). - shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599). - shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599). - skd: Avoid that module unloading triggers a use-after-free (Git-fixes). - skd: Submit requests to firmware before triggering the doorbell (Git-fixes). - skip LAYOUTRETURN if layout is invalid (git-fixes). - soc: bcm2835: sync firmware properties with downstream () - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510). - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510). - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510). - spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510). - spi: bcm2835: Fix race on DMA termination (bsc#1051510). - spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510). - splice: do not read more than available pipe space (bsc#1119212). - staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510). - staging:iio:ad7606: fix voltage scales (bsc#1051510). - staging: rtl8712: Fix possible buffer overrun (bsc#1051510). - staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510). - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510). - staging: rts5208: fix gcc-8 logic error warning (bsc#1051510). - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510). - staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510). - SUNRPC: Allow connect to return EHOSTUNREACH (git-fixes). - sunrpc: Do not use stack buffer with scatterlist (git-fixes). - sunrpc: Fix rpc_task_begin trace point (git-fixes). - SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes). - supported.conf: add raspberrypi-ts driver - supported.conf: whitelist bluefield eMMC driver - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349). - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11). - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510). - termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510). - test_firmware: fix error return getting clobbered (bsc#1051510). - test_hexdump: use memcpy instead of strncpy (bsc#1051510). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21). - thermal: bcm2835: enable hwmon explicitly (bsc#1108468). - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510). - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510). - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21). - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11). - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510). - tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes). - tools: hv: include string.h in hv_fcopy_daemon (git-fixes). - tools/lib/lockdep: Rename 'trywlock' into 'trywrlock' (bsc#1121973). - tools/power/cpupower: fix compilation with STATIC=true (git-fixes). - tools/power turbostat: fix possible sprintf buffer overflow (git-fixes). - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555). - tpm: add retry logic (bsc#1082555). - tpm: consolidate the TPM startup code (bsc#1082555). - tpm: do not suspend/resume if power stays on (bsc#1082555). - tpm: fix intermittent failure with self tests (bsc#1082555). - tpm: fix response size validation in tpm_get_random() (bsc#1082555). - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555). - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555). - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555). - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555). - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555). - tpm: Restore functionality to xen vtpm driver (bsc#1082555). - tpm: self test failure should not cause suspend to fail (bsc#1082555). - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555). - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555). - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555). - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555). - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555). - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188). - tracing/blktrace: Fix to allow setting same value (Git-fixes). - tracing: Erase irqsoff trace with empty write (bsc#1117189). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix crash when freeing instances with event triggers (bsc#1120230). - tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097). - tracing: Fix double free of event_trigger_data (bsc#1120234). - tracing: Fix missing return symbol in function_graph output (bsc#1120232). - tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235). - tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing: Fix trace_pipe behavior for instance traces (bsc#1120088). - tracing: Remove RCU work arounds from stack tracer (bsc#1120092). - tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes). - tty: check name length in tty_find_polling_driver() (bsc#1051510). - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510). - tty: Do not return -EAGAIN in blocking read (bsc#1116040). - tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510). - tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510). - tty: wipe buffer (bsc#1051510). - tty: wipe buffer if not echoing data (bsc#1051510). - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510). - tuntap: fix multiqueue rx (networking-stable-18_11_21). - ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598). - udf: Allow mounting volumes with incorrect identification strings (bsc#1118774). - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24). - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24). - udp6: fix encap return code for resubmitting (git-fixes). - uio: ensure class is registered before devices (bsc#1051510). - uio: Fix an Oops on load (bsc#1051510). - uio: make symbol 'uio_class_registered' static (bsc#1051510). - unifdef: use memcpy instead of strncpy (bsc#1051510). - Update config files. Enabled ENA (Amazon network driver) for arm64. - usb: appledisplay: Add 27' Apple Cinema Display (bsc#1051510). - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510). - usb: core: Fix hub port connection events lost (bsc#1051510). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510). - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385). - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385). - usb: dwc2: host: use hrtimer for NAK retries (git-fixes). - usb: dwc3: core: Clean up ULPI device (bsc#1051510). - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510). - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510). - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510). - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510). - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510). - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510). - usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510). - usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888). - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510). - usb: misc: appledisplay: add 20' Apple Cinema Display (bsc#1051510). - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510). - usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510). - usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510). - usb: omap_udc: use devm_request_irq() (bsc#1051510). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510). - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510). - usb: serial: option: add Fibocom NL668 series (bsc#1051510). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510). - usb: serial: option: add HP lt4132 (bsc#1051510). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510). - usb: serial: option: add Telit LN940 series (bsc#1051510). - usb: serial: option: add two-endpoints device-id flag (bsc#1051510). - usb: serial: option: drop redundant interface-class test (bsc#1051510). - usb: serial: option: improve Quectel EP06 detection (bsc#1051510). - usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110). - usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510). - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510). - userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761). - userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809). - v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - vhost: Fix Spectre V1 vulnerability (bsc#1051510). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510). - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02). - VMCI: Resource wildcard match fixed (bsc#1051510). - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510). - watchdog/core: Add missing prototypes for weak functions (git-fixes). - wireless: airo: potential buffer overflow in sprintf() (bsc#1051510). - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510). - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913). - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913). - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006). - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279). - x86/decoder: Fix and update the opcodes map (bsc#1058115). - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772). - x86/kabi: Fix cpu_tlbstate issue (bsc#1106913). - x86/l1tf: Show actual SMT state (bsc#1106913). - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279). - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279). - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279). - x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279). - x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606). - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279). - x86/PCI: Add additional VMD device root ports to VMD AER quirk (bsc#1120058). - x86/PCI: Add 'pci=big_root_window' option for AMD 64-bit windows (bsc#1120058). - x86/PCI: Apply VMD's AERSID fixup generically (bsc#1120058). - x86/PCI: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058). - x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058). - x86/PCI: Enable AMD 64-bit window on resume (bsc#1120058). - x86/PCI: Fix infinite loop in search for 64bit BAR placement (bsc#1120058). - x86/PCI: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058). - x86/PCI: Move VMD quirk to x86 fixups (bsc#1120058). - x86/PCI: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058). - x86/PCI: Use is_vmd() rather than relying on the domain number (bsc#1120058). - x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913). - x86/pti: Document fix wrong index (git-fixes). - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913). - x86/retpoline: Remove minimal retpoline support (bsc#1106913). - x86/speculataion: Mark command line parser data __initdata (bsc#1106913). - x86/speculation: Add command line control for indirect branch speculation (bsc#1106913). - x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913). - x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913). - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913). - x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913). - x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913). - x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913). - x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Mark string arrays const correctly (bsc#1106913). - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913). - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913). - x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913). - x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913). - x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913). - x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913). - x86/speculation: Provide IBPB always command line options (bsc#1106913). - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913). - x86/speculation: Rename SSBD update functions (bsc#1106913). - x86/speculation: Reorder the spec_v2 code (bsc#1106913). - x86/speculation: Reorganize speculation control MSRs update (bsc#1106913). - x86/speculation: Rework SMT state change (bsc#1106913). - x86/speculation: Split out TIF update (bsc#1106913). - x86/speculation: Support Enhanced IBRS on future CPUs (). - x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913). - x86/speculation: Update the TIF_SSBD comment (bsc#1106913). - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netfront: do not bug in case of too many frags (bnc#1104824). - xen/netfront: tolerate frags with no data (bnc#1119804). - xen/pvh: do not try to unplug emulated devices (bnc#1065600). - xen/pvh: increase early stack size (bnc#1065600). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfs: Align compat attrlist_by_handle with native implementation (git-fixes). - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes). - xfs: Properly detect when DAX won't be used on any device (bsc#1115976). - xfs: xfs_buf: drop useless LIST_HEAD (git-fixes). - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510). - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510). - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes). ----------------------------------------- Patch: SUSE-2019-151 Released: Wed Jan 23 17:58:59 2019 Summary: Recommended update for apparmor Severity: moderate References: 1082956,1097370,1100779,1111342,1117354,1119937,1120472 Description: This update for apparmor fixes the following issues: - Change of path of rpm in lessopen.sh (bsc#1082956, bsc#1117354) - allow network access in lessopen.sh for reading files on NFS (workaround for bsc#1119937 / lp#1784499) - dropped check that lets aa-logprof error out in a corner-case (log event for a non-existing profile while a profile file with the default filename for that non-existing profile exists) (bsc#1120472) - netconfig: write resolv.conf to /run with link to /etc (fate#325872, bsc#1097370) [patch apparmor-nameservice-resolv-conf-link.patch] Update to AppArmor 2.12.2: - add profile names to most profiles - update dnsmasq profile (pid file and logfile path) (bsc#1111342) - add vulkan abstraction - add letsencrypt certificate path to abstractions/ssl_* - ignore *.orig and *.rej files when loading profiles - fix aa-complain etc. to handle named profiles - several bugfixes and small profile improvements - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.2 for the detailed upstream changelog Update to AppArmor 2.12.1: - add qt5 and qt5-compose-cache-write abstractions - add @{uid} and @{uids} kernel var placeholders - several profile and abstraction updates - add support for conditional includes ('include if exists') - ignore 'abi' rules in parser and tools (instead of erroring out) - utils: fix overwriting of child profile flags if they differ from the main profile - several bugfixes (including bsc#1100779) - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.1 for detailed upstream release notes ----------------------------------------- Patch: SUSE-2019-153 Released: Thu Jan 24 13:47:38 2019 Summary: Recommended update for dracut Severity: moderate References: 1008352,1112327,1119037,1121251 Description: This update for dracut fixes the following issues: - Ensures that mmc host modules get included properly (bsc#1119037) - Fixes a missing space in example configs (bsc#1121251) - Removes rule existence check (bsc#1008352). - dracut-installkernel: Stops keeping old kernel files as .old (bsc#1112327) ----------------------------------------- Patch: SUSE-2019-158 Released: Thu Jan 24 13:53:40 2019 Summary: Recommended update for hwinfo Severity: moderate References: 1018271,1084700,1107196,1117982 Description: This update for hwinfo provides the following fixes: - Adjust system type detection. (bsc#1117982) - Update PCI and USB IDs. (fate#326431) - Make hwinfo aware of RISC-V. - Fix ID of s-par storage controller. (bsc#1107196) - Add network interfaces found on mdio bus. (bsc#1018271) - The location of the S-Par drivers virtual buses has changed. (bsc#1107196) - Ensure udev device links are unique. (bsc#1084700) ----------------------------------------- Patch: SUSE-2019-162 Released: Thu Jan 24 13:55:33 2019 Summary: Recommended update for grub2 Severity: moderate References: 1111955 Description: This update for grub2 provides the following fix: - ieee1275: Fix double free in CAS reboot. (bsc#1111955) ----------------------------------------- Patch: SUSE-2019-170 Released: Fri Jan 25 13:43:29 2019 Summary: Recommended update for kmod Severity: moderate References: 1118629 Description: This update for kmod fixes the following issues: - Fixes module dependency file corruption on parallel invocation (bsc#1118629). - Allows 'modprobe -c' to print the status of 'allow_unsupported_modules' option. ----------------------------------------- Patch: SUSE-2019-172 Released: Fri Jan 25 15:53:28 2019 Summary: Recommended update for rsyslog Severity: moderate References: 1101642,1119429 Description: This update for rsyslog fixes the following issues: - remove references to obsolete SYSLOG_REQUIRES_NETWORK variable in remote.conf (bsc#1101642) - ship the missed out 'rsyslog-module-gtls' sub-package (bsc#1119429) ----------------------------------------- Patch: SUSE-2019-174 Released: Fri Jan 25 15:59:03 2019 Summary: Security update for python-paramiko Severity: important References: 1111151,1115769,1121846,CVE-2018-1000805 Description: This update for python-paramiko to version 2.4.2 fixes the following issues: Security issue fixed: - CVE-2018-1000805: Fixed an authentication bypass in auth_handler.py (bsc#1111151) Non-security issue fixed: - Disable experimental gssapi support (bsc#1115769) ----------------------------------------- Patch: SUSE-2019-175 Released: Fri Jan 25 16:24:01 2019 Summary: Security update for krb5 Severity: important References: 1083926,1083927,CVE-2018-5729,CVE-2018-5730 Description: This update for krb5 fixes the following issues: Security issues fixed: - CVE-2018-5729, CVE-2018-5730: Fixed multiple flaws in LDAP DN checking (bsc#1083926, bsc#1083927) ----------------------------------------- Patch: SUSE-2019-189 Released: Mon Jan 28 14:14:46 2019 Summary: Recommended update for rpm Severity: moderate References: Description: This update for rpm fixes the following issues: - Add kmod(module) provides to kernel and KMPs (fate#326579). ----------------------------------------- Patch: SUSE-2019-197 Released: Tue Jan 29 13:35:53 2019 Summary: Security update for openssl-1_1 Severity: moderate References: 1117951,1118913,CVE-2018-0737 Description: This update for openssl-1_1 fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951) - Fix FIPS RSA generator (bsc#1118913) ----------------------------------------- Patch: SUSE-2019-211 Released: Thu Jan 31 13:05:00 2019 Summary: Recommended update for openssh Severity: important References: 1123028 Description: This update for openssh fixes the following issues: - A previously applied security patch unintendedly changed the behavior of OpenSSH's 'scp' utility such that server-side brace expansion would no longer be supported. Attempts to copy a set files from a remote machine to the local one by running 'scp 'remote:{file-a,file-b}' /tmp' would fail. This change in behavior broke Corosync and, potentially, many user scripts that relied on brace expansion. [bsc#1123028] ----------------------------------------- Patch: SUSE-2019-215 Released: Thu Jan 31 15:59:57 2019 Summary: Security update for python3 Severity: important References: 1120644,1122191,CVE-2018-20406,CVE-2019-5010 Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) - CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644) ----------------------------------------- Patch: SUSE-2019-247 Released: Wed Feb 6 07:18:45 2019 Summary: Security update for lua53 Severity: moderate References: 1123043,CVE-2019-6706 Description: This update for lua53 fixes the following issues: Security issue fixed: - CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043) ----------------------------------------- Patch: SUSE-2019-248 Released: Wed Feb 6 08:35:20 2019 Summary: Security update for curl Severity: important References: 1123371,1123377,1123378,CVE-2018-16890,CVE-2019-3822,CVE-2019-3823 Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378). - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377). - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371). ----------------------------------------- Patch: SUSE-2019-251 Released: Wed Feb 6 11:22:43 2019 Summary: Recommended update for glib2 Severity: moderate References: 1090047 Description: This update for glib2 provides the following fix: - Enable systemtap. (fate#326393, bsc#1090047) ----------------------------------------- Patch: SUSE-2019-252 Released: Wed Feb 6 11:23:38 2019 Summary: Recommended update for grub2 Severity: moderate References: 1114754 Description: This update for grub2 fixes the following issues: - Fixed possible install media boot issues on certain hardware by changing default tsc calibration method to pmtimer on EFI. (bsc#1114754) ----------------------------------------- Patch: SUSE-2019-258 Released: Wed Feb 6 11:26:05 2019 Summary: Recommended update for man-pages Severity: low References: 1116987 Description: This update for man-pages fixes the following issues: - Supplements the package 'man' in order to install some missing man pages. (bsc#1116987) ----------------------------------------- Patch: SUSE-2019-271 Released: Wed Feb 6 16:45:08 2019 Summary: Security update for python Severity: moderate References: 1122191,CVE-2019-5010 Description: This update for python fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) ----------------------------------------- Patch: SUSE-2019-273 Released: Wed Feb 6 16:48:18 2019 Summary: Security update for MozillaFirefox Severity: important References: 1119069,1120374,1122983,CVE-2018-12404,CVE-2018-18500,CVE-2018-18501,CVE-2018-18505 Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: Security issues fixed: - CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (bsc#1122983). - CVE-2018-18501: Fixed multiple memory safety bugs (bsc#1122983). - CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (bsc#1122983). - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bsc#1119069). Non-security issue fixed: - Update to MozillaFirefox ESR 60.5.0 - Update to mozilla-nss 3.41.1 ----------------------------------------- Patch: SUSE-2019-285 Released: Thu Feb 7 13:25:07 2019 Summary: Security update for avahi Severity: moderate References: 1120281,CVE-2018-1000845 Description: This update for avahi fixes the following issues: Security issue fixed: - CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses (DOS) (bsc#1120281) ----------------------------------------- Patch: SUSE-2019-286 Released: Thu Feb 7 13:45:27 2019 Summary: Security update for docker Severity: moderate References: 1001161,1112980,1115464,1118897,1118898,1118899,1118990,1121412,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875 Description: This update for containerd, docker, docker-runc and golang-github-docker-libnetwork fixes the following issues: Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork: - CVE-2018-16873: cmd/go: remote command execution during 'go get -u' (bsc#1118897) - CVE-2018-16874: cmd/go: directory traversal in 'go get' via curly braces in import paths (bsc#1118898) - CVE-2018-16875: crypto/x509: CPU denial of service (bsc#1118899) Non-security issues fixed for docker: - Disable leap based builds for kubic flavor (bsc#1121412) - Allow users to explicitly specify the NIS domainname of a container (bsc#1001161) - Update docker.service to match upstream and avoid rlimit problems (bsc#1112980) - Allow docker images larger then 23GB (bsc#1118990) - Docker version update to version 18.09.0-ce (bsc#1115464) ----------------------------------------- Patch: SUSE-2019-362 Released: Wed Feb 13 13:31:56 2019 Summary: Security update for docker-runc Severity: important References: 1121967,CVE-2019-5736 Description: This update for docker-runc fixes the following issues: Security issue fixed: - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) ----------------------------------------- Patch: SUSE-2019-369 Released: Wed Feb 13 14:01:42 2019 Summary: Recommended update for itstool Severity: moderate References: 1065270,1111019 Description: This update for itstool and python-libxml2-python fixes the following issues: Package: itstool - Updated version to support Python3. (bnc#1111019) Package: python-libxml2-python - Fix segfault when parsing invalid data. (bsc#1065270) ----------------------------------------- Patch: SUSE-2019-426 Released: Mon Feb 18 17:46:55 2019 Summary: Security update for systemd Severity: important References: 1117025,1121563,1122000,1123333,1123727,1123892,1124153,1125352,CVE-2019-6454 Description: This update for systemd fixes the following issues: - CVE-2019-6454: Overlong DBUS messages could be used to crash systemd (bsc#1125352) - units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) - logind: fix bad error propagation - login: log session state 'closing' (as well as New/Removed) - logind: fix borked r check - login: don't remove all devices from PID1 when only one was removed - login: we only allow opening character devices - login: correct comment in session_device_free() - login: remember that fds received from PID1 need to be removed eventually - login: fix FDNAME in call to sd_pid_notify_with_fds() - logind: fd 0 is a valid fd - logind: rework sd_eviocrevoke() - logind: check file is device node before using .st_rdev - logind: use the new FDSTOREREMOVE=1 sd_notify() message (bsc#1124153) - core: add a new sd_notify() message for removing fds from the FD store again - logind: make sure we don't trip up on half-initialized session devices (bsc#1123727) - fd-util: accept that kcmp might fail with EPERM/EACCES - core: Fix use after free case in load_from_path() (bsc#1121563) - core: include Found state in device dumps - device: fix serialization and deserialization of DeviceFound - fix path in btrfs rule (#6844) - assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) - Update systemd-system.conf.xml (bsc#1122000) - units: inform user that the default target is started after exiting from rescue or emergency mode - core: free lines after reading them (bsc#1123892) - sd-bus: if we receive an invalid dbus message, ignore and proceeed - automount: don't pass non-blocking pipe to kernel. ----------------------------------------- Patch: SUSE-2019-433 Released: Tue Feb 19 12:18:20 2019 Summary: Recommended update for open-iscsi Severity: moderate References: 1116711,1122938 Description: This update for open-iscsi provides the following fixes: - qedi: Set buf_size in case of ICMP and ARP packet. (bsc#1116711) - qedi: Use uio BD index instead on buffer index. (bsc#1116711) - Fix the output for iscsiadm node/iface print level P1. (bsc#1122938) ----------------------------------------- Patch: SUSE-2019-436 Released: Tue Feb 19 13:21:31 2019 Summary: Recommended update for yast2-registration Severity: moderate References: 1110246,1122608 Description: This update for yast2-registration fixes the following issues: - Do not try to remove services which have already been deleted. (bsc#1110246) - Improved the message in the registration skipping dialog (bsc#1122608) ----------------------------------------- Patch: SUSE-2019-441 Released: Tue Feb 19 18:53:05 2019 Summary: Recommended update for dmidecode Severity: moderate References: 1120149 Description: This update for dmidecode fixes the following issues: - Extensions to Memory Device (Type 17) (FATE#326830 bsc#1120149) - Add 'Logical non-volatile device' to the memory device types (FATE#326830 bsc#1120149) ----------------------------------------- Patch: SUSE-2019-444 Released: Tue Feb 19 18:53:28 2019 Summary: Recommended update for wicked Severity: moderate References: 1118378 Description: This update for wicked fixes the following issues: - Wicked test command now displays the hostname. (bsc#1118378) ----------------------------------------- Patch: SUSE-2019-446 Released: Tue Feb 19 18:53:53 2019 Summary: Recommended update for python-azure-agent Severity: moderate References: 1094420,1119542 Description: This update for python-azure-agent fixes the following issues: python-azure-agent was updated to 2.2.36 (bsc#1119542) + [#1451] Do not utf-8 encode telemetry messages + [#1434] Use files instead of pipes to capture stdout/stderr + [#1431] Prevent multiple downloads of zips + [#1418] Add main module to Python's egg + [#1416] Fix UTF-8 encoding for telemetry payload + [#1408] Honor the 'no_proxy' flag + [#1391, #1401, #1441] Azure Stack improvements + [#1384] Write status file in WALinuxAgent lib folder + [#1375] Add support for Redhat + [#1373] Handle different kernel builds on SUSE Linux Enterprise + [#1365, #1385, #1389] Fixes for RDMA + [#1397] Send events when extensions fail to complete operation + [#1394/#1366] Fix the threshold telemetry issue + [#1298] Implementing extension sequencing in azure Linux agent + [#1340] Allow Clear Linux detection in python2 and python3 + [#1345] FreeBSD swap issues fix (#1144) + [#1349] Use append_file in Redhat6xOSUtil.openssl_to_openssh() + [#1355] Ensure 'value' for authorized ssh keys end in '\n' + [#1361] Remove main module + [#1325] Enable cgroups by default on all distros + [#1327, #1347] Allow enforcing of cgroups limits + [#1337] Allow configuration for cgroups + [#1333] Add support for NSBSD + [#1319] Stream extension downloads to disk (do not buffer the download in memory) + [#1303] Fix to support custom DNS servers + [#1306] Log extension stdout and stderr + [#1302] Better of cloud-init configuration during deprovisioning + [#1295] Fix to report the correct extension error code + [#1289] Allow disabling the agent or extensions + [#1290] Use the 'ip route' command instead of the 'route' comand during network configuration + [#1281] Delete JIT accounts + [#1234] Fix for reading KVP values from host + [#1287] Add UDEV rule in azure disk encryption + [#1196] Health store integration + [#1199] CGroups support + [#1194] Use host for status reporting + [#1188] Fix for sentinel and signal handlers + [#1182] Telemetry updates + [#1171] Add support for JIT + [#1164] Fix for name resolution in Ubuntu 18.04 + [#1154] Set connection close header + [#1143] Remove extension packages after extraction + Revert extension manifest caching to prevent downgrade issues. + [#929] wire.py#update_goal_state does not handle out-of-date GoalState errors + [#908] Set Files to 0400 in /var/lib/waagent + [#906] Hardcoded value for sshd's ClientAliveInterval (180) + [#899] Improve HeartBeat Event + [#898] Send dummy status if extension fails to write a #.status file + [#897] 'Target handler state' wall of errors + [#896] End of Line Comments are Not Supported nor Handled + [#891] Create a Telemetry Event to Track Custom Data Execution + [#884] Cleanup Old Goal State and Extension Cache + [#876] The agent should use a scaling back-off when retrying HTTP requests + [#869] The agent should report OS information in the correct JSON format. + [#822] Update docs ----------------------------------------- Patch: SUSE-2019-460 Released: Thu Feb 21 17:12:54 2019 Summary: Recommended update for libstorage-ng Severity: moderate References: 1101870,1120070 Description: This update for libstorage-ng fixes the following issues: - Fix partitioning error by relaxing the check for luks correctness. (bsc#1120070, bsc#1101870) ----------------------------------------- Patch: SUSE-2019-461 Released: Thu Feb 21 17:13:30 2019 Summary: Recommended update for yast2-storage-ng Severity: moderate References: 1099485,1121442 Description: This update for yast2-storage-ng fixes the following issues: - Allows to cancel Guided Setup. (bsc#1121442) - Adds link to storage client from installation summary. (bsc#1099485) ----------------------------------------- Patch: SUSE-2019-480 Released: Mon Feb 25 11:55:21 2019 Summary: Security update for supportutils Severity: important References: 1043311,1046681,1051797,1071545,1105849,1112461,1115245,1117776,1118460,1118462,1118463,1125609,1125666,CVE-2018-19637,CVE-2018-19638,CVE-2018-19639,CVE-2018-19640 Description: This update for supportutils fixes the following issues: Security issues fixed: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes (bsc#1118463). - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files (bsc#1118460). - CVE-2018-19639: Fixed a code execution if run with -v (bsc#1118462). - CVE-2018-19637: Fixed an issue where static temporary filename could allow overwriting of files (bsc#1117776). Other issues fixed: - Fixed invalid exit code commands (bsc#1125666). - Included additional SUSE separation (bsc#1125609). - Merged added listing of locked packes by zypper. - Exclude pam.txt per GDPR by default (bsc#1112461). - Clarified -x functionality in supportconfig(8) (bsc#1115245). - udev service and provide the whole journal content in supportconfig (bsc#1051797). - supportconfig collects tuned profile settings (bsc#1071545). - sfdisk -d no disk device specified (bsc#1043311). - Added vulnerabilites status check in basic-health.txt (bsc#1105849). - Added only sched_domain from cpu0. - Blacklist sched_domain from proc.txt (bsc#1046681). - Added firewall-cmd info. - Add ls -lA --time-style=long-iso /etc/products.d/ - Dump lsof errors. - Added corosync status to ha_info. - Dump find errors in ib_info. ----------------------------------------- Patch: SUSE-2019-487 Released: Mon Feb 25 17:42:01 2019 Summary: Recommended update for cloud-regionsrv-client Severity: moderate References: 1029162,1114985,1120980 Description: This update for cloud-regionsrv-client fixes the following issues: Updated to version 8.1.3 + Fix file permissions for generated credentials rw root only + Generate instance data as string as expected by zypper plugin handling + Write the proper credentials file when switching back to RIS service + Support registration against RMT + Implement URL resolver to facilitate instance verification for zypper access + Fixes related to bsc#1120980 also need server side support + IPv6 support + Fix handling of older cached SMT objects loaded from cached file ----------------------------------------- Patch: SUSE-2019-490 Released: Tue Feb 26 10:42:15 2019 Summary: Recommended update for systemd-presets-branding-SLE Severity: moderate References: 1121219 Description: This update for systemd-presets-branding-SLE fixes the following issues: - branding-preset-states: Apply preset to all unit types. (bsc#1121219) ----------------------------------------- Patch: SUSE-2019-495 Released: Tue Feb 26 16:42:35 2019 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc Severity: important References: 1048046,1051429,1114832,1118897,1118898,1118899,1121967,1124308,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736 Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues: Security issues fixed: - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes: - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of 'cp -r' to reduce noise in the build logs. ----------------------------------------- Patch: SUSE-2019-496 Released: Tue Feb 26 16:43:02 2019 Summary: Security update for openssh Severity: moderate References: 1121816,1121821,1125687,CVE-2019-6109,CVE-2019-6111 Description: This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816) - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821) Other bug fixes and changes: - Handle brace expansion in scp when checking that filenames sent by the server side match what the client requested (bsc#1125687) ----------------------------------------- Patch: SUSE-2019-501 Released: Tue Feb 26 19:11:53 2019 Summary: Recommended update for crash Severity: moderate References: 1090127 Description: This update for crash fixes the following issues: - Fix crash utility printing 'bt:seek' and 'bt:read' errors. (bsc#1090127) ----------------------------------------- Patch: SUSE-2019-503 Released: Tue Feb 26 19:12:25 2019 Summary: Recommended update for polkit-default-privs Severity: moderate References: 1122116,1123653 Description: This update for polkit-default-privs fixes the following issues: - soften a flatpak permissions rule (bsc#1122116) - add an additional flatpak rule (bsc#1123653) ----------------------------------------- Patch: SUSE-2019-506 Released: Wed Feb 27 11:20:02 2019 Summary: Recommended update for permissions Severity: moderate References: 1120650,1123886 Description: This update for permissions fixes the following issues: - New whitelisting for /usr/lib/virtualbox/VirtualBoxVM and removed stale entries for VirtualBox(bsc#1120650) - Ensure consistency of entries, otherwise switching between settings becomes problematic - Whitelist for postgresql. Currently the checker doesn't complain because the directories aren't packaged, but that might change and/or our checkers might improve (bsc#1123886) ----------------------------------------- Patch: SUSE-2019-518 Released: Thu Feb 28 15:40:23 2019 Summary: Recommended update for dracut Severity: moderate References: 1113712,1124088 Description: This update for dracut fixes the following issues: - Correct fix for displaying text on emergency consoles (bsc#1124088) - 95iscsi: handle qedi like bnx2i (bsc#1113712) - 91zipl: Don't use contents of commented lines (osc#1119499) - Fix displaying text on emergency consoles (bsc#1124088) - Remove invalid 'FONT_MAP=none' from vconsole.conf (osc#1013573) ----------------------------------------- Patch: SUSE-2019-529 Released: Fri Mar 1 13:46:51 2019 Summary: Recommended update for cloud-netconfig Severity: moderate References: 1112822,1118783,1122013,1123008 Description: This update for cloud-netconfig provides the following fixes: - Run cloud-netconfig periodically. (bsc#1118783, bsc#1122013) - Do not treat eth0 special with regard to routing policies. (bsc#1123008) - Reduce the timeout on metadata read. (bsc#1112822) ----------------------------------------- Patch: SUSE-2019-532 Released: Fri Mar 1 13:47:29 2019 Summary: Recommended update for console-setup, kbd Severity: moderate References: 1122361 Description: This update for console-setup and kbd provides the following fix: - Fix Shift-Tab mapping. (bsc#1122361) ----------------------------------------- Patch: SUSE-2019-544 Released: Tue Mar 5 14:36:49 2019 Summary: Recommended update for dracut Severity: moderate References: 1125327 Description: This update for dracut fixes the following issues: - purge-kernels: Avoid endless loop when uninstalling kernels that depend on KMPs which in themselves depend on other packages (bsc#1125327) ----------------------------------------- Patch: SUSE-2019-560 Released: Wed Mar 6 14:12:17 2019 Summary: Recommended update for yast2-registration Severity: moderate References: 1111419,1125006 Description: This update for yast2-registration fixes the following issues: - Fixed 'can't modify frozen String' crash (bsc#1125006) - CRLF control characters cannot be included in the registration code, added validation check (bsc#1111419) ----------------------------------------- Patch: SUSE-2019-565 Released: Thu Mar 7 17:46:16 2019 Summary: Recommended update for supportutils Severity: moderate References: 1094225,1109664,1120049,1121043,1127063,1127069 Description: This update for supportutils fixes the following issues: - Dont show error if /proc/fb is not present (bsc#1127069) - Fixed issue where dasdview got called with wrong arguments (bsc#1109664) - Clarified -t argument description in help output (bsc#1121043) - Fixed grep error in NTP when /etc/cron.d is empty (bsc#1127063) - Collect systemd journal logs with minimum installation (bsc#1094225) - Fixed tar file generation (bsc#1120049) ----------------------------------------- Patch: SUSE-2019-570 Released: Thu Mar 7 17:50:46 2019 Summary: Recommended update for bind Severity: moderate References: 1094236 Description: This update for bind fixes the following issues: - Fixes dynamic DNS updates against samba and Microsoft DNS servers (bsc#1094236). ----------------------------------------- Patch: SUSE-2019-571 Released: Thu Mar 7 18:13:46 2019 Summary: Security update for file Severity: moderate References: 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907 Description: This update for file fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974) - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) ----------------------------------------- Patch: SUSE-2019-577 Released: Mon Mar 11 12:03:49 2019 Summary: Recommended update for apparmor Severity: important References: 1123820,1127073 Description: This update for apparmor fixes the following issues: - apparmor prevents libvirtd from starting (bsc#1127073) - Start apparmor after filesystem remount (bsc#1123820) ----------------------------------------- Patch: SUSE-2019-603 Released: Wed Mar 13 10:08:33 2019 Summary: Security update for python-azure-agent Severity: important References: 1127838,CVE-2019-0804 Description: This update for python-azure-agent fixes the following issues: - CVE-2019-0804: An issue with swapfile handling in the agent created a data leak situation that exposes system memory data. (bsc#1127838) ----------------------------------------- Patch: SUSE-2019-608 Released: Wed Mar 13 15:21:02 2019 Summary: Recommended update for cups Severity: moderate References: 1118118 Description: This update for cups fixes the following issues: - Fixed validation of UTF-8 filenames to avoid crashes (bsc#1118118) ----------------------------------------- Patch: SUSE-2019-639 Released: Tue Mar 19 13:06:22 2019 Summary: Security update for ldb Severity: moderate References: 1125410,CVE-2019-3824 Description: This update for ldb fixes the following issue: Security issue fixed: - CVE-2019-3824: Fixed an out-of-bound read vulnerability in ldb_wildcard_compare (bsc#1125410). ----------------------------------------- Patch: SUSE-2019-640 Released: Tue Mar 19 13:17:09 2019 Summary: Recommended update for polkit-default-privs Severity: moderate References: 1122262 Description: This update for polkit-default-privs fixes the following issues: - backport of newly introduced NetworkManager wifi-scan rule (bsc#1122262). ----------------------------------------- Patch: SUSE-2019-641 Released: Tue Mar 19 13:17:28 2019 Summary: Recommended update for glibc Severity: moderate References: 1112570,1114984,1114993 Description: This update for glibc provides the following fixes: - Fix Haswell CPU string flags. (bsc#1114984) - Fix waiters-after-spinning case. (bsc#1114993) - Do not relocate absolute symbols. (bsc#1112570) - Add glibc-locale-base subpackage containing only C, C.UTF-8 and en_US.UTF-8 locales. (fate#326551) - Add HWCAP_ATOMICS to HWCAP_IMPORTANT (fate#325962) - Remove slow paths from math routines. (fate#325815, fate#325879, fate#325880, fate#325881, fate#325882) ----------------------------------------- Patch: SUSE-2019-659 Released: Wed Mar 20 14:40:11 2019 Summary: Recommended update for yast2-iscsi-client Severity: moderate References: 1099691,1103681 Description: This update for yast2-iscsi-client fixes the following issues: - Fix detection of service current status (bsc#1103681) - Added additional searchkeys to desktop file (fate#321043, bsc#1099691) ----------------------------------------- Patch: SUSE-2019-664 Released: Wed Mar 20 14:54:12 2019 Summary: Recommended update for gpgme Severity: low References: 1121051 Description: This update for gpgme provides the following fix: - Re-generate keys in Qt tests to not expire. (bsc#1121051) ----------------------------------------- Patch: SUSE-2019-678 Released: Thu Mar 21 10:40:31 2019 Summary: Security update for openssl-1_1 Severity: moderate References: 1116833,1125494,1128189,CVE-2019-1543 Description: This update for openssl-1_1 (OpenSSL Security Advisory [6 March 2019]) fixes the following issues: Security issue fixed: - CVE-2019-1543: Fixed an implementation error in ChaCha20-Poly1305 where it was allowed to set IV with more than 12 bytes (bsc#1128189). Other issues addressed: - Fixed a segfault in openssl speed when an unknown algorithm is passed (bsc#1125494). - Correctly skipped binary curves in openssl speed to avoid spitting errors (bsc#1116833). ----------------------------------------- Patch: SUSE-2019-679 Released: Thu Mar 21 11:41:04 2019 Summary: Recommended update for rsyslog Severity: moderate References: 1126233 Description: This update for rsyslog fixes the following issues: - Set default permission for all log files (bsc#1126233) ----------------------------------------- Patch: SUSE-2019-694 Released: Thu Mar 21 19:52:15 2019 Summary: Recommended update for autoyast2 Severity: moderate References: 1123091 Description: This update for autoyast2 provides the following fix: - Fixed conflicting items in rule dialogs. (bsc#1123091) ----------------------------------------- Patch: SUSE-2019-697 Released: Thu Mar 21 19:53:05 2019 Summary: Recommended update for libcap-ng Severity: moderate References: 1123319 Description: This update for libcap-ng fixes the following issues: - bsc#1123319: run SPEC file through spec-cleaner ----------------------------------------- Patch: SUSE-2019-698 Released: Thu Mar 21 19:53:19 2019 Summary: Recommended update for yast2-iscsi-lio-server Severity: moderate References: 1123316 Description: This update for yast2-iscsi-lio-server fixes the following issues: - Accept symlinks to block devices and files in dialogs. (bsc#1123316) ----------------------------------------- Patch: SUSE-2019-700 Released: Thu Mar 21 19:54:00 2019 Summary: Recommended update for cyrus-sasl Severity: moderate References: 1044840 Description: This update for cyrus-sasl provides the following fix: - Fix a problem that was causing syslog to be polluted with messages 'GSSAPI client step 1'. By server context the connection will be sent to the log function but the client content does not have log level information, so there is no way to stop DEBUG level logs. (bsc#1044840) ----------------------------------------- Patch: SUSE-2019-702 Released: Fri Mar 22 10:43:05 2019 Summary: Recommended update for bc Severity: moderate References: 1129038 Description: This update for bc fixes the following issues: - Correct return value after 'q' command which could lead to problems during Oracle patching (bsc#1129038) ----------------------------------------- Patch: SUSE-2019-707 Released: Fri Mar 22 13:32:07 2019 Summary: Security update for unzip Severity: moderate References: 1110194,CVE-2018-18384 Description: This update for unzip fixes the following issues: - CVE-2018-18384: Fixed a buffer overflow when listing archives (bsc#1110194) ----------------------------------------- Patch: SUSE-2019-713 Released: Fri Mar 22 15:55:05 2019 Summary: Recommended update for glibc Severity: moderate References: 1063675,1126590 Description: This update for glibc fixes the following issues: - Add MAP_SYNC from Linux 4.15 (bsc#1126590) - Add MAP_SHARED_VALIDATE from Linux 4.15 (bsc#1126590) - nptl: Preserve error in setxid thread broadcast in coredumps (bsc#1063675, BZ #22153) ----------------------------------------- Patch: SUSE-2019-732 Released: Mon Mar 25 14:10:04 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1088524,1118364,1128246 Description: This update for aaa_base fixes the following issues: - Restore old position of ssh/sudo source of profile (bsc#1118364). - Update logic for JRE_HOME env variable (bsc#1128246) ----------------------------------------- Patch: SUSE-2019-749 Released: Tue Mar 26 15:32:24 2019 Summary: Recommended update for dracut Severity: moderate References: 1127891 Description: This update for dracut fixes the following issues: - Check SUSE kernel module dependencies recursively (bsc#1127891) - Avoid 'Failed to chown ... Operation not permitted' when run from non-root, by not copying xattrs. (osc#1092178) - Handle non-versioned dependency in purge-kernels. ----------------------------------------- Patch: SUSE-2019-785 Released: Thu Mar 28 11:19:29 2019 Summary: Security update for the Linux Kernel Severity: important References: 1046305,1046306,1050252,1050549,1051510,1054610,1055121,1056658,1056662,1056787,1060463,1063638,1065600,1070995,1071995,1078355,1082943,1083548,1083647,1084216,1086095,1086282,1086301,1086313,1086314,1086323,1087082,1087092,1088133,1094555,1098382,1098425,1098995,1103429,1104353,1106105,1106434,1106811,1107078,1107665,1108101,1108870,1109695,1110096,1110705,1111666,1113042,1113712,1113722,1113939,1114279,1114585,1117108,1117155,1117645,1118338,1119019,1119086,1119766,1119843,1120008,1120318,1120601,1120758,1120854,1120902,1120909,1120955,1121317,1121726,1121789,1121805,1122019,1122192,1122324,1122554,1122662,1122764,1122779,1122822,1122885,1122927,1122944,1122971,1122982,1123060,1123061,1123161,1123317,1123348,1123357,1123456,1123538,1123697,1123882,1123933,1124055,1124204,1124235,1124579,1124589,1124728,1124732,1124735,1124969,1124974,1124975,1124976,1124978,1124979,1124980,1124981,1124982,1124984,1124985,1125109,1125125,1125252,1125315,1125614,1125728,1125780,1125797,1125799,1125800,1125907,1125947,1126131,1126209,1126389,1126393,1126476,1126480,1126481,1126488,1126495,1126555,1126579,1126789,1126790,1126802,1126803,1126804,1126805,1126806,1126807,1127042,1127062,1127082,1127154,1127285,1127286,1127307,1127363,1127493,1127494,1127495,1127496,1127497,1127498,1127534,1127561,1127567,1127578,1127595,1127603,1127682,1127731,1127750,1127836,1127961,1128094,1128166,1128351,1128451,1128895,1129046,1129080,1129163,1129179,1129181,1129182,1129183,1129184,1129205,1129281,1129284,1129285,1129291,1129292,1129293,1129294,1129295,1129296,1129326,1129327,1129330,1129363,1129366,1129497,1129519,1129543,1129547,1129551,1129581,1129625,1129664,1129739,1129923,824948,CVE-2018-20669,CVE-2019-2024,CVE-2019-3459,CVE-2019-3460,CVE-2019-3819,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222,CVE-2019-7308,CVE-2019-8912,CVE-2019-8980,CVE-2019-9213 Description: The SUSE Linux Enterprise 15 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). - CVE-2019-9213: expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209). - CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') can cause a system lock up and a denial of service. (bnc#1123161). - CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr (bnc#1125907). - CVE-2019-7308: kernel/bpf/verifier.c performed undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (bnc#1124055). - CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). - CVE-2019-7221: The KVM implementation had a Use-after-Free problem (bnc#1124732). - CVE-2019-7222: The KVM implementation had an Information Leak (bnc#1124735). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bnc#1124728). - CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks. (bnc#1122971). The following non-security bugs were fixed: - 6lowpan: iphc: reset mac_header after decompress to fix panic (bsc#1051510). - 9p: clear dangling pointers in p9stat_free (bsc#1051510). - 9p locks: fix glock.client_id leak in do_lock (bsc#1051510). - 9p/net: fix memory leak in p9_client_create (bsc#1051510). - 9p/net: put a lower bound on msize (bsc#1051510). - 9p: use inode->i_lock to protect i_size_write() under 32-bit (bsc#1051510). - acpi/APEI: Clear GHES block_status before panic() (bsc#1051510). - acpi/device_sysfs: Avoid OF modalias creation for removed device (bsc#1051510). - acpi/nfit: Block function zero DSMs (bsc#1051510). - acpi/nfit: Fix Address Range Scrub completion tracking (bsc#1124969). - acpi/nfit: Fix bus command validation (bsc#1051510). - acpi/nfit: Fix command-supported detection (bsc#1051510). - acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() (bsc#1122662). - acpi/nfit: Fix user-initiated ARS to be 'ARS-long' rather than 'ARS-short' (bsc#1124969). - acpi/numa: Use correct type for printing addresses on i386-PAE (bsc#1051510). - acpi/power: Skip duplicate power resource references in _PRx (bsc#1051510). - acpi/video: Extend chassis-type detection with a 'Lunch Box' check (bsc#1051510). - acpi/video: Refactor and fix dmi_is_desktop() (bsc#1051510). - add 1 entry 2bcbd406715dca256912b9c5ae449c7968f15705 - Add delay-init quirk for Corsair K70 RGB keyboards (bsc#1087092). - af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers (bsc#1051510). - alsa: bebob: fix model-id of unit for Apogee Ensemble (bsc#1051510). - alsa: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 (bsc#1051510). - alsa: compress: Fix stop handling on compressed capture streams (bsc#1051510). - alsa: compress: prevent potential divide by zero bugs (bsc#1051510). - alsa: firewire-motu: fix construction of PCM frame for capture direction (bsc#1051510). - alsa: hda - Add mute LED support for HP ProBook 470 G5 (bsc#1051510). - alsa: hda - Add quirk for HP EliteBook 840 G5 (bsc#1051510). - alsa: hda/ca0132 - Fix build error without CONFIG_PCI (bsc#1051510). - alsa: hda/realtek: Disable PC beep in passthrough on alc285 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX362FA with ALC294 (bsc#1051510). - alsa: hda/realtek - Fixed hp_pin no value (bsc#1051510). - alsa: hda/realtek - Fix lose hp_pins for disable auto mute (bsc#1051510). - alsa: hda/realtek - Headset microphone and internal speaker support for System76 oryp5 (bsc#1051510). - alsa: hda/realtek - Headset microphone support for System76 darp5 (bsc#1051510). - alsa: hda/realtek - Reduce click noise on Dell Precision 5820 headphone (bsc#1126131). - alsa: hda/realtek - Use a common helper for hp pin reference (bsc#1051510). - alsa: hda - Serialize codec registrations (bsc#1122944). - alsa: hda - Use standard device registration for beep (bsc#1122944). - alsa: oxfw: add support for APOGEE duet FireWire (bsc#1051510). - alsa: usb-audio: Add Opus #3 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for new T+A USB DAC (bsc#1051510). - alsa: usb-audio: Fix implicit fb endpoint setup by quirk (bsc#1051510). - altera-stapl: check for a null key before strcasecmp'ing it (bsc#1051510). - amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs (bsc#1122927). - apparmor: Fix aa_label_build() error handling for failed merges (bsc#1051510). - applicom: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - aquantia: Setup max_mtu in ndev to enable jumbo frames (bsc#1051510). - arm64: fault: avoid send SIGBUS two times (bsc#1126393). - arm: 8802/1: Call syscall_trace_exit even when system call skipped (bsc#1051510). - arm: 8808/1: kexec:offline panic_smp_self_stop CPU (bsc#1051510). - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bsc#1051510). - arm: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart (bsc#1051510). - arm/arm64: KVM: Rename function kvm_arch_dev_ioctl_check_extension() (bsc#1126393). - arm/arm64: KVM: vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs (bsc#1051510). - arm: cns3xxx: Fix writing to wrong PCI config registers after alignment (bsc#1051510). - arm: cns3xxx: Use actual size reads for PCIe (bsc#1051510). - arm: imx: update the cpu power up timing setting on i.mx6sx (bsc#1051510). - arm: iop32x/n2100: fix PCI IRQ mapping (bsc#1051510). - arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1051510). - arm: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt (bsc#1051510). - arm: OMAP1: ams-delta: Fix possible use of uninitialized field (bsc#1051510). - arm: OMAP2+: hwmod: Fix some section annotations (bsc#1051510). - arm: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bsc#1051510). - arm: pxa: avoid section mismatch warning (bsc#1051510). - arm: tango: Improve ARCH_MULTIPLATFORM compatibility (bsc#1051510). - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bsc#1051510). - ASoC: dapm: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: dma-sh7760: cleanup a debug printk (bsc#1051510). - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode (bsc#1051510). - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bsc#1051510). - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: imx-sgtl5000: put of nodes if finding codec fails (bsc#1051510). - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field (bsc#1051510). - ASoC: msm8916-wcd-analog: add missing license information (bsc#1051510). - ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of() (bsc#1051510). - ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check (bsc#1051510). - ASoC: rt5514-spi: Fix potential NULL pointer dereference (bsc#1051510). - assoc_array: Fix shortcut creation (bsc#1051510). - ata: ahci: mvebu: remove stale comment (bsc#1051510). - ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom (bsc#1051510). - ath9k: dynack: check da->enabled first in sampling routines (bsc#1051510). - ath9k: dynack: make ewma estimation faster (bsc#1051510). - ath9k: dynack: use authentication messages for 'late' ack (bsc#1051510). - atm: he: fix sign-extension overflow on large shift (bsc#1051510). - ax25: fix a use-after-free in ax25_fillin_cb() (networking-stable-19_01_04). - ax25: fix possible use-after-free (bsc#1051510). - backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial (bsc#1113722) - batman-adv: Avoid WARN on net_device without parent in netns (bsc#1051510). - batman-adv: fix uninit-value in batadv_interface_tx() (bsc#1051510). - batman-adv: Force mac header to start of data on xmit (bsc#1051510). - be2net: do not flip hw_features when VXLANs are added/deleted (bsc#1050252). - bio: Introduce BIO_ALLOCED flag and check it in bio_free (bsc#1128094). - blkdev: avoid migration stalls for blkdev pages (bsc#1084216). - blk-mq: fix a hung issue when fsync (bsc#1125252). - blk-mq: fix kernel oops in blk_mq_tag_idle() (bsc#1051510). - block: break discard submissions into the user defined size (git-fixes). - block: cleanup __blkdev_issue_discard() (git-fixes). - block_dev: fix crash on chained bios with O_DIRECT (bsc#1128094). - blockdev: Fix livelocks on loop device (bsc#1124984). - block: do not deal with discard limit in blkdev_issue_discard() (git-fixes). - block: do not use bio->bi_vcnt to figure out segment number (bsc#1128895). - block: do not warn when doing fsync on read-only devices (bsc#1125252). - block: fix 32 bit overflow in __blkdev_issue_discard() (git-fixes). - block: fix infinite loop if the device loses discard capability (git-fixes). - block/loop: Use global lock for ioctl() operation (bsc#1124974). - block: make sure discard bio is aligned with logical block size (git-fixes). - block: make sure writesame bio is aligned with logical block size (git-fixes). - block: move bio_integrity_{intervals,bytes} into blkdev.h (bsc#1114585). - block/swim3: Fix -EBUSY error when re-opening device after unmount (git-fixes). - Bluetooth: Fix locking in bt_accept_enqueue() for BH context (bsc#1051510). - Bluetooth: Fix unnecessary error message for HCI request completion (bsc#1051510). - bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bsc#1086323). - bnx2x: Clear fip MAC when fcoe offload support is disabled (bsc#1086323). - bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw (bsc#1086323). - bnx2x: Remove configured vlans as part of unload sequence (bsc#1086323). - bnx2x: Send update-svid ramrod with retry/poll flags enabled (bsc#1086323). - bnxt_en: Fix typo in firmware message timeout logic (bsc#1086282). - bnxt_en: Wait longer for the firmware message response to complete (bsc#1086282). - bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() (bsc#1083647). - bpf: drop refcount if bpf_map_new_fd() fails in map_create() (bsc#1083647). - bpf: fix lockdep false positive in percpu_freelist (bsc#1083647). - bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1083647). - bpf: fix sanitation rewrite in case of non-pointers (bsc#1083647). - bpf: Fix syscall's stackmap lookup potential deadlock (bsc#1083647). - bpf, lpm: fix lookup bug in map_delete_elem (bsc#1083647). - bpf/verifier: fix verifier instability (bsc#1056787). - bsg: allocate sense buffer if requested (bsc#1106811). - bsg: Do not copy sense if no response buffer is allocated (bsc#1106811,bsc#1126555). - btrfs: dedupe_file_range ioctl: remove 16MiB restriction (bsc#1127494). - btrfs: do not unnecessarily pass write_lock_level when processing leaf (bsc#1126802). - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128451). - btrfs: fix clone vs chattr NODATASUM race (bsc#1127497). - btrfs: fix corruption reading shared and compressed extents after hole punching (bsc#1126476). - btrfs: fix deadlock when allocating tree block during leaf/node split (bsc#1126806). - btrfs: fix deadlock when using free space tree due to block group creation (bsc#1126804). - btrfs: fix fsync after succession of renames and unlink/rmdir (bsc#1126488). - btrfs: fix fsync after succession of renames of different files (bsc#1126481). - btrfs: fix invalid-free in btrfs_extent_same (bsc#1127498). - btrfs: fix reading stale metadata blocks after degraded raid1 mounts (bsc#1126803). - btrfs: fix use-after-free of cmp workspace pages (bsc#1127603). - btrfs: grab write lock directly if write_lock_level is the max level (bsc#1126802). - btrfs: Improve btrfs_search_slot description (bsc#1126802). - btrfs: move get root out of btrfs_search_slot to a helper (bsc#1126802). - btrfs: qgroup: Cleanup old subtree swap code (bsc#1063638). - btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1063638). - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree (bsc#1129327). - btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled (bsc#1122324). - btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1063638). - btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1063638). - btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1063638). - btrfs: qgroup: Introduce trace event to analyse the number of dirty extents accounted (bsc#1063638 dependency). - btrfs: qgroup: Make qgroup async transaction commit more aggressive (bsc#1113042). - btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1063638). - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1063638). - btrfs: qgroup: Search commit root for rescan to avoid missing extent (bsc#1129326). - btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1063638). - btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1063638). - btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf (bsc#1129327). - btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1063638). - btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1129497). - btrfs: remove always true check in unlock_up (bsc#1126802). - btrfs: remove superfluous free_extent_buffer in read_block_for_search (bsc#1126802). - btrfs: remove unnecessary level check in balance_level (bsc#1126802). - btrfs: remove unused check of skip_locking (bsc#1126802). - btrfs: reuse cmp workspace in EXTENT_SAME ioctl (bsc#1127495). - btrfs: send, fix race with transaction commits that create snapshots (bsc#1126802). - btrfs: simplify IS_ERR/PTR_ERR checks (bsc#1126481). - btrfs: split btrfs_extent_same (bsc#1127493). - btrfs: use kvzalloc for EXTENT_SAME temporary data (bsc#1127496). - btrfs: use more straightforward extent_buffer_uptodate check (bsc#1126802). - can: bcm: check timer values before ktime conversion (bsc#1051510). - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bsc#1051510). - can: gw: ensure DLC boundaries after CAN frame modification (bsc#1051510). - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bsc#1051510). - cdc-wdm: pass return value of recover_from_urb_loss (bsc#1051510). - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126790). - ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125799). - cfg80211: extend range deviation for DMG (bsc#1051510). - ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235). - char/mwave: fix potential Spectre v1 vulnerability (bsc#1051510). - checkstack.pl: fix for aarch64 (bsc#1051510). - ch: fixup refcounting imbalance for SCSI devices (bsc#1124235). - cifs: add missing debug entries for kconfig options (bsc#1051510). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510). - cifs: add sha512 secmech (bsc#1051510). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510). - cifs: Always resolve hostname before reconnecting (bsc#1051510). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: fix return value for cifs_listxattr (bsc#1051510). - cifs: Fix separator when building path from dentry (bsc#1051510). - cifs: fix set info (bsc#1051510). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510). - cifs: fix wrapping bugs in num_entries() (bsc#1051510). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: implement v3.11 preauth integrity (bsc#1051510). - cifs: invalidate cache when we truncate a file (bsc#1051510). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510). - cifs: OFD locks do not conflict with eachothers (bsc#1051510). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510). - clk: armada-370: fix refcount leak in a370_clk_init() (bsc#1051510). - clk: armada-xp: fix refcount leak in axp_clk_init() (bsc#1051510). - clk: dove: fix refcount leak in dove_clk_init() (bsc#1051510). - clk: highbank: fix refcount leak in hb_clk_init() (bsc#1051510). - clk: imx6q: fix refcount leak in imx6q_clocks_init() (bsc#1051510). - clk: imx6q: reset exclusive gates on init (bsc#1051510). - clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bsc#1051510). - clk: imx6sx: fix refcount leak in imx6sx_clocks_init() (bsc#1051510). - clk: imx7d: fix refcount leak in imx7d_clocks_init() (bsc#1051510). - clk: kirkwood: fix refcount leak in kirkwood_clk_init() (bsc#1051510). - clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init() (bsc#1051510). - clk: qoriq: fix refcount leak in clockgen_init() (bsc#1051510). - clk: rockchip: fix typo in rk3188 spdif_frac parent (bsc#1051510). - clk: samsung: exynos4: fix refcount leak in exynos4_get_xom() (bsc#1051510). - clk: socfpga: fix refcount leak (bsc#1051510). - clk: sunxi: A31: Fix wrong AHB gate number (bsc#1051510). - clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks (bsc#1051510). - clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock (bsc#1051510). - clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent (bsc#1051510). - clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it (bsc#1051510). - clk: uniphier: Fix update register for CPU-gear (bsc#1051510). - clk: vf610: fix refcount leak in vf610_clocks_init() (bsc#1051510). - clocksource/drivers/exynos_mct: Fix error path in timer resources initialization (bsc#1051510). - clocksource/drivers/integrator-ap: Add missing of_node_put() (bsc#1051510). - clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable (bsc#1051510). - configfs: fix registered group removal (bsc#1051510). - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - cpufreq: Cap the default transition delay value to 10 ms (bsc#1127042). - cpufreq: conservative: Take limits changes into account properly (bsc#1051510). - cpufreq: governor: Avoid accessing invalid governor_data (bsc#1051510). - cpufreq: governor: Drop min_sampling_rate (bsc#1127042). - cpufreq: governor: Ensure sufficiently large sampling intervals (bsc#1127042). - cpufreq: imx6q: add return value check for voltage scale (bsc#1051510). - cpufreq: Use transition_delay_us for legacy governors as well (bsc#1127042). - cpuidle: big.LITTLE: fix refcount leak (bsc#1051510). - cramfs: fix abad comparison when wrap-arounds occur (bsc#1051510). - crypto: aes_ti - disable interrupts while accessing S-box (bsc#1051510). - crypto: ahash - fix another early termination in hash walk (bsc#1051510). - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling (bsc#1051510). - crypto: arm/crct10dif - revert to C code for short inputs (bsc#1051510). - crypto: authencesn - Avoid twice completion call in decrypt path (bsc#1051510). - crypto: authenc - fix parsing key with misaligned rta_len (bsc#1051510). - crypto: bcm - convert to use crypto_authenc_extractkeys() (bsc#1051510). - crypto: brcm - Fix some set-but-not-used warning (bsc#1051510). - crypto: caam - fixed handling of sg list (bsc#1051510). - crypto: caam - fix zero-length buffer DMA mapping (bsc#1051510). - crypto: cavium/zip - fix collision with generic cra_driver_name (bsc#1051510). - crypto: crypto4xx - add missing of_node_put after of_device_is_available (bsc#1051510). - crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments (bsc#1051510). - crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails (bsc#1051510). - crypto: testmgr - skip crc32c context test for ahash algorithms (bsc#1051510). - crypto: tgr192 - fix unaligned memory access (bsc#1051510). - crypto: user - support incremental algorithm dumps (bsc#1120902). - crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bsc#1051510). - crypto: ux500 - Use proper enum in hash_set_dma_transfer (bsc#1051510). - cw1200: drop useless LIST_HEAD (bsc#1051510). - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bsc#1051510). - cw1200: fix missing unlock on error in cw1200_hw_scan() (bsc#1051510). - dccp: fool proof ccid_hc_[rt]x_parse_options() (bsc#1051510). - debugfs: fix debugfs_rename parameter checking (bsc#1051510). - dlm: Do not swamp the CPU with callbacks queued during recovery (bsc#1051510). - dlm: fixed memory leaks after failed ls_remove_names allocation (bsc#1051510). - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bsc#1051510). - dlm: memory leaks on error path in dlm_user_request() (bsc#1051510). - dlm: possible memory leak on error path in create_lkb() (bsc#1051510). - dmaengine: at_hdmac: drop useless LIST_HEAD (bsc#1051510). - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bsc#1051510). - dmaengine: at_hdmac: fix module unloading (bsc#1051510). - dmaengine: at_xdmac: Fix wrongfull report of a channel as in use (bsc#1051510). - dmaengine: bcm2835: Fix abort of transactions (bsc#1051510). - dmaengine: bcm2835: Fix interrupt race on RT (bsc#1051510). - dmaengine: dma-jz4780: Return error if not probed from DT (bsc#1051510). - dmaengine: dmatest: Abort test in case of mapping error (bsc#1051510). - dmaengine: dw: drop useless LIST_HEAD (bsc#1051510). - dmaengine: dw: Fix FIFO size for Intel Merrifield (bsc#1051510). - dmaengine: imx-dma: fix wrong callback invoke (bsc#1051510). - dmaengine: mv_xor: Use correct device for DMA API (bsc#1051510). - dmaengine: pl330: drop useless LIST_HEAD (bsc#1051510). - dmaengine: sa11x0: drop useless LIST_HEAD (bsc#1051510). - dmaengine: st_fdma: drop useless LIST_HEAD (bsc#1051510). - dmaengine: stm32-dma: fix incomplete configuration in cyclic mode (bsc#1051510). - dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll (bsc#1051510). - dma: Introduce dma_max_mapping_size() (bsc#1120008). - dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty() (git-fixes). - dm: call blk_queue_split() to impose device limits on bios (git-fixes). - dm: do not allow readahead to limit IO size (git-fixes). - dm thin: send event about thin-pool state change _after_ making it (git-fixes). - dm zoned: Fix target BIO completion handling (git-fixes). - doc: rcu: Suspicious RCU usage is a warning (bsc#1051510). - doc/README.SUSE: Correct description for building a kernel (bsc#1123348) The obsoleted make cloneconfig is corrected. Also the order of make scripts and make prepare are corrected as well. - Do not log confusing message on reconnect by default (bsc#1129664). - Do not log expected error on DFS referral request (bsc#1051510). - driver core: Do not resume suppliers under device_links_write_lock() (bsc#1051510). - driver core: Move async_synchronize_full call (bsc#1051510). - drivers: core: Remove glue dirs from sysfs earlier (bsc#1051510). - Drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389, bsc#1126579). - Drivers: hv: vmbus: preserve hv_ringbuffer_get_debuginfo kABI (bsc#1126389, bsc#1126579). - Drivers: hv: vmbus: Remove the useless API vmbus_get_outgoing_channel() (bsc#1127578). - Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels (bsc#1126389, bsc#1126579). - drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bsc#1051510). - drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo (bsc#1086314 bsc#1086313 bsc#1086301 ). - drivers/sbus/char: add of_node_put() (bsc#1051510). - drm/amdgpu: Add delay after enable RLC ucode (bsc#1051510). - drm/ast: Fix connector leak during driver unload (bsc#1051510). - drm/ast: fixed reading monitor EDID not stable issue (bsc#1051510). - drm/atomic-helper: Complete fake_commit->flip_done potentially earlier (bsc#1051510). - drm: Block fb changes for async plane updates (bsc#1051510). - drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE (bsc#1051510). - drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value (bsc#1051510). - drm/bridge: tc358767: fix output H/V syncs (bsc#1051510). - drm/bridge: tc358767: fix single lane configuration (bsc#1051510). - drm/bridge: tc358767: reject modes which require too much BW (bsc#1051510). - drm/bufs: Fix Spectre v1 vulnerability (bsc#1051510). - drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state() (bsc#1051510). - drm: disable uncached DMA optimization for ARM and arm64 (bsc#1051510). - drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump() (bsc#1113722) - drm/etnaviv: potential NULL dereference (bsc#1113722) - drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2 (bsc#1113722) - drm: Fix error handling in drm_legacy_addctx (bsc#1113722) - drm/i915: Block fbdev HPD processing during suspend (bsc#1113722) - drm/i915/fbdev: Actually configure untiled displays (bsc#1113722) - drm/i915: Flush GPU relocs harder for gen3 (bsc#1113722) - drm/i915/gvt: Fix mmap range check (bsc#1120902) - drm/i915/gvt: free VFIO region space in vgpu detach (bsc#1113722) - drm/i915/gvt: release shadow batch buffer and wa_ctx before destroy one workload (bsc#1051510). - drm/i915/opregion: fix version check (bsc#1113722) - drm/i915/opregion: rvda is relative from opregion base in opregion (bsc#1113722) - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1113722) - drm/i915: Redefine some Whiskey Lake SKUs (bsc#1051510). - drm/i915: Use the correct crtc when sanitizing plane mapping (bsc#1113722) - drm/meson: add missing of_node_put (bsc#1051510). - drm/modes: Prevent division by zero htotal (bsc#1051510). - drm/msm: Fix error return checking (bsc#1051510). - drm/msm: Grab a vblank reference when waiting for commit_done (bsc#1051510). - drm/msm: Unblock writer if reader closes file (bsc#1051510). - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1113722) - drm/nouveau: Do not spew kernel WARNING for each timeout (bsc#1126480). - drm/nouveau: Do not WARN_ON VCPI allocation failures (bsc#1113722) - drm/nouveau/falcon: avoid touching registers if engine is off (bsc#1051510). - drm/nouveau/pmu: do not print reply values if exec is false (bsc#1113722) - drm/nouveau/tmr: detect stalled gpu timer and break out of waits (bsc#1123538). - drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1113722) - drm: Reorder set_property_atomic to avoid returning with an active ww_ctx (bsc#1051510). - drm/rockchip: fix for mailbox read size (bsc#1051510). - drm/shmob: Fix return value check in shmob_drm_probe (bsc#1113722) - drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init (bsc#1051510). - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1103429) - drm/vmwgfx: Fix setting of dma masks (bsc#1120902) - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1120902) - e1000e: allow non-monotonic SYSTIM readings (bsc#1051510). - earlycon: Initialize port->uartclk based on clock-frequency property (bsc#1051510). - earlycon: Remove hardcoded port->uartclk initialization in of_setup_earlycon (bsc#1051510). - Enable CONFIG_RDMA_RXE=m also for ppc64le (bsc#1107665,) - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK (bsc#1051510). - enic: fix checksum validation for IPv6 (bsc#1051510). - esp6: fix memleak on error path in esp6_input (bsc#1051510). - esp: Fix locking on page fragment allocation (bsc#1051510). - esp: Fix memleaks on error paths (bsc#1051510). - esp: Fix skb tailroom calculation (bsc#1051510). - exportfs: do not read dentry after free (bsc#1051510). - ext4: avoid kernel warning when writing the superblock to a dead device (bsc#1124981). - ext4: check for shutdown and r/o file system in ext4_write_inode() (bsc#1124978). - ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bsc#1124980). - ext4: Fix crash during online resizing (bsc#1122779). - ext4: force inode writes when nfsd calls commit_metadata() (bsc#1125125). - ext4: include terminating u32 in size of xattr entries when expanding inodes (bsc#1124976). - ext4: make sure enough credits are reserved for dioread_nolock writes (bsc#1124979). - ext4: track writeback errors using the generic tracking infrastructure (bsc#1124982). - fanotify: fix handling of events on child sub-directory (bsc#1122019). - fat: validate ->i_start before using (bsc#1051510). - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1113722) - firmware/efi: Add NULL pointer checks in efivars API functions (bsc#1051510). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510). - floppy: check_events callback should not return a negative number (bsc#1051510). - fork: do not copy inconsistent signal handler state to child (bsc#1051510). - fork: record start_time late (git-fixes). - fork: unconditionally clear stack on fork (git-fixes). - fs/cifs: require sha512 (bsc#1051510). - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (git-fixes). - fs/devpts: always delete dcache dentry-s in dput() (git-fixes). - fuse: call pipe_buf_release() under pipe lock (bsc#1051510). - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS (bsc#1051510). - fuse: decrement NR_WRITEBACK_TEMP on the right page (bsc#1051510). - fuse: handle zero sized retrieve correctly (bsc#1051510). - futex: Fix (possible) missed wakeup (bsc#1050549). - gdrom: fix a memory leak bug (bsc#1051510). - geneve: cleanup hard coded value for Ethernet header length (bsc#1123456). - geneve: correctly handle ipv6.disable module parameter (bsc#1051510). - geneve, vxlan: Do not check skb_dst() twice (bsc#1123456). - geneve, vxlan: Do not set exceptions if skb->len < mtu (bsc#1123456). - genwqe: Fix size check (bsc#1051510). - gfs2: Revert 'Fix loop in gfs2_rbm_find' (bsc#1120601). - gianfar: fix a flooded alignment reports because of padding issue (bsc#1051510). - gianfar: Fix Rx byte accounting for ndev stats (bsc#1051510). - gianfar: prevent integer wrapping in the rx handler (bsc#1051510). - gpio: altera-a10sr: Set proper output level for direction_output (bsc#1051510). - gpio: pcf857x: Fix interrupts on multiple instances (bsc#1051510). - gpio: pl061: handle failed allocations (bsc#1051510). - gpio: pl061: Move irq_chip definition inside struct pl061 (bsc#1051510). - gpio: vf610: Mask all GPIO interrupts (bsc#1051510). - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1113722) - gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1113722) - gpu: ipu-v3: image-convert: Prevent race between run and unprepare (bsc#1051510). - gro_cell: add napi_disable in gro_cells_destroy (networking-stable-19_01_04). - gro_cells: make sure device is up in gro_cells_receive() (git-fixes). - hfs: do not free node before using (bsc#1051510). - hfsplus: do not free node before using (bsc#1051510). - hfsplus: prevent btree data loss on root split (bsc#1051510). - hfs: prevent btree data loss on root split (bsc#1051510). - HID: lenovo: Add checks to fix of_led_classdev_register (bsc#1051510). - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (git-fixes). - hvc_opal: do not set tb_ticks_per_usec in udbg_init_opal_common() (bsc#1051510). - hv_uio_generic: map ringbuffer phys addr (bsc#1127578). - hv: v4.12 API for hyperv-iommu (bsc#1122822). - hwmon: (lm80) fix a missing check of bus read in lm80 probe (bsc#1051510). - hwmon: (lm80) fix a missing check of the status of SMBus read (bsc#1051510). - hwmon: (lm80) Fix missing unlock on error in set_fan_div() (bsc#1051510). - hwmon: (tmp421) Correct the misspelling of the tmp442 compatible attribute in OF device ID table (bsc#1051510). - HYPERV/IOMMU: Add Hyper-V stub IOMMU driver (bsc#1122822). - i2c-axxia: check for error conditions first (bsc#1051510). - i2c: bcm2835: Clear current buffer pointers and counts after a transfer (bsc#1051510). - i2c: cadence: Fix the hold bit setting (bsc#1051510). - i2c: dev: prevent adapter retries and timeout being set as minus value (bsc#1051510). - i2c: omap: Use noirq system sleep pm ops to idle device for suspend (bsc#1051510). - i2c: sh_mobile: add support for r8a77990 (R-Car E3) (bsc#1051510). - i40e: fix mac filter delete when setting mac address (bsc#1056658 bsc#1056662). - i40e: report correct statistics when XDP is enabled (bsc#1056658 bsc#1056662). - i40e: restore NETIF_F_GSO_IPXIP to netdev features (bsc#1056658 bsc#1056662). - IB/core: Destroy QP if XRC QP fails (bsc#1046306). - IB/core: Fix potential memory leak while creating MAD agents (bsc#1046306). - IB/core: Unregister notifier before freeing MAD security (bsc#1046306). - IB/hfi1: Close race condition on user context disable and close (bsc#1060463). - IB/mlx5: Unmap DMA addr from HCA before IOMMU (bsc#1046305 ). - ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357). - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (networking-stable-19_01_04). - ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726). - ibmvnic: Increase maximum queue size limit (bsc#1121726). - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726). - ibmvnic: Report actual backing device speed and duplex values (bsc#1129923). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - ide: pmac: add of_node_put() (bsc#1051510). - ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done (bsc#1051510). - ieee802154: lowpan_header_create check must check daddr (networking-stable-19_01_04). - igb: Fix an issue that PME is not enabled during runtime suspend (bsc#1051510). - iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID (bsc#1051510). - iio: adc: exynos-adc: Fix NULL pointer exception on unbind (bsc#1051510). - iio: chemical: atlas-ph-sensor: correct IIO_TEMP values to millicelsius (bsc#1051510). - input: bma150 - register input device after setting private data (bsc#1051510). - input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G (bsc#1051510). - input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK (bsc#1051510). - input: elan_i2c - add id for touchpad found in Lenovo s21e-20 (bsc#1051510). - input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bsc#1051510). - input: omap-keypad - fix idle configuration to not block SoC idle states (bsc#1051510). - input: raspberrypi-ts - fix link error (git-fixes). - input: raspberrypi-ts - select CONFIG_INPUT_POLLDEV (git-fixes). - input: restore EV_ABS ABS_RESERVED (bsc#1051510). - input: synaptics - enable RMI on ThinkPad T560 (bsc#1051510). - input: synaptics - enable SMBus for HP EliteBook 840 G4 (bsc#1051510). - input: wacom_serial4 - add support for Wacom ArtPad II tablet (bsc#1051510). - input: xpad - add support for SteelSeries Stratus Duo (bsc#1111666). - intel_th: Do not reference unassigned outputs (bsc#1051510). - intel_th: gth: Fix an off-by-one in output unassigning (bsc#1051510). - iomap: fix integer truncation issues in the zeroing and dirtying helpers (bsc#1125947). - iomap: warn on zero-length mappings (bsc#1127062). - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105). - iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129181). - iommu: Document iommu_ops.is_attach_deferred() (bsc#1129182). - iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129205). - iommu/vt-d: Check identity map for hot-added devices (bsc#1129183). - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105). - iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#1129184). - ip6mr: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ip6_tunnel: get the min mtu properly in ip6_tnl_xmit (bsc#1123456). - ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit (bsc#1123456). - ipmi:pci: Blacklist a Realtek 'IPMI' device (git-fixes). - ipmi:ssif: Fix handling of multi-part return messages (bsc#1051510). - ip: on queued skb use skb_header_pointer instead of pskb_may_pull (git-fixes). - ipsec: check return value of skb_to_sgvec always (bsc#1051510). - ipv4: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (networking-stable-18_12_12). - ipv4: speedup ipv6 tunnels dismantle (bsc#1122982). - ipv6: addrlabel: per netns list (bsc#1122982). - ipv6: Check available headroom in ip6_xmit() even without options (networking-stable-18_12_12). - ipv6: Consider sk_bound_dev_if when binding a socket to an address (networking-stable-19_02_01). - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (networking-stable-19_01_22). - ipv6: explicitly initialize udp6_addr in udp_sock_create6() (networking-stable-19_01_04). - ipv6: fix kernel-infoleak in ipv6_local_error() (networking-stable-19_01_20). - ipv6: speedup ipv6 tunnels dismantle (bsc#1122982). - ipv6: sr: properly initialize flowi6 prior passing to ip6_route_output (networking-stable-18_12_12). - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (networking-stable-19_01_22). - ipv6: tunnels: fix two use-after-free (networking-stable-19_01_04). - ip: validate header length on virtual device xmit (networking-stable-19_01_04). - ipvlan, l3mdev: fix broken l3s mode wrt local routes (networking-stable-19_02_01). - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bsc#1051510). - irqchip/gic-v3-its: Do not bind LPI to unavailable NUMA node (bsc#1051510). - irqchip/gic-v3-its: Fix ITT_entry_size accessor (bsc#1051510). - iscsi target: fix session creation failure handling (bsc#1051510). - isdn: avm: Fix string plus integer warning from Clang (bsc#1051510). - isdn: fix kernel-infoleak in capi_unlocked_ioctl (bsc#1051510). - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bsc#1051510). - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs (bsc#1051510). - iser: set sector for ambiguous mr status errors (bsc#1051510). - iwlwifi: mvm: avoid possible access out of array (bsc#1051510). - iwlwifi: mvm: fix A-MPDU reference assignment (bsc#1051510). - iwlwifi: mvm: fix RSS config command (bsc#1051510). - iwlwifi: pcie: fix emergency path (bsc#1051510). - iwlwifi: pcie: fix TX while flushing (bsc#1120902). - ixgbe: Be more careful when modifying MAC filters (bsc#1051510). - ixgbe: check return value of napi_complete_done() (bsc#1051510). - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps (bsc#1051510). - jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bsc#1051510). - kabi: cpufreq: keep min_sampling_rate in struct dbs_data (bsc#1127042). - kABI: fix xhci kABI stability (bsc#1119086). - kabi: handle addition of ip6addrlbl_table into struct netns_ipv6 (bsc#1122982). - kabi: handle addition of uevent_sock into struct net (bsc#1122982). - kABI: Preserve kABI for dma_max_mapping_size() (bsc#1120008). - kABI: protect struct sctp_association (kabi). - kABI: protect vhost_log_write (kabi). - kabi: restore ip_tunnel_delete_net() (bsc#1122982). - kABI workaroudn for ath9k ath_node.ackto type change (bsc#1051510). - kABI workaround for bt_accept_enqueue() change (bsc#1051510). - kABI workaround for deleted snd_hda_register_beep_device() (bsc#1122944). - kABI workaround for snd_hda_bus.bus_probing addition (bsc#1122944). - kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805). - kconfig: fix file name and line number of warn_ignored_character() (bsc#1051510). - kconfig: fix line numbers for if-entries in menu tree (bsc#1051510). - kconfig: fix memory leak when EOF is encountered in quotation (bsc#1051510). - kconfig: fix the rule of mainmenu_stmt symbol (bsc#1051510). - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (git-fixes). - KEYS: allow reaching the keys quotas exactly (bsc#1051510). - keys: Timestamp new keys (bsc#1051510). - kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() (bsc#1051510). - kgdboc: Fix restrict error (bsc#1051510). - kgdboc: Fix warning with module build (bsc#1051510). - kobject: add kobject_uevent_net_broadcast() (bsc#1122982). - kobject: copy env blob in one go (bsc#1122982). - kobject: factorize skb setup in kobject_uevent_net_broadcast() (bsc#1122982). - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() (bsc#1051510). - KVM: arm/arm64: Properly protect VGIC locks from IRQs (bsc#1117155). - KVM: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity (bsc#1117155). - KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock (bsc#1117155). - KVM: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls (bsc#1117155). - kvm: mmu: Fix race in emulated page table writes (bsc#1129284). - KVM: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#1129291). - kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT (bsc#1129292). - kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#1129293). - KVM: PPC: Book3S PR: Set hflag to indicate that POWER9 supports 1T segments (bsc#1124589). - kvm: sev: Fail KVM_SEV_INIT if already initialized (bsc#1114279). - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129294). - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082). - KVM: x86: fix L1TF's MMIO GFN calculation (bsc#1124204). - KVM: x86: Fix single-step debugging (bsc#1129295). - KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bsc#1129296). - l2tp: copy 4 more bytes to linear part if necessary (networking-stable-19_02_01). - l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes). - l2tp: fix reading optional fields of L2TPv3 (networking-stable-19_02_01). - lan78xx: Resolve issue with changing MAC address (bsc#1051510). - leds: lp5523: fix a missing check of return value of lp55xx_read (bsc#1051510). - leds: lp55xx: fix null deref on firmware load failure (bsc#1051510). - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125800). - libceph: handle an empty authorize reply (bsc#1126789). - lib/div64.c: off by one in shift (bsc#1051510). - libnvdimm: Fix altmap reservation size calculation (bsc#1127682). - libnvdimm/label: Clear 'updating' flag after label-set update (bsc#1129543). - libnvdimm/pmem: Honor force_raw for legacy pmem regions (bsc#1129551). - lib/rbtree-test: lower default params (git-fixes). - lightnvm: fail fast on passthrough commands (bsc#1125780). - livepatch: Change unsigned long old_addr -> void *old_func in struct klp_func (bsc#1071995). - livepatch: Consolidate klp_free functions (bsc#1071995 ). - livepatch: core: Return EOPNOTSUPP instead of ENOSYS (bsc#1071995). - livepatch: Define a macro for new API identification (bsc#1071995). - livepatch: Do not block the removal of patches loaded after a forced transition (bsc#1071995). - livepatch: Introduce klp_for_each_patch macro (bsc#1071995 ). - livepatch: Module coming and going callbacks can proceed with all listed patches (bsc#1071995). - livepatch: Proper error handling in the shadow variables selftest (bsc#1071995). - livepatch: Remove ordering (stacking) of the livepatches (bsc#1071995). - livepatch: Remove signal sysfs attribute (bsc#1071995 ). - livepatch: return -ENOMEM on ptr_id() allocation failure (bsc#1071995). - livepatch: Send a fake signal periodically (bsc#1071995 ). - livepatch: Shuffle klp_enable_patch()/klp_disable_patch() code (bsc#1071995). - livepatch: Simplify API by removing registration step (bsc#1071995). - llc: do not use sk_eat_skb() (bsc#1051510). - lockd: fix access beyond unterminated strings in prints (git-fixes). - locking/rwsem: Fix (possible) missed wakeup (bsc#1050549). - loop: drop caches if offset or block_size are changed (bsc#1124975). - loop: Reintroduce lo_ctl_mutex removed by commit 310ca162d (bsc#1124974). - LSM: Check for NULL cred-security on free (bsc#1051510). - mac80211: Add attribute aligned(2) to struct 'action' (bsc#1051510). - mac80211: do not initiate TDLS connection if station is not associated to AP (bsc#1051510). - mac80211: ensure that mgmt tx skbs have tailroom for encryption (bsc#1051510). - mac80211: fix miscounting of ttl-dropped frames (bsc#1051510). - mac80211: fix radiotap vendor presence bitmap handling (bsc#1051510). - mac80211: Free mpath object when rhashtable insertion fails (bsc#1051510). - mac80211: Restore vif beacon interval if start ap fails (bsc#1051510). - macvlan: Only deliver one copy of the frame to the macvlan interface (bsc#1051510). - mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue (bsc#1051510). - mdio_bus: Fix use-after-free on device_register fails (bsc#1051510). - media: adv*/tc358743/ths8200: fill in min width/height/pixelclock (bsc#1051510). - media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bsc#1051510). - media: dt-bindings: media: i2c: Fix i2c address for OV5645 camera sensor (bsc#1051510). - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bsc#1051510). - media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm() (bsc#1051510). - media: s5k4ecgx: delete a bogus error message (bsc#1051510). - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration (bsc#1051510). - media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL (bsc#1051510). - media: s5p-mfc: fix incorrect bus assignment in virtual child device (bsc#1051510). - media: usb: pwc: Do not use coherent DMA buffers for ISO transfer (bsc#1054610). - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming (bsc#1051510). - media: uvcvideo: Fix 'type' check leading to overflow (bsc#1051510). - media: v4l2: i2c: ov7670: Fix PLL bypass register values (bsc#1051510). - media: v4l2-tpg: array index could become negative (bsc#1051510). - media: v4l: ioctl: Validate num_planes for debug messages (bsc#1051510). - media: vb2: be sure to unlock mutex on errors (bsc#1051510). - media: vb2: vb2_mmap: move lock up (bsc#1051510). - media: vivid: fix error handling of kthread_run (bsc#1051510). - media: vivid: free bitmap_cap when updating std/timings/etc (bsc#1051510). - media: vivid: set min width/height to a value > 0 (bsc#1051510). - memstick: Prevent memstick host from getting runtime suspended during card detection (bsc#1051510). - mfd: ab8500-core: Return zero in get_register_interruptible() (bsc#1051510). - mfd: db8500-prcmu: Fix some section annotations (bsc#1051510). - mfd: mc13xxx: Fix a missing check of a register-read failure (bsc#1051510). - mfd: mt6397: Do not call irq_domain_remove if PMIC unsupported (bsc#1051510). - mfd: qcom_rpm: write fw_version to CTRL_REG (bsc#1051510). - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells (bsc#1051510). - mfd: tps65218: Use devm_regmap_add_irq_chip and clean up error path in probe() (bsc#1051510). - mfd: tps6586x: Handle interrupts on suspend (bsc#1051510). - mfd: twl-core: Fix section annotations on {,un}protect_pm_master (bsc#1051510). - mfd: wm5110: Add missing ASRC rate register (bsc#1051510). - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data (bsc#1051510). - misc: hmc6352: fix potential Spectre v1 (bsc#1051510). - misc: hpilo: Do not claim unsupported hardware (bsc#1129330). - misc: hpilo: Exclude unsupported device via blacklist (bsc#1129330). - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bsc#1051510). - misc: mic: SCIF Fix scif_get_new_port() error handling (bsc#1051510). - misc: sram: enable clock before registering regions (bsc#1051510). - misc: sram: fix resource leaks in probe error path (bsc#1051510). - misc: ti-st: Fix memory leak in the error path of probe() (bsc#1051510). - misc: vexpress: Off by one in vexpress_syscfg_exec() (bsc#1051510). - mISDN: fix a race in dev_expire_timer() (bsc#1051510). - mlxsw: __mlxsw_sp_port_headroom_set(): Fix a use of local variable (git-fixes). - mlxsw: spectrum: Disable lag port TX before removing it (networking-stable-19_01_22). - mmap: introduce sane default mmap limits (git fixes (mm/mmap)). - mmap: relax file size limit for regular files (git fixes (mm/mmap)). - mmc: atmel-mci: do not assume idle after atmci_request_end (bsc#1051510). - mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1051510). - mmc: bcm2835: Recover from MMC_SEND_EXT_CSD (bsc#1051510). - mmc: dw_mmc-bluefield: : Fix the license information (bsc#1051510). - mmc: Kconfig: Enable CONFIG_MMC_SDHCI_IO_ACCESSORS (bsc#1051510). - mmc: omap: fix the maximum timeout setting (bsc#1051510). - mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-esdhc-imx: fix HS400 timing issue (bsc#1051510). - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-of-esdhc: Fix timeout checks (bsc#1051510). - mmc: sdhci-xenon: Fix timeout checks (bsc#1051510). - mmc: spi: Fix card detection during probe (bsc#1051510). - mm: do not drop unused pages when userfaultd is running (git fixes (mm/userfaultfd)). - mm/hmm: hmm_pfns_bad() was accessing wrong struct (git fixes (mm/hmm)). - mm: hwpoison: use do_send_sig_info() instead of force_sig() (git fixes (mm/hwpoison)). - mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() (git fixes (mm/ksm)). - mm: madvise(MADV_DODUMP): allow hugetlbfs pages (git fixes (mm/madvise)). - mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#1127731). - mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (git fixes (mm/migrate)). - mm: migrate: lock buffers before migrate_page_move_mapping() (bsc#1084216). - mm: migrate: Make buffer_migrate_page_norefs() actually succeed (bsc#1084216) - mm: migrate: provide buffer_migrate_page_norefs() (bsc#1084216). - mm: migration: factor out code to compute expected number of page references (bsc#1084216). - mm, oom: fix use-after-free in oom_kill_process (git fixes (mm/oom)). - mm: use swp_offset as key in shmem_replace_page() (git fixes (mm/shmem)). - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed (git fixes (mm/vmscan)). - mpt3sas: check sense buffer before copying sense data (bsc#1106811). - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking (bsc#1051510). - mtd: cfi_cmdset_0002: Change write buffer to check correct value (bsc#1051510). - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bsc#1051510). - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary (bsc#1051510). - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bsc#1051510). - mtdchar: fix overflows in adjustment of `count` (bsc#1051510). - mtdchar: fix usage of mtd_ooblayout_ecc() (bsc#1051510). - mtd: docg3: do not set conflicting BCH_CONST_PARAMS option (bsc#1051510). - mtd/maps: fix solutionengine.c printk format warnings (bsc#1051510). - mtd: mtd_oobtest: Handle bitflips during reads (bsc#1051510). - mtd: nand: atmel: fix buffer overflow in atmel_pmecc_user (bsc#1051510). - mtd: nand: atmel: Fix get_sectorsize() function (bsc#1051510). - mtd: nand: atmel: fix of_irq_get() error check (bsc#1051510). - mtd: nand: brcmnand: Disable prefetch by default (bsc#1051510). - mtd: nand: brcmnand: Zero bitflip is not an error (bsc#1051510). - mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510). - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() (bsc#1051510). - mtd: nand: Fix nand_do_read_oob() return value (bsc#1051510). - mtd: nand: Fix writing mtdoops to nand flash (bsc#1051510). - mtd: nand: fsl_ifc: Fix nand waitfunc return value (bsc#1051510). - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM (bsc#1051510). - mtd: nand: ifc: update bufnum mask for ver >= 2.0.0 (bsc#1051510). - mtd: nand: mtk: fix infinite ECC decode IRQ issue (bsc#1051510). - mtd: nand: omap2: Fix subpage write (bsc#1051510). - mtd: nand: pxa3xx: Fix READOOB implementation (bsc#1051510). - mtd: nand: qcom: Add a NULL check for devm_kasprintf() (bsc#1051510). - mtd: nandsim: remove debugfs entries in error path (bsc#1051510). - mtd: nand: sunxi: Fix ECC strength choice (bsc#1051510). - mtd: nand: sunxi: fix potential divide-by-zero error (bsc#1051510). - mtd: nand: vf610: set correct ooblayout (bsc#1051510). - mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI page fault kernel panic (bsc#1051510). - mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB (bsc#1051510). - mtd: spi-nor: stm32-quadspi: Fix uninitialized error return code (bsc#1051510). - mv88e6060: disable hardware level MAC learning (bsc#1051510). - nbd: Use set_blocksize() to set device blocksize (bsc#1124984). - neighbour: Avoid writing before skb->head in neigh_hh_output() (networking-stable-18_12_12). - net: 8139cp: fix a BUG triggered by changing mtu with network traffic (networking-stable-18_12_12). - net: add uevent socket member (bsc#1122982). - net: aquantia: driver should correctly declare vlan_features bits (bsc#1051510). - net: aquantia: fixed instack structure overflow (git-fixes). - net: aquantia: Fix hardware DMA stream overload on large MRRS (bsc#1051510). - net: bcmgenet: abort suspend on error (bsc#1051510). - net: bcmgenet: code movement (bsc#1051510). - net: bcmgenet: fix OF child-node lookup (bsc#1051510). - net: bcmgenet: remove HFB_CTRL access (bsc#1051510). - net: bcmgenet: return correct value 'ret' from bcmgenet_power_down (bsc#1051510). - net: bridge: fix a bug on using a neighbour cache entry without checking its state (networking-stable-19_01_20). - net: bridge: Fix ethernet header pointer before check skb forwardable (networking-stable-19_01_26). - net: core: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - net: do not call update_pmtu unconditionally (bsc#1123456). - net: Do not default Cavium PTP driver to 'y' (bsc#1110096). - net: dp83640: expire old TX-skb (networking-stable-19_02_10). - net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex (git-fixes). - net: dsa: mv88x6xxx: mv88e6390 errata (networking-stable-19_01_22). - net: dsa: slave: Do not propagate flag changes on down slave interfaces (networking-stable-19_02_10). - net: ena: fix race between link up and device initalization (bsc#1083548). - netfilter: nf_tables: check the result of dereferencing base_chain->stats (git-fixes). - net: Fix usage of pskb_trim_rcsum (networking-stable-19_01_26). - net/hamradio/6pack: use mod_timer() to rearm timers (networking-stable-19_01_04). - net: hns3: add error handler for hns3_nic_init_vector_data() (bsc#1104353). - net: hns3: add handling for big TX fragment (bsc#1104353 ). - net: hns3: Fix client initialize state issue when roce client initialize failed (bsc#1104353). - net: hns3: Fix for loopback selftest failed problem (bsc#1104353 ). - net: hns3: fix for multiple unmapping DMA problem (bsc#1104353 ). - net: hns3: Fix tc setup when netdev is first up (bsc#1104353 ). - net: hns3: Fix tqp array traversal condition for vf (bsc#1104353 ). - net: hns3: move DMA map into hns3_fill_desc (bsc#1104353 ). - net: hns3: remove hns3_fill_desc_tso (bsc#1104353). - net: hns3: rename hns_nic_dma_unmap (bsc#1104353). - net: hns3: rename the interface for init_client_instance and uninit_client_instance (bsc#1104353). - net: ipv4: Fix memory leak in network namespace dismantle (networking-stable-19_01_26). - net: macb: restart tx after tx used bit read (networking-stable-19_01_04). - net/mlx4_core: Add masking for a few queries on HCA caps (networking-stable-19_02_01). - net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling (git-fixes). - net/mlx4_core: Fix qp mtt size calculation (git-fixes). - net/mlx4_core: Fix reset flow when in command polling mode (git-fixes). - net/mlx4_en: Change min MTU size to ETH_MIN_MTU (networking-stable-18_12_12). - net/mlx5e: Allow MAC invalidation while spoofchk is ON (networking-stable-19_02_01). - net/mlx5e: IPoIB, Fix RX checksum statistics update (git-fixes). - net/mlx5e: Remove the false indication of software timestamping support (networking-stable-19_01_04). - net/mlx5e: RX, Fix wrong early return in receive queue poll (bsc#1046305). - net/mlx5: fix uaccess beyond 'count' in debugfs read/write handlers (git-fixes). - net/mlx5: Release resource on error flow (git-fixes). - net/mlx5: Return success for PAGE_FAULT_RESUME in internal error state (git-fixes). - net/mlx5: Typo fix in del_sw_hw_rule (networking-stable-19_01_04). - net/mlx5: Use multi threaded workqueue for page fault handling (git-fixes). - net: netem: fix skb length BUG_ON in __skb_to_sgvec (git-fixes). - netns: restrict uevents (bsc#1122982). - net: phy: do not allow __set_phy_supported to add unsupported modes (networking-stable-18_12_12). - net: phy: Fix the issue that netif always links up after resuming (networking-stable-19_01_04). - net: phy: marvell: Errata for mv88e6390 internal PHYs (networking-stable-19_01_26). - net: phy: mdio_bus: add missing device_del() in mdiobus_register() error handling (networking-stable-19_01_26). - net: phy: Micrel KSZ8061: link failure after cable connect (git-fixes). - netrom: fix locking in nr_find_socket() (networking-stable-19_01_04). - netrom: switch to sock timer API (bsc#1051510). - net/rose: fix NULL ax25_cb kernel panic (networking-stable-19_02_01). - net/sched: act_tunnel_key: fix memory leak in case of action replace (networking-stable-19_01_26). - net_sched: refetch skb protocol for each filter (networking-stable-19_01_26). - net: set default network namespace in init_dummy_netdev() (networking-stable-19_02_01). - net: skb_scrub_packet(): Scrub offload_fwd_mark (networking-stable-18_12_03). - net/smc: fix TCP fallback socket release (networking-stable-19_01_04). - net: stmmac: Fix a race in EEE enable callback (git-fixes). - net: stmmac: fix broken dma_interrupt handling for multi-queues (git-fixes). - net: stmmac: Fix PCI module removal leak (git-fixes). - net: stmmac: handle endianness in dwmac4_get_timestamp (git-fixes). - net: stmmac: Use mutex instead of spinlock (git-fixes). - net: systemport: Fix WoL with password after deep sleep (networking-stable-19_02_10). - net: thunderx: fix NULL pointer dereference in nic_remove (git-fixes). - net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue (networking-stable-18_12_03). - net: thunderx: set xdp_prog to NULL if bpf_prog_add fails (networking-stable-18_12_03). - net/wan: fix a double free in x25_asy_open_tty() (networking-stable-19_01_04). - nfit: acpi_nfit_ctl(): Check out_obj->type in the right place (bsc#1129547). - nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot (bsc#1051510). - nfit/ars: Attempt short-ARS even in the no_init_ars case (bsc#1051510). - nfp: bpf: fix ALU32 high bits clearance bug (git-fixes). - nfsd: COPY and CLONE operations require the saved filehandle to be set (git-fixes). - nfsd: Fix an Oops in free_session() (git-fixes). - nfs: Fix a missed page unlock after pg_doio() (git-fixes). - NFS: Fix up return value on fatal errors in nfs_page_async_flush() (git-fixes). - NFSv4.1: Fix the r/wsize checking (git-fixes). - NFSv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - niu: fix missing checks of niu_pci_eeprom_read (bsc#1051510). - ntb_transport: Fix bug with max_mw_size parameter (bsc#1051510). - nvme-fc: reject reconnect if io queue count is reduced to zero (bsc#1128351). - nvme: flush namespace scanning work just before removing namespaces (bsc#1108101). - nvme: kABI fix for scan_lock (bsc#1123882). - nvme: lock NS list changes while handling command effects (bsc#1123882). - nvme-loop: fix kernel oops in case of unhandled command (bsc#1126807). - nvme-multipath: drop optimization for static ANA group IDs (bsc#1113939). - nvme-multipath: round-robin I/O policy (bsc#1110705). - nvme-pci: fix out of bounds access in nvme_cqe_pending (bsc#1127595). - of, numa: Validate some distance map rules (bsc#1051510). - of: unittest: Disable interrupt node tests for old world MAC systems (bsc#1051510). - omap2fb: Fix stack memory disclosure (bsc#1120902) - openvswitch: Avoid OOB read when parsing flow nlattrs (bsc#1051510). - openvswitch: fix the incorrect flow action alloc size (bsc#1051510). - openvswitch: Remove padding from packet before L3+ conntrack processing (bsc#1051510). - packet: Do not leak dev refcounts on error exit (git-fixes). - packet: validate address length if non-zero (networking-stable-19_01_04). - packet: validate address length (networking-stable-19_01_04). - parport_pc: fix find_superio io compare code, should use equal test (bsc#1051510). - Partially revert 'block: fail op_is_write() requests to (bsc#1125252). - PCI: add USR vendor id and use it in r8169 and w6692 driver (networking-stable-19_01_22). - PCI: Disable broken RTIT_BAR of Intel TH (bsc#1120318). - PCI: endpoint: functions: Use memcpy_fromio()/memcpy_toio() (bsc#1051510). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822). - PCI/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() (bsc#1051510). - PCI: qcom: Do not deassert reset GPIO during probe (bsc#1129281). - pcrypt: use format specifier in kobject_add (bsc#1051510). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - phonet: af_phonet: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS (bsc#1051510). - phy: qcom-qmp: Fix failure path in phy_init functions (bsc#1051510). - phy: qcom-qmp: Fix phy pipe clock gating (bsc#1051510). - phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs (bsc#1051510). - phy: rockchip-emmc: retry calpad busy trimming (bsc#1051510). - phy: sun4i-usb: add support for missing USB PHY index (bsc#1051510). - phy: tegra: remove redundant self assignment of 'map' (bsc#1051510). - phy: work around 'phys' references to usb-nop-xceiv devices (bsc#1051510). - pinctrl: max77620: Use define directive for max77620_pinconf_param values (bsc#1051510). - pinctrl: meson: fix pull enable register calculation (bsc#1051510). - pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins (bsc#1051510). - pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: msm: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: sh-pfc: emev2: Add missing pinmux functions (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group (bsc#1051510). - pinctrl: sh-pfc: r8a7778: Fix HSPI pin numbers and names (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group (bsc#1051510). - pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field (bsc#1051510). - pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration (bsc#1051510). - pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups (bsc#1051510). - pinctrl: sh-pfc: sh7734: Add missing IPSR11 field (bsc#1051510). - pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 (bsc#1051510). - pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value (bsc#1051510). - pinctrl: sunxi: a64: Rename function csi0 to csi (bsc#1051510). - pinctrl: sunxi: a64: Rename function ts0 to ts (bsc#1051510). - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 (bsc#1051510). - pinctrl: sx150x: handle failure case of devm_kstrdup (bsc#1051510). - pktcdvd: Fix possible Spectre-v1 for pkt_devs (bsc#1051510). - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bsc#1051510). - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bsc#1051510). - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bsc#1051510). - platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 (bsc#1051510). - powerpc/64s: Clear on-stack exception marker upon exception return (bsc#1071995). - powerpc: Always save/restore checkpointed regs during treclaim/trecheckpoint (bsc#1118338). - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695). - powerpc: Detect the presence of big-cores via 'ibm, thread-groups' (bsc#1109695). - powerpc/livepatch: relax reliable stack tracer checks for first-frame (bsc#1071995). - powerpc/livepatch: small cleanups in save_stack_trace_tsk_reliable() (bsc#1071995). - powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695). - powerpc/powernv: Clear LPCR[PECE1] via stop-api only for deep state offline (bsc#1119766, bsc#1055121). - powerpc/powernv: Clear PECE1 in LPCR via stop-api only on Hotplug (bsc#1119766, bsc#1055121). - powerpc/pseries: export timebase register sample in lparcfg (bsc#1127750). - powerpc/pseries: Perform full re-add of CPU for topology update post-migration (bsc#1125728). - powerpc: Remove facility loadups on transactional {fp, vec, vsx} unavailable (bsc#1118338). - powerpc: Remove redundant FP/Altivec giveup code (bsc#1118338). - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695). - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695). - powerpc/smp: Add Power9 scheduler topology (bsc#1109695). - powerpc/smp: Rework CPU topology construction (bsc#1109695). - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695). - powerpc/tm: Avoid machine crash on rt_sigreturn (bsc#1118338). - powerpc/tm: Do not check for WARN in TM Bad Thing handling (bsc#1118338). - powerpc/tm: Fix comment (bsc#1118338). - powerpc/tm: Fix endianness flip on trap (bsc#1118338). - powerpc/tm: Fix HFSCR bit for no suspend case (bsc#1118338). - powerpc/tm: Fix HTM documentation (bsc#1118338). - powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM (bsc#1118338). - powerpc/tm: P9 disable transactionally suspended sigcontexts (bsc#1118338). - powerpc/tm: Print 64-bits MSR (bsc#1118338). - powerpc/tm: Print scratch value (bsc#1118338). - powerpc/tm: Reformat comments (bsc#1118338). - powerpc/tm: Remove msr_tm_active() (bsc#1118338). - powerpc/tm: Remove struct thread_info param from tm_reclaim_thread() (bsc#1118338). - powerpc/tm: Save MSR to PACA before RFID (bsc#1118338). - powerpc/tm: Set MSR[TS] just prior to recheckpoint (bsc#1118338, bsc#1120955). - powerpc/tm: Unset MSR[TS] if not recheckpointing (bsc#1118338). - powerpc/tm: Update function prototype comment (bsc#1118338). - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695). - powerpc/xmon: Fix invocation inside lock region (bsc#1122885). - pptp: dst_release sk_dst_cache in pptp_sock_destruct (git-fixes). - proc/sysctl: do not return ENOMEM on lookup when a table is unregistering (git-fixes). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - pstore/ram: Avoid allocation and leak of platform data (bsc#1051510). - pstore/ram: Avoid NULL deref in ftrace merging failure path (bsc#1051510). - pstore/ram: Correctly calculate usable PRZ bytes (bsc#1051510). - pstore/ram: Do not treat empty buffers as valid (bsc#1051510). - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bsc#1051510). - ptp: Fix pass zero to ERR_PTR() in ptp_clock_register (bsc#1051510). - ptp_kvm: probe for kvm guest availability (bsc#1098382). - ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() (networking-stable-19_01_04). - qed: Avoid constant logical operation warning in qed_vf_pf_acquire (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_set_tunn_cls_info (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix an error code qed_ll2_start_xmit() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix bitmap_weight() check (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix blocking/unlimited SPQ entries leak (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix command number mismatch between driver and the mfw (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix memory/entry leak in qed_init_sp_request() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix potential memory corruption (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix PTT leak in qed_drain() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix QM getters to always return a valid pq (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix rdma_info structure allocation (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix reading wrong value in loop condition (bsc#1086314 bsc#1086313 bsc#1086301). - qla2xxx: Fixup dual-protocol FCP connections (bsc#1108870). - qmi_wwan: Added support for Fibocom NL668 series (networking-stable-19_01_04). - qmi_wwan: Added support for Telit LN940 series (networking-stable-19_01_04). - qmi_wwan: add MTU default to qmap network interface (networking-stable-19_01_22). - qmi_wwan: Add support for Fibocom NL678 series (networking-stable-19_01_04). - r8169: Add support for new Realtek Ethernet (networking-stable-19_01_22). - r8169: use PCI_VDEVICE macro (networking-stable-19_01_22). - rapidio/rionet: do not free skb before reading its length (networking-stable-18_12_03). - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set (bsc#1125797). - rcu: Fix up pending cbs check in rcu_prepare_for_idle (git fixes (kernel/rcu)). - rcu: Make need_resched() respond to urgent RCU-QS needs (git fixes (kernel/rcu)). - RDMA/core: Fix unwinding flow in case of error to register device (bsc#1046306). - RDMA/vmw_pvrdma: Support upto 64-bit PFNs (bsc#1127285). - Refresh patches.suse/scsi-do-not-print-reservation-conflict-for-TEST-UNIT.patch (bsc#1119843) - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting (bsc#1051510). - regulator: pv88060: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88080: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88090: Fix array out-of-bounds access (bsc#1051510). - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 (bsc#1051510). - regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA (bsc#1051510). - Remove blacklist of virtio patch so we can install it (bsc#1114585) - Revert 'drm/rockchip: Allow driver to be shutdown on reboot/kexec' (bsc#1051510). - Revert 'Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G' (bsc#1051510). - Revert 'openvswitch: Fix template leak in error cases.' (bsc#1051510). - Revert 'scsi: qla2xxx: Fix NVMe Target discovery' (bsc#1125252). - Revert 'serial: 8250: Fix clearing FIFOs in RS485 mode again' (bsc#1051510). - Revert the previous merge of drm fixes The branch was merged mistakenly and breaks the build. Revert it. - Revert 'xhci: Reset Renesas uPD72020x USB controller for 32-bit DMA issue' (bsc#1120854). - rocker: fix rocker_tlv_put_* functions for KASAN (bsc#1051510). - rpm/kernel-binary.spec.in: fix initrd permissions (bsc#1123697) - rpm/kernel-source.changes.old: Really drop old changelogs (bsc#1098995) - rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620 (bsc#1120902). - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (networking-stable-18_12_12). - rxrpc: bad unlock balance in rxrpc_recvmsg (networking-stable-19_02_10). - s390/cio: Fix how vfio-ccw checks pinned pages (git-fixes). - s390/cpum_cf: Reject request for sampling in event initialization (git-fixes). - s390/early: improve machine detection (git-fixes). - s390/mm: always force a load of the primary ASCE on context switch (git-fixes). - s390/mm: fix addressing exception after suspend/resume (bsc#1125252). - s390/qeth: cancel close_dev work before removing a card (LTC#175898, bsc#1127561). - s390/qeth: conclude all event processing before offlining a card (LTC#175901, bsc#1127567). - s390/qeth: fix use-after-free in error path (bsc#1127534). - s390/qeth: invoke softirqs after napi_schedule() (git-fixes). - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (git-fixes). - s390/smp: fix CPU hotplug deadlock with CPU rescan (git-fixes). - s390/sthyi: Fix machine name validity indication (git-fixes). - s390/zcrypt: fix specification exception on z196 during ap probe (LTC#174936, bsc#1123061). - sata_rcar: fix deferred probing (bsc#1051510). - sbus: char: add of_node_put() (bsc#1051510). - sc16is7xx: Fix for multi-channel stall (bsc#1051510). - sched: Do not re-read h_load_next during hierarchical load calculation (bnc#1120909). - sched/wait: Fix rcuwait_wake_up() ordering (git-fixes). - sched/wake_q: Document wake_q_add() (bsc#1050549). - sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549). - sched/wake_q: Reduce reference counting for special users (bsc#1050549). - sch_multiq: fix double free on init failure (bsc#1051510). - scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes - scripts/git_sort/git_sort.py: Add s390/linux.git fixes. - scripts/git_sort/git_sort.py: add vfs 'fixes' branch - scsi: core: reset host byte in DID_NEXUS_FAILURE case (bsc#1122764). - scsi: csiostor: remove flush_scheduled_work() (bsc#1127363). - scsi: fix queue cleanup race before queue initialization is done (bsc#1125252). - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task (bsc#1122192). - scsi: lpfc: Add log messages to aid in debugging fc4type discovery issues (bsc#1121317). - scsi: lpfc: Correct MDS loopback diagnostics support (bsc#1121317). - scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid (bsc#1121317). - scsi: lpfc: Fix discovery failure when PLOGI is defered (bsc#1121317). - scsi: lpfc: Fix link state reporting for trunking when adapter is offline (bsc#1121317). - scsi: lpfc: fix remoteport access (bsc#1125252). - scsi: lpfc: remove an unnecessary NULL check (bsc#1121317). - scsi: lpfc: update fault value on successful trunk events (bsc#1121317). - scsi: lpfc: Update lpfc version to 12.0.0.10 (bsc#1121317). - scsi: mpt3sas: Add ioc_ logging macros (bsc#1117108). - scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to %s: (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging levels (bsc#1117108). - scsi: mpt3sas: Convert mlsleading uses of pr_ with MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Convert uses of pr_ with MPT3SAS_FMT to ioc_ (bsc#1117108). - scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler() (bsc#1117108). - scsi: mpt3sas: Fix indentation (bsc#1117108). - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108). - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108). - scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108). - scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108). - scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks (bsc#1117108). - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Split _base_reset_handler(), mpt3sas_scsih_reset_handler() and mpt3sas_ctl_reset_handler() (bsc#1117108). - scsi: mpt3sas: Swap I/O memory read value back to cpu endianness (bsc#1117108). - scsi: mpt3sas: switch to generic DMA API (bsc#1117108). - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108). - scsi: mptsas: Fixup device hotplug for VMWare ESXi (bsc#1129046). - scsi: qedi: Add ep_state for login completion on un-reachable targets (bsc#1113712). - scsi: qla2xxx: Enable FC-NVME on NPIV ports (bsc#1094555). - scsi: qla2xxx: Fix a typo in MODULE_PARM_DESC (bsc#1094555). - scsi: qla2xxx: Fix for FC-NVMe discovery for NPIV port (bsc#1094555). - scsi: qla2xxx: Fix NPIV handling for FC-NVMe (bsc#1094555). - scsi: qla2xxx: Initialize port speed to avoid setting lower speed (bsc#1094555). - scsi: qla2xxx: Modify fall-through annotations (bsc#1094555). - scsi: qla2xxx: Remove unnecessary self assignment (bsc#1094555). - scsi: qla2xxx: Simplify conditional check (bsc#1094555). - scsi: qla2xxx: Timeouts occur on surprise removal of QLogic adapter (bsc#1124985). - scsi: qla2xxx: Update driver version to 10.00.00.12-k (bsc#1094555). - scsi: storvsc: Fix a race in sub-channel creation that can cause panic (). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933). - scsi: virtio_scsi: fix pi_bytes{out,in} on 4 KiB block size devices (bsc#1114585). - sctp: add a ceiling to optlen in some sockopts (bnc#1129163). - sctp: improve the events for sctp stream adding (networking-stable-19_02_01). - sctp: improve the events for sctp stream reset (networking-stable-19_02_01). - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (networking-stable-19_01_04). - sctp: kfree_rcu asoc (networking-stable-18_12_12). - sd: disable logical block provisioning if 'lbpme' is not set (bsc#1086095 bsc#1078355). - selftests/livepatch: add DYNAMIC_DEBUG config dependency (bsc#1071995). - selftests/livepatch: introduce tests (bsc#1071995). - selftests/powerpc: Use snprintf to construct DSCR sysfs interface paths (bsc#1124579). - selinux: Add __GFP_NOWARN to allocation at str_read() (bsc#1051510). - selinux: always allow mounting submounts (bsc#1051510). - selinux: fix GPF on invalid policy (bsc#1051510). - seq_buf: Make seq_buf_puts() null-terminate the buffer (bsc#1051510). - serial: 8250_pci: Fix number of ports for ACCES serial cards (bsc#1051510). - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() (bsc#1051510). - serial: fix race between flush_to_ldisc and tty_open (bsc#1051510). - serial: fsl_lpuart: clear parity enable bit when disable parity (bsc#1051510). - serial: imx: fix error handling in console_setup (bsc#1051510). - serial: set suppress_bind_attrs flag only if builtin (bsc#1051510). - serial/sunsu: fix refcount leak (bsc#1051510). - serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly (bsc#1051510). - serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO (bsc#1051510). - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init (git-fixes). - skge: potential memory corruption in skge_get_regs() (bsc#1051510). - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 (bsc#1051510). - sky2: Increase D3 delay again (bsc#1051510). - slab: alien caches must not be initialized if the allocation of the alien cache failed (git fixes (mm/slab)). - smb3.1.1 dialect is no longer experimental (bsc#1051510). - smb311: Fix reconnect (bsc#1051510). - smb311: Improve checking of negotiate security contexts (bsc#1051510). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510). - smb3: check for and properly advertise directory lease support (bsc#1051510). - smb3: directory sync should not return an error (bsc#1051510). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510). - smb3: do not request leases in symlink creation and query (bsc#1051510). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510). - smb3: Enable encryption for SMB3.1.1 (bsc#1051510). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510). - smb3: fix various xid leaks (bsc#1051510). - smb3: Improve security, move default dialect to SMB3 from old CIFS (bsc#1051510). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510). - smb3: Remove ifdef since SMB3 (and later) now STRONGLY preferred (bsc#1051510). - smb3: remove noisy warning message on mount (bsc#1129664). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510). - soc: bcm: brcmstb: Do not leak device tree node reference (bsc#1051510). - soc/tegra: Do not leak device tree node reference (bsc#1051510). - splice: do not merge into linked buffers (git-fixes). - staging: comedi: ni_660x: fix missing break in switch statement (bsc#1051510). - staging:iio:ad2s90: Make probe handle spi_setup failure (bsc#1051510). - staging: iio: ad7780: update voltage on read (bsc#1051510). - staging: iio: adc: ad7280a: handle error from __ad7280_read32() (bsc#1051510). - staging: iio: adt7316: allow adt751x to use internal vref for all dacs (bsc#1051510). - staging: iio: adt7316: fix register and bit definitions (bsc#1051510). - staging: iio: adt7316: fix the dac read calculation (bsc#1051510). - staging: iio: adt7316: fix the dac write calculation (bsc#1051510). - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bsc#1051510). - staging: rtl8723bs: Fix build error with Clang when inlining is disabled (bsc#1051510). - staging: speakup: Replace strncpy with memcpy (bsc#1051510). - staging: wilc1000: fix to set correct value for 'vif_num' (bsc#1051510). - sunrpc: correct the computation for page_ptr when truncating (git-fixes). - sunrpc: Fix a potential race in xprt_connect() (git-fixes). - sunrpc: Fix leak of krb5p encode pages (git-fixes). - sunrpc: handle ENOMEM in rpcb_getport_async (git-fixes). - sunrpc: safely reallow resvport min/max inversion (git-fixes). - svm: Add mutex_lock to protect apic_access_page_done on AMD systems (bsc#1129285). - swiotlb: Add is_swiotlb_active() function (bsc#1120008). - swiotlb: Introduce swiotlb_max_mapping_size() (bsc#1120008). - switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite (bsc#1051510). - switchtec: Remove immediate status check after submitting MRPC command (bsc#1051510). - sysfs: Disable lockdep for driver bind/unbind files (bsc#1051510). - tcp: batch tcp_net_metrics_exit (bsc#1122982). - tcp: change txhash on SYN-data timeout (networking-stable-19_01_20). - tcp: Do not underestimate rwnd_limited (networking-stable-18_12_12). - tcp: fix a race in inet_diag_dump_icsk() (networking-stable-19_01_04). - tcp: fix NULL ref in tail loss probe (networking-stable-18_12_12). - tcp: handle inet_csk_reqsk_queue_add() failures (git-fixes). - tcp: lack of available data can also cause TSO defer (git-fixes). - team: avoid complex list operations in team_nl_cmd_options_set() (bsc#1051510). - team: Free BPF filter when unregistering netdev (bsc#1051510). - The PCI SSID matches with other machine(s?) on the market, and leads to the boot problem. (bsc#1122554) - There are no more #ifdef checking these macros. - Thermal: do not clear passive state during system sleep (bsc#1051510). - thermal/drivers/hisi: Encapsulate register writes into helpers (bsc#1051510). - thermal/drivers/hisi: Fix configuration register setting (bsc#1051510). - thermal: generic-adc: Fix adc to temp interpolation (bsc#1051510). - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set (bsc#1051510). - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check (bsc#1051510). - thermal: mediatek: fix register index error (bsc#1051510). - timekeeping: Use proper seqcount initializer (bsc#1051510). - tipc: compare remote and local protocols in tipc_udp_enable() (networking-stable-19_01_04). - tipc: eliminate KMSAN uninit-value in strcmp complaint (bsc#1051510). - tipc: error path leak fixes in tipc_enable_bearer() (bsc#1051510). - tipc: fix a double kfree_skb() (networking-stable-19_01_04). - tipc: fix a race condition of releasing subscriber object (bsc#1051510). - tipc: fix bug in function tipc_nl_node_dump_monitor (bsc#1051510). - tipc: fix infinite loop when dumping link monitor summary (bsc#1051510). - tipc: fix RDM/DGRAM connect() regression (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_doit (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_set (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bsc#1051510). - tipc: use lock_sock() in tipc_sk_reinit() (networking-stable-19_01_04). - tpm: fix kdoc for tpm2_flush_context_cmd() (bsc#1051510). - tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented (bsc#1051510). - tpm: Return the actual size when receiving an unsupported command (bsc#1051510). - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated (bsc#1051510). - tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x (bsc#1051510). - tpm: tpm_try_transmit() refactor error flow (bsc#1051510). - tracing: Do not free iter->trace in fail path of tracing_open_pipe() (bsc#1129581). - tracing/uprobes: Fix output for multiple string arguments (bsc#1126495). - tracing: Use strncpy instead of memcpy for string keys in hist triggers (bsc#1129625). - Tree connect for SMB3.1.1 must be signed for non-encrypted shares (bsc#1051510). - tty: Handle problem if line discipline does not have receive_buf (bsc#1051510). - tty: ipwireless: Fix potential NULL pointer dereference (bsc#1051510). - tty/n_hdlc: fix __might_sleep warning (bsc#1051510). - tty/serial: do not free trasnmit buffer page under port lock (bsc#1051510). - tty: serial: samsung: Properly set flags in autoCTS mode (bsc#1051510). - tun: forbid iface creation with rtnl ops (networking-stable-18_12_12). - uart: Fix crash in uart_write and uart_put_char (bsc#1051510). - ucc_geth: Reset BQL queue when stopping device (networking-stable-19_02_01). - ucma: fix a use-after-free in ucma_resolve_ip() (bsc#1051510). - uevent: add alloc_uevent_skb() helper (bsc#1122982). - uio_hv_generic: defer opening vmbus until first use (bsc#1127578). - uio_hv_generic: set callbacks on open (bsc#1127578). - uio: introduce UIO_MEM_IOVA (bsc#1127578). - Update patches.arch/s390-sles15-zcrypt-fix-specification-exception.patch (LTC#174936, bsc#1123060, bsc#1123061). - Update patches.fixes/acpi-nfit-Block-function-zero-DSMs.patch (bsc#1051510, bsc#1121789). - Update patches.fixes/acpi-nfit-Fix-command-supported-detection.patch (bsc#1051510, bsc#1121789). Add more detailed bugzilla reference. - Update patches.kabi/bpf-prevent-memory-disambiguation-attack.patch (bsc#1087082). - Update patches.kabi/bpf-properly-enforce-index-mask-to-prevent-out-of-bo.patch (bsc#1098425). - uprobes: Fix handle_swbp() vs. unregister() + register() race once more (bsc#1051510). - usb: Add new USB LPM helpers (bsc#1120902). - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bsc#1120902). - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bsc#1120902). - usb: Consolidate LPM checks to avoid enabling LPM twice (bsc#1120902). - usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb() (bsc#1051510). - usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup (bsc#1120902). - usb: dwc3: gadget: Disable CSP for stream OUT ep (bsc#1051510). - usb: dwc3: gadget: Handle 0 xfer length for OUT EP (bsc#1051510). - usb: dwc3: trace: add missing break statement to make compiler happy (bsc#1120902). - usb: gadget: musb: fix short isoc packets with inventra dma (bsc#1051510). - usb: gadget: udc: net2272: Fix bitwise and boolean operations (bsc#1051510). - usb: hub: delay hub autosuspend if USB3 port is still link training (bsc#1051510). - usb: mtu3: fix the issue about SetFeature(U1/U2_Enable) (bsc#1051510). - usb: musb: dsps: fix otg state machine (bsc#1051510). - usb: musb: dsps: fix runtime pm for peripheral mode (bsc#1120902). - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (networking-stable-18_12_03). - usbnet: smsc95xx: fix rx packet alignment (bsc#1051510). - usb: phy: am335x: fix race condition in _probe (bsc#1051510). - usb: serial: option: add Fibocom NL678 series (bsc#1120902). - usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bsc#1120902). - usb: serial: pl2303: add new PID to support PL2303TB (bsc#1051510). - usb: serial: simple: add Motorola Tetra TPG2200 device id (bsc#1051510). - usb: storage: add quirk for SMI SM3350 (bsc#1120902). - usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bsc#1120902). - usb: xhci: fix 'broken_suspend' placement in struct xchi_hcd (bsc#1119086). - veth: set peer GSO values (bsc#1051510). - vfio: ccw: fix cleanup if cp_prefetch fails (git-fixes). - vfio: ccw: process ssch with interrupts disabled (git-fixes). - vfs: Add iomap_seek_hole and iomap_seek_data helpers (bsc#1070995). - vfs: Add page_cache_seek_hole_data helper (bsc#1070995). - vfs: in iomap seek_{hole,data}, return -ENXIO for negative offsets (bsc#1070995). - vhost: correctly check the return value of translate_desc() in log_used() (bsc#1051510). - vhost: log dirty page correctly (networking-stable-19_01_26). - vhost: make sure used idx is seen before log in vhost_add_used_n() (networking-stable-19_01_04). - vhost/vsock: fix uninitialized vhost_vsock->guest_cid (bsc#1051510). - video: clps711x-fb: release disp device node in probe() (bsc#1051510). - virtio-blk: Consider virtio_max_dma_size() for maximum segment size (bsc#1120008). - virtio: Introduce virtio_max_dma_size() (bsc#1120008). - virtio_net: Do not call free_old_xmit_skbs for xdp_frames (networking-stable-19_02_01). - virtio-net: fail XDP set if guest csum is negotiated (networking-stable-18_12_03). - virtio-net: keep vnet header zeroed after processing XDP (networking-stable-18_12_12). - virtio/s390: avoid race on vcdev->config (git-fixes). - virtio/s390: fix race in ccw_io_helper() (git-fixes). - vmbus: fix subchannel removal (bsc#1127578). - vmbus: keep pointer to ring buffer page (bsc#1127578). - vmbus: pass channel to hv_process_channel_removal (bsc#1127578). - vmbus: split ring buffer allocation from open (bsc#1127578). - VMCI: Support upto 64-bit PPNs (bsc#1127286). - vsock: cope with memory allocation failure at socket creation time (bsc#1051510). - vsock: Send reset control packet when socket is partially bound (networking-stable-19_01_04). - vt: invoke notifier on screen size change (bsc#1051510). - vxge: ensure data0 is initialized in when fetching firmware version information (bsc#1051510). - vxlan: Fix GRO cells race condition between receive and link delete (git-fixes). - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() (git-fixes). - vxlan: update skb dst pmtu on tx path (bsc#1123456). - w90p910_ether: remove incorrect __init annotation (bsc#1051510). - watchdog: docs: kernel-api: do not reference removed functions (bsc#1051510). - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434). - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86/a.out: Clear the dump structure initially (bsc#1114279). - x86/apic: Provide apic_ack_irq() (bsc#1122822). - x86/boot/e820: Avoid overwriting e820_table_firmware (bsc#1127154). - x86/boot/e820: Introduce the bootloader provided e820_table_firmware[] table (bsc#1127154). - x86/boot/e820: Rename the e820_table_firmware to e820_table_kexec (bsc#1127154). - x86/bugs: Add AMD's variant of SSB_NO (bsc#1114279). - x86/bugs: Update when to check for the LS_CFG SSBD mitigation (bsc#1114279). - x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822). - x86/kaslr: Fix incorrect i8254 outb() parameters (bsc#1114279). - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock (bsc#1098382). - x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bsc#1114279). - x86/microcode/amd: Do not falsely trick the late loading mechanism (bsc#1114279). - x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init() (bsc#1114279). - x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (bsc#1114279). - x86/mtrr: Do not copy uninitialized gentry fields back to userspace (bsc#1114279). - x86/pkeys: Properly copy pkey state at fork() (bsc#1129366). - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (bsc#1125614). - x86/pvclock: add setter for pvclock_pvti_cpu0_va (bsc#1098382). - x86/resctrl: Fix rdt_find_domain() return value and checks (bsc#1114279). - x86: respect memory size limiting via mem= parameter (bsc#1117645). - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant (bsc#1114279). - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1114279). - x86/vdso: Remove obsolete 'fake section table' reservation (bsc#1114279). - x86/xen: dont add memory above max allowed allocation (bsc#1117645). - x86/xen/time: Output xen sched_clock time from 0 (bsc#1098382). - x86/xen/time: set pvclock flags on xen_time_init() (bsc#1098382). - x86/xen/time: setup vcpu 0 time info page (bsc#1098382). - xen, cpu_hotplug: Prevent an out of bounds access (bsc#1065600). - xen: fix dom0 boot on huge systems (bsc#1127836). - xen: Fix x86 sched_clock() interface for xen (bsc#1098382). - xen/manage: do not complain about an empty value in control/sysrq node (bsc#1065600). - xen: remove pre-xen3 fallback handlers (bsc#1065600). - xfs: add option to mount with barrier=0 or barrier=1 (bsc#1088133). - xfs: fix contiguous dquot chunk iteration livelock (bsc#1070995). - xfs: remove filestream item xfs_inode reference (bsc#1127961). - xfs: rewrite xfs_dq_get_next_id using xfs_iext_lookup_extent (bsc#1070995). - xhci: Add quirk to zero 64bit registers on Renesas PCIe controllers (bsc#1120854). - xhci: workaround CSS timeout on AMD SNPS 3.0 xHC (bsc#1119086). - xprtrdma: Reset credit grant properly after a disconnect (git-fixes). - yama: Check for pid death before checking ancestry (bsc#1051510). - yam: fix a missing-check bug (bsc#1051510). - zswap: re-check zswap_is_full() after do zswap_shrink() (bsc#1051510). - xfs: Switch to iomap for SEEK_HOLE / SEEK_DATA (bsc#1070995). ----------------------------------------- Patch: SUSE-2019-788 Released: Thu Mar 28 11:55:06 2019 Summary: Security update for sqlite3 Severity: moderate References: 1119687,CVE-2018-20346 Description: This update for sqlite3 to version 3.27.2 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Release notes: https://www.sqlite.org/releaselog/3_27_2.html ----------------------------------------- Patch: SUSE-2019-790 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Severity: moderate References: 1130557 Description: This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------- Patch: SUSE-2019-791 Released: Thu Mar 28 12:06:50 2019 Summary: Security update for libnettle Severity: moderate References: 1129598 Description: This update for libnettle to version 3.4.1 fixes the following issues: Issues addressed and new features: - Updated to 3.4.1 (fate#327114 and bsc#1129598) - Fixed a missing break statements in the parsing of PEM input files in pkcs1-conv. - Fixed a link error on the pss-mgf1-test which was affecting builds without public key support. - All functions using RSA private keys are now side-channel silent. This applies both to the bignum calculations, which now use GMP's mpn_sec_* family of functions, and the processing of PKCS#1 padding needed for RSA decryption. - Changes in behavior: The functions rsa_decrypt and rsa_decrypt_tr may now clobber all of the provided message buffer, independent of the actual message length. They are side-channel silent, in that branches and memory accesses don't depend on the validity or length of the message. Side-channel leakage from the caller's use of length and return value may still provide an oracle useable for a Bleichenbacher-style chosen ciphertext attack. Which is why the new function rsa_sec_decrypt is recommended. ----------------------------------------- Patch: SUSE-2019-819 Released: Fri Mar 29 18:08:54 2019 Summary: Recommended update for openssh Severity: moderate References: 1119183,1127180 Description: This update for openssh fixes the following issues: Issues addressed: - Removed the 'KexDHMin' config keyword (bsc#1127180) It used to allow lowering of the minimal allowed DH group size, which was increased to 2048 by upstream in the light of the Logjam attack. However, the code was broken since the upgrade to 7.6p1. It's still possible to use the fixed 1024-bit diffie-hellman-group1-sha1 key exchange method when working with legacy systems. - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183) ----------------------------------------- Patch: SUSE-2019-850 Released: Wed Apr 3 07:31:47 2019 Summary: Recommended update for polkit-default-privs Severity: moderate References: 1125110,1128560 Description: This update for polkit-default-privs fixes the following issues: - add renamed wifi-scan -> wifi.scan action (bsc#1128560) - relax change-own-user-data action in the restrictive profile (bsc#1125110) ----------------------------------------- Patch: SUSE-2019-858 Released: Wed Apr 3 15:50:37 2019 Summary: Recommended update for libtirpc Severity: moderate References: 1120689,1126096 Description: This update for libtirpc fixes the following issues: - Fix a yp_bind_client_create_v3: RPC: Unknown host error (bsc#1126096). - add an option to enforce connection via protocol version 2 first (bsc#1120689). ----------------------------------------- Patch: SUSE-2019-866 Released: Thu Apr 4 11:24:48 2019 Summary: Recommended update for apparmor Severity: moderate References: 1120279,1125439 Description: This update for apparmor fixes the following issues: - Add /proc/pid/tcp and /proc/pid/tcp6 entries to the apparmor profile. (bsc#1125439) - allow network access and notify file creation/access (bsc#1120279) ----------------------------------------- Patch: SUSE-2019-870 Released: Thu Apr 4 11:46:21 2019 Summary: Recommended update for yast2-packager Severity: moderate References: 1082369,1119564 Description: This update for yast2-packager fixes the following issues: - Changing repo URL has been ignored (bsc#1119564) - Added warning in case the NTP configuration was modified but the package is not selected to be installed (bsc#1082369) ----------------------------------------- Patch: SUSE-2019-886 Released: Fri Apr 5 07:55:15 2019 Summary: Recommended update for grub2 Severity: moderate References: 1113702,1122569 Description: This update for grub2 fixes the following issues: - Fixed regression of crashing lvm on multipath SAN (bsc#1113702) - Add exception handling to FCP lun enumeration (bsc#1113702) - Fix LOADER_TYPE parsing in grub2-once (bsc#1122569) ----------------------------------------- Patch: SUSE-2019-894 Released: Fri Apr 5 17:16:23 2019 Summary: Recommended update for rpm Severity: moderate References: 1119414,1126327,1129753,SLE-3853,SLE-4117 Description: This update for rpm fixes the following issues: - This update shortens RPM changelog to after a certain cut off date (bsc#1129753) - Translate dashes to underscores in kmod provides (FATE#326579, jsc#SLE-4117, jsc#SLE-3853, bsc#1119414). - Re-add symset-table from SLE 12 (bsc#1126327). ----------------------------------------- Patch: SUSE-2019-903 Released: Mon Apr 8 15:41:44 2019 Summary: Security update for glibc Severity: moderate References: 1100396,1122729,1130045,CVE-2016-10739 Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2016-10739: Fixed an improper implementation of getaddrinfo function which could allow applications to incorrectly assume that had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings (bsc#1122729). Other issue fixed: - Fixed an issue where pthread_mutex_trylock did not use a correct order of instructions while maintained the robust mutex list due to missing compiler barriers (bsc#1130045). - Added new Japanese Era name support (bsc#1100396). ----------------------------------------- Patch: SUSE-2019-909 Released: Tue Apr 9 08:04:44 2019 Summary: Recommended update for chrony Severity: moderate References: 1129914 Description: This update for chrony fixes the following issues: - Fix ordering and dependencies of chronyd.service, so that it is started after name resolution is up (bsc#1129914). ----------------------------------------- Patch: SUSE-2019-919 Released: Tue Apr 9 15:47:42 2019 Summary: Security update for blktrace Severity: low References: 1091942,CVE-2018-10689 Description: This update for blktrace fixes the following issues: - CVE-2018-10689: Prevent buffer overflow in the dev_map_read function because the device and devno arrays were too small (bsc#1091942) ----------------------------------------- Patch: SUSE-2019-923 Released: Wed Apr 10 15:54:57 2019 Summary: Recommended update for openssh Severity: moderate References: 1065237,1115550 Description: This update for openssh fixes the following issues: - Fix SSHD termination of multichannel sessions with non-root users (error on 'mm_request_receive_expect') (bsc#1115550) - Fix a double free() in the KDF CAVS testing tool (bsc#1065237) Please note that this is a FIPS certification helper tool and can not get attacker input. ----------------------------------------- Patch: SUSE-2019-925 Released: Wed Apr 10 16:32:50 2019 Summary: Security update for wget Severity: important References: 1131493,CVE-2019-5953 Description: This update for wget fixes the following issues: Security issue fixed: - CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution (bsc#1131493). ----------------------------------------- Patch: SUSE-2019-926 Released: Wed Apr 10 16:33:12 2019 Summary: Security update for tar Severity: moderate References: 1120610,1130496,CVE-2018-20482,CVE-2019-9923 Description: This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). ----------------------------------------- Patch: SUSE-2019-937 Released: Fri Apr 12 09:42:29 2019 Summary: Recommended update for at-spi2-core Severity: moderate References: 1127792 Description: This update for at-spi2-core and at-spi2-atk fixes the following issues: - Bugfix: Querying table cell headers crashed the application (bsc#1127792). ----------------------------------------- Patch: SUSE-2019-938 Released: Fri Apr 12 09:42:37 2019 Summary: Recommended update for yast2-pkg-bindings Severity: moderate References: 1094468,1097756 Description: This update for yast2-pkg-bindings fixes the following issues: - Does no longer save plugin services to the target system (bsc#1094468) - Fixes an error when saving services during an upgrade (bsc#1097756) ----------------------------------------- Patch: SUSE-2019-966 Released: Wed Apr 17 12:20:13 2019 Summary: Recommended update for python-rpm-macros Severity: moderate References: 1128323 Description: This update for python-rpm-macros fixes the following issues: The Python RPM macros were updated to version 20190408.32abece, fixing bugs (bsc#1128323) * Add missing $ expansion on the pytest call * Rewrite pytest and pytest_arch into Lua macros with multiple arguments. * We should preserve existing PYTHONPATH. * Add --ignore to pytest calls to ignore build directories. * Actually make pytest into function to capture arguments as well * Add pytest definitions. * Use upstream-recommended %{_rpmconfigdir}/macros.d directory for the rpm macros. * Fix an issue with epoch printing having too many \ * add epoch while printing 'Provides:' ----------------------------------------- Patch: SUSE-2019-971 Released: Wed Apr 17 14:43:26 2019 Summary: Security update for python3 Severity: important References: 1129346,CVE-2019-9636 Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). ----------------------------------------- Patch: SUSE-2019-972 Released: Wed Apr 17 14:44:05 2019 Summary: Security update for python Severity: important References: 1129346,1130847,CVE-2019-9636,CVE-2019-9948 Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). ----------------------------------------- Patch: SUSE-2019-999 Released: Wed Apr 24 08:32:31 2019 Summary: Recommended update for release-notes-sles Severity: moderate References: 1094677,1096932,1115021,1116948,1117170,1118664,1122405,1123873,1127393,1127740,1131031 Description: This update for release-notes-sles fixes the following issues: Releases Notes were updated to 15.0.20190329 (bsc#1131031) - Updated template text - New notes: - PostgreSQL Has Been Upgraded to Version 10 (FATE#325659, requested via bsc#1127393) - Removed Kernel Modules (FATE#326411, requested via bsc#1096932) - LibreOffice Has Been Updated to Version 6.1 (FATE#326624) - Support for SAP HANA Workloads on Intel Optane DC Memory (FATE#326967, requested via bsc#1117170) - SMB Shares Used via mount or /etc/fstab Are Now Expected to use SMB 2.1 or Higher (FATE#327578) - Document fixes and changed notes: - ibmvnic is supported now, removed 'Device Driver ibmvnic', added 'Support for ibmvnic Networking Driver' (FATE#327576, update requested via bsc#1123873) - Clarified support status of *-devel packages (bsc#1094677) - Improved module table: Added CAP, Package Hub, Web/Scripting modules - Added openJDK 1.8.0 to table of supported Java version (bsc#1116948) - Updated file system table to include SLES 12 SP4 (bsc#1118664) - Updated 'Refactored YaST iSCSI LIO server' to remove mention of Python 2 removal (FATE#319238) - Fixed garbled formatting in 'Updated Btrfs Subvolume Layout' (FATE#325797, update requested via bsc#1115021) - Fixed incorrect instruction in 'No Documentation Installed in SLES JeOS By Default' (FATE#326859, update requested via bsc#1127740) - Clarified 'Support for Socket-Based Services Activation' (FATE#319428) - Improved wording in 'ntpd Has Been Replaced With Chrony' (FATE#323432) - Improved wording in 'YaST and AutoYaST Changes Because of Switch to firewalld' (FATE#323460) - Fixed grammar in 'New AppArmor Features to Restrict Processes' (FATE#323500, update requested via bsc#1122405) - Fixed typo in 'Page Cache Limit Is Now Opt-in cgroup Isolation' (FATE#323778) - Fixed grammar in 'PostgreSQL: psqlODBC Driver Has Been Added to Replace unixODBC' (FATE#324501) - Accounted for the fact that 'Device Error Prevention Enabled (CONFIG_IO_STRICT_DEVMEM)' is also needed for SLES 12 SP4 (FATE#325368) ----------------------------------------- Patch: SUSE-2019-1002 Released: Wed Apr 24 10:13:34 2019 Summary: Recommended update for zlib Severity: moderate References: 1110304,1129576 Description: This update for zlib fixes the following issues: - Fixes a segmentation fault error (bsc#1110304, bsc#1129576) ----------------------------------------- Patch: SUSE-2019-1025 Released: Wed Apr 24 14:53:48 2019 Summary: Recommended update for yast2-network Severity: moderate References: 1094934,1107470,709176 Description: This update for yast2-network fixes the following issues: - Fixes an error when writing remote configuration by cmdline (yast remote allow set=yes) (bsc#1094934) - Will now keep the original hostnames untouched in /etc/hosts when only the IP has changed (bsc#709176) ----------------------------------------- Patch: SUSE-2019-1034 Released: Thu Apr 25 13:39:50 2019 Summary: Recommended update for docker-runc Severity: important References: 1131314,1131553 Description: This update for docker-runc fixes the following issues: - Backport various upstream patches to fix some kernel regression related to O_TMPFILE. bsc#1131314 bsc#1131553 ----------------------------------------- Patch: SUSE-2019-1040 Released: Thu Apr 25 17:09:21 2019 Summary: Security update for samba Severity: important References: 1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880 Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686): - Out of bound read in ldb_wildcard_compare - Hold at most 10 outstanding paged result cookies - Put 'results_store' into a doubly linked list - Refuse to build Samba against a newer minor version of ldb Non-security issues fixed: - Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377). - Abide to the load_printers parameter in smb.conf (bsc#1124223). - Provide the 32bit samba winbind PAM module and its dependend 32bit libraries. ----------------------------------------- Patch: SUSE-2019-1054 Released: Fri Apr 26 14:46:02 2019 Summary: Recommended update for crash Severity: moderate References: 1122594,1124690 Description: This update for crash fixes the following issues: - XEN dom0 changes in v4.11 caused coredumps not loading (bsc#1124690, bsc#1122594) ----------------------------------------- Patch: SUSE-2019-1114 Released: Tue Apr 30 14:09:17 2019 Summary: Recommended update for open-iscsi Severity: moderate References: 1127913,1128972 Description: This update for open-iscsi fixes the following issues: - Fix a regression in behavior of iscsiadm caused by the switch to libopeniscsiusr (bsc#1128972) - Prevent iscsiuio segmentation fault in case get_tx_pkt fails while sending ARP (bsc#1127913) ----------------------------------------- Patch: SUSE-2019-1121 Released: Tue Apr 30 18:02:43 2019 Summary: Security update for gnutls Severity: important References: 1118087,1130681,1130682,CVE-2018-16868,CVE-2019-3829,CVE-2019-3836 Description: This update for gnutls fixes to version 3.6.7 the following issues: Security issued fixed: - CVE-2019-3836: Fixed an invalid pointer access via malformed TLS1.3 async messages (bsc#1130682). - CVE-2019-3829: Fixed a double free vulnerability in the certificate verification API (bsc#1130681). - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification (bsc#1118087) Non-security issue fixed: - Update gnutls to support TLS 1.3 (fate#327114) ----------------------------------------- Patch: SUSE-2019-1127 Released: Thu May 2 09:39:24 2019 Summary: Security update for sqlite3 Severity: moderate References: 1130325,1130326,CVE-2019-9936,CVE-2019-9937 Description: This update for sqlite3 to version 3.28.0 fixes the following issues: Security issues fixed: - CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326). - CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325). ----------------------------------------- Patch: SUSE-2019-1134 Released: Thu May 2 17:57:27 2019 Summary: Recommended update for quota Severity: moderate References: 1131513,SLE-5734 Description: This update for quota fixes the following issues: Quota was updated to 4.05 release jsc#SLE-5734 bsc#1131513: * This release includes mostly various smaller cleanups and fixes in various areas. * Most visible changes are addition of f2fs and exfs among recognized filesystems. * Remove quot binary functionality could be achieved by using repquota instead ----------------------------------------- Patch: SUSE-2019-1173 Released: Tue May 7 15:33:40 2019 Summary: Recommended update for cifs-utils Severity: moderate References: 1130528 Description: This update for cifs-utils fixes the following issues: - Allow cached DNS entry to expire (fate#325270). - Document new SMB2.1+ defaults (bsc#1130528). - Add typo corrections, better doc and configure fixes from upstream - Update to cifs-utils 6.8 (please find all 6.8 changes in the changelog) ----------------------------------------- Patch: SUSE-2019-1206 Released: Fri May 10 14:01:55 2019 Summary: Security update for bzip2 Severity: low References: 985657,CVE-2016-3189 Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). ----------------------------------------- Patch: SUSE-2019-1221 Released: Mon May 13 13:28:42 2019 Summary: Security update for libxslt Severity: moderate References: 1132160,CVE-2019-11068 Description: This update for libxslt fixes the following issues: Security issue fixed: - CVE-2019-11068: Fixed a protection mechanism bypass where callers of xsltCheckRead() and xsltCheckWrite() would permit access upon receiving an error (bsc#1132160). ----------------------------------------- Patch: SUSE-2019-1226 Released: Mon May 13 16:09:07 2019 Summary: Recommended update for wicked Severity: moderate References: 1106809,1118206,1123555,1127340 Description: This update for wicked fixes the following issues: Wicked was updated to version 0.6.54: - switch to use systemd notify and prevent event backlog at start by calling udevadm settle before starting wickedd (bsc#1118206) - dhcp6: don't discard confirm reply without status (bsc#1127340) - ethtool: set lro legacy flag and not txvlan (bsc#1123555) - init memory before use in ioctl - fsm: fix find pending worker loop segfault (bsc#1106809) ----------------------------------------- Patch: SUSE-2019-1234 Released: Tue May 14 18:31:52 2019 Summary: Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork Severity: important References: 1114209,1114832,1118897,1118898,1118899,1121397,1121967,1123013,1128376,1128746,1134068,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736,CVE-2019-6486 Description: This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues: Security issues fixed: - CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). - CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). - CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). - CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). - CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes: - Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). - docker-test: Improvements to test packaging (bsc#1128746). - Move daemon.json file to /etc/docker directory (bsc#1114832). - Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). - Fix go build failures (bsc#1121397). ----------------------------------------- Patch: SUSE-2019-1240 Released: Tue May 14 19:04:00 2019 Summary: Security update for the Linux Kernel Severity: important References: 1050549,1051510,1052904,1053043,1055117,1055121,1061840,1065600,1065729,1070872,1078216,1082555,1083647,1085535,1085536,1088804,1093777,1094120,1094244,1097583,1097584,1097585,1097586,1097587,1097588,1100132,1103186,1103259,1107937,1111331,1112128,1112178,1113399,1113722,1114279,1114542,1114638,1119086,1119680,1120318,1120902,1122767,1123105,1125342,1126221,1126356,1126704,1126740,1127175,1127371,1127372,1127374,1127378,1127445,1128415,1128544,1129276,1129770,1130130,1130154,1130195,1130335,1130336,1130337,1130338,1130425,1130427,1130518,1130527,1130567,1131062,1131107,1131167,1131168,1131169,1131170,1131171,1131172,1131173,1131174,1131175,1131176,1131177,1131178,1131179,1131180,1131290,1131335,1131336,1131416,1131427,1131442,1131467,1131574,1131587,1131659,1131673,1131847,1131848,1131851,1131900,1131934,1131935,1132083,1132219,1132226,1132227,1132365,1132368,1132369,1132370,1132372,1132373,1132384,1132397,1132402,1132403,1132404,1132405,1132407,1132411,1132412,1132413,1132414,1132426,1132527,1132531,1132555,1132558,1132561,1132562,1132563,1132564,1132570,1132571,1132572,1132589,1132618,1132681,1132726,1132828,1132943,1133005,1133094,1133095,1133115,1133149,1133486,1133529,1133584,1133667,1133668,1133672,1133674,1133675,1133698,1133702,1133731,1133769,1133772,1133774,1133778,1133779,1133780,1133825,1133850,1133851,1133852,CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-16880,CVE-2019-11091,CVE-2019-3882,CVE-2019-9003,CVE-2019-9500,CVE-2019-9503 Description: The SUSE Linux Enterprise 15 for Azure kernel was updated to receive various security and bugfixes. Four new speculative execution issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations, utilizing CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: - CVE-2019-9003: Attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a 'service ipmievd restart' loop (bnc#1126704). - CVE-2018-16880: A flaw was found in the handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bnc#1122767). - CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results was fixed. (bnc#1132681). - CVE-2019-9503: A brcmfmac frame validation bypass was fixed. (bnc#1132828). - CVE-2019-3882: A flaw was found in the vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427). The following non-security bugs were fixed: - 9p: do not trust pdu content for stat item size (bsc#1051510). - acpi: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1132426). - acpi / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510). - alsa: core: Fix card races between register and disconnect (bsc#1051510). - alsa: echoaudio: add a check for ioremap_nocache (bsc#1051510). - alsa: firewire: add const qualifier to identifiers for read-only symbols (bsc#1051510). - alsa: firewire-motu: add a flag for AES/EBU on XLR interface (bsc#1051510). - alsa: firewire-motu: add specification flag for position of flag for MIDI messages (bsc#1051510). - alsa: firewire-motu: add support for MOTU Audio Express (bsc#1051510). - alsa: firewire-motu: add support for Motu Traveler (bsc#1051510). - alsa: firewire-motu: use 'version' field of unit directory to identify model (bsc#1051510). - alsa: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist (bsc#1051510). - alsa: hda - Add two more machines to the power_save_blacklist (bsc#1051510). - alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bsc#1051510). - alsa: hda: Initialize power_state field properly (bsc#1051510). - alsa: hda/realtek - Add quirk for Tuxedo XC 1509 (bsc#1131442). - alsa: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic (bsc#1051510). - alsa: hda/realtek - Add support headset mode for DELL WYSE AIO (bsc#1051510). - alsa: hda/realtek - Add support headset mode for New DELL WYSE NB (bsc#1051510). - alsa: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510). - alsa: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer AIO with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256 (bsc#1051510). - alsa: hda - Record the current power state before suspend/resume calls (bsc#1051510). - alsa: info: Fix racy addition/deletion of nodes (bsc#1051510). - alsa: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bsc#1051510). - alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510). - alsa: pcm: Do not suspend stream in unrecoverable PCM state (bsc#1051510). - alsa: pcm: Fix possible OOB access in PCM oss plugins (bsc#1051510). - alsa: rawmidi: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: sb8: add a check for request_region (bsc#1051510). - alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510). - alsa: seq: oss: Fix Spectre v1 vulnerability (bsc#1051510). - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510). - ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510). - ASoC: topology: free created components in tplg load error (bsc#1051510). - assume flash part size to be 4MB, if it can't be determined (bsc#1127371). - ath10k: avoid possible string overflow (bsc#1051510). - auxdisplay: hd44780: Fix memory leak on ->remove() (bsc#1051510). - auxdisplay: ht16k33: fix potential user-after-free on module unload (bsc#1051510). - batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510). - bcm2835: MMC issues (bsc#1070872). - blkcg: Introduce blkg_root_lookup() (bsc#1131673). - blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673). - blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673). - blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673). - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673). - blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673). - blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673). - blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673). - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673). - block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673). - block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673). - block: Introduce blk_exit_queue() (bsc#1131673). - block: kABI fixes for bio_rewind_iter() removal (bsc#1131673). - block: remove bio_rewind_iter() (bsc#1131673). - Bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510). - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bsc#1051510). - Bluetooth: Fix decrementing reference count twice in releasing socket (bsc#1051510). - Bluetooth: hci_ldisc: Initialize hci_dev before open() (bsc#1051510). - Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() (bsc#1051510). - Bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731). - bnxt_en: Drop oversize TX packets to prevent errors (networking-stable-19_03_07). - bonding: fix PACKET_ORIGDEV regression (git-fixes). - bpf: fix use after free in bpf_evict_inode (bsc#1083647). - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes). - btrfs: check for refs on snapshot delete resume (bsc#1131335). - Btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes). - Btrfs: fix deadlock between clone/dedupe and rename (bsc#1130518). - Btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195). - btrfs: remove WARN_ON in log_dir_items (bsc#1131847). - btrfs: save drop_progress if we drop refs at all (bsc#1131336). - cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510). - cgroup: fix parsing empty mount option string (bsc#1133094). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510). - cifs: do not dereference smb_file_target before null check (bsc#1051510). - cifs: Do not hide EINTR after sending network packets (bsc#1051510). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510). - cifs: Fix credits calculations for reads with errors (bsc#1051510). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510). - cifs: Fix potential OOB access of lock element array (bsc#1051510). - cifs: Fix read after write for files with read caching (bsc#1051510). - clk: clk-twl6040: Fix imprecise external abort for pdmclk (bsc#1051510). - clk: fractional-divider: check parent rate only if flag is set (bsc#1051510). - clk: ingenic: Fix doc of ingenic_cgu_div_info (bsc#1051510). - clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bsc#1051510). - clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510). - clk: sunxi-ng: v3s: Fix TCON reset de-assert bit (bsc#1051510). - clk: vc5: Abort clock configuration without upstream clock (bsc#1051510). - clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510). - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bsc#1051510). - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bsc#1051510). - cpcap-charger: generate events for userspace (bsc#1051510). - cpufreq: pxa2xx: remove incorrect __init annotation (bsc#1051510). - cpufreq: tegra124: add missing of_node_put() (bsc#1051510). - cpupowerutils: bench - Fix cpu online check (bsc#1051510). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - crypto: caam - add missing put_device() call (bsc#1129770). - crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510). - crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510). - crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510). - cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371). - cxgb4: Added missing break in ndo_udp_tunnel_{add/del} (bsc#1127371). - cxgb4: Add flag tc_flower_initialized (bsc#1127371). - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371). - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 (bsc#1127371). - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371). - cxgb4: add per rx-queue counter for packet errors (bsc#1127371). - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371). - cxgb4: add support to display DCB info (bsc#1127371). - cxgb4: Add support to read actual provisioned resources (bsc#1127371). - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371). - cxgb4: collect hardware queue descriptors (bsc#1127371). - cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371). - cxgb4: convert flower table to use rhashtable (bsc#1127371). - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371). - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371). - cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374). - cxgb4/cxgb4vf: Link management changes (bsc#1127371). - cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac() (bsc#1127371). - cxgb4: display number of rx and tx pages free (bsc#1127371). - cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371). - cxgb4: Export sge_host_page_size to ulds (bsc#1127371). - cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371). - cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371). - cxgb4: Mask out interrupts that are not enabled (bsc#1127175). - cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371). - cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371). - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371). - cxgb4: remove the unneeded locks (bsc#1127371). - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371). - cxgb4: Support ethtool private flags (bsc#1127371). - cxgb4: update supported DCB version (bsc#1127371). - cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371). - cxgb4vf: Few more link management changes (bsc#1127374). - cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374). - cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374). - device_cgroup: fix RCU imbalance in error case (bsc#1051510). - device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1051510). - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bsc#1051510). - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510). - dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510). - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510). - dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510). - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638). - Drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - Drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567). - drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510). - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722) - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510). - drm/i915/bios: assume eDP is present on port A when there is no VBT (bsc#1051510). - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722) - drm/i915/gvt: Annotate iomem usage (bsc#1051510). - drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510). - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722) - drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check (bsc#1051510). - drm/i915: Relax mmap VMA check (bsc#1051510). - drm/imx: ignore plane updates on disabled crtcs (bsc#1051510). - drm/imx: imx-ldb: add missing of_node_puts (bsc#1051510). - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722) - drm/meson: Fix invalid pointer in meson_drv_unbind() (bsc#1051510). - drm/meson: Uninstall IRQ handler (bsc#1051510). - drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure (bsc#1051510). - drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510). - drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510). - drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722) - drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722) - drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722) - drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722) - drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722) - drm/udl: add a release method and delay modeset teardown (bsc#1085536) - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722) - dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit (networking-stable-19_02_20). - e1000e: fix cyclic resets at link up with active tx (bsc#1051510). - e1000e: Fix -Wformat-truncation warnings (bsc#1051510). - ext2: Fix underflow in ext2_max_size() (bsc#1131174). - ext4: add mask of ext4 flags to swap (bsc#1131170). - ext4: add missing brelse() in add_new_gdb_meta_bg() (bsc#1131176). - ext4: Avoid panic during forced reboot (bsc#1126356). - ext4: brelse all indirect buffer in ext4_ind_remove_space() (bsc#1131173). - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851). - ext4: cleanup pagecache before swap i_data (bsc#1131178). - ext4: fix check of inode in swap_inode_boot_loader (bsc#1131177). - ext4: fix data corruption caused by unaligned direct AIO (bsc#1131172). - ext4: fix EXT4_IOC_SWAP_BOOT (bsc#1131180). - ext4: fix NULL pointer dereference while journal is aborted (bsc#1131171). - ext4: update quota information while swapping boot loader inode (bsc#1131179). - fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510). - fix cgroup_do_mount() handling of failure exits (bsc#1133095). - Fix kabi after 'md: batch flush requests.' (bsc#1119680). - fm10k: Fix a potential NULL pointer dereference (bsc#1051510). - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219). - fs/dax: deposit pagetable even when installing zero page (bsc#1126740). - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes). - futex: Cure exit race (bsc#1050549). - futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549). - futex: Handle early deadlock return correctly (bsc#1050549). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510). - gpio: gpio-omap: fix level interrupt idling (bsc#1051510). - gpio: of: Fix of_gpiochip_add() error path (bsc#1051510). - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes). - hid: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486). - hid: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510). - hid: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510). - hv_netvsc: Fix IP header checksum for coalesced packets (networking-stable-19_03_07). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (fate#323887). - hwrng: virtio - Avoid repeated init of completion (bsc#1051510). - i2c: tegra: fix maximum transfer size (bsc#1051510). - ibmvnic: Enable GRO (bsc#1132227). - ibmvnic: Fix completion structure initialization (bsc#1131659). - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227). - iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510). - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510). - iio: ad_sigma_delta: select channel when reading register (bsc#1051510). - iio: core: fix a possible circular locking dependency (bsc#1051510). - iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510). - iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510). - iio: Fix scan mask selection (bsc#1051510). - iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510). - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510). - input: cap11xx - switch to using set_brightness_blocking() (bsc#1051510). - input: matrix_keypad - use flush_delayed_work() (bsc#1051510). - input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510). - input: st-keyscan - fix potential zalloc NULL dereference (bsc#1051510). - input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510). - input: uinput - fix undefined behavior in uinput_validate_absinfo() (bsc#1120902). - intel_idle: add support for Jacobsville (jsc#SLE-5394). - io: accel: kxcjk1013: restore the range after resume (bsc#1051510). - iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130336). - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130337). - iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425). - iommu/amd: Set exclusion range correctly (bsc#1130425). - iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130). - iommu/vt-d: Check capability before disabling protected memory (bsc#1130338). - ip6: fix PMTU discovery when using /127 subnets (git-fixes). - ip6mr: Do not call __IP6_INC_STATS() from preemptible context (git-fixes). - ip6_tunnel: fix ip6 tunnel lookup in collect_md mode (git-fixes). - ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv4/route: fail early when inet dev is missing (git-fixes). - ipv6: Fix dangling pointer when ipv6 fragment (git-fixes). - ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24). - ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes). - ipvlan: disallow userns cap_net_admin to change global mode/flags (networking-stable-19_03_15). - ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes). - irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table (bsc#1051510). - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bsc#1051510). - iscsi_ibft: Fix missing break in switch statement (bsc#1051510). - iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371). - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770). - iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770). - iwlwifi: mvm: fix firmware statistics usage (bsc#1129770). - jbd2: clear dirty flag when revoking a buffer from an older transaction (bsc#1131167). - jbd2: fix compile warning when using JBUFFER_TRACE (bsc#1131168). - kABI: restore icmp_send (kabi). - kabi/severities: add cxgb4 and cxgb4vf shared data to the whitelis (bsc#1127372) - kasan: fix shadow_size calculation error in kasan_module_alloc (bsc#1051510). - kbuild: fix false positive warning/error about missing libelf (bsc#1051510). - kbuild: modversions: Fix relative CRC byte order interpretation (bsc#1131290). - kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729). - kcm: switch order of device registration to fix a crash (bnc#1130527). - kernfs: do not set dentry->d_fsdata (boo#1133115). - keys: always initialize keyring_index_key::desc_len (bsc#1051510). - keys: user: Align the payload buffer (bsc#1051510). - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563). - kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149). - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561). - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564). - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562). - kvm: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840). - kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149). - kvm: VMX: Compare only a single byte for VMCS' 'launched' in vCPU-run (bsc#1132555). - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279). - kvm: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570). - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571). - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331). - leds: pca9532: fix a potential NULL pointer dereference (bsc#1051510). - libceph: wait for latest osdmap in ceph_monc_blacklist_add() (bsc#1130427). - libertas_tf: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - lightnvm: if LUNs are already allocated fix return (bsc#1085535). - locking/atomics, asm-generic: Move some macros from to a new file (bsc#1111331). - mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510). - mac80211: Fix Tx aggregation session tear down with ITXQs (bsc#1051510). - mac80211_hwsim: propagate genlmsg_reply return code (bsc#1051510). - md: batch flush requests (bsc#1119680). - md: Fix failed allocation of md_register_thread (git-fixes). - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes). - md/raid5: fix 'out of memory' during raid cache recovery (git-fixes). - media: mt9m111: set initial frame size other than 0x0 (bsc#1051510). - media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: rc: mce_kbd decoder: fix stuck keys (bsc#1100132). - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: v4l2-ctrls.c/uvc: zero v4l2_event (bsc#1051510). - media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed (bsc#1119086). - memremap: fix softlockup reports at teardown (bnc#1130154). - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bsc#1051510). - missing barriers in some of unix_sock ->addr and ->path accesses (networking-stable-19_03_15). - mmc: davinci: remove extraneous __init annotation (bsc#1051510). - mmc: pxamci: fix enum type confusion (bsc#1051510). - mmc: sdhci: Fix data command CRC error handling (bsc#1051510). - mmc: sdhci: Handle auto-command errors (bsc#1051510). - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510). - mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510). - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934). - mm: Fix modifying of page protection by insert_pfn() (bsc#1126740). - mm: Fix warning in insert_pfn() (bsc#1126740). - mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd() (bsc#1126740). - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935). - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825). - mpls: Return error for RTA_GATEWAY attribute (networking-stable-19_03_07). - mt7601u: bump supported EEPROM version (bsc#1051510). - mwifiex: do not advertise IBSS features without FW support (bsc#1129770). - net: Add header for usage of fls64() (networking-stable-19_02_20). - net: Add __icmp_send helper (networking-stable-19_03_07). - net: avoid false positives in untrusted gso validation (git-fixes). - net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07). - net: bridge: add vlan_tunnel to bridge port policies (git-fixes). - net: bridge: fix per-port af_packet sockets (git-fixes). - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (git-fixes). - net: datagram: fix unbounded loop in __skb_try_recv_datagram() (git-fixes). - net: Do not allocate page fragments that are not skb aligned (networking-stable-19_02_20). - net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129276 bsc#1125342). - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (git-fixes). - netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info (git-fixes). - netfilter: ip6t_MASQUERADE: add dependency on conntrack module (git-fixes). - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() (git-fixes). - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (git-fixes). - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} (git-fixes). - netfilter: x_tables: fix int overflow in xt_alloc_table_info() (git-fixes). - net: Fix for_each_netdev_feature on Big endian (networking-stable-19_02_20). - net: fix IPv6 prefix route residue (networking-stable-19_02_20). - net: Fix untag for vlan packets without ethernet header (git-fixes). - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (git-fixes). - net/hsr: Check skb_put_padto() return value (git-fixes). - net: hsr: fix memory leak in hsr_dev_finalize() (networking-stable-19_03_15). - net/hsr: fix possible crash in add_timer() (networking-stable-19_03_15). - netlabel: fix out-of-bounds memory accesses (networking-stable-19_03_07). - netlink: fix nla_put_{u8,u16,u32} for KASAN (git-fixes). - net/mlx5e: Do not overwrite pedit action when multiple pedit used (networking-stable-19_02_24). - net/ncsi: Fix AEN HNCDSC packet length (git-fixes). - net/ncsi: Stop monitor if channel times out or is inactive (git-fixes). - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (networking-stable-19_03_07). - net/packet: fix 4gb buffer limit due to overflow check (networking-stable-19_02_24). - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (git-fixes). - net_sched: acquire RTNL in tc_action_net_exit() (git-fixes). - net_sched: fix two more memory leaks in cls_tcindex (networking-stable-19_02_24). - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (networking-stable-19_03_15). - net: sit: fix memory leak in sit_init_net() (networking-stable-19_03_07). - net: sit: fix UBSAN Undefined behaviour in check_6rd (networking-stable-19_03_15). - net: socket: set sock->sk to NULL after calling proto_ops::release() (networking-stable-19_03_07). - net-sysfs: Fix mem leak in netdev_register_kobject (git-fixes). - net: validate untrusted gso packets without csum offload (networking-stable-19_02_20). - net/x25: fix a race in x25_bind() (networking-stable-19_03_15). - net/x25: fix use-after-free in x25_device_event() (networking-stable-19_03_15). - net/x25: reset state in x25_connect() (networking-stable-19_03_15). - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (git-fixes). - nfc: nci: Add some bounds checking in nci_hci_cmd_received() (bsc#1051510). - nfsd4: catch some false session retries (git-fixes). - nfsd4: fix cached replies to solo SEQUENCE compounds (git-fixes). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes). - nfs: Do not use page_file_mapping after removing the page (git-fixes). - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes). - nfs: Fix a soft lockup in the delegation recovery code (git-fixes). - nfs: Fix a typo in nfs_init_timeout_values() (git-fixes). - nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618). - nfs: Fix I/O request leakages (git-fixes). - nfs: fix mount/umount race in nlmclnt (git-fixes). - nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes). - nfsv4.1 do not free interrupted slot on open (git-fixes). - nfsv4.1: Reinitialise sequence results before retransmitting a request (git-fixes). - nfsv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() (git-fixes). - nvme: add proper discard setup for the multipath device (bsc#1114638). - nvme: fix the dangerous reference of namespaces list (bsc#1131673). - nvme: make sure ns head inherits underlying device limits (bsc#1131673). - nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673). - nvme: only reconfigure discard if necessary (bsc#1114638). - nvme: schedule requeue whenever a LIVE state is entered (bsc#1123105). - ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock (bsc#1131169). - pci: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bsc#1051510). - pci: designware-ep: dw_pcie_ep_set_msi() should only set MMC bits (bsc#1051510). - pci: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable (bsc#1051510). - pci: pciehp: Convert to threaded IRQ (bsc#1133005). - pci: pciehp: Ignore Link State Changes after powering off a slot (bsc#1133005). - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs (bsc#1051510). - pm / wakeup: Rework wakeup source timer cancellation (bsc#1051510). - powercap: intel_rapl: add support for Jacobsville (). - powercap: intel_rapl: add support for Jacobsville (FATE#327454). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107). - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls (bsc#1088804, git-fixes). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729). - powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729). - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest (bsc#1061840). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback (bsc#1131900). - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840). - powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes). - powerpc/mm: Check secondary hash page table (bsc#1065729). - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900). - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584). - powerpc/numa: improve control of topology updates (bsc#1133584). - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043). - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043). - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1055121). - powerpc/powernv: Do not reprogram SLW image on every KVM guest entry/exit (bsc#1061840). - powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840). - powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand (bsc#1061840). - powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (bsc#1061840). - powerpc/powernv: Make opal log only readable by root (bsc#1065729). - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107). - powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - power: supply: charger-manager: Fix incorrect return value (bsc#1051510). - pwm-backlight: Enable/disable the PWM before/after LCD enable toggle (bsc#1051510). - qmi_wwan: Add support for Quectel EG12/EM12 (networking-stable-19_03_07). - qmi_wwan: apply SET_DTR quirk to Sierra WP7607 (bsc#1051510). - qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup (bsc#1051510). - raid10: It's wrong to add len to sector_nr in raid10 reshape twice (git-fixes). - ras/CEC: Check the correct variable in the debugfs error handling (bsc#1085535). - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (networking-stable-19_03_15). - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371). - rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371). - rdma/cxgb4: Add support for srq functions & structs (bsc#1127371). - rdma/cxgb4: fix some info leaks (bsc#1127371). - rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371). - rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371). - rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371). - rds: fix refcount bug in rds_sock_addref (git-fixes). - rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete (git-fixes). - regulator: max77620: Initialize values for DT properties (bsc#1051510). - regulator: s2mpa01: Fix step values for some LDOs (bsc#1051510). - rhashtable: Still do rehash when we get EEXIST (bsc#1051510). - ring-buffer: Check if memory is available before allocation (bsc#1132531). - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race (networking-stable-19_03_15). - rtc: 88pm80x: fix unintended sign extension (bsc#1051510). - rtc: 88pm860x: fix unintended sign extension (bsc#1051510). - rtc: cmos: ignore bogus century byte (bsc#1051510). - rtc: ds1672: fix unintended sign extension (bsc#1051510). - rtc: Fix overflow when converting time64_t to rtc_time (bsc#1051510). - rtc: pm8xxx: fix unintended sign extension (bsc#1051510). - rtnetlink: bring NETDEV_CHANGE_TX_QUEUE_LEN event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_CHANGEUPPER event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_POST_TYPE_CHANGE event process back in rtnetlink_event (git-fixes). - rtnetlink: check DO_SETLINK_NOTIFY correctly in do_setlink (git-fixes). - rxrpc: Do not release call mutex on error pointer (git-fixes). - rxrpc: Do not treat call aborts as conn aborts (git-fixes). - rxrpc: Fix client call queueing, waiting for channel (networking-stable-19_03_15). - rxrpc: Fix Tx ring annotation after initial Tx failure (git-fixes). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/pkey: move pckmo subfunction available checks away from module init (bsc#1128544). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bsc#1127378). - scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467). - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment (networking-stable-19_02_24). - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart (bsc#1051510). - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling (bsc#1051510). - serial: imx: Update cached mctrl value when changing RTS (bsc#1051510). - serial: max310x: Fix to avoid potential NULL pointer dereference (bsc#1051510). - serial: sh-sci: Fix setting SCSCR_TIE while transferring data (bsc#1051510). - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (networking-stable-19_02_24). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510). - soc: fsl: qbman: avoid race in clearing QMan interrupt (bsc#1051510). - SoC: imx-sgtl5000: add missing put_device() (bsc#1051510). - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510). - soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510). - spi: pxa2xx: Setup maximum supported DMA transfer length (bsc#1051510). - spi: ti-qspi: Fix mmap read when more than one CS in use (bsc#1051510). - spi/topcliff_pch: Fix potential NULL dereference on allocation error (bsc#1051510). - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bsc#1051510). - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bsc#1051510). - staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510). - staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510). - staging: vt6655: Fix interrupt race condition on device start up (bsc#1051510). - staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510). - sunrpc/cache: handle missing listeners better (bsc#1126221). - sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (git-fixes). - supported.conf: Add vxlan to kernel-default-base (bsc#1132083). - supported.conf: dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574). - svm/avic: Fix invalidate logical APIC id entry (bsc#1132726). - svm: Fix AVIC DFR and LDR handling (bsc#1132558). - svm: Fix improper check when deactivate AVIC (bsc#1130335). - sysctl: handle overflow for file-max (bsc#1051510). - tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes). - tcp: tcp_v4_err() should be more careful (networking-stable-19_02_20). - thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs (bsc#1051510). - thermal/intel_powerclamp: fix truncated kthread name (). - thermal/intel_powerclamp: fix truncated kthread name (FATE#326597). - tipc: fix race condition causing hung sendto (networking-stable-19_03_07). - tpm: Fix some name collisions with drivers/char/tpm.h (bsc#1051510). - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1082555). - tpm_tis_spi: Pass the SPI IRQ down to the driver (bsc#1051510). - tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bsc#1051510). - tracing: Fix a memory leak by early error exit in trace_pid_write() (bsc#1133702). - tracing: Fix buffer_ref pipe ops (bsc#1133698). - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bsc#1132527). - tty: atmel_serial: fix a potential NULL pointer dereference (bsc#1051510). - tun: fix blocking read (networking-stable-19_03_07). - tun: remove unnecessary memory barrier (networking-stable-19_03_07). - udf: Fix crash on IO error during truncate (bsc#1131175). - uio: Reduce return paths from uio_write() (bsc#1051510). - Update patches.kabi/kabi-cxgb4-MU.patch (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584 bsc#1127371). - usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770). - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510). - usb: common: Consider only available nodes for dr_mode (bsc#1129770). - usb: core: only clean up what we allocated (bsc#1051510). - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts (bsc#1051510). - usb: dwc3: gadget: synchronize_irq dwc irq in suspend (bsc#1051510). - usb: f_fs: Avoid crash due to out-of-scope stack ptr access (bsc#1051510). - usb: gadget: f_hid: fix deadlock in f_hidg_write() (bsc#1129770). - usb: gadget: Potential NULL dereference on allocation error (bsc#1051510). - usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk (bsc#1051510). - usb: mtu3: fix EXTCON dependency (bsc#1051510). - usb: phy: fix link errors (bsc#1051510). - usb: phy: twl6030-usb: fix possible use-after-free on remove (bsc#1051510). - usb: serial: cp210x: add ID for Ingenico 3070 (bsc#1129770). - usb: serial: cp210x: add new device id (bsc#1051510). - usb: serial: cp210x: fix GPIO in autosuspend (bsc#1120902). - usb: serial: ftdi_sio: add additional NovaTech products (bsc#1051510). - usb: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 (bsc#1129770). - usb: serial: mos7720: fix mos_parport refcount imbalance on error path (bsc#1129770). - usb: serial: option: add Olicard 600 (bsc#1051510). - usb: serial: option: add support for Quectel EM12 (bsc#1051510). - usb: serial: option: add Telit ME910 ECM composition (bsc#1129770). - usb: serial: option: set driver_info for SIM5218 and compatibles (bsc#1129770). - vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219). - vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219). - vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219). - vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219). - vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219). - vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219). - vfs: limit size of dedupe (bsc#1132397, bsc#1132219). - vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219). - vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219). - vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774, bsc#1132219). - vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219). - video: fbdev: Set pixclock = 0 in goldfishfb (bsc#1051510). - vxlan: test dev->flags & IFF_UP before calling netif_rx() (networking-stable-19_02_20). - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies (bsc#1051510). - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bsc#1051510). - x86/cpu: Add Atom Tremont (Jacobsville) (). - x86/cpu: Add Atom Tremont (Jacobsville) (FATE#327454). - x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bsc#1114279). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331). - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (bsc#1132572). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank types (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE SMCA bank types (bsc#1128415). - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type (bsc#1128415). - x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415). - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415). - x86/mce: Handle varying MCA bank counts (bsc#1128415). - x86/mce: Improve error message when kernel cannot recover, p2 (bsc#1114279). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318). - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279). - x86/speculation: Simplify the CPU bug detection logic (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904). - x86/uaccess: Do not leak the AC flag into __put_user() value evaluation (bsc#1114279). - xen-netback: do not populate the hash cache on XenBus disconnect (networking-stable-19_03_07). - xen-netback: fix occasional leak of grant ref mappings under memory pressure (networking-stable-19_03_07). - xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600). - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos (git-fixes). - xfrm: Fix ESN sequence number handling for IPsec GSO packets (git-fixes). - xfrm: fix rcu_read_unlock usage in xfrm_local_error (git-fixes). - xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674). - xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219). - xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219). - xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219). - xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219). - xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219). - xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219). - xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219). - xfs: fix reporting supported extra file attributes for statx() (bsc#1133529). - xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219). - xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (bsc#1133675). - xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219). - xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219). - xfs: refactor xfs_trans_roll (bsc#1133667). - xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219). - xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219). - xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219). - xfs: remove the ip argument to xfs_defer_finish (bsc#1133672). - xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668). - xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219). - xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219). - xhci: Do not let USB3 ports stuck in polling state prevent suspend (bsc#1051510). - xhci: Fix port resume done detection for SS ports with LPM enabled (bsc#1051510). ----------------------------------------- Patch: SUSE-2019-1260 Released: Wed May 15 14:06:52 2019 Summary: Recommended update for SUSEConnect Severity: moderate References: 1128969,959561 Description: This update for SUSEConnect fixes the following issues: - Does no longer try to remove a service during migration, if a zypper service plugin already exists (bsc#1128969) - Shows non-enabled extensions with a remark about availability - Adds output information about registration and unregistration progress - Output proper message when SUSEConnect is called without parameters (bsc#959561) - Default to https URI when no protocol prefix is provided for --url - Support transactional-update systems (fate#326482) ----------------------------------------- Patch: SUSE-2019-1261 Released: Wed May 15 14:07:06 2019 Summary: Recommended update for systemd-presets-branding-SLE Severity: moderate References: 1128428 Description: This update for systemd-presets-branding-SLE fixes the following issues: - Enables nvmefc-boot-connections.service to discover network-provided nvme drives on boot (bsc#1128428) ----------------------------------------- Patch: SUSE-2019-1312 Released: Wed May 22 12:19:12 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1096191 Description: This update for aaa_base fixes the following issue: * Shell detection in /etc/profile and /etc/bash.bashrc was broken within AppArmor-confined containers (bsc#1096191) ----------------------------------------- Patch: SUSE-2019-1337 Released: Fri May 24 11:13:13 2019 Summary: Recommended update for yast2, yast2-firewall, and yast2-services-manager Severity: moderate References: 1087867,1108199,1108628,1108942,1109812,1110549,1111370,1112547,1113732 Description: This update for yast2, yast2-firewall, and yast2-services-manager fixes the following issues: # Package: yast2 Installation: - Show dialog if registration is skipped. (fate#318196) - Add tags to describe the location for the 'all-packages' medium. This information will be shown if the registration has been skipped by the user. No hint will be shown if these tags have not been defined. (fate#325834) Logging: - Log viewer: replace invalid UTF-8 characters from the displayed log to avoid a crash. (bsc#1110549) Firewall: - firewalld configuration failed when setting public zone as default second time. (bsc#1109812) - firewalld: fixed the API cmd call for removing services from zones, when the firewall is in offline mode. (bsc#1108628) - Added new methods to firewalld_wrapper in order to switch yast2-dhcp-server to new firewall module. (bsc#1108942) - Network (Firewall): Added modify_masquerade method to zones API unifying the way changes are applied to single value attributes. (bsc#1112547) - CWMFirewallInterfaces: Improved the UX replacing the api calls for checking supported services once the list supported ones are already known by the firewalld instance. (fate#324662) # Package: yast2-firewall AutoYast schema: - Allowed the new 'description', 'short' and 'target' elements in zone entries (bsc#1108199) Included Features: - New user interface for firewalld configuration (fate#324662, bsc#1111370): * Manage the firewalld service * Browse interfaces and assign them to firewall zones * List zones and design one of them as the default * Assign services to zones * Open ports - Enable and open the SSH port when only public key authentication is available for the root user. (fate#324690) # Package: yast2-services-manager - Do not crash in chroot environment (bsc#1113732) - Adapted to use the new Y2Firewall::Firewalld::Interface objects instead of a hash. (fate#324662) ----------------------------------------- Patch: SUSE-2019-1351 Released: Fri May 24 14:41:10 2019 Summary: Security update for gnutls Severity: important References: 1118087,1134856,CVE-2018-16868 Description: This update for gnutls fixes the following issues: Security issue fixed: - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification (bsc#1118087). Non-security issue fixed: - Explicitly require libnettle 3.4.1 to prevent missing symbol errors (bsc#1134856). ----------------------------------------- Patch: SUSE-2019-1352 Released: Fri May 24 14:41:44 2019 Summary: Security update for python3 Severity: moderate References: 1130840,1133452,CVE-2019-9947 Description: This update for python3 to version 3.6.8 fixes the following issues: Security issue fixed: - CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840). Non-security issue fixed: - Fixed broken debuginfo packages by switching off LTO and PGO optimization (bsc#1133452). ----------------------------------------- Patch: SUSE-2019-1357 Released: Mon May 27 13:29:15 2019 Summary: Security update for curl Severity: important References: 1135170,CVE-2019-5436 Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). ----------------------------------------- Patch: SUSE-2019-1358 Released: Mon May 27 13:51:26 2019 Summary: Recommended update for rsync Severity: moderate References: 1100786,1108562 Description: This update for rsync fixes the following issues: - rsync invoked with --sparse and --preallocate could have resulted in a failure (bsc#1108562) - Don't require systemd explicitly as it's not present in containers [bsc#1100786]. ----------------------------------------- Patch: SUSE-2019-1364 Released: Tue May 28 10:51:38 2019 Summary: Security update for systemd Severity: moderate References: 1036463,1121563,1124122,1125352,1125604,1126056,1127557,1130230,1132348,1132400,1132721,1133506,1133509,CVE-2019-3842,CVE-2019-3843,CVE-2019-3844,CVE-2019-6454,SLE-5933 Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could be exploited by a local user (bsc#1132348). - CVE-2019-6454: Fixed a denial of service via crafted D-Bus message (bsc#1125352). - CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where services with DynamicUser could gain new privileges or create SUID/SGID binaries (bsc#1133506, bsc#1133509). Non-security issued fixed: - logind: fix killing of scopes (bsc#1125604) - namespace: make MountFlags=shared work again (bsc#1124122) - rules: load drivers only on 'add' events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - systemd-coredump: generate a stack trace of all core dumps and log into the journal (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - Do not automatically online memory on s390x (bsc#1127557) - Removed sg.conf (bsc#1036463) ----------------------------------------- Patch: SUSE-2019-1367 Released: Tue May 28 12:41:43 2019 Summary: Recommended update for tcsh Severity: moderate References: 1129112 Description: This update for tcsh fixes the following issues: - Incorrect postcmd handling could have caused miscalculation of a while loop start resulting in an infinite loop (bsc#1129112) ----------------------------------------- Patch: SUSE-2019-1368 Released: Tue May 28 13:15:38 2019 Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root Severity: important References: 1134524,CVE-2019-5021 Description: This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) ----------------------------------------- Patch: SUSE-2019-1372 Released: Tue May 28 16:53:28 2019 Summary: Security update for libtasn1 Severity: moderate References: 1105435,CVE-2018-1000654 Description: This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). ----------------------------------------- Patch: SUSE-2019-1383 Released: Thu May 30 08:11:26 2019 Summary: Recommended update for supportutils Severity: moderate References: 1081326,1088234,1100529,1120967,1125623,1132865,1133844,1134599 Description: This update for supportutils fixes the following issues: - Updated to version 3.1.3 + Uses SUSE FTP servers (bsc#1132865) + btrfs quota #43 + supportconfig: open-files: add file flags #44 + Merged etc_info: Add support for .cfg files in /etc dir #46 + Silence warning in rpm backup db collection path #47 + Set files in tarball to 660 instead of 600 #48 + SUSE separation finalized (bsc#1125623) + Default compression through xz, but -z forces bzip2 + Updated man pages (bsc#1088234) + Changed VAR_OPTION_BIN_TIMEOUT_SEC from 300 to 120 + Avoids some IO delays (bsc#1100529) + Corrected supported services help info for -U + Collects iSCSI Target information (bsc#1133844) + FTPES uses --ssl-reqd instead of depricated --ftp-ssl + Defaults to https FTP server uploads (bsc#1134599) - Updated to version 3.1.2 + Fixed missing sapconf and log (bsc#1081326) + Added timed_log_cmd to hwinfo and showmount commands (bsc#1120967) ----------------------------------------- Patch: SUSE-2019-1389 Released: Fri May 31 10:12:36 2019 Summary: Security update for cronie Severity: low References: 1128935,1128937,1130746,1133100,CVE-2019-9704,CVE-2019-9705 Description: This update for cronie fixes the following issues: Security issues fixed: - CVE-2019-9704: Fixed an insufficient check in the return value of calloc which could allow a local user to create Denial of Service by crashing the daemon (bsc#1128937). - CVE-2019-9705: Fixed an implementation vulnerability which could allow a local user to exhaust the memory resulting in Denial of Service (bsc#1128935). Bug fixes: - Manual start of cron is possible even when it's already started using systemd (bsc#1133100). - Cron schedules only one job of crontab (bsc#1130746). ----------------------------------------- Patch: SUSE-2019-1394 Released: Fri May 31 10:18:42 2019 Summary: Recommended update for pam-config Severity: moderate References: 1114835 Description: This update for pam-config fixes the following issues: - Update to version 0.96: * Add missing pam_cracklib options [bsc#1114835] ----------------------------------------- Patch: SUSE-2019-1398 Released: Fri May 31 12:54:22 2019 Summary: Security update for libpng16 Severity: low References: 1100687,1121624,1124211,CVE-2018-13785,CVE-2019-7317 Description: This update for libpng16 fixes the following issues: Security issues fixed: - CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211). - CVE-2018-13785: Fixed a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c, which could haved triggered and integer overflow and result in an divide-by-zero while processing a crafted PNG file, leading to a denial of service (bsc#1100687) ----------------------------------------- Patch: SUSE-2019-1407 Released: Mon Jun 3 13:33:51 2019 Summary: Security update for bind Severity: important References: 1104129,1126068,1126069,1133185,CVE-2018-5740,CVE-2018-5743,CVE-2018-5745,CVE-2019-6465 Description: This update for bind fixes the following issues: Security issues fixed: - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). - CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068). - CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185). - CVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129). ----------------------------------------- Patch: SUSE-2019-1413 Released: Tue Jun 4 07:58:25 2019 Summary: Recommended update for yast2-network Severity: moderate References: 1105692,1129012,1131588 Description: This update for yast2-network provides the following fixes: - Display a confirmation popup when the static route is going to be removed after switching a device to DHCP. (bsc#1131588) - autoyast: Use the bus_id of the udev parent device when using virtio netcards and matching the existent rules with the ones defined in the profile. (bsc#1129012) - Showing correct start mode for nfsroot device. (bsc#1105692) ----------------------------------------- Patch: SUSE-2019-1415 Released: Tue Jun 4 13:18:42 2019 Summary: Recommended update for fping Severity: moderate References: 1133988 Description: This update for fping fixes the following issues: - Fix fping on servers with disabled IPv6 [bsc#1133988] ----------------------------------------- Patch: SUSE-2019-1417 Released: Tue Jun 4 15:40:25 2019 Summary: Recommended update for libselinux, policycoreutils, setools Severity: moderate References: 1130097,1136515 Description: This update for libselinux, policycoreutils, setools fixes the following issues: This update provides policycoreutils-python that contains binaries necessary for SELinux administration. (bsc#1130097) Also necessary dependencies for this package have been included in the update. python2-setools and python3-setools are shipped instead of python-setools. ----------------------------------------- Patch: SUSE-2019-1436 Released: Thu Jun 6 13:43:37 2019 Summary: Recommended update for lvm2 Severity: moderate References: 1095960,1127219 Description: This update for lvm2 fixes the following issues: - Sending BLKDISCARD on SSD devices could lead to data loss in test mode (bsc#1095960) - Fix the wrong filter for the cdrom device in /etc/lvm/lvm.conf (bsc#1127219) ----------------------------------------- Patch: SUSE-2019-1457 Released: Tue Jun 11 10:09:14 2019 Summary: Security update for vim Severity: important References: 1137443,CVE-2019-12735 Description: This update for vim fixes the following issue: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). ----------------------------------------- Patch: SUSE-2019-1471 Released: Wed Jun 12 12:02:49 2019 Summary: Recommended update for permissions Severity: moderate References: 1110797 Description: This update for permissions fixes the following issues: - Updated permissons for amanda (bsc#1110797) ----------------------------------------- Patch: SUSE-2019-1484 Released: Thu Jun 13 07:46:46 2019 Summary: Recommended update for e2fsprogs Severity: moderate References: 1128383 Description: This update for e2fsprogs fixes the following issues: - Check and fix tails of all bitmap blocks (bsc#1128383) ----------------------------------------- Patch: SUSE-2019-1486 Released: Thu Jun 13 09:40:24 2019 Summary: Security update for elfutils Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7150,CVE-2019-7665 Description: This update for elfutils fixes the following issues: Security issues fixed: - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084) - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085) - CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088) - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089) - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090) - CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) - CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) - CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067) - CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726) - CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007) ----------------------------------------- Patch: SUSE-2019-1492 Released: Thu Jun 13 14:51:01 2019 Summary: Recommended update for libidn Severity: low References: 1132869 Description: This update for libidn fixes the following issue: - The missing libidn11-32bit compat library package was provided. (bsc#1132869) ----------------------------------------- Patch: SUSE-2019-1498 Released: Fri Jun 14 11:10:45 2019 Summary: Recommended update for yast2-storage-ng, libstorage-ng, and autoyast2 Severity: moderate References: 1104899,1120979,1121720,1122660,1130256,1134330 Description: This update for libstorage-ng, yast2-storage-ng, and autoyast2 fixes the following issues: # Package: yast2-storage-ng - Fixes broken support for retaining existing MD RAIDs in some scenarios (bsc#1120979, bsc#1121720). - Adds support for installing over NFS (bsc#1130256). - Adds a new format for importing/exporting NFS drives - It will no longer ask for a reusable filesystem when it's not really needed (bsc#1134330) # Package: libstorage-ng - Does no longer crash when parsing docker devices (bsc#1104899) # Package: autoyast2 - Removed check for available devices. When there are no devices, the proposal issues will be shown (bsc#1130256) - Fixes an issue where IPv6 gets activated even if it was deactivated (bsc#1122660) ----------------------------------------- Patch: SUSE-2019-1502 Released: Fri Jun 14 11:13:24 2019 Summary: Recommended update for python-M2Crypto Severity: moderate References: 1135009 Description: This update for python-M2Crypto fixes the following issues: - Fix the use of urlunsplit() to make osc work behind a proxy (bsc#1135009) ----------------------------------------- Patch: SUSE-2019-1521 Released: Mon Jun 17 17:28:18 2019 Summary: Security update for dbus-1 Severity: important References: 1082318,1137832,CVE-2019-12749 Description: This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). - Fixes in spec file: * fix warning and error messages. * fix licensing directory. (bsc#1082318) ----------------------------------------- Patch: SUSE-2019-1535 Released: Mon Jun 17 19:22:36 2019 Summary: Security update for the Linux Kernel Severity: important References: 1012382,1050242,1051510,1053043,1055186,1056787,1058115,1061840,1063638,1064802,1065600,1065729,1066129,1068546,1071995,1075020,1082387,1083647,1085535,1099658,1103992,1104353,1104427,1106011,1106284,1108193,1108838,1108937,1110946,1111696,1112063,1113722,1114427,1115688,1117158,1117561,1118139,1119843,1120091,1120423,1120566,1120843,1120902,1122776,1123454,1123663,1124503,1124839,1126356,1127616,1128052,1128904,1128979,1129138,1129273,1129497,1129693,1129770,1130579,1130699,1130972,1131326,1131451,1131488,1131565,1131673,1132044,1133176,1133188,1133190,1133320,1133612,1133616,1134160,1134162,1134199,1134200,1134201,1134202,1134203,1134204,1134205,1134354,1134393,1134459,1134460,1134461,1134537,1134597,1134651,1134671,1134760,1134806,1134810,1134813,1134848,1134936,1135006,1135007,1135008,1135056,1135100,1135120,1135278,1135281,1135309,1135312,1135314,1135315,1135316,1135320,1135323,1135330,1135492,1135542,1135556,1135603,1135642,1135661,1135758,1136206,1136424,1136428,1136430,1136432,1136434,1136435,1136438,1136439,1136477,1136478,1136573,1136586,1136881,1136935,1136990,1137151,1137152,1137153,1137162,1137372,1137444,1137586,1137739,1137752,CVE-2018-7191,CVE-2019-10124,CVE-2019-11085,CVE-2019-11477,CVE-2019-11478,CVE-2019-11479,CVE-2019-11486,CVE-2019-11487,CVE-2019-11815,CVE-2019-11833,CVE-2019-11884,CVE-2019-12382,CVE-2019-3846,CVE-2019-5489 Description: The SUSE Linux Enterprise 15 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848) - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188) - CVE-2019-10124: An attacker could exploit an issue in the hwpoison implementation to cause a denial of service (BUG). (bsc#1130699) The following non-security bugs were fixed: - 9p locks: add mount option for lock retry interval (bsc#1051510). - acpi / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510). - acpi / utils: Drop reference in test for device presence (bsc#1051510). - acpi: button: reinitialize button state upon resume (bsc#1051510). - acpi: fix menuconfig presentation of acpi submenu (bsc#1117158). - acpica: AML interpreter: add region addresses in global list during initialization (bsc#1051510). - acpica: Namespace: remove address node from global list after method termination (bsc#1051510). - alsa: core: Do not refer to snd_cards array directly (bsc#1051510). - alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510). - alsa: hda - Register irq handler after the chip initialization (bsc#1051510). - alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510). - alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510). - alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510). - alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510). - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510). - alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510). - alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: hda/realtek - EAPD turn on later (bsc#1051510). - alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510). - alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510). - alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510). - alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops (bsc#1051510). - alsa: hda/realtek - Set default power save node to 0 (bsc#1051510). - alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: line6: Avoid polluting led_* namespace (bsc#1051510). - alsa: line6: use dynamic buffers (bsc#1051510). - alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510). - alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510). - alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510). - alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510). - alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510). - alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510). - alsa: seq: Remove superfluous irqsave flags (bsc#1051510). - alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510). - alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510). - alsa: timer: Coding style fixes (bsc#1051510). - alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510). - alsa: timer: Make sure to clear pending ack list (bsc#1051510). - alsa: timer: Revert active callback sync check at close (bsc#1051510). - alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510). - alsa: timer: Unify timer callback process code (bsc#1051510). - alsa: usb-audio: Fix a memory leak bug (bsc#1051510). - alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510). - alsa: usx2y: fix a double free bug (bsc#1051510). - appletalk: Fix compile regression (bsc#1051510). - appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510). - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671). - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158). - arm64/x86: Update config files. Use CONFIG_ARCH_SUPPORTS_acpi - arm64: Export save_stack_trace_tsk() (jsc#SLE-4214). - arm64: acpi: fix alignment fault in accessing acpi (bsc#1117158). - arm64: fix acpi dependencies (bsc#1117158). - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510). - arm: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510). - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510). - arm: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510). - arm: OMAP2+: Variable 'reg' in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510). - arm: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510). - arm: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510). - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510). - arm: iop: do not use using 64-bit DMA masks (bsc#1051510). - arm: orion: do not use using 64-bit DMA masks (bsc#1051510). - arm: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510). - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510). - arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510). - asoc: Intel: avoid Oops if DMA setup fails (bsc#1051510). - asoc: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510). - asoc: cs4270: Set auto-increment bit for register writes (bsc#1051510). - asoc: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: fix valid stream condition (bsc#1051510). - asoc: fsl_esai: Fix missing break in switch statement (bsc#1051510). - asoc: fsl_sai: Update is_slave_mode with correct value (bsc#1051510). - asoc: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: hdmi-codec: fix S/PDIF DAI (bsc#1051510). - asoc: hdmi-codec: unlock the device on startup errors (bsc#1051510). - asoc: max98090: Fix restore of DAPM Muxes (bsc#1051510). - asoc: nau8810: fix the issue of widget with prefixed name (bsc#1051510). - asoc: nau8824: fix the issue of the widget with prefix name (bsc#1051510). - asoc: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510). - asoc: stm32: fix sai driver name initialisation (bsc#1051510). - asoc: tlv320aic32x4: Fix Common Pins (bsc#1051510). - asoc: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510). - asoc:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510). - at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1051510). - audit: fix a memleak caused by auditing load module (bsc#1051510). - b43: shut up clang -Wuninitialized variable warning (bsc#1051510). - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510). - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510). - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: Replace bch_read_string_list() by __sysfs_match_string() (bsc#1130972). - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add comment for cache_set->fill_iter (bsc#1130972). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add missing SPDX header (bsc#1130972). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: correct dirty data statistics (bsc#1130972). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: fix code comments style (bsc#1130972). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input overflow to cache set io_error_limit (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bsc#1130972). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: improve sysfs_strtoul_clamp() (bsc#1130972). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: never writeback a discard operation (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: stop bcache device when backing device is offline (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: treat stale and dirty keys as bad keys (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: update comment in sysfs.c (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - block: Do not revalidate bdev of hidden gendisk (bsc#1120091). - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843). - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843). - block: do not leak memory in bio_copy_user_iov() (bsc#1135309). - block: fix the return errno for direct IO (bsc#1135320). - block: fix use-after-free on gendisk (bsc#1135312). - bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510). - bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556). - bluetooth: hidp: fix buffer overflow (bsc#1051510). - bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() (bsc#1050242). - bnxt_en: Improve RX consumer index validity check (networking-stable-19_04_10). - bnxt_en: Improve multicast address setup logic (networking-stable-19_05_04). - bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10). - bonding: fix event handling for stacked bonds (networking-stable-19_04_19). - bpf, lru: avoid messing with eviction heuristics upon syscall lookup (bsc#1083647). - bpf: Add missed newline in verifier verbose log (bsc#1056787). - bpf: add map_lookup_elem_sys_only for lookups from syscall side (bsc#1083647). - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510). - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510). - brcmfmac: fix Oops when bringing up interface during usb disconnect (bsc#1051510). - brcmfmac: fix WARNING during usb disconnect in case of unempty psq (bsc#1051510). - brcmfmac: fix missing checks for kmemdup (bsc#1051510). - brcmfmac: fix race during disconnect when usb completion is in progress (bsc#1051510). - btrfs: Do not panic when we can't find a root key (bsc#1112063). - btrfs: Factor out common delayed refs init code (bsc#1134813). - btrfs: Introduce init_delayed_ref_head (bsc#1134813). - btrfs: Open-code add_delayed_data_ref (bsc#1134813). - btrfs: Open-code add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813). - btrfs: add a helper to return a head ref (bsc#1134813). - btrfs: breakout empty head cleanup to a helper (bsc#1134813). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758). - btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: fix fsync not persisting changed attributes of a directory (bsc#1137151). - btrfs: fix race between ranged fsync and writeback of adjacent ranges (bsc#1136477). - btrfs: fix race updating log root item during fsync (bsc#1137153). - btrfs: fix wrong ctime and mtime of a directory after log replay (bsc#1137152). - btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454). - btrfs: move all ref head cleanup to the helper function (bsc#1134813). - btrfs: move extent_op cleanup to a helper (bsc#1134813). - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162). - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1133612). - btrfs: remove delayed_ref_node from ref_head (bsc#1134813). - btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320). - btrfs: split delayed ref head initialization and addition (bsc#1134813). - btrfs: track refs in a rb_tree instead of a list (bsc#1134813). - btrfs: tree-checker: detect file extent items with overlapping ranges (bsc#1136478). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix use-after-free on symlink traversal (bsc#1134459). - ceph: only use d_name directly when parent is locked (bsc#1134460). - chardev: add additional check for minor range overlap (bsc#1051510). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510). - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510). - config: Debug kernel is not supported (bsc#1135492). - configfs: Fix use-after-free when accessing sd->s_dentry (bsc#1051510). - configfs: fix possible use-after-free in configfs_register_group (bsc#1051510). - crypto: arm/aes-neonbs - do not access already-freed walk.iv (bsc#1051510). - crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510). - crypto: ccm - fix incompatibility between 'ccm' and 'ccm_base' (bsc#1051510). - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510). - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510). - crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510). - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510). - crypto: gcm - fix incompatibility between 'gcm' and 'gcm_base' (bsc#1051510). - crypto: skcipher - do not WARN on unprocessed data after slow walk step (bsc#1051510). - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510). - crypto: vmx - CTR: always increment IV as quadword (bsc#1051510). - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510). - dccp: Fix memleak in __feat_register_sp (bsc#1051510). - dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - debugfs: fix use-after-free on symlink traversal (bsc#1051510). - devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510). - dmaengine: axi-dmac: Do not check the number of frames for alignment (bsc#1051510). - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510). - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642). - documentation: Add MDS vulnerability documentation (bsc#1135642). - documentation: Correct the possible MDS sysfs values (bsc#1135642). - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158). - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510). - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510). - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510). - drm/etnaviv: lock MMU while dumping core (bsc#1113722) - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510). - drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510). - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722) - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722) - drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+ (bsc#1113722) - drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722) - drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware (bsc#1051510). - drm/i915/gvt: refine ggtt range validation (bsc#1113722) - drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510). - drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510). - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510). - drm/imx: do not skip DP channel disable for background plane (bsc#1051510). - drm/mediatek: fix possible object reference leak (bsc#1051510). - drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722) - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722) - drm/rockchip: fix for mailbox read validation (bsc#1051510). - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510). - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722) - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488) - drm/vmwgfx: Do not send drm sysfs hotplug events on initial master set (bsc#1051510). - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1113722) - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read (bsc#1051510). - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510). - dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902). - dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902). - dt-bindings: net: Add binding for the external clock for TI WiLink (bsc#1085535). - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770). - dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902). - dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510). - efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158). - efi/arm: Do not mark acpi reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). - efi/arm: Revert 'Defer persistent reservations until after paging_init()' (bsc#1117158). - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158). - efi/arm: libstub: add a root memreserve config table (bsc#1117158). - efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158). - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158). - efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158). - efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158). - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158). - efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158). - efi: add API to reserve memory persistently across kexec reboot (bsc#1117158). - efi: honour memory reservations passed via a linux specific config table (bsc#1117158). - ext4: actually request zeroing of inode table after grow (bsc#1135315). - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356). - ext4: fix data corruption caused by overlapping unaligned and aligned IO (bsc#1136428). - ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314). - ext4: make sanity check in mballoc more strict (bsc#1136439). - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438). - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510). - fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722) - fbdev: fix divide error in fb_var_to_videomode (bsc#1113722) - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671). - fix rtnh_ok() (git-fixes). - fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback (bsc#1136432). - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount (bsc#1136435). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - fuse: fallocate: fix return with locked inode (bsc#1051510). - fuse: fix writepages on 32bit (bsc#1051510). - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510). - genetlink: Fix a memory leak on error path (networking-stable-19_03_28). - ghes, EDAC: Fix ghes_edac registration (bsc#1133176). - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510). - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510). - gpio: fix gpio-adp5588 build errors (bsc#1051510). - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510). - hid: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510). - hid: input: add mapping for 'Toggle Display' key (bsc#1051510). - hid: input: add mapping for Assistant key (bsc#1051510). - hid: input: add mapping for Expose/Overview key (bsc#1051510). - hid: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510). - hid: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510). - hid: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510). - hid: logitech: check the return value of create_singlethread_workqueue (bsc#1051510). - hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510). - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510). - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwrng: omap - Set default quality (bsc#1051510). - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193). - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - igmp: fix incorrect unsolicit report count when join group (git-fixes). - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510). - iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510). - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510). - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510). - indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503). - inetpeer: fix uninit-value in inet_getpeer (git-fixes). - input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510). - input: introduce KEY_ASSISTANT (bsc#1051510). - input: synaptics-rmi4 - fix possible double free (bsc#1051510). - intel_th: msu: Fix single mode with IOMMU (bsc#1051510). - intel_th: pci: Add Comet Lake support (bsc#1051510). - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158). - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671). - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006). - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008). - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (networking-stable-19_04_10). - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address (git-fixes). - ip_gre: fix parsing gre header in ipgre_err (git-fixes). - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (git-fixes). - ipconfig: Correctly initialise ic_nameservers (bsc#1051510). - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193). - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510). - ipmi_ssif: Remove duplicate NULL check (bsc#1108193). - ipmi_ssif: update patch reference for ipmi_ssif fix (bsc#1135120) - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes). - ipv4: add sanity checks in ipv4_link_failure() (git-fixes). - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (networking-stable-19_04_19). - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (networking-stable-19_05_04). - ipv4: recompile ip options in ipv4_link_failure (networking-stable-19_04_19). - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (networking-stable-19_04_30). - ipv6/flowlabel: wait rcu grace period before put_pid() (git-fixes). - ipv6: fix cleanup ordering for ip6_mr failure (git-fixes). - ipv6: fix cleanup ordering for pingv6 registration (git-fixes). - ipv6: invert flowlabel sharing check in process and user mode (git-fixes). - ipv6: mcast: fix unsolicited report interval after receiving querys (git-fixes). - ipvlan: Add the skb->mark as flow4's member to lookup route (bsc#1051510). - ipvlan: fix ipv6 outbound device (bsc#1051510). - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510). - ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510). - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf (git-fixes). - ipvs: fix buffer overflow with sync daemon and service (git-fixes). - ipvs: fix check on xmit to non-local addresses (git-fixes). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510). - ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes). - ipvs: fix stats update from local clients (git-fixes). - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510). - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510). - iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510). - jbd2: check superblock mapped prior to committing (bsc#1136430). - kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510). - kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510). - kABI: protect dma-mapping.h include (kabi). - kABI: protect ip_options_rcv_srr (kabi). - kABI: protect struct mlx5_td (kabi). - kABI: protect struct pci_dev (kabi). - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes). - kernel/sys.c: prctl: fix false positive in validate_prctl_map() (git-fixes). - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510). - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510). - keys: safe concurrent user->{session,uid}_keyring access (bsc#1135642). - kmsg: Update message catalog to latest IBM level (2019/03/08) (bsc#1128904 LTC#176078). - kvm: Fix UAF in nested posted interrupt processing (bsc#1134199). - kvm: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840). - kvm: PPC: Book3S: Protect memslots while validating user address (bsc#1061840). - kvm: PPC: Release all hardware TCE tables attached to a group (bsc#1061840). - kvm: PPC: Remove redundand permission bits removal (bsc#1061840). - kvm: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840). - kvm: PPC: Validate all tces before updating tables (bsc#1061840). - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202). - kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200). - kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201). - kvm: s390: fix memory overwrites when not using SCA entries (bsc#1136206). - kvm: s390: provide io interrupt kvm_stat (bsc#1136206). - kvm: s390: use created_vcpus in more places (bsc#1136206). - kvm: s390: vsie: fix 8k check for the itdba (bsc#1136206). - kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203). - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204). - kvm: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205). - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510). - l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes). - l2tp: prevent pppol2tp_connect() from creating kernel sockets (git-fixes). - l2tp: revert 'l2tp: fix missing print session offset info' (bsc#1051510). - leds: avoid flush_work in atomic context (bsc#1051510). - leds: avoid races with workqueue (bsc#1051510). - leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510). - lib: add crc64 calculation routines (bsc#1130972). - lib: do not depend on linux headers being installed (bsc#1130972). - libata: fix using DMA buffers on stack (bsc#1051510). - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510). - livepatch: Convert error about unsupported reliable stacktrace into a warning (bsc#1071995). - livepatch: Remove custom kobject state handling (bsc#1071995). - livepatch: Remove duplicated code for early initialization (bsc#1071995). - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138). - mISDN: Check address length before reading address family (bsc#1051510). - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510). - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510). - mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510). - mac80211: fix unaligned access in mesh table hash function (bsc#1051510). - mac8390: Fix mmio access size probe (bsc#1051510). - md: fix invalid stored role for a disk (bsc#1051510). - media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510). - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510). - media: au0828: stop video streaming only when last user stops (bsc#1051510). - media: coda: clear error return value before picture run (bsc#1051510). - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510). - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510). - media: cx23885: check allocation return (bsc#1051510). - media: davinci-isif: avoid uninitialized variable use (bsc#1051510). - media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510). - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510). - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510). - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510). - media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510). - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510). - media: ov2659: make S_FMT succeed even if requested format does not match (bsc#1051510). - media: pvrusb2: Prevent a buffer overflow (bsc#1129770). - media: saa7146: avoid high stack usage with clang (bsc#1051510). - media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510). - media: smsusb: better handle optional alignment (bsc#1051510). - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510). - media: usb: siano: Fix false-positive 'uninitialized variable' warning (bsc#1051510). - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510). - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap (bsc#1051510). - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510). - media: wl128x: prevent two potential buffer overflows (bsc#1051510). - memcg: make it work on sparse non-0-node systems (bnc#1133616). - memcg: make it work on sparse non-0-node systems kabi (bnc#1133616). - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510). - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510). - mlxsw: spectrum: Fix autoneg status in ethtool (networking-stable-19_04_30). - mm: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372) - mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses (bsc#1135330). - mm: hwpoison: fix thp split handing in soft_offline_in_use_page() (bsc#1130699, CVE-2019-10124). - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - mmc: block: Delete gendisk before cleaning up the request queue (bsc#1127616). - mmc: core: Verify SD bus width (bsc#1051510). - mmc: core: fix possible use after free of host (bsc#1051510). - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510). - mmc_spi: add a status check for spi_sync_locked (bsc#1051510). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510). - mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510). - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510). - mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510). - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510). - mwifiex: Fix possible buffer overflows at parsing bss descriptor - mwifiex: prevent an array overflow (bsc#1051510). - mwl8k: Fix rate_idx underflow (bsc#1051510). - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes). - net-gro: Fix GRO flush when receiving a GSO packet (networking-stable-19_04_10). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760). - net/ibmvnic: Update carrier state after link state change (bsc#1135100). - net/ipv4: defensive cipso option parsing (git-fixes). - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on new inet6_dev (git-fixes). - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes). - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices (git-fixes). - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE (git-fixes). - net/mlx5: Decrease default mr cache size (networking-stable-19_04_10). - net/mlx5e: Add a lock on tir list (networking-stable-19_04_10). - net/mlx5e: Fix error handling when refreshing TIRs (networking-stable-19_04_10). - net/mlx5e: Fix trailing semicolon (bsc#1075020). - net/mlx5e: IPoIB, Reset QP after channels are closed (bsc#1075020). - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_04_30). - net/rose: fix unbound loop in rose_loopback_timer() (networking-stable-19_04_30). - net/sched: act_sample: fix divide by zero in the traffic path (networking-stable-19_04_10). - net/sched: do not dereference a->goto_chain to read the chain index (bsc#1064802 bsc#1066129). - net/sched: fix ->get helper of the matchall cls (networking-stable-19_04_10). - net: Fix a bug in removing queues from XPS map (git-fixes). - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 (networking-stable-19_03_28). - net: atm: Fix potential Spectre v1 vulnerabilities (networking-stable-19_04_19). - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes). - net: do not keep lonely packets forever in the gro hash (git-fixes). - net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc (networking-stable-19_05_04). - net: dsa: legacy: do not unmask port bitmaps (git-fixes). - net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT (git-fixes). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561). - net: ethtool: not call vzalloc for zero sized memory request (networking-stable-19_04_10). - net: fix uninit-value in __hw_addr_add_ex() (git-fixes). - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (networking-stable-19_04_19). - net: hns3: remove resetting check in hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056). - net: initialize skb->peeked when cloning (git-fixes). - net: make skb_partial_csum_set() more robust against overflows (git-fixes). - net: phy: marvell: Fix buffer overrun with stats counters (networking-stable-19_05_04). - net: rds: exchange of 8K and 1M pool (networking-stable-19_04_30). - net: rose: fix a possible stack overflow (networking-stable-19_03_28). - net: socket: fix potential spectre v1 gadget in socketcall (git-fixes). - net: stmmac: fix memory corruption with large MTUs (networking-stable-19_03_28). - net: stmmac: move stmmac_check_ether_addr() to driver probe (networking-stable-19_04_30). - net: test tailroom before appending to linear skb (git-fixes). - net: thunderx: do not allow jumbo frames with XDP (networking-stable-19_04_19). - net: thunderx: raise XDP MTU to 1508 (networking-stable-19_04_19). - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503). - net: use indirect call wrappers at GRO network layer (bsc#1124503). - net: use indirect call wrappers at GRO transport layer (bsc#1124503). - netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev (git-fixes). - netfilter: bridge: ebt_among: add missing match size checks (git-fixes). - netfilter: bridge: ebt_among: add more missing match size checks (git-fixes). - netfilter: drop template ct when conntrack is skipped (git-fixes). - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule (git-fixes). - netfilter: ebtables: handle string from userspace with care (git-fixes). - netfilter: ebtables: reject non-bridge targets (git-fixes). - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel (git-fixes). - netfilter: nf_log: do not hold nf_log_mutex during user access (git-fixes). - netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes). - netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} (git-fixes). - netfilter: nf_tables: can't fail after linking rule into active rule list (git-fixes). - netfilter: nf_tables: check msg_type before nft_trans_set(trans) (git-fixes). - netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() (git-fixes). - netfilter: nf_tables: fix leaking object reference count (git-fixes). - netfilter: nf_tables: release chain in flushing set (git-fixes). - netfilter: nft_compat: do not dump private area (git-fixes). - netfilter: x_tables: initialise match/target check parameter struct (git-fixes). - netlink: fix uninit-value in netlink_sendmsg (git-fixes). - nfs add module option to limit NFSv4 minor version (jsc#PM-231). - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes). - nfs: Enable NFSv4.2 support - jsc@PM-231 - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands (bsc#1051510). - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1129273). - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423). - nvme: Do not remove namespaces during reset (bsc#1131673). - nvme: flush scan_work when resetting controller (bsc#1131673). - objtool: Fix function fallthrough detection (bsc#1058115). - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434). - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393. - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - omapfb: add missing of_node_put after of_device_is_available (bsc#1051510). - openvswitch: add seqadj extension when NAT is used (bsc#1051510). - openvswitch: fix flow actions reallocation (bsc#1051510). - p54: drop device reference count if fails to enable device (bsc#1135642). - packet: fix reserve calculation (git-fixes). - packet: in packet_snd start writing at link layer allocation (git-fixes). - packet: refine ring v3 block size test to hold one frame (git-fixes). - packet: reset network header if packet shorter than ll reserved space (git-fixes). - packet: validate msg_namelen in send directly (git-fixes). - packets: Always register packet sk in the same order (networking-stable-19_03_28). - parport: Fix mem leak in parport_register_dev_model (bsc#1051510). - pci: Factor out pcie_retrain_link() function (git-fixes). - pci: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510). - pci: Mark Atheros AR9462 to avoid bus reset (bsc#1051510). - pci: Work around Pericom pcie-to-pci bridge Retrain Link erratum (git-fixes). - pci: endpoint: Use EPC's device in dma_alloc_coherent()/dma_free_coherent() (git-fixes). - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode (bsc#1051510). - platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510). - platform/x86: dell-rbtn: Add missing #include (bsc#1051510). - platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510). - platform/x86: intel_punit_ipc: Revert 'Fix resource ioremap warning' (bsc#1051510). - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510). - platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510). - power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros (bsc#1051510). - power: supply: axp288_charger: Fix unchecked return value (bsc#1051510). - powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937). - powerpc/eeh: Fix race with driver un/bind (bsc#1065729). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, git-fixes). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, git-fixes). - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729). - powerpc/process: Fix sparse address space warnings (bsc#1065729). - powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729). - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729). - proc/kcore: do not bounds check against address 0 (bsc#1051510). - proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510). - proc: revalidate kernel thread inodes to root:root (bsc#1051510). - ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK (git-fixes). - pwm: Fix deadlock warning when removing PWM device (bsc#1051510). - pwm: meson: Consider 128 a valid pre-divider (bsc#1051510). - pwm: meson: Do not disable PWM when setting duty repeatedly (bsc#1051510). - pwm: meson: Use the spin-lock only to protect register modifications (bsc#1051510). - pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510). - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979). - qla2xxx: always allocate qla_tgt_wq (bsc#1131451). - qmi_wwan: add Olicard 600 (bsc#1051510). - rdma/hns: Fix bug that caused srq creation to fail (bsc#1104427 ). - rdma/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992). - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB (bsc#1051510). - rt2x00: do not increment sequence number while re-transmitting (bsc#1051510). - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510). - rtc: da9063: set uie_unsupported when relevant (bsc#1051510). - rtc: do not reference bogus function pointer in kdoc (bsc#1051510). - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510). - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510). - rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510). - rxrpc: Fix error reception on AF_INET6 sockets (git-fixes). - rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket (git-fixes). - s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516). - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bsc#1051510). - sc16is7xx: move label 'err_spi' to correct section (bsc#1051510). - sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510). - scripts/bugzilla-create: Set 'Proactive-Upstream-Fix' keyword - scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes - scripts: override locale from environment when running recordmcount.pl (bsc#1134354). - scsi: qedf: fixup bit operations (bsc#1135542). - scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542). - scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542). - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (bsc#1130579). - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444). - scsi: qla2xxx: Fix function argument descriptions (bsc#1118139). - scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139). - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044). - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444). - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444). - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444). - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444). - scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444). - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444). - scsi: qla2xxx: Remove unused symbols (bsc#1118139). - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444). - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139). - scsi: qla2xxx: fix error message on qla2400 (bsc#1118139). - scsi: qla2xxx: fix spelling mistake: 'existant' -> 'existent' (bsc#1118139). - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444). - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139). - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139). - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444). - sctp: avoid running the sctp state machine recursively (networking-stable-19_05_04). - sctp: fix identification of new acks for SFR-CACC (git-fixes). - sctp: get sctphdr by offset in sctp_compute_cksum (networking-stable-19_03_28). - sctp: initialize _pad of sockaddr_in before copying to user memory (networking-stable-19_04_10). - sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune (git-fixes). - sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes). - selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810). - serial: 8250_pxa: honor the port number from devicetree (bsc#1051510). - serial: ar933x_uart: Fix build failure with disabled console (bsc#1051510). - serial: uartps: console_setup() can't be placed to init section (bsc#1051510). - signal: Always notice exiting tasks (git-fixes). - signal: Better detection of synchronous signals (git-fixes). - signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes). - snd: re-export snd_cards for kABI compatibility (bsc#1051510). - soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510). - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() (bsc#1051510). - spi: Micrel eth switch: declare missing of table (bsc#1051510). - spi: ST ST95HF NFC: declare missing of table (bsc#1051510). - spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510). - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios (bsc#1051510). - spi: bcm2835aux: setup gpio-cs to output and correct level during setup (bsc#1051510). - spi: bcm2835aux: warn in dmesg that native cs is not really supported (bsc#1051510). - spi: rspi: Fix sequencer reset during initialization (bsc#1051510). - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit (bsc#1051510). - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc (bsc#1051510). - staging: vc04_services: Fix a couple error codes (bsc#1051510). - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510). - staging: wlan-ng: fix adapter initialization failure (bsc#1051510). - stm class: Fix an endless loop in channel allocation (bsc#1051510). - stm class: Fix channel free in stm output free path (bsc#1051510). - stm class: Prevent division by zero (bsc#1051510). - stmmac: pci: Adjust IOT2000 matching (networking-stable-19_04_30). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - switchtec: Fix unintended mask of MRPC event (git-fixes). - tcp: Ensure DCTCP reacts to losses (networking-stable-19_04_10). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: purge write queue in tcp_connect_init() (git-fixes). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - tcp: tcp_grow_window() needs to respect tcp_space() (networking-stable-19_04_19). - team: fix possible recursive locking when add slaves (networking-stable-19_04_30). - team: set slave to promisc if team is already in promisc mode (bsc#1051510). - test_firmware: Use correct snprintf() limit (bsc#1135642). - thermal/int340x_thermal: Add additional UUIDs (bsc#1051510). - thermal/int340x_thermal: fix mode setting (bsc#1051510). - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power (bsc#1051510). - thunderbolt: Fix to check for kmemdup failure (bsc#1051510). - thunderx: eliminate extra calls to put_page() for pages held for recycling (networking-stable-19_03_28). - thunderx: enable page recycling for non-XDP case (networking-stable-19_03_28). - tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes). - tipc: missing entries in name table of publications (networking-stable-19_04_19). - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770). - tracing: Fix partial reading of trace event's id file (bsc#1136573). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510). - tty: increase the default flip buffer limit to 2*640K (bsc#1051510). - tty: ipwireless: fix missing checks for ioremap (bsc#1051510). - tty: pty: Fix race condition between release_one_tty and pty_write (bsc#1051510). - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510). - tty: serial_core, add ->install (bnc#1129693). - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 (bsc#1051510). - tun: add a missing rcu_read_unlock() in error path (networking-stable-19_03_28). - tun: properly test for IFF_UP (networking-stable-19_03_28). - uas: fix alignment of scatter/gather segments (bsc#1129770). - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503). - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1135323). - usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510). - usb: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510). - usb: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510). - usb: cdc-acm: fix unthrottle races (bsc#1051510). - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510). - usb: core: Do not unbind interfaces following device reset failure (bsc#1051510). - usb: core: Fix bug caused by duplicate interface PM usage counter (bsc#1051510). - usb: core: Fix unterminated string returned by usb_string() (bsc#1051510). - usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510). - usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510). - usb: rio500: fix memory leak in close after disconnect (bsc#1051510). - usb: rio500: refuse more than one device at a time (bsc#1051510). - usb: serial: f81232: fix interrupt worker not stop (bsc#1051510). - usb: serial: fix unthrottle races (bsc#1051510). - usb: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510). - usb: u132-hcd: fix resource leak (bsc#1051510). - usb: usb251xb: fix to avoid potential NULL pointer dereference (bsc#1051510). - usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510). - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bsc#1051510). - usb: yurex: Fix protection fault after device removal (bsc#1051510). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510). - usbnet: fix kernel crash after disconnect (bsc#1051510). - userfaultfd: use RCU to free the task struct when fork fails (git-fixes). - vfio/mdev: Avoid release parent reference during error path (bsc#1051510). - vfio/mdev: Fix aborting mdev child device removal if one fails (bsc#1051510). - vfio/pci: use correct format characters (bsc#1051510). - vfio_pci: Enable memory accesses before calling pci_map_rom (bsc#1051510). - vhost/vsock: fix reset orphans race with close timeout (bsc#1051510). - vhost: reject zero size iova range (networking-stable-19_04_19). - virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510). - virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510). - virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510). - vrf: check accept_source_route on the original netdevice (networking-stable-19_04_10). - vsock/virtio: Initialize core virtio vsock before registering the driver (bsc#1051510). - vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510). - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock (bsc#1051510). - vsock/virtio: reset connected sockets on device removal (bsc#1051510). - vt: always call notifier with the console lock held (bsc#1051510). - vxlan: Do not call gro_cells_destroy() before device is unregistered (networking-stable-19_03_28). - vxlan: trivial indenting fix (bsc#1051510). - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510). - w1: fix the resume command API (bsc#1051510). - x86/speculation/mds: Fix documentation typo (bsc#1135642). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - xen/pciback: Do not disable pci_COMMAND on pci device reset (bsc#1065600). - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600). - xfrm6: avoid potential infinite loop in _decode_session6() (git-fixes). - xfrm6: call kfree_skb when skb is toobig (git-fixes). - xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes). - xfrm: Return error on unknown encap_type in init_state (git-fixes). - xfrm: Validate address prefix lengths in the xfrm selector (git-fixes). - xfrm: fix 'passing zero to ERR_PTR()' warning (git-fixes). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (git-fixes). - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes). - xfrm: reset crypto_done when iterating over multiple input xfrms (git-fixes). - xfrm: reset transport header back to network header after all input transforms ahave been applied (git-fixes). - xfrm_user: prevent leaking 2 bytes of kernel memory (git-fixes). - xfs: add log item pinning error injection tag (bsc#1114427). - xfs: buffer lru reference count error injection tag (bsc#1114427). - xfs: check _btree_check_block value (bsc#1123663). - xfs: convert drop_writes to use the errortag mechanism (bsc#1114427). - xfs: create block pointer check functions (bsc#1123663). - xfs: create inode pointer verifiers (bsc#1114427). - xfs: detect and fix bad summary counts at mount (bsc#1114427). - xfs: export _inobt_btrec_to_irec and _ialloc_cluster_alignment for scrub (bsc#1114427). - xfs: export various function for the online scrubber (bsc#1123663). - xfs: expose errortag knobs via sysfs (bsc#1114427). - xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427). - xfs: force summary counter recalc at next mount (bsc#1114427). - xfs: kill meaningless variable 'zero' (bsc#1106011). - xfs: make errortag a per-mountpoint structure (bsc#1123663). - xfs: move error injection tags into their own file (bsc#1114427). - xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011). - xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL (bsc#1106011). - xfs: refactor btree block header checking functions (bsc#1123663). - xfs: refactor btree pointer checks (bsc#1123663). - xfs: refactor unmount record write (bsc#1114427). - xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663). - xfs: remove xfs_zero_range (bsc#1106011). - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663). - xfs: replace log_badcrc_factor knob with error injection tag (bsc#1114427). - xfs: sanity-check the unused space before trying to use it (bsc#1123663). - xfs: serialize unaligned dio writes against all other dio writes (bsc#1134936). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510). - xhci: Use %zu for printing size_t type (bsc#1051510). - xhci: update bounce buffer with correct sg num (bsc#1051510). ----------------------------------------- Patch: SUSE-2019-1560 Released: Wed Jun 19 08:57:17 2019 Summary: Recommended update for cloud-netconfig Severity: moderate References: 1135257,1135263 Description: This update for cloud-netconfig fixes the following issues: - cloud-netconfig will now pause and retry if API call throttling is detected in Azure (bsc#1135257, bsc#1135263) ----------------------------------------- Patch: SUSE-2019-1562 Released: Wed Jun 19 09:16:07 2019 Summary: Security update for docker Severity: moderate References: 1096726,CVE-2018-15664 Description: This update for docker fixes the following issues: Security issue fixed: - CVE-2018-15664: Fixed an issue which could make docker cp vulnerable to symlink-exchange race attacks (bsc#1096726). ----------------------------------------- Patch: SUSE-2019-1577 Released: Thu Jun 20 16:40:23 2019 Summary: Recommended update for permissions Severity: moderate References: 1128598 Description: This update for permissions fixes the following issues: - Added whitelisting for /usr/lib/singularity/bin/starter-suid in the new singularity 3.1 version. (bsc#1128598) ----------------------------------------- Patch: SUSE-2019-1594 Released: Fri Jun 21 10:17:15 2019 Summary: Security update for glib2 Severity: important References: 1103678,1137001,CVE-2019-12450 Description: This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). Other issue addressed: - glib2 was handling an UNKNOWN connectivity state from NetworkManager as if there was a connection thus giving false positives to PackageKit (bsc#1103678) ----------------------------------------- Patch: SUSE-2019-1597 Released: Fri Jun 21 10:18:19 2019 Summary: Security update for dbus-1 Severity: important References: 1137832,CVE-2019-12749 Description: This update for dbus-1 fixes the following issue: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). ----------------------------------------- Patch: SUSE-2019-1616 Released: Fri Jun 21 11:04:39 2019 Summary: Recommended update for rpcbind Severity: moderate References: 1134659 Description: This update for rpcbind fixes the following issues: - Change rpcbind locking path from /var/run/rpcbind.lock to /run/rpcbind.lock. (bsc#1134659) - Change the order of socket/service in the %postun scriptlet to avoid an error from rpcbind.socket when rpcbind is running during package update. ----------------------------------------- Patch: SUSE-2019-1627 Released: Fri Jun 21 11:15:11 2019 Summary: Recommended update for xfsprogs Severity: moderate References: 1073421,1122271,1129859 Description: This update for xfsprogs fixes the following issues: - xfs_repair: will now allow '/' in attribute names (bsc#1122271) - xfs_repair: will now allow zeroing of corrupt log (bsc#1073421) - enabdled offline (unmounted) filesystem geometry queries (bsc#1129859) ----------------------------------------- Patch: SUSE-2019-1631 Released: Fri Jun 21 11:17:21 2019 Summary: Recommended update for xz Severity: low References: 1135709 Description: This update for xz fixes the following issues: Add SUSE-Public-Domain licence as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain licence [bsc#1135709] ----------------------------------------- Patch: SUSE-2019-1757 Released: Fri Jul 5 12:08:11 2019 Summary: Recommended update for yast2-network Severity: moderate References: 1123102,1134784,1136103 Description: This update for yast2-network is fixing the following issues: - A bug has been fixed when configuring a static IP address without any hostname (bsc#1123102) ----------------------------------------- Patch: SUSE-2019-1798 Released: Tue Jul 9 23:41:19 2019 Summary: Recommended update for grub2 Severity: moderate References: 1127293,928131,940457 Description: This update for grub2 fixes the following issues: - Check/refresh zipl-kernel before hibernate on s390x. (bsc#940457) - Removing hardcoded 'vmlinuz'. - Try to refresh zipl-kernel on failed kexec. (bsc#1127293) - Fully support 'previous' zipl-kernel with 'mem=1G' being available on dedicated entries. (bsc#928131) ----------------------------------------- Patch: SUSE-2019-1804 Released: Wed Jul 10 10:40:44 2019 Summary: Security update for ruby-bundled-gems-rpmhelper, ruby2.5 Severity: important References: 1082007,1082008,1082009,1082010,1082011,1082014,1082058,1087433,1087434,1087436,1087437,1087440,1087441,1112530,1112532,1130028,1130611,1130617,1130620,1130622,1130623,1130627,1133790,CVE-2017-17742,CVE-2018-1000073,CVE-2018-1000074,CVE-2018-1000075,CVE-2018-1000076,CVE-2018-1000077,CVE-2018-1000078,CVE-2018-1000079,CVE-2018-16395,CVE-2018-16396,CVE-2018-6914,CVE-2018-8777,CVE-2018-8778,CVE-2018-8779,CVE-2018-8780,CVE-2019-8320,CVE-2019-8321,CVE-2019-8322,CVE-2019-8323,CVE-2019-8324,CVE-2019-8325 Description: This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues: Changes in ruby2.5: Update to 2.5.5 and 2.5.4: https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/ https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/ Security issues fixed: - CVE-2019-8320: Delete directory using symlink when decompressing tar (bsc#1130627) - CVE-2019-8321: Escape sequence injection vulnerability in verbose (bsc#1130623) - CVE-2019-8322: Escape sequence injection vulnerability in gem owner (bsc#1130622) - CVE-2019-8323: Escape sequence injection vulnerability in API response handling (bsc#1130620) - CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution (bsc#1130617) - CVE-2019-8325: Escape sequence injection vulnerability in errors (bsc#1130611) Ruby 2.5 was updated to 2.5.3: This release includes some bug fixes and some security fixes. Security issues fixed: - CVE-2018-16396: Tainted flags are not propagated in Array#pack and String#unpack with some directives (bsc#1112532) - CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly (bsc#1112530) Ruby 2.5 was updated to 2.5.1: This release includes some bug fixes and some security fixes. Security issues fixed: - CVE-2017-17742: HTTP response splitting in WEBrick (bsc#1087434) - CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir (bsc#1087441) - CVE-2018-8777: DoS by large request in WEBrick (bsc#1087436) - CVE-2018-8778: Buffer under-read in String#unpack (bsc#1087433) - CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (bsc#1087440) - CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir (bsc#1087437) - Multiple vulnerabilities in RubyGems were fixed: - CVE-2018-1000079: Fixed path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058) - CVE-2018-1000075: Fixed infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014) - CVE-2018-1000078: Fixed XSS vulnerability in homepage attribute when displayed via gem server (bsc#1082011) - CVE-2018-1000077: Fixed that missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL (bsc#1082010) - CVE-2018-1000076: Fixed improper verification of signatures in tarball allows to install mis-signed gem (bsc#1082009) - CVE-2018-1000074: Fixed unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (bsc#1082008) - CVE-2018-1000073: Fixed path traversal when writing to a symlinked basedir outside of the root (bsc#1082007) Other changes: - Fixed Net::POPMail methods modify frozen literal when using default arg - ruby: change over of the Japanese Era to the new emperor May 1st 2019 (bsc#1133790) - build with PIE support (bsc#1130028) Changes in ruby-bundled-gems-rpmhelper: - Add a new helper for bundled ruby gems. ----------------------------------------- Patch: SUSE-2019-1815 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Severity: moderate References: 1140016 Description: This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------- Patch: SUSE-2019-1829 Released: Fri Jul 12 11:45:07 2019 Summary: Security update for the Linux Kernel Severity: important References: 1051510,1071995,1088047,1094555,1098633,1106383,1106751,1109137,1114279,1119532,1120423,1124167,1127155,1128432,1128902,1128910,1131645,1132154,1132390,1133401,1133738,1134303,1134395,1135296,1135556,1135642,1136157,1136598,1136922,1136935,1137103,1137194,1137429,1137625,1137728,1137884,1137995,1137996,1137998,1137999,1138000,1138002,1138003,1138005,1138006,1138007,1138008,1138009,1138010,1138011,1138012,1138013,1138014,1138015,1138016,1138017,1138018,1138019,1138291,1138293,1138374,1138375,1138589,1138719,1139771,1139782,1139865,1140133,1140328,1140405,1140424,1140428,1140575,1140577,1140637,1140658,1140715,1140719,1140726,1140727,1140728,1140814,CVE-2018-16871,CVE-2018-20836,CVE-2019-10126,CVE-2019-10638,CVE-2019-10639,CVE-2019-11599,CVE-2019-12380,CVE-2019-12456,CVE-2019-12614,CVE-2019-12818,CVE-2019-12819 Description: The SUSE Linux Enterprise 15 kernel version 4.12.14 was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: Attackers used to be able to track the Linux kernel by the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack could have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. [bnc#1140575] - CVE-2019-10639: The Linux kernel used to allow Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely by the attacker forcing the target device to send UDP or ICMP traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. [bnc#1140577] - CVE-2018-20836: A race condition used to exist in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. [bnc#1134395] - CVE-2019-10126: A heap based buffer overflow in the wireless driver code was fixed. This issue might have lead to memory corruption and possibly other consequences. [bnc#1136935] - CVE-2019-11599: The coredump implementation did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. [bnc#1131645]. - CVE-2019-12614: There was an unchecked kstrdup of prop->name on PowerPC platforms, which allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). [bnc#1137194] - CVE-2018-16871: A flaw was found in the NFS implementation. An attacker who was able to mount an exported NFS filesystem was able to trigger a null pointer dereference by an invalid NFS sequence. This could panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will were lost. [bnc#1137103] - CVE-2019-12819: The function __mdiobus_register() used to call put_device(), which would trigger a fixed_mdio_bus_init use-after-free error. This would cause a denial of service. [bnc#1138291] - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it could trigger a NULL pointer dereference. This would cause denial of service. [bnc#1138293] - CVE-2019-12456: An issue in the MPT3COMMAND case in _ctl_ioctl_main() allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a 'double fetch' vulnerability. [bsc#1136922] - CVE-2019-12380: An issue was in the EFI subsystem existed that mishandled memory allocation failures. Note, however, that all relevant code runs only at boot-time, before any user processes are started. Therefore, there was no possibility for an unprivileged user to exploit this issue. [bnc#1136598] The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - acpi: Add Hygon Dhyana support (). - af_key: unconditionally clone on broadcast (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - asoc: cs42xx8: Add regcache mask dirty (bsc#1051510). - asoc: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - clk: rockchip: Turn on 'aclk_dmac1' for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpu/topology: Export die_id (jsc#SLE-5454). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpufreq: Add Hygon Dhyana support (). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dm, dax: Fix detection of DAX support (bsc#1139782). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/radeon: prefer lower reference dividers (bsc#1051510). - edac, amd64: Add Hygon Dhyana support. - edac/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - hid: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - hid: wacom: Add ability to provide explicit battery status info (bsc#1051510). - hid: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - hid: wacom: Add support for Pro Pen slim (bsc#1051510). - hid: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - hid: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - hid: wacom: Do not set tool type until we're in range (bsc#1051510). - hid: wacom: Mark expected switch fall-through (bsc#1051510). - hid: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - hid: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - hid: wacom: Properly handle AES serial number and tool type (bsc#1051510). - hid: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - hid: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - hid: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - hid: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - hid: wacom: Support 'in range' for Intuos/Bamboo tablets where possible (bsc#1051510). - hid: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - hid: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hid: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - hid: wacom: fix mistake in printk (bsc#1051510). - hid: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - hid: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - hid: wacom: generic: Refactor generic battery handling (bsc#1051510). - hid: wacom: generic: Report AES battery information (bsc#1051510). - hid: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - hid: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - hid: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - hid: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - hid: wacom: generic: Support multiple tools per report (bsc#1051510). - hid: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - hid: wacom: generic: add the 'Report Valid' usage (bsc#1051510). - hid: wacom: switch Dell canvas into highres mode (bsc#1051510). - hid: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (). - hwmon: (k10temp) Add Hygon Dhyana support (). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (). - hwmon: (k10temp) Add support for family 17h (). - hwmon: (k10temp) Add support for temperature offsets (). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (). - hwmon: (k10temp) Correct model name for Ryzen 1600X (). - hwmon: (k10temp) Display both Tctl and Tdie (). - hwmon: (k10temp) Fix reading critical temperature register (). - hwmon: (k10temp) Make function get_raw_temp static (). - hwmon: (k10temp) Move chip specific code into probe function (). - hwmon: (k10temp) Only apply temperature offset if result is positive (). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (). - hwmon: (k10temp) Use API function to access System Management Network (). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (). - i2c-piix4: Add Hygon Dhyana SMBus support (). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - kabi workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: fixup blk_mq_register_dev() (bsc#1140637). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kernel-binary: Use -c grep option in klp project detection. - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - pci: pm: Avoid possible suspend-to-idle issue (bsc#1051510). - pci: pm: Skip devices in D0 for suspend-to-idle (bsc#1051510). - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - perf tools: Add Hygon Dhyana support (). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - pm / core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - ras/cec: Convert the timer callback to a workqueue (bsc#1114279). - ras/cec: Fix binary search function (bsc#1114279). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/setup: fix early warning messages (bsc#1051510). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - smb3: Fix endian warning (bsc#1137884). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - spi: spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - tty: max310x: Fix external crystal register setup (bsc#1051510). - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: serial: fix initial-termios handling (bsc#1135642). - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - usbnet: ipheth: fix racing condition (bsc#1051510). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Add support for Raven Ridge CPUs (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions. - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/kvm: Add Hygon Dhyana support to KVM (). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/xen: Add Hygon Dhyana support to Xen (). - xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). ----------------------------------------- Patch: SUSE-2019-1833 Released: Fri Jul 12 17:53:51 2019 Summary: Security update for glib2 Severity: moderate References: 1139959,CVE-2019-13012 Description: This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). ----------------------------------------- Patch: SUSE-2019-1835 Released: Fri Jul 12 18:06:31 2019 Summary: Security update for expat Severity: moderate References: 1139937,CVE-2018-20843 Description: This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). ----------------------------------------- Patch: SUSE-2019-1846 Released: Mon Jul 15 11:36:33 2019 Summary: Security update for bzip2 Severity: important References: 1139083,CVE-2019-12900 Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). ----------------------------------------- Patch: SUSE-2019-1853 Released: Mon Jul 15 16:03:36 2019 Summary: Recommended update for systemd Severity: moderate References: 1107617,1137053 Description: This update for systemd fixes the following issues: - conf-parse: remove 4K line length limit (bsc#1137053) - udevd: change the default value of udev.children-max (again) (bsc#1107617) - meson: stop creating enablement symlinks in /etc during installation (sequel) - Fixed build for openSUSE Leap 15+ - Make sure we don't ship any static enablement symlinks in /etc Those symlinks must only be created by the presets. There are no changes in practice since systemd/udev doesn't ship such symlinks in /etc but let's make sure no future changes will introduce new ones by mistake. ----------------------------------------- Patch: SUSE-2019-1859 Released: Tue Jul 16 13:08:46 2019 Summary: Security update for libgcrypt Severity: moderate References: 1097073,1125740,1138939,CVE-2019-12904 Description: This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-12904: The C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) (bsc#1138939) Other bugfixes: - Don't run full FIPS self-tests from constructor (bsc#1097073) - Skip all the self-tests except for binary integrity when called from the constructor (bsc#1097073) - Enforce the minimal RSA keygen size in fips mode (bsc#1125740) - avoid executing some tests twice. - Fixed a race condition in initialization. - Fixed env-script-interpreter in cavs_driver.pl - Fixed redundant fips tests in some situations causing failure to boot in fips mode. (bsc#1097073) This helps during booting of the system in FIPS mode with insufficient entropy. ----------------------------------------- Patch: SUSE-2019-1869 Released: Wed Jul 17 14:03:20 2019 Summary: Security update for MozillaFirefox Severity: important References: 1140868,CVE-2019-11709,CVE-2019-11711,CVE-2019-11712,CVE-2019-11713,CVE-2019-11715,CVE-2019-11717,CVE-2019-11719,CVE-2019-11729,CVE-2019-11730,CVE-2019-9811 Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: * Added IPSEC IKE support to softoken * Many new FIPS test cases ----------------------------------------- Patch: SUSE-2019-1877 Released: Thu Jul 18 11:31:46 2019 Summary: Security update for glibc Severity: moderate References: 1117993,1123710,1127223,1127308,1131330,CVE-2009-5155,CVE-2019-9169 Description: This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). - CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Non-security issues fixed: - Does no longer compress debug sections in crt*.o files (bsc#1123710) - Fixes a concurrency problem in ldconfig (bsc#1117993) - Fixes a race condition in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330) ----------------------------------------- Patch: SUSE-2019-1892 Released: Thu Jul 18 15:54:35 2019 Summary: Recommended update for openslp Severity: moderate References: 1117969,1136136 Description: This update for openslp fixes the following issues: - Use tcp connects to talk with other directory agents (DAs) (bsc#1117969) - Fix segfault in predicate match if a registered service has a malformed attribute list (bsc#1136136) ----------------------------------------- Patch: SUSE-2019-1908 Released: Fri Jul 19 12:51:17 2019 Summary: Recommended update for grub2 Severity: important References: 1134287,1139345 Description: This update for grub2 fixes the following issues: - Fix a regression introduced by the previous update which could prevent booting on ppc64. (bsc#1134287, bsc#1139345). ----------------------------------------- Patch: SUSE-2019-1966 Released: Wed Jul 24 17:33:57 2019 Summary: Recommended update for rsyslog Severity: moderate References: 1137681 Description: This update for rsyslog fixes the following issues: - Suppress error message about missing environment variable TZ. (bsc#1137681) ----------------------------------------- Patch: SUSE-2019-1967 Released: Thu Jul 25 02:26:37 2019 Summary: Recommended update for dracut Severity: important References: 1098915,1121238,1125393,1130107,1130114,1132448,1133819,1134347,1134472,1137784 Description: This update for dracut fixes the following issues: - 95dasd-rules 95zfcp-rules: was not correctly looking for rule names (bsc#1137784) - Early microcode was not added from files with .early postfix (bsc#1098915, bsc#1125393) - GPIO modules weren't get included on ARM (bsc#1133819) - Routes were not properly added due to a spelling error (bsc#1134347) - Decouple iscsi from sysinit.target (bsc#1134472) - dracut-lib.sh:dev_unit_name() guard against $dev beginning with '-' (bsc#1132448) - 95iscsi: error messages were created when building initrd, due to multipath timeouts (bsc#1130114, bsc#1130107, bsc#1121238) ----------------------------------------- Patch: SUSE-2019-1985 Released: Fri Jul 26 00:17:21 2019 Summary: Recommended update for suse-module-tools Severity: moderate References: 1100989,1123697,1123704,1123721,1127155,1127891,1134819,937216 Description: This update for suse-module-tools fixes the following issues: - Softdep of bridge on br_netfilter. (bsc#937216, bsc#1134819) - weak-modules2: Emit 'inconsistent' warning only if replacement fails. (bsc#1127155) - spec file: Add conflicts for dracut < 44.2. (bsc#1127891) - modprobe.conf.common: Add csiostor->cxgb4 dependency. (bsc#1100989) - Fix driver-check.sh. (bsc#1123697, bsc#1123704) - Make code work without kmod-compat - Remove hard dependency on mkinitrd. (bsc#1123721) ----------------------------------------- Patch: SUSE-2019-1994 Released: Fri Jul 26 16:12:05 2019 Summary: Recommended update for libxml2 Severity: moderate References: 1135123 Description: This update for libxml2 fixes the following issues: - Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit when processing large XML files. (bsc#1135123) ----------------------------------------- Patch: SUSE-2019-2001 Released: Fri Jul 26 18:09:41 2019 Summary: Recommended update for docker Severity: important References: 1138920 Description: This update for docker fixes the following issues: - Mark daemon.json as %config(noreplace) to not overwrite it during installation (bsc#1138920) ----------------------------------------- Patch: SUSE-2019-2004 Released: Mon Jul 29 13:01:59 2019 Summary: Security update for bzip2 Severity: important References: 1139083,CVE-2019-12900 Description: This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). ----------------------------------------- Patch: SUSE-2019-2006 Released: Mon Jul 29 13:02:49 2019 Summary: Security update for gpg2 Severity: important References: 1124847,1141093,CVE-2019-13050 Description: This update for gpg2 fixes the following issues: Security issue fixed: - CVE-2019-13050: Fixed a denial of service attacks via big keys (bsc#1141093). Non-security issue fixed: - Allow coredumps in X11 desktop sessions (bsc#1124847) ----------------------------------------- Patch: SUSE-2019-2018 Released: Tue Jul 30 13:16:48 2019 Summary: Security update for polkit Severity: important References: 1121826,CVE-2019-6133 Description: This update for polkit fixes the following issues: Security issue fixed: - CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend (bsc#1121826). ----------------------------------------- Patch: SUSE-2019-2030 Released: Wed Jul 31 18:34:34 2019 Summary: Security update for zypper, libzypp and libsolv Severity: moderate References: 1047962,1049826,1053177,1065022,1099019,1102261,1110542,1111319,1112911,1113296,1114908,1115341,1116840,1118758,1119373,1119820,1119873,1120263,1120463,1120629,1120630,1120631,1121611,1122062,1122471,1123137,1123681,1123843,1123865,1123967,1124897,1125415,1127026,1127155,1127220,1130161,1131823,1135749,1137977,663358,764147,965786,978193,993025,CVE-2018-20532,CVE-2018-20533,CVE-2018-20534 Description: This update for libzypp and libsolv fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed NULL pointer dereference at ext/testcase.c (function testcase_read) (bsc#1120629). - CVE-2018-20533: Fixed NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a (bsc#1120630). - CVE-2018-20534: Fixed illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a (bsc#1120631). Fixed bugs and enhancements: - make cleandeps jobs on patterns work (bnc#1137977) - Fixed an issue where libsolv failed to build against swig 4.0 by updating the version to 0.7.5 (bsc#1135749). - Virtualization host upgrade from SLES-15 to SLES-15-SP1 finished with wrong product name shown up (bsc#1131823). - Copy pattern categories from the rpm that defines the pattern (fate#323785). - Enhance scanning /sys for modaliases (bsc#1130161). - Prevent SEGV if the application sets an empty TextLocale (bsc#1127026). - Handle libgpgme error when gpg key is not completely read and user hits CTRL + C (bsc#1127220). - Added a hint when registration codes have expired (bsc#965786). - Adds a better handling of an error when verifying any repository medium (bsc#1065022). - Will now only write type field when probing (bsc#1114908). - Fixes an issue where zypper has showed the info message 'Installation aborted by user' while the installation was aborted by wicked (bsc#978193). - Suppresses reporting `/memfd:` pseudo files (bsc#1123843). - Fixes an issue where zypper was not able to install or uninstall packages when rpm is unavailable (bsc#1122471). - Fixes an issue where locks were ignored (bsc#1113296). - Simplify complex locks so zypper can display them (bsc#1112911). - zypper will now set `SYSTEMD_OFFLINE=1` during chrooted commits (bsc#1118758). - no-recommends: Nevertheless consider resolver namespaces (hardware, language,..supporting packages) (fate#325513). - Removes world-readable bit from /var/log/zypp (bsc#1099019). - Does no longer fail service-refresh on a empty repoindex.xml (bsc#1116840). - Fixes soname due to libsolv ABI changes (bsc#1115341). - Add infrastructure to flag specific packages to trigger a reboot needed hint (fate#326451). This update for zypper 1.14.27 fixes the following issues: - bash-completion: add package completion for addlock (bsc#1047962) - bash-completion: fix incorrect detection of command names (bsc#1049826) - Offer to change the 'runSearchPackages' config option at the prompt (bsc#1119373, FATE#325599) - Prompt: provide a 'yes/no/always/never' prompt. - Prompt: support '#NUM' as answer to select the NUMth option... - Augeas: enable writing back changed option values (to ~/.zypper.conf) - removelocale: fix segfault - Move needs-restarting command to subpackage (fixes #254) - Allow empty string as argument (bsc#1125415) - Provide a way to delete cache for volatile repositories (bsc#1053177) - Adapt to boost-1.69 requiring explicit casts tribool->bool (fixes #255) - Show support status in info if not unknown (bsc#764147) - Fix installing plain rpm files with `zypper in` (bsc#1124897) - Show only required info in the summary in quiet mode (bsc#993025) - Stay with legacy behavior and return ZYPPER_EXIT_INF_REBOOT_NEEDED only for patches. We don't extend this return code to packages, although they may also carry the 'reboot-needed' attribute. The preferred way to test whether the system needs to be rebooted is `zypper needs-rebooting`. (openSUSE/zypper#237) - Skip repository on error (bsc#1123967) - New commands for locale management: locales addlocale removelocale Inspect and manipulate the systems `requested locales`, aka. the languages software packages should try support by installing translations, dictionaries and tools, as far as they are available. - Don't throw, just warn if options are repeated (bsc#1123865) - Fix detection whether stdout is a tty (happened too late) - Fix broken --plus-content switch (fixes bsc#1123681) - Fix broken --replacefiles switch (fixes bsc#1123137) - Extend zypper source-install (fixes bsc#663358) - Fix inconsistent results for search (bsc#1119873) - Show reboot hint in zypper ps and summary (fixes bsc#1120263) - Improve handling of partially locked packages (bsc#1113296) - Fix wrong default values in help text (bsc#1121611) - Fixed broken argument parsing for --reposd-dir (bsc#1122062) - Fix wrong zypp::indeterminate use (bsc#1120463) - CLI parser: fix broken initialization enforcing 'select by name' (bsc#1119820) - zypper.conf: [commit] autoAgreeWithLicenses {=false} (fixes #220) - locks: Fix printing of versioned locks (bsc#1112911) - locks: create and write versioned locks correctly (bsc#1112911) - patch: --with update may implicitly assume --with-optional (bsc#1102261) - no-recommends: Nevertheless consider resolver namespaces (hardware, language,..supporting packages) (FATE#325513) - Optionally run 'zypper search-packages' after 'search' (FATE#325599) - zypper.conf: Add [search]runSearchPackages config variable. - Don't iterate twice on --no-cd (bsc#1111319) - zypper-log: Make it Python 3 compatible - man: mention /etc/zypp/needreboot config file (fate#326451, fixes #140) - Add `needs-restarting` shell script and manpage (fate#326451) - Add zypper needs-rebooting command (fate#326451) - Introduce new zypper command framefork. Migrated commands so far: addlock addrepo addservice clean cleanlocks modifyrepo modifyservice ps refresh refresh-services removelock removerepo removeservice renamerepo repos services - MediaChangeReport: fix https URLs causing 2 prompts on error (bsc#1110542) ----------------------------------------- Patch: SUSE-2019-2050 Released: Tue Aug 6 09:42:37 2019 Summary: Security update for python3 Severity: important References: 1094814,1138459,1141853,CVE-2018-20852,CVE-2019-10160 Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Non-security issue fixed: - Fixed an issue where the SIGINT signal was ignored or not handled (bsc#1094814). ----------------------------------------- Patch: SUSE-2019-2064 Released: Tue Aug 6 15:50:23 2019 Summary: Security update for python Severity: important References: 1138459,CVE-2019-10160 Description: This update for python fixes the following issues: Security issue fixed: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). ----------------------------------------- Patch: SUSE-2019-2068 Released: Wed Aug 7 00:50:47 2019 Summary: Security update for the Linux Azure Kernel Severity: important References: 1051510,1055117,1071995,1083647,1083710,1103991,1111666,1119222,1123080,1127034,1127315,1129770,1133021,1134097,1134390,1134399,1135335,1135642,1137458,1137534,1137535,1137584,1137609,1137827,1139358,1140133,1140139,1140322,1140652,1140887,1140888,1140889,1140891,1140893,1140903,1140945,1140948,1140954,1140955,1140956,1140957,1140958,1140959,1140960,1140961,1140962,1140964,1140971,1140972,1140992,1141401,1141402,1141452,1141453,1141454,1141478,1142023,1142112,1142220,1142221,1142265,1142350,1142351,1142354,1142359,1142450,1142701,1142868,1143003,1143105,1143185,1143189,1143191,1143507,CVE-2018-20855,CVE-2019-1125,CVE-2019-11810,CVE-2019-13631,CVE-2019-13648,CVE-2019-14283,CVE-2019-14284 Description: The SUSE Linux Enterprise 15 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20855: An issue was discovered in create_qp_common, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. (bnc#bsc#1103991) - CVE-2019-1125: Fix Spectre V1 variant via swapgs: Exclude ATOMs from speculation through SWAPGS (bsc#1139358). - CVE-2019-14284: In the Linux kernel, drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. (bnc#bsc#1143189) - CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. (bsc#1143191) - CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free. (bsc#1134399) - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user can cause a denial of service via a sigreturn() system call that sends a crafted signal frame. (bnc#1142265) - CVE-2019-13631: In parse_hid_report_descriptor, a malicious usb device could send an hid: report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023) The following non-security bugs were fixed: - acpi/nfit: Always dump _DSM output payload (bsc#1142351). - acpi: PM: Allow transitions to D0 to occur in special cases (bsc#1051510). - acpi: PM: Avoid evaluating _PS3 on transitions from D3hot to D3cold (bsc#1051510). - af_unix: remove redundant lockdep class (git-fixes). - alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - alsa: compress: Do not allow paritial drain operations on capture streams (bsc#1051510). - alsa: compress: Fix regression on compressed capture streams (bsc#1051510). - alsa: compress: Prevent bypasses of set_params (bsc#1051510). - alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - alsa: line6: Fix a typo (bsc#1051510). - alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - alsa: seq: Break too long mutex context in the write loop (bsc#1051510). - alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510). - alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - asoc : cs4265 : readable register too low (bsc#1051510). - asoc: cx2072x: fix integer overflow on unsigned int multiply (bsc#1111666). - asoc: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - asoc: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ath6kl: add some bounds checking (bsc#1051510). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: Revert 'bcache: fix high CPU occupancy during journal' (bsc#1140652). - bcache: Revert 'bcache: free heap cache_set->flush_btree in bch_journal_free' (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: remove 'XXX:' comment line from run_cache_set() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - blacklist.conf: Add 'signal: Do not restart fork when signals come in.' - blacklist.conf: Add 65fd4cb65b2d Documentation: Move L1TF to separate directory - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - btrfs: kill btrfs clear path blocking (bsc#1140139). - btrfs: fix race between block group removal and block group allocation (bsc#1143003). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - dax: Fix xarray entry association for mixed mappings (bsc#1140893). - dmaengine: hsu: Revert 'set HSU_CH_MTSR to memory width' (bsc#1051510). - documentation: DMA-API: fix a function name of max_mapping_size (bsc#1140954). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE (bsc#1051510). - drm/i915/dmc: protect against reading random memory (bsc#1051510). - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - e1000e: start network tx queue only when link is up (bsc#1051510). - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - ext4: do not delete unlinked inode from orphan list on failed truncate (bsc#1140891). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - fs/ocfs2: fix race in ocfs2_dentry_attach_lock() (bsc#1140889). - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bsc#1140887). - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bsc#1140887). - fs: Abort file_remove_privs() for non-reg. files (bsc#1140888). - gpio: omap: fix lack of irqstatus_raw0 for OMAP4 (bsc#1051510). - hid: wacom: correct touch resolution x/y typo (bsc#1051510). - hid: wacom: generic: Correct pad syncing (bsc#1051510). - hid: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - hid: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510). - hugetlbfs: dirty pages as they are added to pagecache (git fixes (mm/hugetlbfs)). - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (git fixes (mm/hugetlbfs)). - input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - input: psmouse - fix build error of multiple definition (bsc#1051510). - input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - iommu/amd: Make iommu_disable safer (bsc#1140955). - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bsc#1051510). - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bsc#1051510). - iommu/arm-smmu: Add support for qcom,smmu-v2 variant (bsc#1051510). - iommu/arm-smmu: Avoid constant zero in TLBI writes (bsc#1140956). - iommu/vt-d: Duplicate iommu_resv_region objects per device list (bsc#1140959). - iommu/vt-d: Handle RMRR with pci bridge device scopes (bsc#1140961). - iommu/vt-d: Handle pci bridge RMRR device scopes in intel_iommu_get_resv_regions (bsc#1140960). - iommu/vt-d: Introduce is_downstream_to_pci_bridge helper (bsc#1140962). - iommu/vt-d: Remove unnecessary rcu_read_locks (bsc#1140964). - iommu: Fix a leak in iommu_insert_resv_region (bsc#1140957). - iommu: Use right function to get group for device (bsc#1140958). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - irqchip/gic-v3-its: fix some definitions of inner cacheability attributes (bsc#1051510). - irqchip/mbigen: Do not clear eventid when freeing an MSI (bsc#1051510). - kabi: Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995). - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm: polling: add architecture backend to disable polling (bsc#1119222). - kvm: s390: change default halt poll time to 50us (bsc#1119222). - kvm: s390: enable CONFIG_HAVE_KVM_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_KVM_NO_POLL for bsc#1119222 - kvm: s390: fix typo in parameter description (bsc#1119222). - kvm: s390: kABI Workaround for 'kvm_vcpu_stat' Add halt_no_poll_steal to kvm_vcpu_stat. Hide it from the kABI checker. - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222). - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: svm/avic: fix off-by-one in checking host APIC ID (bsc#1140971). - kvm: x86: Skip EFER vs. guest CPUID checks for host-initiated writes (bsc#1140972). - kvm: x86: fix return value for reserved EFER (bsc#1140992). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - lib/bitmap.c: make bitmap_parselist() thread-safe and much faster (bsc#1143507). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - mfd: hi655x: Fix regmap area declared size for hi655x (bsc#1051510). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm/vmscan.c: prevent useless kswapd loops (git fixes (mm/vmscan)). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - mmc: sdhci-pci: Try 'cd' for card-detect lookup before using NULL (bsc#1051510). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net: avoid weird emergency message (networking-stable-19_05_21). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - pci: Always allow probing with driver_override (bsc#1051510). - pci: Do not poll for PME if the device is in D3cold (bsc#1051510). - pci: Return error if cannot probe VF (bsc#1051510). - pci: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - pci: hv: Remove unused reason for refcount handler (bsc#1142701). - pci: hv: support reporting serial number as slot information (bsc#1142701). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/mm: Add back sibling paca poiter to paca (bsc#1055117). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (git-fixes). - ptrace: restore smp_rmb() in __ptrace_may_access() (git-fixes). - pwm: stm32: Use 3 cells ->of_xlate() (bsc#1111666). - qmi_wwan: Fix out-of-bounds read (bsc#1111666). - rds: IB: fix 'passing zero to ERR_PTR()' warning (git-fixes). - regulator: s2mps11: Fix buck7 and buck8 wrong voltages (bsc#1051510). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390/vtime: steal time exponential moving average (bsc#1119222). - s390: Fix booting regression (bsc#1140948). - scripts/git_sort/git_sort.py: Add mmots tree. - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - sctp: Fix memory leak in sctp_process_init (networking-stable-19_06_09). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - signal/ptrace: Do not leak unitialized kernel memory with PTRACE_PEEK_SIGINFO (git-fixes). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - staging:iio:ad7150: fix threshold mode config bit (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - team: Always enable vlan tx offload (bsc#1051510). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - usb: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - vmci: Fix integer overflow in VMCI handle arrays (bsc#1051510). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - wil6210: fix potential out-of-bounds read (bsc#1051510). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xfs: do not overflow xattr listent buffer (bsc#1143105). ----------------------------------------- Patch: SUSE-2019-2084 Released: Wed Aug 7 13:57:01 2019 Summary: Recommended update for polkit-default-privs Severity: moderate References: 1140151 Description: This update for polkit-default-privs fixes the following issues: - various new libvirt actions were white listed (bsc#1140151) ----------------------------------------- Patch: SUSE-2019-2085 Released: Wed Aug 7 13:58:43 2019 Summary: Recommended update for apparmor Severity: moderate References: 1135751 Description: This update for apparmor fixes the following issues: - Profile updates for dnsmasq, dovecot, identd, syslog-ng - Parser: fix 'Px -> foo-bar' (the '-' was rejected before) - Add certbot paths to abstractions/ssl_certs and abstractions/ssl_keys. - Fix build with swig 4.0. (bsc#1135751) ----------------------------------------- Patch: SUSE-2019-2087 Released: Wed Aug 7 18:16:48 2019 Summary: Security update for tcpdump Severity: moderate References: 1068716,1142439,CVE-2017-16808,CVE-2019-1010220 Description: This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2019-1010220: Fixed a buffer over-read in print_prefix() which may expose data (bsc#1142439). - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print() and lookup_emem() (bsc#1068716). ----------------------------------------- Patch: SUSE-2019-2114 Released: Mon Aug 12 11:56:44 2019 Summary: Security update for python Severity: moderate References: 1141853,CVE-2018-20852 Description: This update for python fixes the following issues: - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). ----------------------------------------- Patch: SUSE-2019-2117 Released: Tue Aug 13 14:56:55 2019 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Severity: important References: 1100331,1121967,1138920,1139649,1142160,1142413,1143409,CVE-2018-10892,CVE-2019-13509,CVE-2019-14271,CVE-2019-5736 Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Docker: - CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409). - CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160). - Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413, bsc#1139649). runc: - Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920). - Update to runc 425e105d5a03, which is required by Docker (bsc#1139649). containerd: - CVE-2019-5736: Fixed a container breakout vulnerability (bsc#1121967). - Update to containerd v1.2.6, which is required by docker (bsc#1139649). golang-github-docker-libnetwork: - Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413, bsc#1139649). ----------------------------------------- Patch: SUSE-2019-2134 Released: Wed Aug 14 11:54:56 2019 Summary: Recommended update for zlib Severity: moderate References: 1136717,1137624,1141059,SLE-5807 Description: This update for zlib fixes the following issues: - Update the s390 patchset. (bsc#1137624) - Tweak zlib-power8 to have type of crc32_vpmsum conform to usage. (bsc#1141059) - Use FAT LTO objects in order to provide proper static library. - Do not enable the previous patchset on s390 but just s390x. (bsc#1137624) - Add patchset for s390 improvements. (jsc#SLE-5807, bsc#1136717) ----------------------------------------- Patch: SUSE-2019-2141 Released: Wed Aug 14 14:45:18 2019 Summary: Recommended update for cloud-regionsrv-client Severity: moderate References: 1136112,1136113,1137384,1137385 Description: This update for cloud-regionsrv-client fixes the following issues: - If the credentials are not valid, an error is issued and the user is instructed to re-register the system - Fixes a bug where the registration client aborted with a traceback when the instance data cannot be retrieved (bsc#1137384, bsc#1137385) This maintenance update for cloud-regionsrv-client includes some more smaller bug fixes as well. Please refer to this rpm's changelog file to receive a full list of all changes. ----------------------------------------- Patch: SUSE-2019-2142 Released: Wed Aug 14 18:14:04 2019 Summary: Recommended update for mozilla-nspr, mozilla-nss Severity: moderate References: 1141322 Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.45 (bsc#1141322) : * New function in pk11pub.h: PK11_FindRawCertsWithSubject * The following CA certificates were Removed: CN = Certinomis - Root CA (bmo#1552374) * Implement Delegated Credentials (draft-ietf-tls-subcerts) (bmo#1540403) This adds a new experimental function SSL_DelegateCredential Note: In 3.45, selfserv does not yet support delegated credentials (See bmo#1548360). Note: In 3.45 the SSLChannelInfo is left unmodified, while an upcoming change in 3.46 will set SSLChannelInfo.authKeyBits to that of the delegated credential for better policy enforcement (See bmo#1563078). * Replace ARM32 Curve25519 implementation with one from fiat-crypto (bmo#1550579) * Expose a function PK11_FindRawCertsWithSubject for finding certificates with a given subject on a given slot (bmo#1552262) * Add IPSEC IKE support to softoken (bmo#1546229) * Add support for the Elbrus lcc compiler (<=1.23) (bmo#1554616) * Expose an external clock for SSL (bmo#1543874) This adds new experimental functions: SSL_SetTimeFunc, SSL_CreateAntiReplayContext, SSL_SetAntiReplayContext, and SSL_ReleaseAntiReplayContext. The experimental function SSL_InitAntiReplay is removed. * Various changes in response to the ongoing FIPS review (bmo#1546477) Note: The source package size has increased substantially due to the new FIPS test vectors. This will likely prompt follow-on work, but please accept our apologies in the meantime. mozilla-nspr was updated to version 4.21 * Changed prbit.h to use builtin function on aarch64. * Removed Gonk/B2G references. ----------------------------------------- Patch: SUSE-2019-2173 Released: Mon Aug 19 14:46:35 2019 Summary: Recommended update for yast2 Severity: moderate References: 1093052,1113732,1128032 Description: This update for yast2 fixes the following issues: - Stop 'ls: write error: Broken pipe' messages. (bsc#1128032) - Choose SuSEfirewall2 as default if no firewall has been installed. (bsc#1093052) - Added more testcases if e.g. system is running in chroot environment and systemd does not work properly (bsc#1113732) ----------------------------------------- Patch: SUSE-2019-2174 Released: Mon Aug 19 14:46:47 2019 Summary: Recommended update for yast2-proxy Severity: moderate References: 1140199 Description: This update for yast2-proxy fixes the following issues: - Fix 'proxy' behaviour when running in firstboot (bsc#1140199) ----------------------------------------- Patch: SUSE-2019-2188 Released: Wed Aug 21 10:10:29 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1140647 Description: This update for aaa_base fixes the following issues: - Make systemd detection cgroup oblivious. (bsc#1140647) ----------------------------------------- Patch: SUSE-2019-2198 Released: Thu Aug 22 14:35:15 2019 Summary: Recommended update for cloud-regionsrv-client Severity: important References: 1144754,1146321,1146462,1146463,1146467,1146468,1146610 Description: This update for cloud-regionsrv-client fixes the following issues: - Adds a dependency to python3-urllib3 (bsc#1146610, bsc#1146321, bsc#1144754) - Fixes an issue where the registration client exited with a traceback since the last update (bsc#1146462, bsc#1146463) - Clear the new-registration marker if the instance has a cache of update servers (bsc#1146467, bsc#1146468) ----------------------------------------- Patch: SUSE-2019-2200 Released: Thu Aug 22 14:36:04 2019 Summary: Recommended update for quota Severity: low References: 1144265 Description: This update for quota fixes the following issues: - quota will stop processing the config file in case of errors (bsc#1144265) ----------------------------------------- Patch: SUSE-2019-2218 Released: Mon Aug 26 11:29:57 2019 Summary: Recommended update for pinentry Severity: moderate References: 1141883 Description: This update for pinentry fixes the following issues: - Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883) ----------------------------------------- Patch: SUSE-2019-2241 Released: Wed Aug 28 14:58:49 2019 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1144169 Description: This update for ca-certificates-mozilla fixes the following issues: ca-certificates-mozillawas updated to 2.34 state of the Mozilla NSS Certificate store (bsc#1144169) Removed CAs: - Certinomis - Root CA Includes new root CAs from the 2.32 version: - emSign ECC Root CA - C3 (email and server auth) - emSign ECC Root CA - G3 (email and server auth) - emSign Root CA - C1 (email and server auth) - emSign Root CA - G1 (email and server auth) - Hongkong Post Root CA 3 (server auth) ----------------------------------------- Patch: SUSE-2019-2279 Released: Wed Sep 4 12:22:23 2019 Summary: Recommended update for SUSEConnect Severity: moderate References: 1136752,1144020 Description: This update for SUSEConnect fixes the following issues: - Fix failing on registered system without arguments (bsc#1144020) - Fix base product service removal during de-registration in public clouds (bsc#1136752) ----------------------------------------- Patch: SUSE-2019-2289 Released: Wed Sep 4 14:23:43 2019 Summary: Recommended update for open-iscsi Severity: moderate References: 1113712 Description: This update for open-iscsi fixes the following issues: - Fixes an issue where an iSCSI boot failure appeared in MPIO config with single path active (bsc#1113712) Additionally: This update includes a lot of smaller bug fixes. Please refer to this rpm's changelog file to get the full list of all changes. ----------------------------------------- Patch: SUSE-2019-2306 Released: Thu Sep 5 14:39:23 2019 Summary: Recommended update for parted Severity: moderate References: 1082318,1136245 Description: This update for parted fixes the following issues: - Included several minor bug fixes - for more details please refer to this rpm's changelog (bsc#1136245) - Installs the license file in the correct directory (bsc#1082318) ----------------------------------------- Patch: SUSE-2019-2331 Released: Mon Sep 9 10:17:00 2019 Summary: Security update for python-urllib3 Severity: moderate References: 1119376,1129071,1132663,1132900,CVE-2018-20060,CVE-2019-11236,CVE-2019-11324,CVE-2019-9740 Description: This update for python-urllib3 fixes the following issues: Security issues fixed: - CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071). - CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900). - CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663). - CVE-2018-20060: Remove Authorization header when redirecting cross-host (bsc#1119376). ----------------------------------------- Patch: SUSE-2019-2344 Released: Tue Sep 10 12:47:25 2019 Summary: Recommended update for cloud-regionsrv-client Severity: important References: 1148644,1149840 Description: This update for cloud-regionsrv-client fixes the following issues: - Fixes an issue where repositories where missing on a system (bsc#1148644, bsc#1149840) ----------------------------------------- Patch: SUSE-2019-2349 Released: Tue Sep 10 14:52:10 2019 Summary: Security update for libgcrypt Severity: moderate References: 1148987,CVE-2019-13627 Description: This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigated ECDSA timing attack. (bsc#1148987) ----------------------------------------- Patch: SUSE-2019-2352 Released: Wed Sep 11 08:26:23 2019 Summary: Recommended update for rsyslog Severity: moderate References: 1146872 Description: This update for rsyslog brings support for the 'mmkubernetes' rsyslog module. (FATE#327800 bsc#1146872) ----------------------------------------- Patch: SUSE-2019-2363 Released: Thu Sep 12 07:55:41 2019 Summary: Recommended update for krb5 Severity: moderate References: 1081947,1144047 Description: This update for krb5 contains the following fixes: - Integrate pam_keyinit PAM module, ksu-pam.d. (bsc#1081947) ----------------------------------------- Patch: SUSE-2019-2373 Released: Thu Sep 12 14:18:53 2019 Summary: Security update for curl Severity: important References: 1149495,1149496,CVE-2019-5481,CVE-2019-5482 Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495). - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). ----------------------------------------- Patch: SUSE-2019-2375 Released: Thu Sep 12 17:36:46 2019 Summary: Recommended update for polkit-default-privs Severity: moderate References: 1144077 Description: This update for polkit-default-privs fixes the following issues: - whitelist the checkpoint action for libvirt (bsc#1144077) ----------------------------------------- Patch: SUSE-2019-2392 Released: Tue Sep 17 15:46:35 2019 Summary: Security update for util-linux and shadow Severity: moderate References: 1081947,1082293,1085196,1106214,1121197,1122417,1125886,1135534,1135708,353876 Description: This update for util-linux and shadow fixes the following issues: util-linux: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Prevent outdated pam files (bsc#1082293). - Do not trim read-only volumes (bsc#1106214). - Integrate pam_keyinit pam module to login (bsc#1081947). - Perform one-time reset of /etc/default/su (bsc#1121197). - Fix problems in reading of login.defs values (bsc#1121197) - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417). - raw.service: Add RemainAfterExit=yes (bsc#1135534). - agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886) - Fix /etc/default/su comments and create /etc/default/runuser (bsc#1121197). shadow: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Hardening for su wrappers (bsc#353876) ----------------------------------------- Patch: SUSE-2019-2395 Released: Wed Sep 18 08:31:38 2019 Summary: Security update for openldap2 Severity: moderate References: 1073313,1111388,1114845,1143194,1143273,CVE-2017-17740,CVE-2019-13057,CVE-2019-13565 Description: This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194). - CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273). - CVE-2017-17740: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313) Non-security issues fixed: - Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845). - Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388) - Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388). ----------------------------------------- Patch: SUSE-2019-2410 Released: Fri Sep 20 09:51:53 2019 Summary: Security update for openssl-1_1 Severity: moderate References: 1150003,1150250,CVE-2019-1547,CVE-2019-1563 Description: This update for openssl-1_1 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) ----------------------------------------- Patch: SUSE-2019-2421 Released: Fri Sep 20 16:36:29 2019 Summary: Recommended update for python-urllib3 Severity: moderate References: 1150895 Description: This update for python-urllib3 fixes the following issues: - Add missing dependency on python-six (bsc#1150895) ----------------------------------------- Patch: SUSE-2019-2423 Released: Fri Sep 20 16:41:45 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1146866,SLE-9132 Description: This update for aaa_base fixes the following issues: Added sysctl.d/51-network.conf to tighten network security (bsc#1146866) (jira#SLE-9132) Following settings have been tightened (and set to 0): - net.ipv4.conf.all.accept_redirects - net.ipv4.conf.default.accept_redirects - net.ipv4.conf.default.accept_source_route - net.ipv6.conf.all.accept_redirects - net.ipv6.conf.default.accept_redirects ----------------------------------------- Patch: SUSE-2019-2429 Released: Mon Sep 23 09:28:40 2019 Summary: Security update for expat Severity: moderate References: 1149429,CVE-2019-15903 Description: This update for expat fixes the following issues: Security issues fixed: - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. (bsc#1149429) ----------------------------------------- Patch: SUSE-2019-2473 Released: Thu Sep 26 10:02:03 2019 Summary: Security update for nghttp2 Severity: moderate References: 1112438,1125689,1134616,1146182,1146184,CVE-2019-9511,CVE-2019-9513 Description: This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#11461). Bug fixes and enhancements: - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Feature: Add W&S module (FATE#326776, bsc#1112438) ----------------------------------------- Patch: SUSE-2019-2517 Released: Wed Oct 2 10:49:20 2019 Summary: Security update for libseccomp Severity: moderate References: 1082318,1128828,1142614,CVE-2019-9893 Description: This update for libseccomp fixes the following issues: Security issues fixed: - CVE-2019-9893: An incorrect generation of syscall filters in libseccomp was fixed (bsc#1128828) libseccomp was updated to new upstream release 2.4.1: - Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. libseccomp was updated to 2.4.0 (bsc#1128828 CVE-2019-9893): - Update the syscall table for Linux v5.0-rc5 - Added support for the SCMP_ACT_KILL_PROCESS action - Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute - Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension - Added support for the parisc and parisc64 architectures - Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) - Return -EDOM on an endian mismatch when adding an architecture to a filter - Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() - Fix PFC generation when a syscall is prioritized, but no rule exists - Numerous fixes to the seccomp-bpf filter generation code - Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 - Numerous tests added to the included test suite, coverage now at ~92% - Update our Travis CI configuration to use Ubuntu 16.04 - Numerous documentation fixes and updates libseccomp was updated to release 2.3.3: - Updated the syscall table for Linux v4.15-rc7 ----------------------------------------- Patch: SUSE-2019-2526 Released: Wed Oct 2 17:36:34 2019 Summary: Recommended update for SUSEConnect Severity: moderate References: 1143635 Description: This update for SUSEConnect provides the following fix: - Fix getting the list of installed products when zypper plugins are present. (bsc#1143635) ----------------------------------------- Patch: SUSE-2019-2533 Released: Thu Oct 3 15:02:50 2019 Summary: Security update for sqlite3 Severity: moderate References: 1150137,CVE-2019-16168 Description: This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). ----------------------------------------- Patch: SUSE-2019-2550 Released: Fri Oct 4 13:17:15 2019 Summary: Security update for bind Severity: important References: 1118367,1118368,1138687,CVE-2019-6471 Description: This update for bind fixes the following issues: Security issue fixed: - CVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687) Non-security issue fixed: - bind will no longer rely on /etc/insserv.conf (bsc#1118367, bsc#1118368) ----------------------------------------- Patch: SUSE-2019-2632 Released: Fri Oct 11 17:07:49 2019 Summary: Recommended update for libzypp, zypper Severity: moderate References: 1049825,1116995,1139795,1140039,1145521,1146027 Description: This update for libzypp, zypper fixes the following issues: - Fix leaking filedescriptors in MediaCurl. (bsc#1116995) - Run file conflict check on dry-run. (bsc#1140039) - Do not remove orphan products if the .prod file is owned by a package. (bsc#1139795) - Rephrase file conflict check summary. (bsc#1140039) - Fix bash completions option detection. (bsc#1049825) - Fixes a bug where zypper exited on SIGPIPE when downloading packages (bsc#1145521) - Fixes an issue where zypper exited with a segmentation fault when updating via YaST2 (bsc#1146027) ----------------------------------------- Patch: SUSE-2019-2645 Released: Fri Oct 11 17:11:23 2019 Summary: Recommended update for python-cryptography Severity: moderate References: 1149792 Description: This update for python-cryptography fixes the following issues: - Adds compatibility to openSSL 1.1.1d (bsc#1149792) ----------------------------------------- Patch: SUSE-2019-2647 Released: Fri Oct 11 17:12:06 2019 Summary: Recommended update for python-pyOpenSSL Severity: moderate References: 1149792 Description: This update for python-pyOpenSSL fixes the following issues: - Adds compatibility for openSSL 1.1.1d (bsc#1149792) ----------------------------------------- Patch: SUSE-2019-2651 Released: Mon Oct 14 11:32:33 2019 Summary: Security update for the Linux Kernel Severity: important References: 1047238,1050911,1051510,1054914,1055117,1056686,1060662,1061840,1061843,1064597,1064701,1065600,1065729,1066369,1071009,1071306,1071995,1078248,1082555,1085030,1085536,1085539,1087092,1090734,1091171,1093205,1102097,1104902,1104967,1106061,1106284,1106434,1108382,1109158,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113722,1114279,1114542,1118689,1119086,1120876,1120902,1120937,1123034,1123105,1124370,1127988,1129424,1129519,1129664,1131107,1131304,1131565,1134291,1134881,1134882,1135219,1135642,1135897,1136261,1137069,1137865,1137884,1137959,1138539,1139020,1139021,1139101,1139500,1140012,1140155,1140426,1140487,1141013,1141450,1141543,1141554,1142019,1142076,1142109,1142117,1142118,1142119,1142496,1142541,1142635,1142685,1142701,1143300,1143466,1143765,1143841,1143843,1144123,1144333,1144474,1144518,1144718,1144813,1144880,1144886,1144912,1144920,1144979,1145010,1145051,1145059,1145134,1145189,1145235,1145300,1145302,1145388,1145389,1145390,1145391,1145392,1145393,1145394,1145395,1145396,1145397,1145408,1145409,1145661,1145678,1145687,1145920,1145922,1145934,1145937,1145940,1145941,1145942,1146042,1146074,1146084,1146163,1146285,1146346,1146351,1146352,1146361,1146376,1146378,1146381,1146391,1146399,1146413,1146425,1146512,1146514,1146516,1146519,1146524,1146526,1146529,1146531,1146540,1146543,1146547,1146550,1146575,1146589,1146664,1146678,1146938,1148031,1148032,1148033,1148034,1148035,1148093,1148133,1148192,1148196,1148198,1148202,1148303,1148363,1148379,1148394,1148527,1148574,1148616,1148617,1148619,1148712,1148859,1148868,1149053,1149083,1149104,1149105,1149106,1149197,1149214,1149224,1149313,1149325,1149376,1149413,1149418,1149424,1149446,1149522,1149527,1149539,1149552,1149555,1149591,1149602,1149612,1149626,1149651,1149652,1149713,1149940,1149976,1150025,1150033,1150112,1150381,1150423,1150562,1150727,1150860,1150861,1150933,1151350,1151610,1151667,1151680,1151891,1151955,1152024,1152025,1152026,1152161,1152325,1152457,1152460,1152466,1152972,1152974,1152975,CVE-2017-18551,CVE-2017-18595,CVE-2018-20976,CVE-2018-21008,CVE-2019-14814,CVE-2019-14815,CVE-2019-14816,CVE-2019-14821,CVE-2019-14835,CVE-2019-15030,CVE-2019-15031,CVE-2019-15090,CVE-2019-15098,CVE-2019-15117,CVE-2019-15118,CVE-2019-15211,CVE-2019-15212,CVE-2019-15214,CVE-2019-15215,CVE-2019-15216,CVE-2019-15217,CVE-2019-15218,CVE-2019-15219,CVE-2019-15220,CVE-2019-15221,CVE-2019-15222,CVE-2019-15239,CVE-2019-15290,CVE-2019-15291,CVE-2019-15292,CVE-2019-15538,CVE-2019-15666,CVE-2019-15902,CVE-2019-15917,CVE-2019-15919,CVE-2019-15920,CVE-2019-15921,CVE-2019-15924,CVE-2019-15926,CVE-2019-15927,CVE-2019-9456,CVE-2019-9506 Description: The SUSE Linux Enterprise 15 for Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18551: An issue was discovered in drivers/i2c/i2c-core-smbus.c. There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). - CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). - CVE-2018-20976: An issue was discovered in fs/xfs/xfs_super.c. A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285). - CVE-2018-21008: A use-after-free could have been caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-9456: In the Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have led to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1150025). - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042). - CVE-2019-14814: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512). - CVE-2019-14814: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512). - CVE-2019-14816: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146516). - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could have used this flaw to increase their privileges on the host (bnc#1150112). - CVE-2019-15030: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check (bnc#1149713). - CVE-2019-15031: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via an interrupt. To exploit the vulnerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE was misused in arch/powerpc/kernel/process.c (bnc#1149713). - CVE-2019-15090: An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the qedi_dbg_* family of functions, there is an out-of-bounds read (bnc#1146399). - CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor (bnc#1146378). - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access (bnc#1145920). - CVE-2019-15118: check_input_term in sound/usb/mixer.c mishandled recursion, leading to kernel stack exhaustion (bnc#1145922). - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory (bnc#1146519). - CVE-2019-15212: An issue was discovered in the Linux kernel There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver (bnc#1146391 1146519). - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver (bnc#1146391). - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c (bnc#1146550). - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver (bnc#1146425). - CVE-2019-15216: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1146361). - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver (bnc#1146547). - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver (bnc#1146413). - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver (bnc#1146524). - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver (bnc#1146526). - CVE-2019-15221: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver (bnc#1146529). - CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver (bnc#1146531). - CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589) - CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543). - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). - CVE-2019-15292: There was a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c (bnc#1146678). - CVE-2019-15538: An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS (bnc#1148093). - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandled directory validation (bnc#1148394). - CVE-2019-15902: Misuse of the upstream 'x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()' commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped (bnc#1149376). - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c (bnc#1149539). - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free (bnc#1149552). - CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bnc#1149626). - CVE-2019-15921: There was a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c (bnc#1149602). - CVE-2019-15924: fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c had a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure (bnc#1149612). - CVE-2019-15926: An out-of-bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c (bnc#1149527). - CVE-2019-15927: An issue was discovered in the Linux kernel An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c (bnc#1149522). The following non-security bugs were fixed: - ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510). - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510). - ACPI: PM: Fix regression in acpi_device_set_power() (bsc#1051510). - ACPI: custom_method: fix memory leaks (bsc#1051510). - ACPI: fix false-positive -Wuninitialized warning (bsc#1051510). - ACPICA: Increase total number of possible Owner IDs (bsc#1148859). - ALSA: aoa: onyx: always initialize register read value (bsc#1051510). - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510). - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510). - ALSA: firewire: fix a memory leak bug (bsc#1051510). - ALSA: hda - Add a generic reboot_notify (bsc#1051510). - ALSA: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510). - ALSA: hda - Do not override global PCM hw info flag (bsc#1051510). - ALSA: hda - Fix a memory leak bug (bsc#1051510). - ALSA: hda - Fix potential endless loop at applying quirks (bsc#1051510). - ALSA: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510). - ALSA: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510). - ALSA: hda/realtek - Fix overridden device-specific initialization (bsc#1051510). - ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510). - ALSA: hda: kabi workaround for generic parser flag (bsc#1051510). - ALSA: hiface: fix multiple memory leak bugs (bsc#1051510). - ALSA: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510). - ALSA: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510). - ALSA: seq: Fix potential concurrent access to the deleted pool (bsc#1051510). - ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510). - ASoC: Fail card instantiation if DAI format setup fails (bsc#1051510). - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510). - ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks (bsc#1051510). - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510). - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510). - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510). - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510). - Add 3 not-needeed commits to blacklist.conf from git-fixes. - Add missing structs and defines from recent SMB3.1.1 documentation (bsc#1144333). - Add new flag on SMB3.1.1 read (bsc#1144333). - Add some missing debug fields in server and tcon structs (bsc#1144333). - Add some qedf commits to blacklist file (bsc#1149976) - Add vers=3.0.2 as a valid option for SMBv3.0.2 (bsc#1144333). - Bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510). - Btrfs: add a helper to retrive extent inline ref type (bsc#1149325). - Btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487). - Btrfs: add one more sanity check for shared ref type (bsc#1149325). - Btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325). - Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933). - Btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562). - Btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941). - Btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942). - Btrfs: fix incremental send failure after deduplication (bsc#1145940). - Btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059). - Btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937). - Btrfs: fix use-after-free when using the tree modification log (bsc#1151891). - Btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059). - Btrfs: remove BUG() in add_data_reference (bsc#1149325). - Btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325). - Btrfs: remove BUG() in print_extent_item (bsc#1149325). - Btrfs: remove BUG_ON in __add_tree_block (bsc#1149325). - CIFS: Add direct I/O functions to file_operations (bsc#1144333). - CIFS: Add support for direct I/O read (bsc#1144333). - CIFS: Add support for direct I/O write (bsc#1144333). - CIFS: Add support for direct pages in rdata (bsc#1144333). - CIFS: Add support for direct pages in wdata (bsc#1144333). - CIFS: Adds information-level logging function (bsc#1144333). - CIFS: Adjust MTU credits before reopening a file (bsc#1144333). - CIFS: Always reset read error to -EIO if no response (bsc#1144333). - CIFS: Avoid returning EBUSY to upper layer VFS (bsc#1144333). - CIFS: Calculate the correct request length based on page offset and tail size (bsc#1144333). - CIFS: Check for reconnects before sending async requests (bsc#1144333). - CIFS: Check for reconnects before sending compound requests (bsc#1144333). - CIFS: Count SMB3 credits for malformed pending responses (bsc#1144333). - CIFS: Display SMB2 error codes in the hex format (bsc#1144333). - CIFS: Do not assume one credit for async responses (bsc#1144333). - CIFS: Do not consider -ENODATA as stat failure for reads (bsc#1144333). - CIFS: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333). - CIFS: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333). - CIFS: Do not log credits when unmounting a share (bsc#1144333). - CIFS: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333). - CIFS: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333). - CIFS: Do not set credits to 1 if the server didn't grant anything (bsc#1144333). - CIFS: Do not skip SMB2 message IDs on send failures (bsc#1144333). - CIFS: Find and reopen a file before get MTU credits in writepages (bsc#1144333). - CIFS: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333). - CIFS: Fix NULL ptr deref (bsc#1144333). - CIFS: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333). - CIFS: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333). - CIFS: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333). - CIFS: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333). - CIFS: Fix credit calculations in compound mid callback (bsc#1144333). - CIFS: Fix credit computation for compounded requests (bsc#1144333). - CIFS: Fix credits calculation for cancelled requests (bsc#1144333). - CIFS: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333). - CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333). - CIFS: Fix error paths in writeback code (bsc#1144333). - CIFS: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333). - CIFS: Fix module dependency (bsc#1144333). - CIFS: Fix mounts if the client is low on credits (bsc#1144333). - CIFS: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333). - CIFS: Fix possible oops and memory leaks in async IO (bsc#1144333). - CIFS: Fix read after write for files with read caching (bsc#1051510, bsc#1144333). - CIFS: Fix signing for SMB2/3 (bsc#1144333). - CIFS: Fix trace command logging for SMB2 reads and writes (bsc#1144333). - CIFS: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333). - CIFS: Introduce offset for the 1st page in data transfer structures (bsc#1144333). - CIFS: Mask off signals when sending SMB packets (bsc#1144333). - CIFS: Move credit processing to mid callbacks for SMB3 (bsc#1144333). - CIFS: Move open file handling to writepages (bsc#1144333). - CIFS: Move unlocking pages from wdata_send_pages() (bsc#1144333). - CIFS: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333). - CIFS: Pass page offset for calculating signature (bsc#1144333). - CIFS: Pass page offset for encrypting (bsc#1144333). - CIFS: Print message when attempting a mount (bsc#1144333). - CIFS: Reconnect expired SMB sessions (bnc#1060662). - CIFS: Remove custom credit adjustments for SMB2 async IO (bsc#1144333). - CIFS: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333). - CIFS: Respect SMB2 hdr preamble size in read responses (bsc#1144333). - CIFS: Respect reconnect in MTU credits calculations (bsc#1144333). - CIFS: Respect reconnect in non-MTU credits calculations (bsc#1144333). - CIFS: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333). - CIFS: Return error code when getting file handle for writeback (bsc#1144333). - CIFS: SMBD: Add SMB Direct debug counters (bsc#1144333). - CIFS: SMBD: Add SMB Direct protocol initial values and constants (bsc#1144333). - CIFS: SMBD: Add parameter rdata to smb2_new_read_req (bsc#1144333). - CIFS: SMBD: Add rdma mount option (bsc#1144333). - CIFS: SMBD: Disable signing on SMB direct transport (bsc#1144333). - CIFS: SMBD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333). - CIFS: SMBD: Establish SMB Direct connection (bsc#1144333). - CIFS: SMBD: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333). - CIFS: SMBD: Implement RDMA memory registration (bsc#1144333). - CIFS: SMBD: Implement function to create a SMB Direct connection (bsc#1144333). - CIFS: SMBD: Implement function to destroy a SMB Direct connection (bsc#1144333). - CIFS: SMBD: Implement function to receive data via RDMA receive (bsc#1144333). - CIFS: SMBD: Implement function to reconnect to a SMB Direct transport (bsc#1144333). - CIFS: SMBD: Implement function to send data via RDMA send (bsc#1144333). - CIFS: SMBD: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333). - CIFS: SMBD: Set SMB Direct maximum read or write size for I/O (bsc#1144333). - CIFS: SMBD: Support page offset in RDMA recv (bsc#1144333). - CIFS: SMBD: Support page offset in RDMA send (bsc#1144333). - CIFS: SMBD: Support page offset in memory registration (bsc#1144333). - CIFS: SMBD: Upper layer connects to SMBDirect session (bsc#1144333). - CIFS: SMBD: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333). - CIFS: SMBD: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333). - CIFS: SMBD: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333). - CIFS: SMBD: Upper layer receives data via RDMA receive (bsc#1144333). - CIFS: SMBD: Upper layer reconnects to SMB Direct session (bsc#1144333). - CIFS: SMBD: Upper layer sends data via RDMA send (bsc#1144333). - CIFS: SMBD: _smbd_get_connection() can be static (bsc#1144333). - CIFS: SMBD: export protocol initial values (bsc#1144333). - CIFS: SMBD: fix spelling mistake: faield and legnth (bsc#1144333). - CIFS: SMBD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333). - CIFS: Set reconnect instance to one initially (bsc#1144333). - CIFS: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333). - CIFS: Try to acquire credits at once for compound requests (bsc#1144333). - CIFS: Use offset when reading pages (bsc#1144333). - CIFS: When sending data on socket, pass the correct page offset (bsc#1144333). - CIFS: add ONCE flag for cifs_dbg type (bsc#1144333). - CIFS: add SFM mapping for 0x01-0x1F (bsc#1144333). - CIFS: add iface info to struct cifs_ses (bsc#1144333). - CIFS: add sha512 secmech (bsc#1051510, bsc#1144333). - CIFS: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333). - CIFS: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333). - CIFS: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333). - CIFS: complete PDU definitions for interface queries (bsc#1144333). - CIFS: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333). - CIFS: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333). - CIFS: document tcon/ses/server refcount dance (bsc#1144333). - CIFS: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333). - CIFS: dump every session iface info (bsc#1144333). - CIFS: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333). - CIFS: fix circular locking dependency (bsc#1064701, bsc#1144333). - CIFS: fix deadlock in cached root handling (bsc#1144333). - CIFS: fix encryption in SMB3.1.1 (bsc#1144333). - CIFS: fix memory leak and remove dead code (bsc#1144333). - CIFS: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333). - CIFS: fix typo in cifs_dbg (bsc#1144333). - CIFS: fix uninitialized ptr deref in smb2 signing (bsc#1144333). - CIFS: fix use-after-free of the lease keys (bsc#1144333). - CIFS: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333). - CIFS: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333). - CIFS: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333). - CIFS: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333). - CIFS: make IPC a regular tcon (bsc#1071306, bsc#1144333). - CIFS: make arrays static const, reduces object code size (bsc#1144333). - CIFS: make mknod() an smb_version_op (bsc#1144333). - CIFS: move default port definitions to cifsglob.h (bsc#1144333). - CIFS: parse and store info on iface queries (bsc#1144333). - CIFS: pass page offsets on SMB1 read/write (bsc#1144333). - CIFS: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333). - CIFS: return correct errors when pinning memory failed for direct I/O (bsc#1144333). - CIFS: set *resp_buf_type to NO_BUFFER on error (bsc#1144333). - CIFS: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333). - CIFS: use the correct length when pinning memory for direct I/O for write (bsc#1144333). - CIFS: zero sensitive data when freeing (bsc#1087092, bsc#1144333). - Cleanup some minor endian issues in smb3 rdma (bsc#1144333). - Delete for bsc#1144979: bcache: kernel oops on reading sysfs cache_mode file patches.suse/0031-bcache-use-sysfs_match_string-instead-of-__sysfs_mat.patch. - Do not log confusing message on reconnect by default (bsc#1129664, bsc#1144333). - Do not log expected error on DFS referral request (bsc#1051510, bsc#1144333). - Drop an ASoC fix that was reverted in 4.14.y stable - EDAC/amd64: Decode syndrome before translating address (bsc#1114279). - EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279). - Fix SMB3.1.1 guest authentication to Samba (bsc#1085536, bsc#1144333). - Fix encryption labels and lengths for SMB3.1.1 (bsc#1085536, bsc#1144333). - Fix kABI after KVM fixes - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes). - Fix match_server check to allow for auto dialect negotiate (bsc#1144333). - Fix warning messages when mounting to older servers (bsc#1144333). - Fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935 allow write on the same file (bsc#1144333). - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510). - HID: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510). - HID: cp2112: prevent sleeping function called from invalid context (bsc#1051510). - HID: hiddev: avoid opening a disconnected device (bsc#1051510). - HID: hiddev: do cleanup in failure of opening a device (bsc#1051510). - HID: holtek: test for sanity of intfdata (bsc#1051510). - HID: sony: Fix race condition between rumble and device remove (bsc#1051510). - HID: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635). - HID: wacom: correct misreported EKR ring values (bsc#1142635). - HID: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510). - IB/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678). - ISDN: hfcsusb: checking idx of ep configuration (bsc#1051510). - Improve security, move default dialect to SMB3 from old CIFS (bsc#1051510, bsc#1144333). - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510). - Input: iforce - add sanity checks (bsc#1051510). - Input: kbtab - sanity check for endpoint type (bsc#1051510). - Input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510). - KVM: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388). - KVM: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408). - KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840). - KVM: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840). - KVM: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840). - KVM: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840). - KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840). - KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840). - KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840). - KVM: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393). - KVM: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395). - KVM: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394). - KVM: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - KVM: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392). - KVM: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389). - KVM: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390). - KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397). - KVM: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104). - KVM: x86: Unconditionally enable irqs in guest context (bsc#1145396). - KVM: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409). - KVM: x86: fix backward migration with async_PF (bsc#1146074). - Move upstreamed nvme fix into sorted section - NFS4: Fix v4.0 client state corruption when mount (git-fixes). - NFS: Cleanup if nfs_match_client is interrupted (bsc#1134291). - NFS: Do not interrupt file writeout due to fatal errors (git-fixes). - NFS: Do not open code clearing of delegation state (git-fixes). - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes). - NFS: Fix a double unlock from nfs_match,get_client (bsc#1134291). - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes). - NFS: Fix the inode request accounting when pages have subrequests (bsc#1140012). - NFS: Forbid setting AF_INET6 to 'struct sockaddr_in'->sin_family (git-fixes). - NFS: Refactor nfs_lookup_revalidate() (git-fixes). - NFS: Remove redundant semicolon (git-fixes). - NFS: make nfs_match_client killable (bsc#1134291). - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes). - NFSv4.1: Fix open stateid recovery (git-fixes). - NFSv4.1: Only reap expired delegations (git-fixes). - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes). - NFSv4: Check the return value of update_open_stateid() (git-fixes). - NFSv4: Fix OPEN / CLOSE race (git-fixes). - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes). - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes). - NFSv4: Fix delegation state recovery (git-fixes). - NFSv4: Fix lookup revalidate of regular files (git-fixes). - NFSv4: Handle the special Linux file open access mode (git-fixes). - NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes). - Negotiate and save preferred compression algorithms (bsc#1144333). - PCI: PM/ACPI: Refresh all stale power state data in pci_pm_complete() (bsc#1149106). - PCI: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841). - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423). - PCI: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701). - PM / OPP: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294). - PM / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813). - PM / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813). - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510). - PNFS fallback to MDS if no deviceid found (git-fixes). - Remove ifdef since SMB3 (and later) now STRONGLY preferred (bsc#1051510, bsc#1144333). - Revert 'Bluetooth: validate BLE connection interval updates' (bsc#1051510). - Revert 'cfg80211: fix processing world regdomain when non modular' (bsc#1051510). - Revert 'dm bufio: fix deadlock with loop device' (git fixes). - Revert 'mwifiex: fix system hang problem after resume' (bsc#1051510). - Revert 'net: ena: ethtool: add extra properties retrieval via get_priv_flags' (bsc#1139020 bsc#1139021). - Revert 'scsi: ncr5380: Increase register polling limit' (git-fixes). - Revert 'scsi: ufs: disable vccq if it's not needed by UFS device' (git-fixes). - Revert i915 userptr page lock patch (bsc#1145051) - Revert patches.suse/0001-blk-wbt-Avoid-lock-contention-and-thundering-herd-is.patch (bsc#1141543) As we see stalls / crashes recently with the relevant code path, revert this patch tentatively. - SMB3.1.1 dialect is no longer experimental (bsc#1051510, bsc#1144333). - SMB3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333). - SMB311: Fix reconnect (bsc#1051510, bsc#1144333). - SMB311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333). - SMB3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333). - SMB3: Add defines for new negotiate contexts (bsc#1144333). - SMB3: Add handling for different FSCTL access flags (bsc#1144333). - SMB3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333). - SMB3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333). - SMB3: Allow persistent handle timeout to be configurable on mount (bsc#1144333). - SMB3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333). - SMB3: Backup intent flag missing from compounded ops (bsc#1144333). - SMB3: Clean up query symlink when reparse point (bsc#1144333). - SMB3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333). - SMB3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333). - SMB3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333). - SMB3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333). - SMB3: Fix endian warning (bsc#1144333, bsc#1137884). - SMB3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333). - SMB3: Fix potential memory leak when processing compound chain (bsc#1144333). - SMB3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333). - SMB3: Log at least once if tree connect fails during reconnect (bsc#1144333). - SMB3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333). - SMB3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333). - SMB3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333). - SMB3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333). - SMB3: handle new statx fields (bsc#1085536, bsc#1144333). - SMB3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333). - SMB3: query inode number on open via create context (bsc#1144333). - SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333). - SMB3: update comment to clarify enumerating snapshots (bsc#1144333). - SMB: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333). - SMB: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333). - SMB: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333). - SUNRPC fix regression in umount of a secure mount (git-fixes). - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes). - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes). - Tree connect for SMB3.1.1 must be signed for non-encrypted shares (bsc#1051510, bsc#1144333). - USB: CDC: fix sanity checks in CDC union parser (bsc#1142635). - USB: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510). - USB: core: Fix races in character device registration and deregistraion (bsc#1051510). - USB: serial: option: Add Motorola modem UARTs (bsc#1051510). - USB: serial: option: Add support for ZTE MF871A (bsc#1051510). - USB: serial: option: add D-Link DWM-222 device ID (bsc#1051510). - USB: serial: option: add the BroadMobi BM818 card (bsc#1051510). - USB: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510). - USB: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510). - USB: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510). - Update config files. (bsc#1145687) Add the following kernel config to ARM64: CONFIG_ACPI_PCI_SLOT=y CONFIG_HOTPLUG_PCI_ACPI=y - Update config files. - CIFS: SMBD: Introduce kernel config option CONFIG_CIFS_SMB_DIRECT (bsc#1144333). - Update config files. - CIFS: add CONFIG_CIFS_DEBUG_KEYS to dump encryption keys (bsc#1144333). - Update config files. - cifs: allow disabling insecure dialects in the config (bsc#1144333). - Update session and share information displayed for debugging SMB2/SMB3 (bsc#1144333). - Update version of cifs module (bsc#1144333). - VMCI: Release resource if the work is already queued (bsc#1051510). - add some missing definitions (bsc#1144333). - address lock imbalance warnings in smbdirect.c (bsc#1144333). - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02). - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680). - ata: libahci: do not complain in case of deferred probe (bsc#1051510). - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510). - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08). - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510). - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510). - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510). - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes). - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510). - bio: fix improper use of smp_mb__before_atomic() (git fixes). - blk-flush: do not run queue for requests bypassing flush (bsc#1137959). - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959). - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959). - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610). - blk-mq: Fix spelling in a source code comment (git fixes). - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661). - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959). - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959). - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661). - blk-mq: kABI fixes for blk-mq.h (bsc#1137959). - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959). - blk-mq: punt failed direct issue to dispatch list (bsc#1137959). - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - block, documentation: Fix wbt_lat_usec documentation (git fixes). - block: fix timeout changes for legacy request drivers (bsc#1149446). - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076). - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076). - bnx2x: Disable multi-cos feature (networking-stable-19_08_08). - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25). - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013). - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013). - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - bonding: Always enable vlan tx offload (networking-stable-19_07_02). - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013). - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013). - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25). - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911). - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911). - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911). - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911). - btrfs: fix pinned underflow after transaction aborted (bsc#1050911). - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911). - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975). - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972). - btrfs: start readahead also in seed devices (bsc#1144886). - btrfs: track running balance in a simpler way (bsc#1145059). - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25). - can: m_can: implement errata 'Needless activation of MRAF irq' (bsc#1051510). - can: mcp251x: add support for mcp25625 (bsc#1051510). - can: peak_usb: fix potential double kfree_skb() (bsc#1051510). - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510). - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510). - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510). - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510). - can: sja1000: force the string buffer NULL-terminated (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1142635). - ceph: always get rstat from auth mds (bsc#1146346). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: decode feature bits in session message (bsc#1146346). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: fix 'ceph.dir.rctime' vxattr value (bsc#1148133 bsc#1135219). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: support cephfs' own feature bits (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: use bit flags to define vxattr attributes (bsc#1146346). - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133). - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333). - cifs: Add DFS cache routines (bsc#1144333). - cifs: Add minor debug message during negprot (bsc#1144333). - cifs: Add smb2_send_recv (bsc#1144333). - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333). - cifs: Add support for failover in cifs_mount() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333). - cifs: Add support for failover in smb2_reconnect() (bsc#1144333). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333). - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333). - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333). - cifs: Call MID callback before destroying transport (bsc#1144333). - cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333). - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333). - cifs: Do not match port on SMBDirect transport (bsc#1144333). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333). - cifs: Fix DFS cache refresher for DFS links (bsc#1144333). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: Fix a debug message (bsc#1144333). - cifs: Fix a race condition with cifs_echo_request (bsc#1144333). - cifs: Fix a tiny potential memory leak (bsc#1144333). - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333). - cifs: Fix check for matching with existing mount (bsc#1144333). - cifs: Fix encryption/signing (bsc#1144333). - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333). - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333). - cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333). - cifs: Fix lease buffer length error (bsc#1144333). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333). - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333). - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333). - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333). - cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333). - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333). - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333). - cifs: Fix use-after-free in SMB2_read (bsc#1144333). - cifs: Fix use-after-free in SMB2_write (bsc#1144333). - cifs: Fix validation of signed data in smb2 (bsc#1144333). - cifs: Fix validation of signed data in smb3+ (bsc#1144333). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333). - cifs: Limit memory used by lock request calls to a page (bsc#1144333). - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333). - cifs: Make sure all data pages are signed correctly (bsc#1144333). - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333). - cifs: Minor Kconfig clarification (bsc#1144333). - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333). - cifs: Only free DFS target list if we actually got one (bsc#1144333). - cifs: Properly handle auto disabling of serverino option (bsc#1144333). - cifs: Refactor out cifs_mount() (bsc#1144333). - cifs: Save TTL value when parsing DFS referrals (bsc#1144333). - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333). - cifs: Silence uninitialized variable warning (bsc#1144333). - cifs: Skip any trailing backslashes from UNC (bsc#1144333). - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333). - cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333). - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333). - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333). - cifs: Use kzfree() to free password (bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333). - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333). - cifs: add .splice_write (bsc#1144333). - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333). - cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333). - cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333). - cifs: add SMB2_query_info_[init|free]() (bsc#1144333). - cifs: add a new SMB2_close_flags function (bsc#1144333). - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333). - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333). - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333). - cifs: add compound_send_recv() (bsc#1144333). - cifs: add credits from unmatched responses/messages (bsc#1144333). - cifs: add debug output to show nocase mount option (bsc#1144333). - cifs: add fiemap support (bsc#1144333). - cifs: add lease tracking to the cached root fid (bsc#1144333). - cifs: add missing GCM module dependency (bsc#1144333). - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333). - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333). - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333). - cifs: add server argument to the dump_detail method (bsc#1144333). - cifs: add server->vals->header_preamble_size (bsc#1144333). - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333). - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333). - cifs: add support for ioctl on directories (bsc#1144333). - cifs: address trivial coverity warning (bsc#1144333). - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333). - cifs: allow disabling less secure legacy dialects (bsc#1144333). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333). - cifs: always add credits back for unsolicited PDUs (bsc#1144333). - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333). - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333). - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333). - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333). - cifs: change mkdir to use a compound (bsc#1144333). - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333). - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333). - cifs: change unlink to use a compound (bsc#1144333). - cifs: change validate_buf to validate_iov (bsc#1144333). - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333). - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333). - cifs: check kmalloc before use (bsc#1051510, bsc#1144333). - cifs: check kzalloc return (bsc#1144333). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333). - cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333). - cifs: clean up indentation, replace spaces with tab (bsc#1144333). - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333). - cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333). - cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333). - cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333). - cifs: create a helper function for compound query_info (bsc#1144333). - cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333). - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333). - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333). - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333). - cifs: do not return atime less than mtime (bsc#1144333). - cifs: do not show domain= in mount output when domain is empty (bsc#1144333). - cifs: do not use __constant_cpu_to_le32() (bsc#1144333). - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333). - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333). - cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333). - cifs: fix SMB1 breakage (bsc#1144333). - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333). - cifs: fix a credits leak for compund commands (bsc#1144333). - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333). - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333). - cifs: fix build errors for SMB_DIRECT (bsc#1144333). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333). - cifs: fix confusing warning message on reconnect (bsc#1144333). - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333). - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333). - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333). - cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333). - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333). - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333). - cifs: fix kref underflow in close_shroot() (bsc#1144333). - cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333). - cifs: fix memory leak in SMB2_read (bsc#1144333). - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333). - cifs: fix page reference leak with readv/writev (bsc#1144333). - cifs: fix panic in smb2_reconnect (bsc#1144333). - cifs: fix parsing of symbolic link error response (bsc#1144333). - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333). - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333). - cifs: fix smb3_zero_range for Azure (bsc#1144333). - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333). - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333). - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333). - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333). - cifs: flush before set-info if we have writeable handles (bsc#1144333). - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333). - cifs: handle netapp error codes (bsc#1136261). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333). - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333). - cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333). - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333). - cifs: make rmdir() use compounding (bsc#1144333). - cifs: make smb_send_rqst take an array of requests (bsc#1144333). - cifs: minor clarification in comments (bsc#1144333). - cifs: minor updates to module description for cifs.ko (bsc#1144333). - cifs: move large array from stack to heap (bsc#1144333). - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333). - cifs: pass flags down into wait_for_free_credits() (bsc#1144333). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333). - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333). - cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333). - cifs: protect against server returning invalid file system block size (bsc#1144333). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: push rfc1002 generation down the stack (bsc#1144333). - cifs: read overflow in is_valid_oplock_break() (bsc#1144333). - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333). - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333). - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333). - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333). - cifs: remove header_preamble_size where it is always 0 (bsc#1144333). - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333). - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333). - cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333). - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333). - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333). - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333). - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333). - cifs: remove set but not used variable 'sep' (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variable 'smb_buf' (bsc#1144333). - cifs: remove small_smb2_init (bsc#1144333). - cifs: remove smb2_send_recv() (bsc#1144333). - cifs: remove struct smb2_hdr (bsc#1144333). - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333). - cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333). - cifs: remove unused stats (bsc#1144333). - cifs: remove unused value pointed out by Coverity (bsc#1144333). - cifs: remove unused variable from SMB2_read (bsc#1144333). - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333). - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - cifs: replace snprintf with scnprintf (bsc#1144333). - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333). - cifs: return error on invalid value written to cifsFYI (bsc#1144333). - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333). - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333). - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333). - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333). - cifs: simple stats should always be enabled (bsc#1144333). - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files. - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333). - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333). - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333). - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333). - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333). - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333). - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333). - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333). - cifs: smbd: Dump SMB packet when configured (bsc#1144333). - cifs: smbd: Enable signing with smbdirect (bsc#1144333). - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333). - cifs: smbd: Retry on memory registration failure (bsc#1144333). - cifs: smbd: Return EINTR when interrupted (bsc#1144333). - cifs: smbd: avoid reconnect lockup (bsc#1144333). - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333). - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333). - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333). - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333). - cifs: suppress some implicit-fallthrough warnings (bsc#1144333). - cifs: track writepages in vfs operation counters (bsc#1144333). - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333). - cifs: update calc_size to take a server argument (bsc#1144333). - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333). - cifs: update internal module number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333). - cifs: update module internal version number (bsc#1144333). - cifs: update multiplex loop to handle compounded responses (bsc#1144333). - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333). - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333). - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333). - cifs: update smb2_queryfs() to use compounding (bsc#1144333). - cifs: use a compound for setting an xattr (bsc#1144333). - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333). - cifs: use correct format characters (bsc#1144333). - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333). - cifs: we can not use small padding iovs together with encryption (bsc#1144333). - cifs: zero-range does not require the file is sparse (bsc#1144333). - cifs:smbd Use the correct DMA direction when sending data (bsc#1144333). - cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333). - cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333). - cifs_lookup(): switch to d_splice_alias() (bsc#1144333). - clk: Export clk_bulk_prepare() (bsc#1144813). - clk: add clk_bulk_get accessories (bsc#1144813). - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510). - clk: bcm2835: remove pllb (jsc#SLE-7294). - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294). - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813). - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294). - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510). - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813). - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510). - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510). - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510). - coredump: split pipe command whitespace before expanding template (bsc#1051510). - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279). - cpufreq: add driver for Raspberry Pi (jsc#SLE-7294). - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294). - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510). - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510). - crypto: cavium/zip - Add missing single_release() (bsc#1051510). - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510). - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510). - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934). - crypto: ccp - Reduce maximum stack usage (bsc#1051510). - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510). - crypto: qat - Silence smp_processor_id() warning (bsc#1051510). - crypto: skcipher - Unmap pages after an external error (bsc#1051510). - cx82310_eth: fix a memory leak bug (bsc#1051510). - devres: always use dev_name() in devm_ioremap_resource() (git fixes). - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333). - dm btree: fix order of block initialization in btree_split_beneath (git fixes). - dm bufio: fix deadlock with loop device (git fixes). - dm cache metadata: Fix loading discard bitset (git fixes). - dm crypt: do not overallocate the integrity tag space (git fixes). - dm crypt: fix parsing of extended IV arguments (git fixes). - dm delay: fix a crash when invalid device is specified (git fixes). - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes). - dm integrity: limit the rate of error messages (git fixes). - dm kcopyd: always complete failed jobs (git fixes). - dm log writes: make sure super sector log updates are written in order (git fixes). - dm raid: add missing cleanup in raid_ctr() (git fixes). - dm space map metadata: fix missing store of apply_bops() return value (git fixes). - dm table: fix invalid memory accesses with too high sector number (git fixes). - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes). - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes). - dm thin: fix passdown_double_checking_shared_status() (git fixes). - dm zoned: Fix zone report handling (git fixes). - dm zoned: Silence a static checker warning (git fixes). - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes). - dm zoned: fix zone state management race (git fixes). - dm zoned: improve error handling in i/o map code (git fixes). - dm zoned: improve error handling in reclaim (git fixes). - dm zoned: properly handle backing device failure (git fixes). - dm: fix to_sector() for 32bit (git fixes). - dm: revert 8f50e358153d ('dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE') (git fixes). - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510). - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510). - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510). - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510). - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510). - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642) - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642) - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635) - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510). - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635) - drm/i915: Fix various tracepoints for gen2 (bsc#1113722) - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635) - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635) - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722) - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642) - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642) - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642) - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642) - drm/mediatek: fix unbind functions (bsc#1135642) - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635) - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642) - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635) - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635) - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635) - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1142635) - drm/udl: introduce a macro to convert dev to udl. (bsc#1113722) - drm/udl: move to embedding drm device inside udl device. (bsc#1113722) - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642) - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642) - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510). - drm: msm: Fix add_gpu_components (bsc#1051510). - drm: silence variable 'conn' set but not used (bsc#1051510). - eeprom: at24: make spd world-readable again (git-fixes). - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510). - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025). - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024). - ext4: use jbd2_inode dirty range scoping (bsc#1148616). - firmware: raspberrypi: register clk device (jsc#SLE-7294). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333). - fix struct ufs_req removal of unused field (git-fixes). - fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333). - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333). - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333). - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333). - fs/cifs: fix uninitialised variable warnings (bsc#1144333). - fs/cifs: require sha512 (bsc#1051510, bsc#1144333). - fs/cifs: suppress a string overflow warning (bsc#1144333). - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031). - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333). - fs: cifs: Kconfig: pedantic formatting (bsc#1144333). - fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333). - fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333). - fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033). - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510). - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418). - ftrace: Check for successful allocation of hash (bsc#1149424). - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413). - gpio: Fix build error of function redefinition (bsc#1051510). - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510). - gpio: fix line flag validation in lineevent_create (bsc#1051510). - gpio: fix line flag validation in linehandle_create (bsc#1051510). - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510). - gpio: mxs: Get rid of external API call (bsc#1051510). - gpio: pxa: handle corner case of unprobed device (bsc#1051510). - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510). - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510). - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510). - gpiolib: only check line handle flags once (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635) - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510). - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510). - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510). - i2c: emev2: avoid race when unregistering slave client (bsc#1051510). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510). - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510). - ibmveth: Convert multicast list size for little-endian system (bsc#1061843). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - ife: error out when nla attributes are empty (networking-stable-19_08_08). - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25). - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510). - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510). - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510). - include/linux/bitops.h: sanitize rotate primitives (git fixes). - intel_th: pci: Add Tiger Lake support (bsc#1051510). - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510). - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010). - iommu/amd: Fix race in increase_address_space() (bsc#1150860). - iommu/amd: Flush old domains in kdump kernel (bsc#1150861). - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105). - iommu/dma: Fix for dereferencing before null checking (bsc#1151667). - iommu/dma: Handle SG length overflow better (bsc#1146084). - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08). - ipip: validate header length in ipip_tunnel_xmit (git-fixes). - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25). - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28). - irqchip/gic-v3-its: fix build warnings (bsc#1144880). - isdn/capi: check message length in capi_write() (bsc#1051510). - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510). - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510). - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086). - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510). - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902). - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version < 41 (bsc#1142635). - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510). - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635). - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843). - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616). - kABI: Fix kABI for 'struct amd_iommu' (bsc#1145010). - kABI: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI - kABI: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI - kabi/severities: Whitelist a couple of xive functions xive_cleanup_irq_data and xive_native_populate_irq_data are exported by the xive interupt controller driver and used by KVM. I do not expect any out-of-tree driver can sanely use these. - kasan: remove redundant initialization of variable 'real_size' (git fixes). - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510). - keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510). - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882). - kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391). - lan78xx: Fix memory leaks (bsc#1051510). - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510). - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510). - libata: add SG safety checks in SFF pio transfers (bsc#1051510). - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510). - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450). - libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: handle zero-length data items (bsc#1141450). - libceph: introduce BVECS data type (bsc#1141450). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph: use single request data item for cmp/setxattr (bsc#1139101). - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510). - libiscsi: do not try to bypass SCSI EH (bsc#1142076). - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720). - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510). - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995). - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes). - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510). - mac80211: do not warn about CW params when not using them (bsc#1051510). - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635). - mac80211: fix possible sta leak (bsc#1051510). - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510). - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes). - md/raid: raid5 preserve the writeback action after the parity check (git fixes). - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes). - md: do not report active array_state until after revalidate_disk() completes (git-fixes). - md: only call set_in_sync() when it is expected to succeed (git-fixes). - media: Revert '[media] marvell-ccic: reset ccic phy when stop streaming for stability' (bsc#1051510). - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510). - media: au0828: fix null dereference in error path (bsc#1051510). - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510). - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). - media: em28xx: stop rewriting device's struct (bsc#1051510). - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510). - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510). - media: mc-device.c: do not memset __user pointer contents (bsc#1051510). - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510). - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510). - media: pvrusb2: use a different format for warnings (bsc#1051510). - media: replace strcpy() by strscpy() (bsc#1051510). - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510). - media: tm6000: double free if usb disconnect while streaming (bsc#1051510). - media: vb2: Fix videobuf2 to map correct area (bsc#1051510). - mfd: arizona: Fix undefined behavior (bsc#1051510). - mfd: core: Set fwnode for created devices (bsc#1051510). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510). - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875). - mic: avoid statically declaring a 'struct device' (bsc#1051510). - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality). - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality). - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality). - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality). - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality). - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality). - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality). - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality). - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality). - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality). - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689). - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality). - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616). - mm: do not stall register_shrinker() (bsc#1104902, VM Performance). - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality). - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510). - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510). - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510). - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635). - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086). - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510). - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875). - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875). - move a few externs to smbdirect.h to eliminate warning (bsc#1144333). - move irq_data_get_effective_affinity_mask prior the sorted section - mpls: fix warning with multi-label encap (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510). - mvpp2: refactor MTU change code (networking-stable-19_08_08). - nbd: replace kill_bdev() with __invalidate_device() again (git fixes). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678). - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25). - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21). - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08). - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21). - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21). - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28). - net: Fix netdev_WARN_ONCE macro (git-fixes). - net: Introduce netdev_*_once functions (networking-stable-19_07_25). - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25). - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08). - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25). - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25). - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021). - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021). - net: ena: add good checksum counter (bsc#1139020 bsc#1139021). - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021). - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021). - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021). - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021). - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021). - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021). - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021). - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021). - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021). - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021). - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021). - net: fix ifindex collision during namespace removal (networking-stable-19_08_08). - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25). - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25). - net: openvswitch: fix csum updates for MPLS actions (networking-stable-19_07_25). - net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02). - net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08). - net: sched: verify that q!=NULL before setting q->flags (git-fixes). - net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02). - net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02). - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25). - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25). - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25). - nfsd: Do not release the callback slot unless it was actually held (git-fixes). - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381). - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381). - nfsd: fix performance-limiting session calculation (bsc#1150381). - nfsd: give out fewer session slots as limit approaches (bsc#1150381). - nfsd: handle drc over-allocation gracefully (bsc#1150381). - nfsd: increase DRC cache limit (bsc#1150381). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - null_blk: complete requests from ->timeout (bsc#1149446). - null_blk: wire up timeouts (bsc#1149446). - nvme-core: Fix extra device_put() call on error path (bsc#1142541). - nvme-fc: fix module unloads while lports still pending (bsc#1150033). - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554). - nvme-multipath: relax ANA state check (bsc#1123105). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876). - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,). - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076). - nvme-rdma: centralize controller setup sequence (bsc#1142076). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: stop admin queue before freeing it (bsc#1140155). - nvme-rdma: support up to 4 segments of inline data (bsc#1142076). - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076). - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076). - nvme: cancel request synchronously (bsc#1145661). - nvme: change locking for the per-subsystem controller list (bsc#1142541). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426) - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938). - nvme: remove ns sibling before clearing path (bsc#1140155). - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076). - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes). - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302). - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300). - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510). - pNFS/flexfiles: Turn off soft RPC calls (git-fixes). - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510). - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510). - pNFS/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes). - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510). - power: supply: Init device wakeup after device_add() (bsc#1051510). - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729). - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664). - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729). - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729). - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664). - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664). - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664). - powerpc/64s: Include cpu header (bsc#1065729). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes). - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664). - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664). - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729). - powerpc/fadump: Do not allow hot-remove memory from fadump reserved area (bsc#1120937). - powerpc/fadump: Reservationless firmware assisted dump (bsc#1120937). - powerpc/fadump: Throw proper error message on fadump registration failure (bsc#1120937). - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376). - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729). - powerpc/irq: drop arch_early_irq_init() (bsc#1065729). - powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600). - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729). - powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509). - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664). - powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509). - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664). - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664). - powerpc/mm: Handle page table allocation failures (bsc#1065729). - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729). - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729). - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729). - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686). - powerpc/perf: Add mem access events to sysfs (bsc#1124370). - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686). - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686). - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686). - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840). - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840). - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729). - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729). - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729). - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes). - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958). - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729). - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958). - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729). - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158). - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729). - powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes). - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158). - powerpc/pseries: add missing cpumask.h include file (bsc#1065729). - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925). - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868). - powerpc/rtas: use device model APIs and serialization during LPM (bsc#1144123 ltc#178840). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729). - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762). - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729). - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019). - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019). - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729). - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764). - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729). - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729). - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958). - ppp: Fix memory leak in ppp_write (git-fixes). - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712). - printk: Do not lose last line in kmsg buffer dump (bsc#1152460). - printk: fix printk_time race (bsc#1152466). - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510). - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len & size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - quota: fix wrong condition in is_quota_modification() (bsc#1152026). - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510). - rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450). - rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450). - rbd: get rid of img_req->copyup_pages (bsc#1141450). - rbd: move from raw pages to bvec data descriptors (bsc#1141450). - rbd: remove bio cloning helpers (bsc#1141450). - rbd: start enums at 1 instead of 0 (bsc#1141450). - rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450). - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510). - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510). - rpm/kernel-binary.spec.in: Enable missing modules check. - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510). - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510). - rpmsg: smd: fix memory leak on channel create (bsc#1051510). - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510). - rslib: Fix decoding of shortened codes (bsc#1051510). - rslib: Fix handling of of caller provided syndrome (bsc#1051510). - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510). - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25). - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339). - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331). - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339). - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339). - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339). - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339). - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339). - samples, bpf: fix to change the buffer size for read() (bsc#1051510). - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510). - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510). - scripts/gdb: fix lx-version string output (bsc#1051510). - scripts/git_sort/git_sort.py: - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes). - scsi: aacraid: Fix missing break in switch statement (git-fixes). - scsi: aacraid: Fix performance issue on logical drives (git-fixes). - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes). - scsi: aic94xx: fix module loading (git-fixes). - scsi: bfa: convert to strlcpy/strlcat (git-fixes). - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes). - scsi: core: Fix race on creating sense cache (git-fixes). - scsi: core: Synchronize request queue PM status only on successful resume (git-fixes). - scsi: core: set result when the command cannot be dispatched (git-fixes). - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868). - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes). - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes. - scsi: fas216: fix sense buffer initialization (git-fixes). - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes). - scsi: libfc: fix null pointer dereference on a null lport (git-fixes). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes). - scsi: libsas: delete sas port if expander discover failed (git-fixes). - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes). - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes). - scsi: megaraid: fix out-of-bound array accesses (git-fixes). - scsi: megaraid_sas: Fix calculation of target ID (git-fixes). - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976). - scsi: qedf: Add shutdown callback handler (bsc#1149976). - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976). - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976). - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976). - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976). - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976). - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976). - scsi: qedf: Print message during bailout conditions (bsc#1149976). - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976). - scsi: qedf: Update module description string (bsc#1149976). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976). - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976). - scsi: qedf: Use discovery list to traverse rports (bsc#1149976). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes). - scsi: qedf: remove set but not used variables (bsc#1149976). - scsi: qedi: remove declaration of nvm_image from stack (git-fixes). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs. - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a format specifier (git-fixes). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix device staying in blocked state (git-fixes). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Include the header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the include directive (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update two source code comments (git-fixes). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake 'initializatin' -> 'initialization' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes). - scsi: raid_attrs: fix unused variable warning (git-fixes). - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes). - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes). - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes). - scsi: sd: Fix cache_type_store() (git-fixes). - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes). - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes). - scsi: sd: use mempool for discard special page (git-fixes). - scsi: sd_zbc: Fix potential memory leak (git-fixes). - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes). - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes). - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes). - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes). - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes). - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes). - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes). - scsi_transport_fc: complete requests from ->timeout (bsc#1142076). - sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02). - sctp: fix the transport error_count check (networking-stable-19_08_21). - secure boot lockdown: Fix-up backport of /dev/mem access restriction. The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned. - set CONFIG_FB_HYPERV=m to avoid conflict with efifb (bsc#1145134) - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333). - sis900: fix TX completion (bsc#1051510). - sky2: Disable MSI on ASUS P6T (bsc#1142496). - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510). - slip: make slhc_free() silently accept an error pointer (bsc#1051510). - slip: sl_alloc(): remove unused parameter 'dev_t line' (bsc#1051510). - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333). - smb2: fix typo in definition of a few error flags (bsc#1144333). - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333). - smb3 - clean up debug output displaying network interfaces (bsc#1144333). - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333). - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333). - smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333). - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333). - smb3: Add protocol structs for change notify support (bsc#1144333). - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333). - smb3: Allow query of symlinks stored as reparse points (bsc#1144333). - smb3: Cleanup license mess (bsc#1144333). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333). - smb3: Fix enumerating snapshots to Azure (bsc#1144333). - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333). - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333). - smb3: Send netname context during negotiate protocol (bsc#1144333). - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333). - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333). - smb3: add credits we receive from oplock/break PDUs (bsc#1144333). - smb3: add debug for unexpected mid cancellation (bsc#1144333). - smb3: add define for id for posix create context and corresponding struct (bsc#1144333). - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333). - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333). - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333). - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333). - smb3: add missing read completion trace point (bsc#1144333). - smb3: add module alias for smb3 to cifs.ko (bsc#1144333). - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333). - smb3: add reconnect tracepoints (bsc#1144333). - smb3: add smb3.1.1 to default dialect list (bsc#1144333). - smb3: add support for posix negotiate context (bsc#1144333). - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333). - smb3: add trace point for tree connection (bsc#1144333). - smb3: add tracepoint for sending lease break responses to server (bsc#1144333). - smb3: add tracepoint for session expired or deleted (bsc#1144333). - smb3: add tracepoint for slow responses (bsc#1144333). - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333). - smb3: add tracepoints for query dir (bsc#1144333). - smb3: add tracepoints for smb2/smb3 open (bsc#1144333). - smb3: add way to control slow response threshold for logging and stats (bsc#1144333). - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333). - smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333). - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333). - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333). - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333). - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333). - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333). - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333). - smb3: display session id in debug data (bsc#1144333). - smb3: display stats counters for number of slow commands (bsc#1144333). - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333). - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333). - smb3: do not display confusing message on mount to Azure servers (bsc#1144333). - smb3: do not display empty interface list (bsc#1144333). - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333). - smb3: do not send compression info by default (bsc#1144333). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333). - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333). - smb3: fix bytes_read statistics (bsc#1144333). - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333). - smb3: fix large reads on encrypted connections (bsc#1144333). - smb3: fix lease break problem introduced by compounding (bsc#1144333). - smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333). - smb3: fix redundant opens on root (bsc#1144333). - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333). - smb3: fix various xid leaks (bsc#1051510, bsc#1144333). - smb3: for kerberos mounts display the credential uid used (bsc#1144333). - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333). - smb3: if server does not support posix do not allow posix mount option (bsc#1144333). - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333). - smb3: increase initial number of credits requested to allow write (bsc#1144333). - smb3: make default i/o size for smb3 mounts larger (bsc#1144333). - smb3: minor cleanup of compound_send_recv (bsc#1144333). - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333). - smb3: minor missing defines relating to reparse points (bsc#1144333). - smb3: missing defines and structs for reparse point handling (bsc#1144333). - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333). - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333). - smb3: optimize open to not send query file internal info (bsc#1144333). - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333). - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333). - smb3: remove per-session operations from per-tree connection stats (bsc#1144333). - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333). - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333). - smb3: request more credits on tree connect (bsc#1144333). - smb3: send CAP_DFS capability during session setup (bsc#1144333). - smb3: send backup intent on compounded query info (bsc#1144333). - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333). - smb3: smbdirect no longer experimental (bsc#1144333). - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333). - smb3: track the instance of each session for debugging (bsc#1144333). - smb3: trivial cleanup to smb2ops.c (bsc#1144333). - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333). - smbd: Make upper layer decide when to destroy the transport (bsc#1144333). - smpboot: Place the __percpu annotation correctly (git fixes). - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813). - sound: fix a memory leak bug (bsc#1051510). - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510). - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510). - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510). - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510). - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510). - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510). - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Remove duplicate drivers/ata/libahci_platform - supported.conf: Sort alphabetically, align comments. - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25). - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28). - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - test_firmware: fix a memory leak bug (bsc#1051510). - tipc: change to use register_pernet_device (networking-stable-19_07_02). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555). - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555). - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555). - tpm: Unify the send callback behaviour (bsc#1082555). - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555). - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555). - tracing: Fix header include guards in trace event headers (bsc#1144474). - treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333). - tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02). - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617). - update internal version number for cifs.ko (bsc#1144333). - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510). - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635). - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510). - usb: gadget: composite: Clear 'suspended' on reset/disconnect (bsc#1051510). - usb: gadget: udc: renesas_usb3: Fix sysfs interface of 'role' (bsc#1142635). - usb: host: fotg2: restart hcd after port reset (bsc#1051510). - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510). - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510). - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510). - usb: iowarrior: fix deadlock on disconnect (bsc#1051510). - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510). - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510). - vfs: fix page locking deadlocks when deduping files (bsc#1148619). - video: ssd1307fb: Start page range at page_offset (bsc#1113722) - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25). - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510). - watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510). - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510). - watchdog: fix compile time error of pretimeout governors (bsc#1051510). - wimax/i2400m: fix a memory leak bug (bsc#1051510). - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279). - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955). - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279). - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689). - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279). - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279). - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279). - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279). - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279). - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600). - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600). - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21). - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600). - xen/xenbus: fix self-deadlock after killing user process (bsc#1065600). - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix bucket count reported to userspace (bsc#1143300). - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300). - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035). - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053). - xfs: dump transaction usage details on log reservation overrun (bsc#1145235). - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235). - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032). - xfs: fix semicolon.cocci warnings (bsc#1145235). - xfs: fix up agi unlinked list reservations (bsc#1145235). - xfs: include an allocfree res for inobt modifications (bsc#1145235). - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235). - xfs: print transaction log reservation on overrun (bsc#1145235). - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235). - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235). - xfs: remove more ondisk directory corruption asserts (bsc#1148034). - xfs: separate shutdown from ticket reservation print helper (bsc#1145235). - xfs: truncate transaction does not modify the inobt (bsc#1145235). ----------------------------------------- Patch: SUSE-2019-2656 Released: Mon Oct 14 17:02:24 2019 Summary: Security update for sudo Severity: important References: 1153674,CVE-2019-14287 Description: This update for sudo fixes the following issue: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). ----------------------------------------- Patch: SUSE-2019-2657 Released: Mon Oct 14 17:04:07 2019 Summary: Security update for dhcp Severity: moderate References: 1089524,1134078,1136572,CVE-2019-6470 Description: This update for dhcp fixes the following issues: Secuirty issue fixed: - CVE-2019-6470: Fixed DHCPv6 server crashes (bsc#1134078). Bug fixes: - Add compile option --enable-secs-byteorder to avoid duplicate lease warnings (bsc#1089524). - Use IPv6 when called as dhclient6, dhcpd6, and dhcrelay6 (bsc#1136572). ----------------------------------------- Patch: SUSE-2019-2673 Released: Tue Oct 15 16:53:08 2019 Summary: Security update for libpcap Severity: important References: 1153332,CVE-2018-16301,CVE-2019-15165 Description: This update for libpcap fixes the following issues: - CVE-2019-15165: Added sanity checks for PHB header length before allocating memory (bsc#1153332). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332). ----------------------------------------- Patch: SUSE-2019-2674 Released: Tue Oct 15 16:53:28 2019 Summary: Security update for tcpdump Severity: important References: 1068716,1153098,1153332,CVE-2017-16808,CVE-2018-10103,CVE-2018-10105,CVE-2018-14461,CVE-2018-14462,CVE-2018-14463,CVE-2018-14464,CVE-2018-14465,CVE-2018-14466,CVE-2018-14467,CVE-2018-14468,CVE-2018-14469,CVE-2018-14470,CVE-2018-14879,CVE-2018-14880,CVE-2018-14881,CVE-2018-14882,CVE-2018-16227,CVE-2018-16228,CVE-2018-16229,CVE-2018-16230,CVE-2018-16300,CVE-2018-16301,CVE-2018-16451,CVE-2018-16452,CVE-2019-1010220,CVE-2019-15166,CVE-2019-15167 Description: This update for tcpdump fixes the following issues: - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098). - CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098). - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098). - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098). - CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098). - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098). - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098). - CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098). - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098). - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098). - CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098). - CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098). - CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098). - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098). - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098). - CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098). - CVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098). - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098). - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098). - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098). - CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN (bsc#1153098). - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098). - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098). - CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098). ----------------------------------------- Patch: SUSE-2019-2676 Released: Tue Oct 15 21:06:54 2019 Summary: Recommended update for e2fsprogs Severity: moderate References: 1145716,1152101,CVE-2019-5094 Description: This update for e2fsprogs fixes the following issues: Security issue fixed: - CVE-2019-5094: Fixed an arbitrary code execution via specially crafted ext4 file systems. (bsc#1152101) Non-security issue fixed: - libext2fs: Call fsync(2) to clear stale errors for a new a unix I/O channel. (bsc#1145716) ----------------------------------------- Patch: SUSE-2019-2681 Released: Tue Oct 15 22:01:40 2019 Summary: Recommended update for libdb-4_8 Severity: moderate References: 1148244 Description: This update for libdb-4_8 fixes the following issues: - Add off-page deadlock patch as found and documented by Red Hat. (bsc#1148244) ----------------------------------------- Patch: SUSE-2019-2690 Released: Wed Oct 16 16:42:23 2019 Summary: Recommended update for SUSEConnect Severity: moderate References: 1124318,1130864 Description: This update for SUSEConnect fixes the following issues: - Fixes an error when trying to activate the PackageHub extension the first time (bsc#1124318) ----------------------------------------- Patch: SUSE-2019-2693 Released: Wed Oct 16 16:43:30 2019 Summary: Recommended update for rpcbind Severity: moderate References: 1142343 Description: This update for rpcbind fixes the following issues: - Return correct IP address with multiple ip addresses in the same subnet. (bsc#1142343) ----------------------------------------- Patch: SUSE-2019-2700 Released: Wed Oct 16 16:47:42 2019 Summary: Recommended update for yast2-packager Severity: moderate References: 1148536 Description: This update for yast2-packager provides the following fixes: - Avoid error when generating some warnings. (bsc#1148536) ----------------------------------------- Patch: SUSE-2019-2717 Released: Fri Oct 18 16:21:53 2019 Summary: Recommended update for dracut Severity: moderate References: 1121238,1140872,1142775,1150343,1151552,1152006,1152650 Description: This update for dracut contains the following fixes: - Several fixes for dhcp calls with multiple nics. (bsc#1150343) - Only login to one target at a time. (bsc#1152650) - Only skip waiting for interfaces if netroot is set. (bsc#1152006) - Support xz compressed firmware files. (bsc#1151552) - Only login to one target at a time. (bsc#1121238) - Fix keymaps not getting included sometimes. (bsc#1140872) - Fix merge error for arm/aarch64. (bsc#1142775) ----------------------------------------- Patch: SUSE-2019-2722 Released: Mon Oct 21 11:14:20 2019 Summary: Recommended update for pciutils-ids Severity: moderate References: 1127840,1133581 Description: This is a version update for pciutils-ids to version 20190830 (bsc#1133581, bsc#1127840) ----------------------------------------- Patch: SUSE-2019-2729 Released: Mon Oct 21 15:49:18 2019 Summary: Recommended update for yast2-security Severity: moderate References: 1147173 Description: This update for yast2-security fixes the following issues: - Supporting user defined permission files like '/etc/permissions.ultra'. (bsc#1147173) ----------------------------------------- Patch: SUSE-2019-2730 Released: Mon Oct 21 16:04:57 2019 Summary: Security update for procps Severity: important References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 Description: This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences ----------------------------------------- Patch: SUSE-2019-2732 Released: Mon Oct 21 17:38:37 2019 Summary: Recommended update for cifs-utils Severity: moderate References: 1130528,1132087,1136031,1149164 Description: This update for cifs-utils fixes the following issues: Update cifs-utils 6.9; (bsc#1132087); (bsc#1136031). * follow SMB default version changes in the kernel. * adds fixes for Azure * new smbinfo utility - Fix double-free in mount.cifs; (bsc#1149164). ----------------------------------------- Patch: SUSE-2019-2734 Released: Tue Oct 22 11:00:58 2019 Summary: Recommended update for tcsh Severity: moderate References: 1151630 Description: This update for tcsh fixes the following issues: - Restore cleanup routines in case of an error (bsc#1151630) ----------------------------------------- Patch: SUSE-2019-2743 Released: Tue Oct 22 15:50:02 2019 Summary: Security update for python Severity: moderate References: 1130840,1149955,1153238,CVE-2019-16056,CVE-2019-16935,CVE-2019-9947 Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-9947: Fixed an insufficient validation of URL paths with embedded whitespace or control characters that could allow HTTP header injections. (bsc#1130840) - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). ----------------------------------------- Patch: SUSE-2019-2757 Released: Wed Oct 23 17:21:17 2019 Summary: Security update for lz4 Severity: moderate References: 1153936,CVE-2019-17543 Description: This update for lz4 fixes the following issues: - CVE-2019-17543: Fixed a heap-based buffer overflow in LZ4_write32 (bsc#1153936). ----------------------------------------- Patch: SUSE-2019-2762 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Severity: moderate References: 1150451 Description: This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------- Patch: SUSE-2019-2764 Released: Thu Oct 24 07:09:00 2019 Summary: Recommended update for yast2-services-manager Severity: moderate References: 1140735 Description: This update for yast2-services-manager fixes the following issues: - Set BaseTargets::GRAPHICAL and Target::GRAPHICAL if package 'xdm' will be installed (instead of xorg-x11-server) (bsc#1140735). ----------------------------------------- Patch: SUSE-2019-2776 Released: Thu Oct 24 15:55:19 2019 Summary: Security update for nfs-utils Severity: moderate References: 1150733,CVE-2019-3689 Description: This update for nfs-utils fixes the following issues: - CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733) ----------------------------------------- Patch: SUSE-2019-2780 Released: Fri Oct 25 14:25:41 2019 Summary: Security update for binutils Severity: moderate References: 1109412,1109413,1109414,1111996,1112534,1112535,1113247,1113252,1113255,1116827,1118644,1118830,1118831,1120640,1121034,1121035,1121056,1133131,1133232,1141913,1142772,1152590,1154016,1154025,CVE-2018-1000876,CVE-2018-17358,CVE-2018-17359,CVE-2018-17360,CVE-2018-17985,CVE-2018-18309,CVE-2018-18483,CVE-2018-18484,CVE-2018-18605,CVE-2018-18606,CVE-2018-18607,CVE-2018-19931,CVE-2018-19932,CVE-2018-20623,CVE-2018-20651,CVE-2018-20671,CVE-2018-6323,CVE-2018-6543,CVE-2018-6759,CVE-2018-6872,CVE-2018-7208,CVE-2018-7568,CVE-2018-7569,CVE-2018-7570,CVE-2018-7642,CVE-2018-7643,CVE-2018-8945,CVE-2019-1010180,ECO-368,SLE-6206 Description: This update for binutils fixes the following issues: binutils was updated to current 2.32 branch [jsc#ECO-368]. Includes following security fixes: - CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412) - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413) - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414) - CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827) - CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996) - CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535) - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534) - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255) - CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252) - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247) - CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831) - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830) - CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035) - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034) - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056) - CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640) - CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772) - enable xtensa architecture (Tensilica lc6 and related) - Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913). - Fixed some LTO build issues (bsc#1133131 bsc#1133232). - riscv: Don't check ABI flags if no code section - Fixed a segfault in ld when building some versions of pacemaker (bsc#1154025, bsc#1154016). - Add avr, epiphany and rx to target_list so that the common binutils can handle all objects we can create with crosses (bsc#1152590). Update to binutils 2.32: * The binutils now support for the C-SKY processor series. * The x86 assembler now supports a -mvexwig=[0|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property notes. * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE. * The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary. * Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly. Disassembly will continue from this symbol up to the next symbol or the end of the function. * The BFD linker will now report property change in linker map file when merging GNU properties. * The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report. * The GOLD linker has improved warning messages for relocations that refer to discarded sections. - Improve relro support on s390 [fate#326356] - Fix broken debug symbols (bsc#1118644) - Handle ELF compressed header alignment correctly. ----------------------------------------- Patch: SUSE-2019-2786 Released: Fri Oct 25 15:56:35 2019 Summary: Security update for docker-runc Severity: moderate References: 1152308,CVE-2019-16884 Description: This update for docker-runc fixes the following issues: - CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. (bsc#1152308) ----------------------------------------- Patch: SUSE-2019-2799 Released: Mon Oct 28 17:11:16 2019 Summary: Recommended update for tcsh Severity: important References: 1153839,1154877 Description: This update for tcsh fixes the following issues: - Avoid breakage in sourcing standard system files (bsc#1153839) - A regression has been fixed where glob expansion would not work properly. (bsc#1154877) ----------------------------------------- Patch: SUSE-2019-2802 Released: Tue Oct 29 11:39:05 2019 Summary: Security update for python3 Severity: moderate References: 1149121,1149792,1149955,1151490,1153238,CVE-2019-16056,CVE-2019-16935,PM-1350,SLE-9426 Description: This update for python3 to 3.6.9 fixes the following issues: Security issues fixed: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). Non-security issues fixed: - Fixed regression of OpenSSL 1.1.1b-1 in EVP_PBE_scrypt() with salt=NULL. (bsc#1151490) - Improved locale handling by implementing PEP 538. ----------------------------------------- Patch: SUSE-2019-2812 Released: Tue Oct 29 14:57:55 2019 Summary: Recommended update for systemd Severity: moderate References: 1139459,1140631,1145023,1150595,SLE-7687 Description: This update for systemd provides the following fixes: - Fix a problem that would cause invoking try-restart to an inactive service to hang when a daemon-reload is invoked before the try-restart returned. (bsc#1139459) - man: Add a note about _netdev usage. - units: Replace remote-cryptsetup-pre.target with remote-fs-pre.target. - units: Add [Install] section to remote-cryptsetup.target. - cryptsetup: Ignore _netdev, since it is used in generator. - cryptsetup-generator: Use remote-cryptsetup.target when _netdev is present. (jsc#SLE-7687) - cryptsetup-generator: Add a helper utility to create symlinks. - units: Add remote-cryptsetup.target and remote-cryptsetup-pre.target. - man: Add an explicit description of _netdev to systemd.mount(5). - man: Order fields alphabetically in crypttab(5). - man: Make crypttab(5) a bit easier to read. - units: Order cryptsetup-pre.target before cryptsetup.target. - Fix reporting of enabled-runtime units. - sd-bus: Deal with cookie overruns. (bsc#1150595) - rules: Add by-id symlinks for persistent memory. (bsc#1140631) - Buildrequire polkit so /usr/share/polkit-1/rules.d subdir can be only owned by polkit. (bsc#1145023) ----------------------------------------- Patch: SUSE-2019-2868 Released: Wed Oct 30 17:58:42 2019 Summary: Security update for samba Severity: important References: 1125601,1127153,1130245,1134452,1144902,1154289,1154598,CVE-2019-10218,CVE-2019-14833,CVE-2019-14847 Description: This update for samba fixes the following issues: Security issues fixed: - CVE-2019-14847: User with 'get changes' permission can crash AD DC LDAP server via dirsync (bsc#1154598). - CVE-2019-10218: Client code can return filenames containing path separators (bsc#1144902). - CVE-2019-14833: Fixed Accent with 'check script password' where the Samba AD DC check password script does not receive the full password (bsc#1154289). Other issues fixed: - Fix vfs_ceph realpath (bsc#1134452). - MacOS credit accounting breaks with async SESSION SETUP (bsc#1125601). - Mac OS X SMB2 implmenetation sees Input/output error or Resource temporarily unavailable and drops connection - Explicitly enable libcephfs POSIX ACL support (bsc#1130245). - Fix vfs_ceph ftruncate and fallocate handling (bsc#1127153). ----------------------------------------- Patch: SUSE-2019-2870 Released: Thu Oct 31 08:09:14 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1051143,1138869,1151023 Description: This update for aaa_base provides the following fixes: - Check if variables can be set before modifying them to avoid warnings on login with a restricted shell. (bsc#1138869) - Add s390x compressed kernel support. (bsc#1151023) - service: Check if there is a second argument before using it. (bsc#1051143) ----------------------------------------- Patch: SUSE-2019-2874 Released: Thu Oct 31 12:40:25 2019 Summary: Recommended update for dracut Severity: important References: 1153944 Description: This update for dracut contains the following fix: - iscsiroot.sh: Clean up obsolete case statement fragments. (bsc#1153944) ----------------------------------------- Patch: SUSE-2019-2891 Released: Mon Nov 4 17:47:10 2019 Summary: Security update for python-ecdsa Severity: moderate References: 1153165,1154217,CVE-2019-14853,CVE-2019-14859 Description: This update for python-ecdsa to version 0.13.3 fixes the following issues: Security issues fixed: - CVE-2019-14853: Fixed unexpected exceptions during signature decoding (bsc#1153165). - CVE-2019-14859: Fixed a signature malleability caused by insufficient checks of DER encoding (bsc#1154217). ----------------------------------------- Patch: SUSE-2019-2937 Released: Fri Nov 8 14:08:29 2019 Summary: Security update for rsyslog Severity: moderate References: 1141063,1153451,1153459,CVE-2019-17041,CVE-2019-17042 Description: This update for rsyslog fixes the following issues: Security issues fixed: - CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages (bsc#1153451). - CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log messages (bsc#1153459). Other issue addressed: - Fixed an issue where rsyslog was SEGFAULT due to a mutex double-unlock (bsc#1141063). ----------------------------------------- Patch: SUSE-2019-2945 Released: Tue Nov 12 18:15:06 2019 Summary: Recommended update for zypper, libzypp, and libsolv Severity: moderate References: 1145554,1146415,1146947,1149511,1153351,1153557,SLE-9171 Description: This update for zypper, libzypp, and libsolv fixes the following issues: Package: zypper - Fixes an issue where 'zypper lu' didn't list all available package updates (bsc#1153351) - Added a new --repo option to the 'download' command to allow to specify a repository (jsc#SLE-9171) - Improved the documentation of $releasever and --releasever usescases (bsc#1149511) - zypper will now ask only once when multiple packages share the same license text (bsc#1145554) Package: libzypp - Added a new 'solver.focus' option for /etc/zypp/zypp.conf to define systemwide focus mode when resolving jobs (bsc#1146415) - Fixed an issue where YaST2 was not able to find base products via libzypp (bsc#1153557) - Added a new 'solver.focus' option for /etc/zypp/zypp.conf to define systemwide focus mode when resolving jobs (bsc#1146415) - Improved the way how containers are detected when running 'zypper ps' (bsc#1146947) Package: libsolv - Fixes issues when updating too many packages in focusbest mode - Fixes the handling of disabled and installed packages in distupgrade ----------------------------------------- Patch: SUSE-2019-2951 Released: Tue Nov 12 19:12:55 2019 Summary: Security update for the Linux Kernel Severity: important References: 1046299,1046303,1046305,1050244,1050536,1050545,1051510,1055186,1061840,1064802,1065600,1066129,1073513,1082635,1083647,1086323,1087092,1089644,1090631,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1109158,1114279,1117665,1119461,1119465,1123034,1123080,1133140,1134303,1135642,1135854,1135873,1135967,1137040,1137799,1138190,1140090,1140729,1140845,1140883,1141600,1142635,1142667,1143706,1144338,1144375,1144449,1144903,1145099,1146612,1148410,1149119,1150452,1150457,1150465,1150875,1151508,1152624,1152685,1152782,1152788,1152791,1153112,1153158,1153236,1153263,1153476,1153509,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154108,1154189,1154354,1154372,1154578,1154607,1154608,1154610,1154611,1154651,1154737,1154747,1154848,1154858,1154905,1154956,1155178,1155179,1155184,1155186,1155671,1155692,1155836,1155982,1156187,CVE-2018-12207,CVE-2019-10220,CVE-2019-11135,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-18805 Description: The SUSE Linux Enterprise 15 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW). The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 - CVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port failed to add a port, which may have caused denial of service (bsc#1152685). - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457). - CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903). - CVE-2019-17666: rtlwifi: Fix potential overflow in P2P code (bsc#1154372). - CVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell libertas driver (bsc#1150465). - CVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150452). - CVE-2019-17133: cfg80211 wireless extension did not reject a long SSID IE, leading to a Buffer Overflow (bsc#1153158). - CVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bsc#1152788). - CVE-2019-18805: Fix signed integer overflow in tcp_ack_update_rtt() that could have lead to a denial of service or possibly unspecified other impact (bsc#1156187) - CVE-2019-17055: The AF_ISDN network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bnc#1152782) The following non-security bugs were fixed: - 9p: avoid attaching writeback_fid on mmap with type PRIVATE (bsc#1051510). - Add kernel module compression support (bsc#1135854) For enabling the kernel module compress, add the item COMPRESS_MODULES='xz' in config.sh, then mkspec will pass it to the spec file. - acpi / CPPC: do not require the _PSD method (bsc#1051510). - acpi / processor: do not print errors for processorIDs == 0xff (bsc#1051510). - acpi: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bsc#1051510). - act_mirred: Fix mirred_init_module error handling (bsc#1051510). - alsa: bebob: Fix prototype of helper function to return negative value (bsc#1051510). - alsa: hda - Add laptop imic fixup for ASUS M9V laptop (bsc#1051510). - alsa: hda - Apply AMD controller workaround for Raven platform (bsc#1051510). - alsa: hda - Define a fallback_pin_fixup_tbl for alc269 family (bsc#1051510). - alsa: hda - Drop unsol event handler for Intel HDMI codecs (bsc#1051510). - alsa: hda - Expand pin_match function to match upcoming new tbls (bsc#1051510). - alsa: hda - Inform too slow responses (bsc#1051510). - alsa: hda - Show the fatal CORB/RIRB error more clearly (bsc#1051510). - alsa: hda/ca0132 - Fix possible workqueue stall (bsc#1155836). - alsa: hda/hdmi: remove redundant assignment to variable pcm_idx (bsc#1051510). - alsa: hda/realtek - Add support for ALC623 (bsc#1051510). - alsa: hda/realtek - Add support for ALC711 (bsc#1051510). - alsa: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 (bsc#1051510). - alsa: hda/realtek - Check beep whitelist before assigning in all codecs (bsc#1051510). - alsa: hda/realtek - Fix 2 front mics of codec 0x623 (bsc#1051510). - alsa: hda/realtek - Fix alienware headset mic (bsc#1051510). - alsa: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 (bsc#1051510). - alsa: hda/sigmatel - remove unused variable 'stac9200_core_init' (bsc#1051510). - alsa: hda: Add Elkhart Lake pci ID (bsc#1051510). - alsa: hda: Add Tigerlake/Jasperlake pci ID (bsc#1051510). - alsa: hda: Add support of Zhaoxin controller (bsc#1051510). - alsa: hda: Flush interrupts on disabling (bsc#1051510). - alsa: hda: Set fifo_size for both playback and capture streams (bsc#1051510). - alsa: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() (bsc#1051510). - alsa: line6: sizeof (byte) is always 1, use that fact (bsc#1051510). - alsa: timer: Fix mutex deadlock at releasing card (bsc#1051510). - alsa: usb-audio: Add Pioneer DDJ-SX3 PCM quirck (bsc#1051510). - alsa: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1051510). - alsa: usb-audio: Skip bSynchAddress endpoint check if it is invalid (bsc#1051510). - appletalk: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - arcnet: provide a buffer big enough to actually receive packets (networking-stable-19_09_30). - asoc: Define a set of DAPM pre/post-up events (bsc#1051510). - asoc: Intel: Fix use of potentially uninitialized variable (bsc#1051510). - asoc: Intel: NHLT: Fix debug print format (bsc#1051510). - asoc: dmaengine: Make the pcm->name equal to pcm->id if the name is not set (bsc#1051510). - asoc: rockchip: i2s: Fix RPM imbalance (bsc#1051510). - asoc: rsnd: Reinitialize bit clock inversion flag for every format setting (bsc#1051510). - asoc: sgtl5000: Fix charge pump source assignment (bsc#1051510). - auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach (bsc#1051510). - ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - blk-wbt: abstract out end IO completion handler (bsc#1135873). - blk-wbt: fix has-sleeper queueing check (bsc#1135873). - blk-wbt: improve waking of tasks (bsc#1135873). - blk-wbt: move disable check into get_limit() (bsc#1135873). - blk-wbt: use wq_has_sleeper() for wq active check (bsc#1135873). - block: add io timeout to sysfs (bsc#1148410). - block: do not show io_timeout if driver has no timeout handler (bsc#1148410). - bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices (bsc#1051510). - bnx2x: Fix VF's VLAN reconfiguration in reload (bsc#1086323 ). - boot: Sign non-x86 kernels when possible (boo#1134303) - bpf: fix use after free in prog symbol exposure (bsc#1083647). - bridge/mdb: remove wrong use of NLM_F_MULTI (networking-stable-19_09_15). - btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to date values (bsc#1154651). - btrfs: Ensure replaced device does not have pending chunk allocation (bsc#1154607). - btrfs: bail out gracefully rather than BUG_ON (bsc#1153646). - btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() (bsc#1155178). - btrfs: check for the full sync flag while holding the inode lock during fsync (bsc#1153713). - btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() (bsc#1155179). - btrfs: remove wrong use of volume_mutex from btrfs_dev_replace_start (bsc#1154651). - btrfs: tracepoints: Fix bad entry members of qgroup events (bsc#1155186). - btrfs: tracepoints: Fix wrong parameter order for qgroup events (bsc#1155184). - can: dev: call netif_carrier_off() in register_candev() (bsc#1051510). - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset (bsc#1051510). - can: xilinx_can: xcan_probe(): skip error message on deferred probe (bsc#1051510). - cdc_ether: fix rndis support for Mediatek based smartphones (networking-stable-19_09_15). - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize (bsc#1051510). - ceph: fix directories inode i_blkbits initialization (bsc#1153717). - ceph: reconnect connection if session hang in opening state (bsc#1153718). - ceph: update the mtime when truncating up (bsc#1153719). - cfg80211: Purge frame registrations on iftype change (bsc#1051510). - cfg80211: add and use strongly typed element iteration macros (bsc#1051510). - clk: at91: select parent if main oscillator or bypass is enabled (bsc#1051510). - clk: qoriq: Fix -Wunused-const-variable (bsc#1051510). - clk: sirf: Do not reference clk_init_data after registration (bsc#1051510). - clk: zx296718: Do not reference clk_init_data after registration (bsc#1051510). - crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t (bsc#1154737). - crypto: af_alg - Initialize sg_num_bytes in error code path (bsc#1051510). - crypto: af_alg - consolidation of duplicate code (bsc#1154737). - crypto: af_alg - fix race accessing cipher request (bsc#1154737). - crypto: af_alg - remove locking in async callback (bsc#1154737). - crypto: af_alg - update correct dst SGL entry (bsc#1051510). - crypto: af_alg - wait for data at beginning of recvmsg (bsc#1154737). - crypto: algif - return error code when no data was processed (bsc#1154737). - crypto: algif_aead - copy AAD from src to dst (bsc#1154737). - crypto: algif_aead - fix reference counting of null skcipher (bsc#1154737). - crypto: algif_aead - overhaul memory management (bsc#1154737). - crypto: algif_aead - skip SGL entries with NULL page (bsc#1154737). - crypto: algif_skcipher - overhaul memory management (bsc#1154737). - crypto: talitos - fix missing break in switch statement (bsc#1142635). - cxgb4: Signedness bug in init_one() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: fix endianness for vlan value in cxgb4_tc_flower (bsc#1064802 bsc#1066129). - cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1064802 bsc#1066129). - cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() (bsc#1073513). - cxgb4: smt: Add lock for atomic_dec_and_test (bsc#1064802 bsc#1066129). - cxgb4:Fix out-of-bounds MSI-X info array access (networking-stable-19_10_05). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - dmaengine: bcm2835: Print error in case setting DMA mask fails (bsc#1051510). - dmaengine: imx-sdma: fix size check for sdma script_number (bsc#1051510). - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) (bsc#1051510). - drm/amdgpu/si: fix ASIC tests (git-fixes). - drm/amdgpu: Check for valid number of registers to read (bsc#1051510). - drm/ast: Fixed reboot test may cause system hanged (bsc#1051510). - drm/bridge: tc358767: Increase AUX transfer length limit (bsc#1051510). - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 (bsc#1051510). - drm/i915/cmdparser: Add support for backward jumps (bsc#1135967) - drm/i915/cmdparser: Ignore Length operands during command matching (bsc#1135967) - drm/i915/cmdparser: Use explicit goto for error paths (bsc#1135967) - drm/i915/gen8+: Add RC6 CTX corruption WA (bsc#1135967) - drm/i915/gtt: Add read only pages to gen8_pte_encode (bsc#1135967) - drm/i915/gtt: Disable read-only support under GVT (bsc#1135967) - drm/i915/gtt: Read-only pages for insert_entries on bdw (bsc#1135967) - drm/i915: Add gen9 BCS cmdparsing (bsc#1135967) - drm/i915: Add support for mandatory cmdparsing (bsc#1135967) - drm/i915: Allow parsing of unsized batches (bsc#1135967) - drm/i915: Disable Secure Batches for gen6+ - drm/i915: Lower RM timeout to avoid DSI hard hangs (bsc#1135967) - drm/i915: Prevent writing into a read-only object via a GGTT mmap (bsc#1135967) - drm/i915: Remove Master tables from cmdparser - drm/i915: Rename gen7 cmdparser tables (bsc#1135967) - drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (bsc#1135967) - drm/msm/dsi: Implement reset correctly (bsc#1051510). - drm/panel: simple: fix AUO g185han01 horizontal blanking (bsc#1051510). - drm/radeon: Fix EEH during kexec (bsc#1051510). - drm/tilcdc: Register cpufreq notifier after we have initialized crtc (bsc#1051510). - drm/vmwgfx: Fix double free in vmw_recv_msg() (bsc#1051510). - drm: Flush output polling on shutdown (bsc#1051510). - e1000e: add workaround for possible stalled packet (bsc#1051510). - efi/memattr: Do not bail on zero VA if it equals the region's PA (bsc#1051510). - efi: cper: print AER info of pcie fatal error (bsc#1051510). - efivar/ssdt: Do not iterate over EFI vars if no SSDT override was specified (bsc#1051510). - firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices (git-fixes). - gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() (bsc#1051510). - hid: apple: Fix stuck function keys when using FN (bsc#1051510). - hid: fix error message in hid_open_report() (bsc#1051510). - hid: hidraw: Fix invalid read in hidraw_ioctl (bsc#1051510). - hid: logitech-hidpp: do all FF cleanup in hidpp_ff_destroy() (bsc#1051510). - hid: logitech: Fix general protection fault caused by Logitech driver (bsc#1051510). - hid: prodikeys: Fix general protection fault during probe (bsc#1051510). - hid: sony: Fix memory corruption issue on cleanup (bsc#1051510). - hso: fix NULL-deref on tty open (bsc#1051510). - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' (bsc#1051510). - hwrng: core - do not wait on add_early_randomness() (git-fixes). - hyperv: set nvme msi interrupts to unmanaged (jsc#SLE-8953, jsc#SLE-9221, jsc#SLE-4941, bsc#1119461, bsc#1119465, bsc#1138190, bsc#1154905). - i2c: riic: Clear NACK in tend isr (bsc#1051510). - ib/core, ipoib: Do not overreact to SM LID change event (bsc#1154108) - ib/core: Add mitigation for Spectre V1 (bsc#1155671) - ib/hfi1: Remove overly conservative VM_EXEC flag check (bsc#1144449). - ib/mlx5: Consolidate use_umr checks into single function (bsc#1093205). - ib/mlx5: Fix MR re-registration flow to use UMR properly (bsc#1093205). - ib/mlx5: Report correctly tag matching rendezvous capability (bsc#1046305). - ieee802154: atusb: fix use-after-free at disconnect (bsc#1051510). - ieee802154: ca8210: prevent memory leak (bsc#1051510). - ieee802154: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - iio: adc: ad799x: fix probe error handling (bsc#1051510). - iio: light: opt3001: fix mutex unlock race (bsc#1051510). - ima: always return negative code for error (bsc#1051510). - input: Revert synaptics-rmi4 patch due to regression (bsc#1155982) - input: da9063 - fix capability and drop KEY_SLEEP (bsc#1051510). - input: synaptics-rmi4 - avoid processing unknown IRQs (bsc#1051510). - integrity: prevent deadlock during digsig verification (bsc#1090631). - iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41 (bsc#1137799). - iommu/amd: Check PM_LEVEL_SIZE() condition in locked section (bsc#1154608). - iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems (bsc#1137799). - iommu/amd: Remove domain->updated (bsc#1154610). - iommu/amd: Wait for completion of IOTLB flush in attach_device (bsc#1154611). - ipmi_si: Only schedule continuously in the thread in maintenance mode (bsc#1051510). - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' (networking-stable-19_09_15). - ipv6: Handle missing host route in __ipv6_ifa_notify (networking-stable-19_10_05). - ipv6: drop incoming packets having a v4mapped source address (networking-stable-19_10_05). - iwlwifi: do not panic in error path on non-msix systems (bsc#1155692). - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us (bsc#1101674). - ixgbe: sync the first fragment unconditionally (bsc#1133140). - kABI workaround for crypto/af_alg changes (bsc#1154737). - kABI workaround for drm_vma_offset_node readonly field addition (bsc#1135967) - kABI workaround for snd_hda_pick_pin_fixup() changes (bsc#1051510). - kabi/severities: Whitelist functions internal to radix mm. To call these functions you have to first detect if you are running in radix mm mode which can't be expected of OOT code. - kabi: net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - kernel-binary.spec.in: Fix build of non-modular kernels (boo#1154578). - kernel-subpackage-build: create zero size ghost for uncompressed vmlinux (bsc#1154354). It is not strictly necessary to uncompress it so maybe the ghost file can be 0 size in this case. - kernel/sysctl.c: do not override max_threads provided by userspace (bnc#1150875). - ksm: cleanup stable_node chain collapse case (bnc#1144338). - ksm: fix use after free with merge_across_nodes = 0 (bnc#1144338). - ksm: introduce ksm_max_page_sharing per page deduplication limit (bnc#1144338). - ksm: optimize refile of stable_node_dup at the head of the chain (bnc#1144338). - ksm: swap the two output parameters of chain/chain_prune (bnc#1144338). - kvm: Convert kvm_lock to a mutex (bsc#1117665). - kvm: MMU: drop vcpu param in gpte_access (bsc#1117665). - kvm: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag (bsc#1061840). - kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (bsc#1117665). - kvm: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665). - kvm: x86: Do not release the page inside mmu_set_spte() (bsc#1117665). - kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665). - kvm: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665). - kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665). - kvm: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665). - kvm: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665). - lib/mpi: Fix karactx leak in mpi_powm (bsc#1051510). - libertas: Add missing sentinel at end of if_usb.c fw_table (bsc#1051510). - mISDN: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - mac80211: Reject malformed SSID elements (bsc#1051510). - mac80211: accept deauth frames in IBSS mode (bsc#1051510). - mac80211: fix txq null pointer dereference (bsc#1051510). - macsec: drop skb sk before calling gro_cells_receive (bsc#1051510). - md/raid0: avoid RAID0 data corruption due to layout confusion (bsc#1140090). - md/raid0: fix warning message for parameter default_layout (bsc#1140090). - media: atmel: atmel-isc: fix asd memory allocation (bsc#1135642). - media: cpia2_usb: fix memory leaks (bsc#1051510). - media: dvb-core: fix a memory leak bug (bsc#1051510). - media: exynos4-is: fix leaked of_node references (bsc#1051510). - media: gspca: zero usb_buf on error (bsc#1051510). - media: hdpvr: Add device num check and handling (bsc#1051510). - media: hdpvr: add terminating 0 at end of string (bsc#1051510). - media: i2c: ov5645: Fix power sequence (bsc#1051510). - media: iguanair: add sanity checks (bsc#1051510). - media: omap3isp: Do not set streaming state on random subdevs (bsc#1051510). - media: omap3isp: Set device on omap3isp subdevs (bsc#1051510). - media: ov9650: add a sanity check (bsc#1051510). - media: radio/si470x: kill urb on error (bsc#1051510). - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() (bsc#1051510). - media: saa7146: add cleanup in hexium_attach() (bsc#1051510). - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table (bsc#1051510). - media: stkwebcam: fix runtime PM after driver unbind (bsc#1051510). - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (bsc#1051510). - memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' (bsc#1051510). - mfd: intel-lpss: Remove D3cold delay (bsc#1051510). - mld: fix memory leak in mld_del_delrec() (networking-stable-19_09_05). - mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence (bsc#1051510). - mmc: sdhci: Fix incorrect switch to HS mode (bsc#1051510). - mmc: sdhci: improve ADMA error reporting (bsc#1051510). - net/ibmvnic: Fix EOI when running in XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/mlx4_en: fix a memory leak bug (bsc#1046299). - net/mlx5: Add device ID of upcoming BlueField-2 (bsc#1046303 ). - net/mlx5: Fix error handling in mlx5_load() (bsc#1046305 ). - net/phy: fix DP83865 10 Mbps HDX loopback disable function (networking-stable-19_09_30). - net/rds: Fix error handling in rds_ib_add_one() (networking-stable-19_10_05). - net/rds: fix warn in rds_message_alloc_sgs (bsc#1154848). - net/rds: remove user triggered WARN_ON in rds_sendmsg (bsc#1154848). - net/sched: act_sample: do not push mac header on ip6gre ingress (networking-stable-19_09_30). - net: Fix null de-reference of device refcount (networking-stable-19_09_15). - net: Replace NF_CT_ASSERT() with WARN_ON() (bsc#1146612). - net: Unpublish sk from sk_reuseport_cb before call_rcu (networking-stable-19_10_05). - net: fix skb use after free in netpoll (networking-stable-19_09_05). - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list (networking-stable-19_09_15). - net: openvswitch: free vport unless register_netdevice() succeeds (git-fixes). - net: qlogic: Fix memory leak in ql_alloc_large_buffers (networking-stable-19_10_05). - net: qrtr: Stop rx_worker before freeing node (networking-stable-19_09_30). - net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - net: stmmac: dwmac-rk: Do not fail if phy regulator is absent (networking-stable-19_09_05). - net_sched: add policy validation for action attributes (networking-stable-19_09_30). - net_sched: fix backward compatibility for TCA_ACT_KIND (git-fixes). - netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612). - nfc: fix attrs checks in netlink interface (bsc#1051510). - nfc: fix memory leak in llcp_sock_bind() (bsc#1051510). - nfc: pn533: fix use-after-free and memleaks (bsc#1051510). - nfs: fix regression (boo#1154189 bsc#1154747). - nfsv4.1 - backchannel request should hold ref on xprt (bsc#1152624). - nl80211: fix null pointer dereference (bsc#1051510). - objtool: Clobber user CFLAGS variable (bsc#1153236). - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC (networking-stable-19_09_30). - packaging: add support for riscv64 - pci: Correct pci=resource_alignment parameter example (bsc#1051510). - pci: PM: Fix pci_power_up() (bsc#1051510). - pci: dra7xx: Fix legacy INTD IRQ handling (bsc#1087092). - pci: hv: Use bytes 4 and 5 from instance ID as the pci domain numbers (bsc#1153263). - pinctrl: tegra: Fix write barrier placement in pmx_writel (bsc#1051510). - platform/x86: classmate-laptop: remove unused variable (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC277E to critclk_systems DMI table (bsc#1051510). - power: supply: sysfs: ratelimit property read error message (bsc#1051510). - powerpc/64s/pseries: radix flush translations before MMU is enabled at boot (bsc#1055186). - powerpc/64s/radix: keep kernel ERAT over local process/guest invalidates (bsc#1055186). - powerpc/64s/radix: tidy up TLB flushing code (bsc#1055186). - powerpc/64s: Rename PPC_INVALIDATE_ERAT to PPC_ISA_3_0_INVALIDATE_ERAT (bsc#1055186). - powerpc/mm/book3s64: Move book3s64 code to pgtable-book3s64 (bsc#1055186). - powerpc/mm/radix: mark __radix__flush_tlb_range_psize() as __always_inline (bsc#1055186). - powerpc/mm/radix: mark as __tlbie_pid() and friends as__always_inline (bsc#1055186). - powerpc/mm: Properly invalidate when setting process table base (bsc#1055186). - powerpc/mm: mark more tlb functions as __always_inline (bsc#1055186). - powerpc/pseries/mobility: use cond_resched when updating device tree (bsc#1153112 ltc#181778). - powerpc/pseries: Remove confusing warning message (bsc#1109158). - powerpc/rtas: allow rescheduling while changing cpu states (bsc#1153112 ltc#181778). - qed: iWARP - Fix default window size to be based on chip (bsc#1050536 bsc#1050545). - qed: iWARP - Fix tc for MPA ll2 connection (bsc#1050536 bsc#1050545). - qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state (bsc#1050536 bsc#1050545). - qed: iWARP - fix uninitialized callback (bsc#1050536 bsc#1050545). - qmi_wwan: add support for Cinterion CLS8 devices (networking-stable-19_10_05). - r8152: Set macpassthru in reset_resume callback (bsc#1051510). - rdma/bnxt_re: Fix spelling mistake 'missin_resp' -> 'missing_resp' (bsc#1050244). - rdma: Fix goto target to release the allocated memory (bsc#1050244). - rds: Fix warning (bsc#1154848). - rpm/config.sh: Enable livepatch. - rpm/constraints.in: lower disk space required for ARM With a requirement of 35GB, only 2 slow workers are usable for ARM. Current aarch64 build requires 27G and armv6/7 requires 14G. Set requirements respectively to 30GB and 20GB. - rpm/dtb.spec.in.in: do not make dtb directory inaccessible There is no reason to lock down the dtb directory for ordinary users. - rpm/kernel-binary.spec.in: Fix kernel-livepatch description typo. - rpm/kernel-binary.spec.in: build kernel-*-kgraft only for default SLE kernel RT and Azure variants are excluded for the moment. (bsc#1141600) - rpm/kernel-binary.spec.in: handle modules.builtin.modinfo It was added in 5.2. - rpm/kernel-binary.spec.in: support partial rt debug config. - rpm/kernel-subpackage-spec: Mention debuginfo in the subpackage description (bsc#1149119). - rpm/macros.kernel-source: KMPs should depend on kmod-compat to build. kmod-compat links are used in find-provides.ksyms, find-requires.ksyms, and find-supplements.ksyms in rpm-config-SUSE. - rpm/mkspec: Correct tarball URL for rc kernels. - rpm/mkspec: Make building DTBs optional. - rpm/modflist: Simplify compression support. - rpm: raise required disk space for binary packages Current disk space constraints (10 GB on s390x, 25 GB on other architectures) no longer suffice for 5.3 kernel builds. The statistics show ~30 GB of disk consumption on x86_64 and ~11 GB on s390x so raise the constraints to 35 GB in general and 14 GB on s390x. - rpm: support compressed modules Some of our scripts and scriptlets in rpm/ do not expect module files not ending with '.ko' which currently leads to failure in preuninstall scriptlet of cluster-md-kmp-default (and probably also other subpackages). Let those which could be run on compressed module files recognize '.ko.xz' in addition to '.ko'. - rtlwifi: rtl8192cu: Fix value set in descriptor (bsc#1142635). - s390/cmf: set_schib_wait add timeout (bsc#1153509, bsc#1153476). - s390/cpumsf: Check for CPU Measurement sampling (bsc#1153681 LTC#181855). - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash (networking-stable-19_10_05). - sch_dsmark: fix potential NULL deref in dsmark_init() (networking-stable-19_10_05). - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (networking-stable-19_09_15). - sch_netem: fix a divide by zero in tabledist() (networking-stable-19_09_30). - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - scripts/arch-symbols: add missing link. - scsi: lpfc: Fix devices that do not return after devloss followed by rediscovery (bsc#1137040). - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs attribute (bsc#1140845). - scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1140883). - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375). - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1098291). - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1098291). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link reset (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link up fail (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix partial flash write of MBI (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix wait condition in loop (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Improve logging for scan thread (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Initialized mailbox to prevent driver load failure (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Set remove flag for all VP (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Silence fwdump template message (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: fixup incorrect usage of host_byte (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: remove redundant assignment to pointer host (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: stop timer in shutdown path (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue (bsc#1140729). - scsi: zfcp: fix reaction on bit error threshold notification (bsc#1154956 LTC#182054). - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (networking-stable-19_09_15). - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike (networking-stable-19_09_15). - skge: fix checksum byte order (networking-stable-19_09_30). - sock_diag: fix autoloading of the raw_diag module (bsc#1152791). - sock_diag: request _diag module only when the family or proto has been registered (bsc#1152791). - staging: vt6655: Fix memory leak in vt6655_probe (bsc#1051510). - staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS (bsc#1051510). - supporte.conf: add efivarfs to kernel-default-base (bsc#1154858). - tcp: Do not dequeue SYN/FIN-segments from write-queue (git-gixes). - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR (networking-stable-19_09_15). - tcp: inherit timestamp on mtu probe (networking-stable-19_09_05). - tcp: remove empty skb from write queue in error cases (networking-stable-19_09_05). - thermal: Fix use-after-free when unregistering thermal zone device (bsc#1051510). - thermal_hwmon: Sanitize thermal_zone type (bsc#1051510). - tipc: add NULL pointer check before calling kfree_rcu (networking-stable-19_09_15). - tipc: fix unlimited bundling of small messages (networking-stable-19_10_05). - tracing: Initialize iter->seq after zeroing in tracing_read_pipe() (bsc#1151508). - tun: fix use-after-free when register netdev failed (networking-stable-19_09_15). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - usb: adutux: fix NULL-derefs on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on release (bsc#1051510). - usb: chaoskey: fix use-after-free on release (bsc#1051510). - usb: dummy-hcd: fix power budget for SuperSpeed mode (bsc#1051510). - usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode (bsc#1051510). - usb: iowarrior: fix use-after-free after driver unbind (bsc#1051510). - usb: iowarrior: fix use-after-free on disconnect (bsc#1051510). - usb: iowarrior: fix use-after-free on release (bsc#1051510). - usb: ldusb: fix NULL-derefs on driver unbind (bsc#1051510). - usb: ldusb: fix control-message timeout (bsc#1051510). - usb: ldusb: fix memleak on disconnect (bsc#1051510). - usb: ldusb: fix read info leaks (bsc#1051510). - usb: ldusb: fix ring-buffer locking (bsc#1051510). - usb: legousbtower: fix a signedness bug in tower_probe() (bsc#1051510). - usb: legousbtower: fix deadlock on disconnect (bsc#1142635). - usb: legousbtower: fix memleak on disconnect (bsc#1051510). - usb: legousbtower: fix open after failed reset request (bsc#1142635). - usb: legousbtower: fix potential NULL-deref on disconnect (bsc#1142635). - usb: legousbtower: fix slab info leak at probe (bsc#1142635). - usb: legousbtower: fix use-after-free on release (bsc#1051510). - usb: microtek: fix info-leak at probe (bsc#1142635). - usb: serial: fix runtime PM after driver unbind (bsc#1051510). - usb: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20 (bsc#1051510). - usb: serial: keyspan: fix NULL-derefs on open() and write() (bsc#1051510). - usb: serial: option: add Telit FN980 compositions (bsc#1051510). - usb: serial: option: add support for Cinterion CLS8 devices (bsc#1051510). - usb: serial: ti_usb_3410_5052: fix port-close races (bsc#1051510). - usb: serial: whiteheat: fix potential slab corruption (bsc#1051510). - usb: udc: lpc32xx: fix bad bit shift operation (bsc#1051510). - usb: usb-skeleton: fix NULL-deref on disconnect (bsc#1051510). - usb: usb-skeleton: fix runtime PM after driver unbind (bsc#1051510). - usb: usb-skeleton: fix use-after-free after driver unbind (bsc#1051510). - usb: usblcd: fix I/O after disconnect (bsc#1142635). - usb: usblp: fix runtime PM after driver unbind (bsc#1051510). - usb: usblp: fix use-after-free on disconnect (bsc#1051510). - usb: xhci: wait for CNR controller not ready bit in xhci resume (bsc#1051510). - usb: yurex: Do not retry on unexpected errors (bsc#1051510). - usb: yurex: fix NULL-derefs on disconnect (bsc#1051510). - usbnet: ignore endpoints with invalid wMaxPacketSize (bsc#1051510). - usbnet: sanity checking of packet sizes and device mtu (bsc#1051510). - vfio_pci: Restore original state on release (bsc#1051510). - vhost_net: conditionally enable tx polling (bsc#1145099). - video: of: display_timing: Add of_node_put() in of_get_display_timing() (bsc#1051510). - vsock: Fix a lockdep warning in __vsock_release() (networking-stable-19_10_05). - watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout (bsc#1051510). - x86/asm: Fix MWAITX C-state hint value (bsc#1114279). - x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (bnc#1153969). - x86/boot/64: Round memory hole size up to next PMD page (bnc#1153969). - x86/mm: Use WRITE_ONCE() when setting PTEs (bsc#1114279). - xen/netback: fix error path of xenvif_connect_data() (bsc#1065600). - xen/pv: Fix Xen PV guest int3 handling (bsc#1153811). - xhci: Check all endpoints for LPM timeout (bsc#1051510). - xhci: Fix false warning message about wrong bounce buffer write length (bsc#1051510). - xhci: Increase STS_SAVE timeout in xhci_suspend() (bsc#1051510). - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long (bsc#1051510). ----------------------------------------- Patch: SUSE-2019-2418 Released: Thu Nov 14 11:53:03 2019 Summary: Recommended update for bash Severity: moderate References: 1133773,1143055 Description: This update for bash fixes the following issues: - Rework patch readline-7.0-screen (bsc#1143055): map all 'screen(-xxx)?.yyy(-zzz)?' to 'screen' as well as map 'konsole(-xxx)?' and 'gnome(-xxx)?' to 'xterm' - Add a backport from bash 5.0 to perform better with large numbers of sub processes. (bsc#1133773) ----------------------------------------- Patch: SUSE-2019-2980 Released: Thu Nov 14 22:45:33 2019 Summary: Optional update for curl Severity: low References: 1154019 Description: This update for curl doesn't address any user visible issues. ----------------------------------------- Patch: SUSE-2019-2992 Released: Mon Nov 18 11:52:10 2019 Summary: Recommended update for supportutils Severity: moderate References: 1111029,1127734,1137336 Description: This update for supportutils fixes the following issues: - Removed LPM/DLPAR data for POWER. (bsc#1111029) - Prevent running 'systool -vb memory' by default on systems with 16TB or more. (bsc#1127734) - Added sed and gawk to spec requirements (bsc#1137336) ----------------------------------------- Patch: SUSE-2019-2997 Released: Mon Nov 18 15:16:38 2019 Summary: Security update for ncurses Severity: moderate References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595 Description: This update for ncurses fixes the following issues: Security issues fixed: - CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037). Non-security issue fixed: - Removed screen.xterm from terminfo database (bsc#1103320). ----------------------------------------- Patch: SUSE-2019-3009 Released: Tue Nov 19 18:10:39 2019 Summary: Recommended update for cloud-regionsrv-client Severity: moderate References: 1149528,1152567,1154533 Description: This update for cloud-regionsrv-client fixes the following issues: - Ignore exception if the new registration flag file does not exist but there is an attempt to remove it. (bsc#1149528) - Include requirement for python3-six in specfile. (bsc#1152567) - Adds support for repositories with different credentials files (bsc#1154533) ----------------------------------------- Patch: SUSE-2019-3017 Released: Wed Nov 20 12:47:27 2019 Summary: Recommended update for open-iscsi Severity: moderate References: 1152774 Description: This update for open-iscsi fixes the following issues: - Set timeout value when querying info for a single session. (bsc#1152774) ----------------------------------------- Patch: SUSE-2019-3030 Released: Thu Nov 21 19:11:25 2019 Summary: Security update for cups Severity: important References: 1146358,1146359,CVE-2019-8675,CVE-2019-8696 Description: This update for cups fixes the following issues: - CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358). - CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359). ----------------------------------------- Patch: SUSE-2019-3047 Released: Mon Nov 25 12:44:49 2019 Summary: Recommended update for python-M2Crypto Severity: moderate References: 1149792,SLE-9135 Description: This update for python-M2Crypto fixes the following issues: - Fix compatibility with OpenSSL 1.1.1c (bsc#1149792) - Upgrade OpenSSL (jsc#SLE-9135) ----------------------------------------- Patch: SUSE-2019-3059 Released: Mon Nov 25 17:33:07 2019 Summary: Security update for cpio Severity: moderate References: 1155199,CVE-2019-14866 Description: This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct() function which could have led to unexpected TAR generation (bsc#1155199). ----------------------------------------- Patch: SUSE-2019-3061 Released: Mon Nov 25 17:34:22 2019 Summary: Security update for gcc9 Severity: moderate References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536 Description: This update includes the GNU Compiler Collection 9. A full changelog is provided by the GCC team on: https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages. To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) ----------------------------------------- Patch: SUSE-2019-3070 Released: Tue Nov 26 12:39:29 2019 Summary: Recommended update for gpg2 Severity: low References: 1152755 Description: This update for gpg2 provides the following fix: - Remove a build requirement on self. This is causing Leap 15.2 bootstrap to fail. (bsc#1152755) ----------------------------------------- Patch: SUSE-2019-3086 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 Description: This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------- Patch: SUSE-2019-3087 Released: Thu Nov 28 10:03:00 2019 Summary: Security update for libxml2 Severity: low References: 1123919 Description: This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past. ----------------------------------------- Patch: SUSE-2019-3088 Released: Thu Nov 28 15:34:16 2019 Summary: Recommended update for man-pages Severity: moderate References: 1154701 Description: This update for man-pages fixes the following issues: - Correct documentation of 'tcp_fack'. (bsc#1154701) - Add documentation 'tcp_recovery'. (bsc#1154701) ----------------------------------------- Patch: SUSE-2019-3114 Released: Fri Nov 29 11:20:57 2019 Summary: Recommended update for wicked Severity: moderate References: 1042123,1129631,1129986,1132280,1132326,1132774,1132977,1136034,1140117,1142214,1142670,1143182,1150183,1150972,SLE-5936 Description: This update for wicked fixes the following issues: - dhcp6: Add an address-length (DHCLIENT6_ADDRESS_LENGTH) ifcfg option, which allows to specify an explicit prefix-length to use for the DHCPv6 address and override detection using RA prefix info and a default to /128. Previously the default value was set to a /64 address prefix-length. (bsc#1132280) - time: Use boot time for timer instead of real time to avoid getting stuck when bringing up the network. (bsc#1129986) - systemd: Change the service to depend on udev settle service as calling udevadm settle directly caused systemd to kill wicked services. (bsc#1136034, bsc#1132774) - bridge: Honor ifcfg LLADDR and set link address. (bsc#1042123, bsc#1142670) - rfkill: Fix an issue where wicked was unable to set up the Wifi module. (bsc#1140117) - dhcp4: Fix an intermittent hang during network setup by cleaning up the defer timer pointer when timeout. (bsc#1142214) - dhcp4: Make sure custom routing options are respected. (bsc#1132326) - dhcp6: Initial support to request prefix for delegations. (jsc#SLE-5936) - dhcp6: Set the noprefixroute address option. (bsc#1132280) - dhcp6: Omit noprefixroute with address-length. Allow to assume that the address prefix-length override specified in the config is a valid on-link prefix length, to let the kernel create a route for this prefix. (bsc#1150972) - dhcp6: Differentiated mode=auto resolving from RA. Fix to not trigger n error when ipv6 RA is not available or the received RA disables dhcp while mode is set to auto, but to deliver a 'deferred' result. (bsc#1150183) - libwicked: Fix versioning and packaging by shipping the internal helper library inside the wicked package itself. (bsc#1143182, bsc#1132977) ----------------------------------------- Patch: SUSE-2019-3118 Released: Fri Nov 29 14:41:35 2019 Summary: Recommended update for e2fsprogs Severity: moderate References: 1154295 Description: This update for e2fsprogs fixes the following issues: - Make minimum size estimates more reliable for mounted filesystem. (bsc#1154295) ----------------------------------------- Patch: SUSE-2019-3120 Released: Fri Nov 29 14:43:42 2019 Summary: Recommended update for python Severity: moderate References: 1149792 Description: This update for python fixes the following issues: - Skipping tests for failing build with OpenSSL 1.1.1c. (bpo#36576, bsc#1149792) ----------------------------------------- Patch: SUSE-2019-3165 Released: Wed Dec 4 11:23:21 2019 Summary: Recommended update for cronie Severity: moderate References: 1155114,1155929 Description: This update for cronie fixes the following issues: - Update crontab so it doesn't print the headers of crontab with the 'crontab -l' command. (bsc#1155114) - Remove 'checkproc' from the run-crons script as the usage is bogus and has a potential of risks. (bsc#1155929) ----------------------------------------- Patch: SUSE-2019-3166 Released: Wed Dec 4 11:24:42 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1007715,1084934,1157278 Description: This update for aaa_base fixes the following issues: - Use official key binding functions in inputrc that is replace up-history with previous-history, down-history with next-history and backward-delete-word with backward-kill-word. (bsc#1084934) - Add some missed key escape sequences for urxvt-unicode terminal as well. (bsc#1007715) - Clear broken ghost entry in patch which breaks 'readline'. (bsc#1157278) ----------------------------------------- Patch: SUSE-2019-3182 Released: Thu Dec 5 11:43:14 2019 Summary: Security update for permissions Severity: moderate References: 1093414,1150734,1157198,CVE-2019-3688,CVE-2019-3690 Description: This update for permissions fixes the following issues: - CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid which could have allowed a squid user to gain persistence by changing the binary (bsc#1093414). - CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic links (bsc#1150734). - Fixed a regression which caused sagmentation fault (bsc#1157198). ----------------------------------------- Patch: SUSE-2019-3240 Released: Tue Dec 10 10:40:19 2019 Summary: Recommended update for ca-certificates-mozilla, p11-kit Severity: moderate References: 1154871 Description: This update for ca-certificates-mozilla, p11-kit fixes the following issues: Changes in ca-certificates-mozilla: - export correct p11kit trust attributes so Firefox detects built in certificates (bsc#1154871). Changes in p11-kit: - support loading NSS attribute CKA_NSS_MOZILLA_CA_POLICY so Firefox detects built in certificates (bsc#1154871) ----------------------------------------- Patch: SUSE-2019-3289 Released: Thu Dec 12 15:52:52 2019 Summary: Security update for the Linux Kernel Severity: important References: 1048942,1051510,1071995,1078248,1082635,1089644,1091041,1108043,1113722,1114279,1117169,1120853,1131107,1135966,1135967,1138039,1140948,1141054,1142095,1143706,1144333,1149448,1150466,1151548,1151900,1153628,1153811,1154043,1154058,1154124,1154355,1154526,1155021,1155689,1155897,1155921,1156258,1156429,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1157038,1157042,1157070,1157143,1157145,1157158,1157162,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157307,1157324,1157333,1157424,1157463,1157499,1157678,1157698,1157778,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158082,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,CVE-2019-0154,CVE-2019-0155,CVE-2019-14895,CVE-2019-14901,CVE-2019-15916,CVE-2019-16231,CVE-2019-18660,CVE-2019-18683,CVE-2019-18809,CVE-2019-19049,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19227,CVE-2019-19524,CVE-2019-19525,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19534,CVE-2019-19536,CVE-2019-19543 Description: The SUSE Linux Enterprise 15 kernel-azure was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-19531: Fixed a use-after-free due to a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca (bsc#1158445). - CVE-2019-19543: Fixed a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bsc#1158427). - CVE-2019-19525: Fixed a use-after-free due to a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035 (bsc#1158417). - CVE-2019-19530: Fixed a use-after-free due to a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef (bsc#1158410). - CVE-2019-19536: Fixed a potential information leak due to a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0 (bsc#1158394). - CVE-2019-19524: Fixed a use-after-free due to a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9 (bsc#1158413). - CVE-2019-19528: Fixed a use-after-free due to a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d (bsc#1158407). - CVE-2019-19534: Fixed a potential information leak due to a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29 (bsc#1158398). - CVE-2019-19529: Fixed a use-after-free due to a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41 (bsc#1158381). - CVE-2019-14901: Fixed a heap overflow in Marvell WiFi chip driver which could have allowed a remote attacker to cause denial of service or execute arbitrary code (bsc#1157042). - CVE-2019-14895: Fixed a heap-based buffer overflow in Marvell WiFi chip driver which may occur when the station attempts a connection negotiation during the handling of the remote devices country settings leading to denial of service (bsc#1157158). - CVE-2019-18660: Fixed a potential information leak on powerpc because the Spectre-RSB mitigation was not in place for all applicable CPUs, aka CID-39e72bf96f58 (bsc#1157038). - CVE-2019-18683: Fixed a privilege escalation due to multiple race conditions (bsc#1155897). - CVE-2019-18809: Fixed a memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c aka CID-2289adbfa559 (bsc#1156258). - CVE-2019-19062: Fixed a memory leak in the crypto_report() function in crypto/crypto_user_base.c aka CID-ffdde5932042 (bsc#1157333). - CVE-2019-19057: Fixed two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c aka CID-d10dcb615c8e (bsc#1157193). - CVE-2019-19056: Fixed a memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c aka CID-db8fd2cde932 (bsc#1157197). - CVE-2019-19068: Fixed a memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c aka CID-a2cdd07488e6 (bsc#1157307). - CVE-2019-19063: Fixed two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c aka CID-3f9361695113 (bsc#1157298). - CVE-2019-19227: Fixed a potential null pointer dereference in the AppleTalk subsystem leadind to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c aka CID-9804501fa122 (bsc#1157678). - CVE-2019-19065: Fixed a memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c aka CID-34b3be18a04e (bsc#1157191). - CVE-2019-19077: Fixed a memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c aka CID-4a9d46a9fe14 (bsc#1157171). - CVE-2019-19052: Fixed a memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c aka CID-fb5be6a7b486 (bsc#1157324). - CVE-2019-19067: Fixed multiple memory leaks in acp_hw_init (bsc#1157180). - CVE-2019-19060: Fixed a memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c aka CID-ab612b1daf41 (bsc#1157178). - CVE-2019-19049: Fixed a memory leak in unittest_data_add (bsc#1157173). - CVE-2019-19075: Fixed a memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c aka CID-6402939ec86e (bsc#1157162). - CVE-2019-19058: Fixed a memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c aka CID-b4b814fec1a5 (bsc#1157145). - CVE-2019-19074: Fixed a memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c aka CID-728c1e2a05e4 (bsc#1157143). - CVE-2019-19073: Fixed multiple memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c aka CID-853acf7caf10 (bsc#1157070). - CVE-2019-15916: Fixed a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which would have caused denial of service (bsc#1149448). - CVE-2019-16231: Fixed a null pointer dereference in drivers/net/fjes/fjes_main.c (bsc#1150466). - CVE-2019-0154: Fixed a local denial of service via read of unprotected i915 registers. (bsc#1135966) - CVE-2019-0155: Fixed a privilege escalation in the i915 driver. Batch buffers from usermode could have escalated privileges via blitter command stream. (bsc#1135967) The following non-security bugs were fixed: - ACPICA: Never run _REG on system_memory and system_IO (bsc#1051510). - ACPICA: Use %d for signed int print formatting instead of %u (bsc#1051510). - ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask (bsc#1051510). - ACPI / SBS: Fix rare oops when removing modules (bsc#1051510). - ALSA: 6fire: Drop the dead code (git-fixes). - ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series (git-fixes). - ALSA: cs4236: fix error return comparison of an unsigned integer (git-fixes). - ALSA: firewire-motu: Correct a typo in the clock proc string (git-fixes). - ALSA: hda: Add Cometlake-S PCI ID (git-fixes). - ALSA: hda - Add mute led support for HP ProBook 645 G4 (git-fixes). - ALSA: hda - Fix pending unsol events at shutdown (git-fixes). - ALSA: hda/intel: add CometLake PCI IDs (bsc#1156729). - ALSA: hda/realtek - Move some alc236 pintbls to fallback table (git-fixes). - ALSA: hda/realtek - Move some alc256 pintbls to fallback table (git-fixes). - ALSA: i2c/cs8427: Fix int to char conversion (bsc#1051510). - ALSA: intel8x0m: Register irq handler after register initializations (bsc#1051510). - ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() (git-fixes). - ALSA: pcm: signedness bug in snd_pcm_plug_alloc() (bsc#1051510). - ALSA: seq: Do error checks at creating system ports (bsc#1051510). - ALSA: timer: Fix incorrectly assigned timer instance (git-fixes). - ALSA: usb-audio: Fix Focusrite Scarlett 6i6 gen1 - input handling (git-fixes). - ALSA: usb-audio: Fix missing error check at mixer resolution test (git-fixes). - ALSA: usb-audio: not submit urb for stopped endpoint (git-fixes). - arm64: Update config files. (bsc#1156466) Enable HW_RANDOM_OMAP driver and mark driver omap-rng as supported. - ASoC: davinci: Kill BUG_ON() usage (stable 4.14.y). - ASoC: davinci-mcasp: Handle return value of devm_kasprintf (stable 4.14.y). - ASoC: dpcm: Properly initialise hw->rate_max (bsc#1051510). - ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation (bsc#1051510). - ASoC: kirkwood: fix external clock probe defer (git-fixes). - ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX (git-fixes). - ASoC: sgtl5000: avoid division by zero if lo_vag is zero (bsc#1051510). - ASoC: tegra_sgtl5000: fix device_node refcounting (bsc#1051510). - ASoC: tlv320aic31xx: Handle inverted BCLK in non-DSP modes (stable 4.14.y). - ASoC: tlv320dac31xx: mark expected switch fall-through (stable 4.14.y). - ata: ep93xx: Use proper enums for directions (bsc#1051510). - ath10k: fix kernel panic by moving pci flush after napi_disable (bsc#1051510). - ath10k: fix vdev-start timeout on error (bsc#1051510). - ath10k: limit available channels via DT ieee80211-freq-limit (bsc#1051510). - ath10k: wmi: disable softirq's while calling ieee80211_rx (bsc#1051510). - ath9k: add back support for using active monitor interfaces for tx99 (bsc#1051510). - ath9k: Fix a locking bug in ath9k_add_interface() (bsc#1051510). - ath9k: fix reporting calculated new FFT upper max (bsc#1051510). - ath9k: fix tx99 with monitor mode interface (bsc#1051510). - ath9k_hw: fix uninitialized variable data (bsc#1051510). - ax88172a: fix information leak on short answers (bsc#1051510). - backlight: lm3639: Unconditionally call led_classdev_unregister (bsc#1051510). - Bluetooth: btusb: fix PM leak in error case of setup (bsc#1051510). - Bluetooth: delete a stray unlock (bsc#1051510). - Bluetooth: Fix invalid-free in bcsp_close() (git-fixes). - Bluetooth: Fix memory leak in hci_connect_le_scan (bsc#1051510). - Bluetooth: hci_core: fix init for HCI_USER_CHANNEL (bsc#1051510). - Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS (bsc#1051510). - brcmfmac: fix full timeout waiting for action frame on-channel tx (bsc#1051510). - brcmfmac: reduce timeout for action frame scan (bsc#1051510). - brcmsmac: AP mode: update beacon when TIM changes (bsc#1051510). - brcmsmac: never log 'tid x is not agg'able' by default (bsc#1051510). - Btrfs: fix log context list corruption after rename exchange operation (bsc#1156494). - can: c_can: c_can_poll(): only read status register after status IRQ (git-fixes). - can: mcba_usb: fix use-after-free on disconnect (git-fixes). - can: peak_usb: fix a potential out-of-sync while decoding packets (git-fixes). - can: peak_usb: fix slab info leak (git-fixes). - can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max (git-fixes). - can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak (git-fixes). - can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak (git-fixes). - can: usb_8dev: fix use-after-free on disconnect (git-fixes). - ceph: add missing check in d_revalidate snapdir handling (bsc#1157183). - ceph: do not try to handle hashed dentries in non-O_CREAT atomic_open (bsc#1157184). - ceph: fix use-after-free in __ceph_remove_cap() (bsc#1154058). - ceph: just skip unrecognized info in ceph_reply_info_extra (bsc#1157182). - cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set (bsc#1051510). - cfg80211: call disconnect_wk when AP stops (bsc#1051510). - cfg80211: Prevent regulatory restore during STA disconnect in concurrent interfaces (bsc#1051510). - CIFS: add a helper to find an existing readable handle to a file (bsc#1144333, bsc#1154355). - CIFS: avoid using MID 0xFFFF (bsc#1144333, bsc#1154355). - CIFS: create a helper to find a writeable handle by path name (bsc#1144333, bsc#1154355). - CIFS: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bsc#1144333, bsc#1154355). - CIFS: fix max ea value size (bsc#1144333, bsc#1154355). - CIFS: Fix missed free operations (bsc#1144333, bsc#1154355). - CIFS: Fix oplock handling for SMB 2.1+ protocols (bsc#1144333, bsc#1154355). - CIFS: Fix retry mid list corruption on reconnects (bsc#1144333, bsc#1154355). - CIFS: Fix SMB2 oplock break processing (bsc#1144333, bsc#1154355). - CIFS: Fix use after free of file info structures (bsc#1144333, bsc#1154355). - CIFS: Force reval dentry if LOOKUP_REVAL flag is set (bsc#1144333, bsc#1154355). - CIFS: Force revalidate inode when dentry is stale (bsc#1144333, bsc#1154355). - CIFS: Gracefully handle QueryInfo errors during open (bsc#1144333, bsc#1154355). - CIFS: move cifsFileInfo_put logic into a work-queue (bsc#1144333, bsc#1154355). - CIFS: prepare SMB2_Flush to be usable in compounds (bsc#1144333, bsc#1154355). - CIFS: set domainName when a domain-key is used in multiuser (bsc#1144333, bsc#1154355). - CIFS: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bsc#1144333, bsc#1154355). - CIFS: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1144333, bsc#1154355). - CIFS: Use kzfree() to zero out the password (bsc#1144333, bsc#1154355). - clk: at91: avoid sleeping early (git-fixes). - clk: pxa: fix one of the pxa RTC clocks (bsc#1051510). - clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume (bsc#1051510). - clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume (git-fixes). - clk: samsung: Use clk_hw API for calling clk framework from clk notifiers (bsc#1051510). - clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 (git-fixes). - clocksource/drivers/sh_cmt: Fix clocksource width for 32-bit machines (bsc#1051510). - clocksource/drivers/sh_cmt: Fixup for 64-bit machines (bsc#1051510). - compat_ioctl: handle SIOCOUTQNSD (bsc#1051510). - component: fix loop condition to call unbind() if bind() fails (bsc#1051510). - cpufreq: intel_pstate: Register when ACPI PCCH is present (bsc#1051510). - cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() (bsc#1051510). - cpufreq: powernv: fix stack bloat and hard limit on number of CPUs (bsc#1051510). - cpufreq: Skip cpufreq resume if it's not suspended (bsc#1051510). - cpufreq: ti-cpufreq: add missing of_node_put() (bsc#1051510). - cpupower: Fix coredump on VMWare (bsc#1051510). - cpupower : Fix cpupower working when cpu0 is offline (bsc#1051510). - cpupower : frequency-set -r option misses the last cpu in related cpu list (bsc#1051510). - crypto: af_alg - cast ki_complete ternary op to int (bsc#1051510). - crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr (bsc#1051510). - crypto: ecdh - fix big endian bug in ECC library (bsc#1051510). - crypto: fix a memory leak in rsa-kcs1pad's encryption mode (bsc#1051510). - crypto: geode-aes - switch to skcipher for cbc(aes) fallback (bsc#1051510). - crypto: mxs-dcp - Fix AES issues (bsc#1051510). - crypto: mxs-dcp - Fix SHA null hashes and output length (bsc#1051510). - crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static (bsc#1051510). - crypto: s5p-sss: Fix Fix argument list alignment (bsc#1051510). - crypto: tgr192 - remove unneeded semicolon (bsc#1051510). - cw1200: Fix a signedness bug in cw1200_load_firmware() (bsc#1051510). - cxgb4: fix panic when attaching to ULD fail (networking-stable-19_11_05). - dccp: do not leak jiffies on the wire (networking-stable-19_11_05). - Disable SGL_ALLOC - dlm: do not leak kernel pointer to userspace (bsc#1051510). - dlm: fix invalid free (bsc#1051510). - dmaengine: dma-jz4780: Do not depend on MACH_JZ4780 (bsc#1051510). - dmaengine: dma-jz4780: Further residue status fix (bsc#1051510). - dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction (bsc#1051510). - dmaengine: imx-sdma: fix use-after-free on probe error path (bsc#1051510). - dmaengine: rcar-dmac: set scatter/gather max segment size (bsc#1051510). - dmaengine: timb_dma: Use proper enum in td_prep_slave_sg (bsc#1051510). - docs: move protection-keys.rst to the core-api book (bsc#1078248). - Documentation: debugfs: Document debugfs helper for unsigned long values (git-fixes). - Documentation: x86: convert protection-keys.txt to reST (bsc#1078248). - drm/etnaviv: fix dumping of iommuv2 (bsc#1113722) - drm/omap: fix max fclk divider for omap36xx (bsc#1113722) - drm/radeon: fix bad DMA from INTERRUPT_CNTL2 (git-fixes). - drm/radeon: fix si_enable_smc_cac() failed issue (bsc#1113722) - e1000e: Drop unnecessary __E1000_DOWN bit twiddling (bsc#1158049). - e1000e: Use dev_get_drvdata where possible (bsc#1158049). - e1000e: Use rtnl_lock to prevent race conditions between net and pci/pm (bsc#1158049). - EDAC/ghes: Fix Use after free in ghes_edac remove path (bsc#1114279). - extcon: cht-wc: Return from default case to avoid warnings (bsc#1051510). - fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper() (bsc#1051510). - fbdev: sbuslib: use checked version of put_user() (bsc#1051510). - fix SCTP regression (networking-stable-19_10_24 bsc#1158082). - ftrace: Introduce PERMANENT ftrace_ops flag (bsc#1120853). - gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist (bsc#1051510). - gpio: mpc8xxx: Do not overwrite default irq_set_type callback (bsc#1051510). - gpio: syscon: Fix possible NULL ptr usage (bsc#1051510). - gsmi: Fix bug in append_to_eventlog sysfs handler (bsc#1051510). - HID: Add ASUS T100CHI keyboard dock battery quirks (bsc#1051510). - HID: Add quirk for Microsoft PIXART OEM mouse (bsc#1051510). - HID: asus: Add T100CHI bluetooth keyboard dock special keys mapping (bsc#1051510). - HID: Fix assumption that devices have inputs (git-fixes). - HID: wacom: generic: Treat serial number and related fields as unsigned (git-fixes). - hwmon: (ina3221) Fix INA3221_CONFIG_MODE macros (bsc#1051510). - hwmon: (pwm-fan) Silence error on probe deferral (bsc#1051510). - hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled (bsc#1051510). - hwrng: omap - Fix RNG wait loop timeout (bsc#1051510). - hypfs: Fix error number left in struct pointer member (bsc#1051510). - ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047). - ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047). - ibmvnic: Serialize device queries (bsc#1155689 ltc#182047). - ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047). - iio: adc: max9611: explicitly cast gain_selectors (bsc#1051510). - iio: adc: stm32-adc: fix stopping dma (git-fixes). - iio: dac: mcp4922: fix error handling in mcp4922_write_raw (bsc#1051510). - iio: imu: adis16480: assign bias value only if operation succeeded (git-fixes). - iio: imu: adis16480: make sure provided frequency is positive (git-fixes). - iio: imu: adis: assign read val in debugfs hook only if op successful (git-fixes). - iio: imu: adis: assign value only if return code zero in read funcs (git-fixes). - include/linux/bitrev.h: fix constant bitrev (bsc#1114279). - inet: stop leaking jiffies on the wire (networking-stable-19_11_05). - Input: ff-memless - kill timer in destroy() (bsc#1051510). - Input: silead - try firmware reload after unsuccessful resume (bsc#1051510). - Input: st1232 - set INPUT_PROP_DIRECT property (bsc#1051510). - Input: synaptics-rmi4 - clear IRQ enables for F54 (bsc#1051510). - Input: synaptics-rmi4 - destroy F54 poller workqueue when removing (bsc#1051510). - Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver (bsc#1051510). - Input: synaptics-rmi4 - do not consume more data than we have (F11, F12) (bsc#1051510). - Input: synaptics-rmi4 - fix video buffer size (git-fixes). - intel_th: Fix a double put_device() in error path (git-fixes). - iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros (bsc#1158063). - ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address (bsc#1051510). - ipv4: Return -ENETUNREACH if we can't create route but saddr is valid (networking-stable-19_10_24). - iwlwifi: api: annotate compressed BA notif array sizes (bsc#1051510). - iwlwifi: check kasprintf() return value (bsc#1051510). - iwlwifi: exclude GEO SAR support for 3168 (git-fixes). - iwlwifi: mvm: avoid sending too many BARs (bsc#1051510). - iwlwifi: mvm: do not send keys when entering D3 (bsc#1051510). - kABI: Fix for 'KVM: x86: Introduce vcpu->arch.xsaves_enabled' (bsc#1158066). - kABI workaround for ath10k last_wmi_vdev_start_status field (bsc#1051510). - kABI workaround for struct mwifiex_power_cfg change (bsc#1051510). - KVM: SVM: Guard against DEACTIVATE when performing WBINVD/DF_FLUSH (bsc#1114279). - KVM: SVM: Serialize access to the SEV ASID bitmap (bsc#1114279). - KVM: VMX: Consider PID.PIR to determine if vCPU has pending interrupts (bsc#1158064). - KVM: VMX: Fix conditions for guest IA32_XSS support (bsc#1158065). - KVM: x86: Introduce vcpu->arch.xsaves_enabled (bsc#1158066). - KVM: x86/mmu: Take slots_lock when using kvm_mmu_zap_all_fast() (bsc#1158067). - lib/scatterlist: Fix chaining support in sgl_alloc_order() (git-fixes). - lib/scatterlist: Introduce sgl_alloc() and sgl_free() (git-fixes). - liquidio: fix race condition in instruction completion processing (bsc#1051510). - livepatch: Allow to distinguish different version of system state changes (bsc#1071995). - livepatch: Basic API to track system state changes (bsc#1071995 ). - livepatch: Keep replaced patches until post_patch callback is called (bsc#1071995). - livepatch: Selftests of the API for tracking system state changes (bsc#1071995). - loop: add ioctl for changing logical block size (bsc#1108043). - mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED (bsc#1051510). - mac80211: minstrel: fix CCK rate group streams value (bsc#1051510). - mac80211: minstrel: fix sampling/reporting of CCK rates in HT mode (bsc#1051510). - macvlan: schedule bc_work even if error (bsc#1051510). - mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone (git-fixes). - media: au0828: Fix incorrect error messages (bsc#1051510). - media: bdisp: fix memleak on release (git-fixes). - media: cxusb: detect cxusb_ctrl_msg error in query (bsc#1051510). - media: davinci: Fix implicit enum conversion warning (bsc#1051510). - media: exynos4-is: Fix recursive locking in isp_video_release() (git-fixes). - media: fix: media: pci: meye: validate offset to avoid arbitrary access (bsc#1051510). - media: flexcop-usb: ensure -EIO is returned on error condition (git-fixes). - media: imon: invalid dereference in imon_touch_event (bsc#1051510). - media: isif: fix a NULL pointer dereference bug (bsc#1051510). - media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() (bsc#1051510). - media: pxa_camera: Fix check for pdev->dev.of_node (bsc#1051510). - media: radio: wl1273: fix interrupt masking on release (git-fixes). - media: ti-vpe: vpe: Fix Motion Vector vpdma stride (git-fixes). - media: usbvision: Fix races among open, close, and disconnect (bsc#1051510). - media: vim2m: Fix abort issue (git-fixes). - media: vivid: Set vid_cap_streaming and vid_out_streaming to true (bsc#1051510). - mei: fix modalias documentation (git-fixes). - mei: samples: fix a signedness bug in amt_host_if_call() (bsc#1051510). - mfd: intel-lpss: Add default I2C device properties for Gemini Lake (bsc#1051510). - mfd: max8997: Enale irq-wakeup unconditionally (bsc#1051510). - mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values (bsc#1051510). - mfd: palmas: Assign the right powerhold mask for tps65917 (git-fixes). - mfd: ti_am335x_tscadc: Keep ADC interface on if child is wakeup capable (bsc#1051510). - mISDN: Fix type of switch control variable in ctrl_teimanager (bsc#1051510). - mlx5: add parameter to disable enhanced IPoIB (bsc#1142095) - mlx5: add parameter to disable enhanced IPoIB (bsc#1142095) - mmc: core: fix wl1251 sdio quirks (git-fixes). - mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card (git-fixes). - mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail (bsc#1051510). - mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone (git fixes (mm/compaction)). - mmc: sdhci-esdhc-imx: correct the fix of ERR004536 (git-fixes). - mmc: sdhci-of-at91: fix quirk2 overwrite (git-fixes). - mmc: sdio: fix wl1251 vendor id (git-fixes). - mm/debug.c: PageAnon() is true for PageKsm() pages (git fixes (mm/debug)). - mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() (git fixes (mm/gup)). - mt7601u: fix bbp version check in mt7601u_wait_bbp_ready (bsc#1051510). - mtd: nand: mtk: fix incorrect register setting order about ecc irq. - mtd: spear_smi: Fix Write Burst mode (bsc#1051510). - mtd: spi-nor: fix silent truncation in spi_nor_read() (bsc#1051510). - mwifiex: Fix NL80211_TX_POWER_LIMITED (bsc#1051510). - net: add READ_ONCE() annotation in __skb_wait_for_more_packets() (networking-stable-19_11_05). - net: add skb_queue_empty_lockless() (networking-stable-19_11_05). - net: annotate accesses to sk->sk_incoming_cpu (networking-stable-19_11_05). - net: annotate lockless accesses to sk->sk_napi_id (networking-stable-19_11_05). - net: avoid potential infinite loop in tc_ctl_action() (networking-stable-19_10_24). - net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3 (networking-stable-19_10_24). - net: bcmgenet: reset 40nm EPHY on energy detect (networking-stable-19_11_05). - net: bcmgenet: Set phydev->dev_flags only for internal PHYs (networking-stable-19_10_24). - net: dsa: b53: Do not clear existing mirrored port mask (networking-stable-19_11_05). - net: dsa: bcm_sf2: Fix IMP setup for port different than 8 (networking-stable-19_11_05). - net: dsa: fix switch tree list (networking-stable-19_11_05). - net: ethernet: ftgmac100: Fix DMA coherency issue with SW checksum (networking-stable-19_11_05). - net: fix sk_page_frag() recursion from memory reclaim (networking-stable-19_11_05). - net: hisilicon: Fix ping latency when deal with high throughput (networking-stable-19_11_05). - net/ibmvnic: Ignore H_FUNCTION return from H_EOI to tolerate XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/mlx4_core: Dynamically set guaranteed amount of counters per VF (networking-stable-19_11_05). - net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget (networking-stable-19_11_05). - netns: fix GFP flags in rtnl_net_notifyid() (networking-stable-19_11_05). - net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow (networking-stable-19_10_24). - net: use skb_queue_empty_lockless() in busy poll contexts (networking-stable-19_11_05). - net: use skb_queue_empty_lockless() in poll() handlers (networking-stable-19_11_05). - net: wireless: ti: remove local VENDOR_ID and DEVICE_ID definitions (git-fixes). - net: wireless: ti: wl1251 use new SDIO_VENDOR_ID_TI_WL1251 definition (git-fixes). - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() (networking-stable-19_11_05). - nfc: netlink: fix double device reference drop (git-fixes). - nfc: nxp-nci: Fix NULL pointer dereference after I2C communication error (git-fixes). - nfc: port100: handle command failure cleanly (git-fixes). - nl80211: Fix a GET_KEY reply attribute (bsc#1051510). - openvswitch: fix flow command message size (git-fixes). - padata: use smp_mb in padata_reorder to avoid orphaned padata jobs (git-fixes). - PCI/ACPI: Correct error message for ASPM disabling (bsc#1051510). - PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3 (bsc#1051510). - PCI: dwc: Fix find_next_bit() usage (bsc#1051510). - PCI: Fix Intel ACS quirk UPDCR register address (bsc#1051510). - PCI/MSI: Fix incorrect MSI-X masking on resume (bsc#1051510). - PCI/PME: Fix possible use-after-free on remove (git-fixes). - PCI/PTM: Remove spurious 'd' from granularity message (bsc#1051510). - PCI: rcar: Fix missing MACCTLR register setting in initialization sequence (bsc#1051510). - PCI: sysfs: Ignore lockdep for remove attribute (git-fixes). - PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 (git-fixes). - phy: phy-twl4030-usb: fix denied runtime access (git-fixes). - pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call (git-fixes). - pinctrl: at91: do not use the same irqchip with multiple gpiochips (git-fixes). - pinctrl: cherryview: Allocate IRQ chip dynamic (git-fixes). - pinctrl: lewisburg: Update pin list according to v1.1v6 (bsc#1051510). - pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT (bsc#1051510). - pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in init code (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init (bsc#1051510). - pinctrl: sunxi: Fix a memory leak in 'sunxi_pinctrl_build_state()' (bsc#1051510). - pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD (bsc#1051510). - PM / devfreq: Check NULL governor in available_governors_show (git-fixes). - PM / devfreq: exynos-bus: Correct clock enable sequence (bsc#1051510). - PM / devfreq: Lock devfreq in trans_stat_show (git-fixes). - PM / devfreq: passive: fix compiler warning (bsc#1051510). - PM / devfreq: passive: Use non-devm notifiers (bsc#1051510). - PM / hibernate: Check the success of generating md5 digest before hibernation (bsc#1051510). - powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041). - powerpc/book3s64/hash: Use secondary hash for bolted mapping if the primary is full (bsc#1157778 ltc#182520). - powerpc/bpf: Fix tail call implementation (bsc#1157698). - powerpc/pseries: address checkpatch warnings in dlpar_offline_cpu (bsc#1156700 ltc#182459). - powerpc/pseries: Do not fail hash page table insert for bolted mapping (bsc#1157778 ltc#182520). - powerpc/pseries: Do not opencode HPTE_V_BOLTED (bsc#1157778 ltc#182520). - powerpc/pseries: safely roll back failed DLPAR cpu add (bsc#1156700 ltc#182459). - powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041). - powerpc/security: Fix wrong message when RFI Flush is disable (bsc#1131107). - powerpc/xive: Prevent page fault issues in the machine crash handler (bsc#1156882 ltc#182435). - power: reset: at91-poweroff: do not procede if at91_shdwc is allocated (bsc#1051510). - power: supply: ab8500_fg: silence uninitialized variable warnings (bsc#1051510). - power: supply: max14656: fix potential use-after-free (bsc#1051510). - power: supply: twl4030_charger: disable eoc interrupt on linear charge (bsc#1051510). - power: supply: twl4030_charger: fix charging current out-of-bounds (bsc#1051510). - ppdev: fix PPGETTIME/PPSETTIME ioctls (bsc#1051510). - printk: Export console_printk (bsc#1071995). - pwm: bcm-iproc: Prevent unloading the driver module while in use (git-fixes). - pwm: lpss: Only set update bit if we are actually changing the settings (bsc#1051510). - r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2 (networking-stable-19_11_05). - regulator: ab8500: Remove AB8505 USB regulator (bsc#1051510). - regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id (bsc#1051510). - remoteproc: Check for NULL firmwares in sysfs interface (git-fixes). - Remove patches that reportedly cause regression (bsc#1155689 ltc#182047). - reset: fix of_reset_simple_xlate kerneldoc comment (bsc#1051510). - reset: Fix potential use-after-free in __of_reset_control_get() (bsc#1051510). - reset: fix reset_control_get_exclusive kerneldoc comment (bsc#1051510). - Revert 'drm/etnaviv: fix dumping of iommuv2 (bsc#1113722)' This reverts commit 71e3a1b8d8cf73f711f3e4100aa51f68e631f94f. - rpm/kernel-binary.spec.in: add COMPRESS_VMLINUX (bnc#1155921) Let COMPRESS_VMLINUX determine the compression used for vmlinux. By default (historically), it is gz. - rpm/kernel-source.spec.in: Fix dependency of kernel-devel (bsc#1154043) - rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument (bsc#1051510). - rtlwifi: Remove unnecessary NULL check in rtl_regd_init (bsc#1051510). - rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information (bsc#1051510). - rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address (bsc#1051510). - rtlwifi: rtl8192de: Fix missing enable interrupt flag (bsc#1051510). - s390/bpf: fix lcgr instruction encoding (bsc#1051510). - s390/bpf: use 32-bit index for tail calls (bsc#1051510). - s390/cio: avoid calling strlen on null pointer (bsc#1051510). - s390/cio: exclude subchannels with no parent from pseudo check (bsc#1051510). - s390/cmm: fix information leak in cmm_timeout_handler() (bsc#1051510). - s390: fix stfle zero padding (bsc#1051510). - s390/idle: fix cpu idle time calculation (bsc#1051510). - s390/mm: properly clear _PAGE_NOEXEC bit when it is not supported (bsc#1051510). - s390/process: avoid potential reading of freed stack (bsc#1051510). - s390/qdio: do not touch the dsci in tiqdio_add_input_queues() (bsc#1051510). - s390/qdio: (re-)initialize tiqdio list entries (bsc#1051510). - s390/qeth: return proper errno on IO error (bsc#1051510). - s390/setup: fix boot crash for machine without EDAT-1 (bsc#1051510 bsc#1140948). - s390/setup: fix early warning messages (bsc#1051510 bsc#1140948). - s390/topology: avoid firing events before kobjs are created (bsc#1051510). - sc16is7xx: Fix for 'Unexpected interrupt: 8' (bsc#1051510). - scsi: lpfc: Fix Oops in nvme_register with target logout/login (bsc#1151900). - scsi: lpfc: Honor module parameter lpfc_use_adisc (bsc#1153628). - scsi: lpfc: Limit xri count for kdump environment (bsc#1154124). - scsi: qla2xxx: Add debug dump of LOGO payload and ELS IOCB (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Allow PLOGI in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Change discovery state before PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Configure local loop for N2N target (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Do command completion on abort timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Do not call qlt_async_event twice (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Do not defer relogin unconditonally (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: do not use zero for FC4_PRIORITY_NVME (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Drop superfluous INIT_WORK of del_work (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix a dma_pool_free() call (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix device connect issues in P2P configuration (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix double scsi_done for abort path (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix driver unload hang (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix memory leak when sending I/O fails (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan (bsc#1138039). - scsi: qla2xxx: Fix SRB leak on switch command timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Ignore NULL pointer in tcm_qla2xxx_free_mcmd (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: initialize fc4_type_priority (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Initialize free_work before flushing it (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Remove an include directive (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Send Notify ACK after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: unregister ports after GPN_FT failure (bsc#1138039). - scsi: qla2xxx: Update driver version to 10.01.00.21-k (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Use explicit LOGO in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: sd: Ignore a failure to sync cache due to lack of authorization (git-fixes). - scsi: storvsc: Add ability to change scsi queue depth (bsc#1155021). - scsi: zfcp: fix request object use-after-free in send path causing wrong traces (bsc#1051510). - sctp: change sctp_prot .no_autobind with true (networking-stable-19_10_24). - selftests: net: reuseport_dualstack: fix uninitalized parameter (networking-stable-19_11_05). - serial: fix kernel-doc warning in comments (bsc#1051510). - serial: mctrl_gpio: Check for NULL pointer (bsc#1051510). - serial: mxs-auart: Fix potential infinite loop (bsc#1051510). - serial: samsung: Enable baud clock for UART reset procedure in resume (bsc#1051510). - serial: uartlite: fix exit path null pointer (bsc#1051510). - serial: uartps: Fix suspend functionality (bsc#1051510). - signal: Properly set TRACE_SIGNAL_LOSE_INFO in __send_signal (bsc#1157463). - slcan: Fix memory leak in error path (bsc#1051510). - slip: Fix memory leak in slip_open error path (bsc#1051510). - slip: Fix use-after-free Read in slip_open (bsc#1051510). - smb3: fix leak in 'open on server' perf counter (bsc#1144333, bsc#1154355). - smb3: fix signing verification of large reads (bsc#1144333, bsc#1154355). - smb3: fix unmount hang in open_shroot (bsc#1144333, bsc#1154355). - smb3: improve handling of share deleted (and share recreated) (bsc#1144333, bsc#1154355). - smb3: Incorrect size for netname negotiate context (bsc#1144333, bsc#1154355). - soc: imx: gpc: fix PDN delay (bsc#1051510). - soc: qcom: wcnss_ctrl: Avoid string overflow (bsc#1051510). - spi: atmel: Fix CS high support (bsc#1051510). - spi: atmel: fix handling of cs_change set on non-last xfer (bsc#1051510). - spi: fsl-lpspi: Prevent FIFO under/overrun by default (bsc#1051510). - spi: mediatek: Do not modify spi_transfer when transfer (bsc#1051510). - spi: mediatek: use correct mata->xfer_len when in fifo transfer (bsc#1051510). - spi: pic32: Use proper enum in dmaengine_prep_slave_rg (bsc#1051510). - spi: rockchip: initialize dma_slave_config properly (bsc#1051510). - spi: spidev: Fix OF tree warning logic (bsc#1051510). - staging: rtl8188eu: fix null dereference when kzalloc fails (bsc#1051510). - supported.conf: - synclink_gt(): fix compat_ioctl() (bsc#1051510). - tcp_nv: fix potential integer overflow in tcpnv_acked (bsc#1051510). - thunderbolt: Fix lockdep circular locking depedency warning (git-fixes). - tipc: Avoid copying bytes beyond the supplied data (bsc#1051510). - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable (bsc#1051510). - tipc: check link name with right length in tipc_nl_compat_link_set (bsc#1051510). - tipc: check msg->req data len in tipc_nl_compat_bearer_disable (bsc#1051510). - tipc: compat: allow tipc commands without arguments (bsc#1051510). - tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path (bsc#1051510). - tipc: fix wrong timeout input for tipc_wait_for_cond() (bsc#1051510). - tipc: handle the err returned from cmd header function (bsc#1051510). - tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb (bsc#1051510). - tipc: tipc clang warning (bsc#1051510). - tpm: add check after commands attribs tab allocation (bsc#1051510). - tracing: Get trace_array reference for available_tracers files (bsc#1156429). - tty: serial: fsl_lpuart: use the sg count from dma_map_sg (bsc#1051510). - tty: serial: imx: use the sg count from dma_map_sg (bsc#1051510). - tty: serial: msm_serial: Fix flow control (bsc#1051510). - tty: serial: pch_uart: correct usage of dma_unmap_sg (bsc#1051510). - UAS: Revert commit 3ae62a42090f ('UAS: fix alignment of scatter/gather segments'). - udp: use skb_queue_empty_lockless() (networking-stable-19_11_05). - USB: chaoskey: fix error case of a timeout (git-fixes). - USB: chipidea: Fix otg event handler (bsc#1051510). - USB: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started (bsc#1051510). - USB: dwc3: gadget: Check ENBLSLPM before sending ep command (bsc#1051510). - USB: gadget: Reject endpoints with 0 maxpacket value (bsc#1051510). - USB: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status() (bsc#1051510). - USB: gadget: uvc: configfs: Drop leaked references to config items (bsc#1051510). - USB: gadget: uvc: configfs: Prevent format changes after linking header (bsc#1051510). - USB: gadget: uvc: Factor out video USB request queueing (bsc#1051510). - USB: gadget: uvc: Only halt video streaming endpoint in bulk mode (bsc#1051510). - USB: handle warm-reset port requests on hub resume (bsc#1051510). - USBIP: add config dependency for SGL_ALLOC (git-fixes). - USBip: Fix free of unallocated memory in vhci tx (git-fixes). - USBip: Fix vhci_urb_enqueue() URB null transfer buffer error path (git-fixes). - USBip: Implement SG support to vhci-hcd and stub driver (git-fixes). - USBip: tools: fix fd leakage in the function of read_attr_usbip_status (git-fixes). - USB: misc: appledisplay: fix backlight update_status return code (bsc#1051510). - usb-serial: cp201x: support Mark-10 digital force gauge (bsc#1051510). - USB: serial: mos7720: fix remote wakeup (git-fixes). - USB: serial: mos7840: add USB ID to support Moxa UPort 2210 (bsc#1051510). - USB: serial: mos7840: fix remote wakeup (git-fixes). - USB: serial: option: add support for DW5821e with eSIM support (bsc#1051510). - USB: serial: option: add support for Foxconn T77W968 LTE modules (bsc#1051510). - USB: serial: whiteheat: fix line-speed endianness (bsc#1051510). - usb-storage: Revert commit 747668dbc061 ('usb-storage: Set virt_boundary_mask to avoid SG overflows') (bsc#1051510). - USB: xhci-mtk: fix ISOC error when interval is zero (bsc#1051510). - vfio-ccw: Fix misleading comment when setting orb.cmd.c64 (bsc#1051510). - vfio: ccw: push down unsupported IDA check (bsc#1156471 LTC#182362). - vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn (bsc#1051510). - video/hdmi: Fix AVI bar unpack (git-fixes). - virtio_console: allocate inbufs in add_port() only if it is needed (git-fixes). - virtio_ring: fix return code on DMA mapping fails (git-fixes). - virtio/s390: fix race on airq_areas (bsc#1051510). - vmxnet3: turn off lro when rxcsum is disabled (bsc#1157499). - vsock/virtio: fix sock refcnt holding during the shutdown (git-fixes). - watchdog: meson: Fix the wrong value of left time (bsc#1051510). - x86/alternatives: Add int3_emulate_call() selftest (bsc#1153811). - x86/alternatives: Fix int3_emulate_call() selftest stack corruption (bsc#1153811). - x86/mm/pkeys: Fix typo in Documentation/x86/protection-keys.txt (bsc#1078248). - x86/pkeys: Update documentation about availability (bsc#1078248). - x86/resctrl: Fix potential lockdep warning (bsc#1114279). - x86/resctrl: Prevent NULL pointer dereference when reading mondata (bsc#1114279). - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (bsc#1158068). - xfrm: fix sa selector validation (bsc#1156609). - xfrm: Fix xfrm sel prefix length validation (git-fixes). ----------------------------------------- Patch: SUSE-2019-3293 Released: Fri Dec 13 18:28:36 2019 Summary: Security update for libssh Severity: important References: 1158095,CVE-2019-14889 Description: This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095). ----------------------------------------- Patch: SUSE-2019-3318 Released: Tue Dec 17 13:10:43 2019 Summary: Security update for samba Severity: important References: 1158108,1158109,CVE-2019-14861,CVE-2019-14870 Description: This update for samba fixes the following issues: - CVE-2019-14861: Fixed a DNSServer RPC server crash, that allowed an authenticated user to crash the DCE/RPC DNS management server by creating records with matching the zone name (bsc#1158108). - CVE-2019-14870: Fixed a DelegationNotAllowed not being enforced (bsc#1158109). ----------------------------------------- Patch: SUSE-2019-3324 Released: Tue Dec 17 15:44:20 2019 Summary: Recommended update for grub2 Severity: moderate References: 1136970,1154783 Description: This update for grub2 fixes the following issues: - Fix 'grub2.sleep' to load old kernel after hibernation. (bsc#1154783) - Consistently find btrfs snapshots on s390x to boot from. (bsc#1136970) ----------------------------------------- Patch: SUSE-2019-3368 Released: Thu Dec 19 19:21:58 2019 Summary: Recommended update for irqbalance Severity: moderate References: 1119461,1138190,1154905 Description: This update for irqbalance fixes the following issues: - Irqbalanced is supposed to spread the load for NVMe. (bsc#1119461, bsc#1154905, bsc#1138190) ----------------------------------------- Patch: SUSE-2019-3393 Released: Mon Dec 30 14:04:29 2019 Summary: Security update for python-azure-agent Severity: moderate References: 1127838,1159639,CVE-2019-0804,ECO-80 Description: This update for python-azure-agent fixes the following issues: Update to version 2.2.45 (jsc#ECO-80 bsc#1159639) + Add support for Gen2 VM resource disks + Use alternate systemd detection + Fix /proc/net/route requirement that causes errors on FreeBSD + Add cloud-init auto-detect to prevent multiple provisioning mechanisms from relying on configuration for coordination + Disable cgroups when daemon is setup incorrectly + Remove upgrade extension loop for the same goal state + Add container id for extension telemetry events + Be more exact when detecting IMDS service health + Changing add_event to start sending missing fields Update to version 2.2.44: + Remove outdated extension ZIP packages + Improved error handling when starting extensions using systemd + Reduce provisioning time of some custom images + Improve the handling of extension download errors + New API for extension authors to handle errors during extension update + Fix handling of errors in calls to openssl + Improve logic to determine current distro + Reduce verbosity of several logging statements Update to version 2.2.42: + Poll for artifact blob, addresses goal state procesing issue Update to version 2.2.41: + Rewriting the mechanism to start the extension using systemd-run for systems using systemd for managing + Refactoring of resource monitoring framework using cgroup for both systemd and non-systemd approaches [#1530, #1534] + Telemetry pipeline for resource monitoring data Update to version 2.2.40: + Fixed tracking of memory/cpu usage + Do not prevent extensions from running if setting up cgroups fails + Enable systemd-aware deprovisioning on all versions >= 18.04 + Add systemd support for Debian Jessie, Stretch, and Buster + Support for Linux Openwrt Update to version 2.2.38: + CVE-2019-0804: WALinuxAgent could be made to expose sensitive information. (bsc#1127838) + Add fixes for handling swap file and other nit fixes Update to version 2.2.37: + Improves re-try logic to handle errors while downloading extensions ----------------------------------------- Patch: SUSE-2019-3395 Released: Mon Dec 30 14:05:06 2019 Summary: Security update for mozilla-nspr, mozilla-nss Severity: moderate References: 1141322,1158527,1159819,CVE-2018-18508,CVE-2019-11745,CVE-2019-17006 Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.47.1: Security issues fixed: - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). - CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23: - Whitespace in C files was cleaned up and no longer uses tab characters for indenting. ----------------------------------------- Patch: SUSE-2019-3400 Released: Tue Dec 31 08:18:40 2019 Summary: Recommended update for libsodium Severity: moderate References: 1146257 Description: This update for libsodium fixes the following issues: - build libsodium23-32bit, which is required by zeromq's -32bit packages. (bsc#1146257) ----------------------------------------- Patch: SUSE-2020-2 Released: Thu Jan 2 09:50:04 2020 Summary: Security update for openssl-1_1 Severity: moderate References: 1155346,1157775,1158101,1158809,CVE-2019-1551,SLE-8789 Description: This update for openssl-1_1 fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Various FIPS related improvements were done: - FIPS: Backport SSH KDF to openssl (jsc#SLE-8789, bsc#1157775). - Port FIPS patches from SLE-12 (bsc#1158101) - Use SHA-2 in the RSA pairwise consistency check (bsc#1155346) ----------------------------------------- Patch: SUSE-2020-5 Released: Thu Jan 2 12:33:02 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1155337,1155338,1155339 Description: This update for libgcrypt fixes the following issues: Various FIPS related improvements were done: - FIPS: RSA/DSA/ECDSA are missing hashing operation (bsc#1155337) - Fix the following FIPS tests: basic benchmark bench-slope pubkey t-cv25519 t-secmem - Fix test dsa-rfc6979 in FIPS mode: Disabled tests in elliptic curves with 192 bits which are not recommended in FIPS mode - Added CMAC AES and TDES FIPS self-tests: (bsc#1155339, bsc#1155338) ----------------------------------------- Patch: SUSE-2020-9 Released: Thu Jan 2 12:33:47 2020 Summary: Recommended update for xfsprogs Severity: moderate References: 1157438 Description: This update for xfsprogs fixes the following issues: - Remove the 'xfs_scrub_all' script from the package, and the corresponding dependency of python. (bsc#1157438) ----------------------------------------- Patch: SUSE-2020-35 Released: Wed Jan 8 09:06:32 2020 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Severity: moderate References: 1122469,1143349,1150397,1152308,1153367,1158590,CVE-2019-16884 Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Security issue fixed: - CVE-2019-16884: Fixed incomplete patch for LSM bypass via malicious Docker image that mount over a /proc directory (bsc#1152308). Bug fixes: - Update to Docker 19.03.5-ce (bsc#1158590). - Update to Docker 19.03.3-ce (bsc#1153367). - Update to Docker 19.03.2-ce (bsc#1150397). - Fixed default installation such that --userns-remap=default works properly (bsc#1143349). - Fixed nginx blocked by apparmor (bsc#1122469). ----------------------------------------- Patch: SUSE-2020-36 Released: Wed Jan 8 10:26:46 2020 Summary: Recommended update for python-pyOpenSSL Severity: low References: 1159989 Description: This update fixes the build of python-pyOpenSSL in 2020 (bsc#1159989). ----------------------------------------- Patch: SUSE-2020-38 Released: Wed Jan 8 13:05:11 2020 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1158499,1160158 Description: This update for openssl-1_1 fixes the following issues: - Obsoleted libopenssl-1_0_0-hmac for a clean upgrade from SLE-12 (bsc#1158499) - Fixed a regression where EVP_PBE_scrypt() behavior changed (bsc#1160158). ----------------------------------------- Patch: SUSE-2020-52 Released: Thu Jan 9 10:09:11 2020 Summary: Optional update for openslp Severity: low References: 1149792 Description: This update for openslp doesn't fix any user visible bugs. ----------------------------------------- Patch: SUSE-2020-74 Released: Fri Jan 10 12:52:33 2020 Summary: Optional update for yast2-dhcp-server Severity: low References: 1103691,1104644 Description: This update for yast2-dhcp-server doesn't fix any user visible issues. ----------------------------------------- Patch: SUSE-2020-87 Released: Mon Jan 13 14:12:32 2020 Summary: Security update for libsolv, libzypp, zypper Severity: moderate References: 1135114,1154804,1154805,1155198,1155205,1155298,1155678,1155819,1156158,1157377,1158763,CVE-2019-18900 Description: This update for libsolv, libzypp, zypper fixes the following issues: Security issue fixed: - CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763). Bug fixes - Fixed removing orphaned packages dropped by to-be-installed products (bsc#1155819). - Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules (bsc#1155198). - Do not enforce 'en' being in RequestedLocales If the user decides to have a system without explicit language support he may do so (bsc#1155678). - Load only target resolvables for zypper rm (bsc#1157377). - Fix broken search by filelist (bsc#1135114). - Replace python by a bash script in zypper-log (fixes#304, fixes#306, bsc#1156158). - Do not sort out requested locales which are not available (bsc#1155678). - Prevent listing duplicate matches in tables. XML result is provided within the new list-patches-byissue element (bsc#1154805). - XML add patch issue-date and issue-list (bsc#1154805). - Fix zypper lp --cve/bugzilla/issue options (bsc#1155298). - Always execute commit when adding/removing locales (fixes bsc#1155205). - Fix description of --table-style,-s in man page (bsc#1154804). ----------------------------------------- Patch: SUSE-2020-94 Released: Tue Jan 14 12:28:26 2020 Summary: Recommended update for icu Severity: important References: 1103893,1146907 Description: This update for icu fixes the following issues: - Porting upstream's Japanese new era name support. (bsc#1103893, fate#325570, fate#325419) - Remove old obsoletes/provides for migration from very old products, as they break our shared library policy. (bsc#1146907) - IMPORTANT: Please force this update to install with 'zypper -f' to override the major version if you already installed the version 64. ----------------------------------------- Patch: SUSE-2020-97 Released: Tue Jan 14 13:40:50 2020 Summary: Optional update for yast2-samba-server Severity: low References: 1103691,1104644 Description: This update for yast2-samba-server doesn't fix any user visible issues. ----------------------------------------- Patch: SUSE-2020-107 Released: Wed Jan 15 14:18:39 2020 Summary: Recommended update for yast2-storage-ng Severity: moderate References: 1141006,1154070 Description: This update for yast2-storage-ng fixes the following issues: - Initial: consider only up to ten disks. (bsc#1154070) - Add execute permissions to test files. (bsc#1141006) ----------------------------------------- Patch: SUSE-2020-114 Released: Thu Jan 16 10:11:52 2020 Summary: Security update for python3 Severity: important References: 1027282,1029377,1029902,1040164,1042670,1070853,1079761,1081750,1083507,1086001,1088004,1088009,1088573,1094814,1107030,1109663,1109847,1120644,1122191,1129346,1130840,1133452,1137942,1138459,1141853,1149121,1149792,1149955,1151490,1153238,1159035,1159622,637176,658604,673071,709442,743787,747125,751718,754447,754677,787526,809831,831629,834601,871152,885662,885882,917607,942751,951166,983582,984751,985177,985348,989523,CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2014-2667,CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20406,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947 Description: This update for python3 to version 3.6.10 fixes the following issues: - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). ----------------------------------------- Patch: SUSE-2020-125 Released: Fri Jan 17 12:27:07 2020 Summary: Recommended update for icu Severity: important References: 1161007 Description: This update for icu provides the following fix: - Re-add the libicu provides to the spec file to fix installation of SAP HANA on SLE-15 and SLE-15-SP1. (bsc#1161007) ----------------------------------------- Patch: SUSE-2020-130 Released: Mon Jan 20 09:21:21 2020 Summary: Security update for libssh Severity: important References: 1158095,CVE-2019-14889 Description: This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095). ----------------------------------------- Patch: SUSE-2020-156 Released: Wed Jan 22 08:02:11 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1161215,1161216,1161218,1161219,1161220 Description: This update for libgcrypt fixes the following issues: - ECDSA: Check range of coordinates (bsc#1161216) - FIPS: libgcrypt DSA PQG parameter generation: Missing value (bsc#1161219) - FIPS: libgcrypt DSA PQG verification incorrect results (bsc#1161215) - FIPS: libgcrypt RSA siggen/keygen: 4k not supported (bsc#1161220) - FIPS: keywrap gives incorrect results (bsc#1161218) ----------------------------------------- Patch: SUSE-2020-157 Released: Wed Jan 22 08:02:51 2020 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1161198,1161203 Description: This update for openssl-1_1 fixes the following issues: - Fix FIPS DRBG without derivation function (bsc#1161198) - Allow md5_sha1 in FIPS mode to enable TLS 1.0 (bsc#1161203) ----------------------------------------- Patch: SUSE-2020-218 Released: Thu Jan 23 07:59:02 2020 Summary: Recommended update for yast2-installation Severity: moderate References: 1138117 Description: This update for yast2-installation fixes the following issues: - Downloading files: Remounting CD with bind option correctly if the CD has already been mounted (bsc#1138117). ----------------------------------------- Patch: SUSE-2020-224 Released: Thu Jan 23 17:05:02 2020 Summary: Security update for samba Severity: moderate References: 1160850,1160888,CVE-2019-14902,CVE-2019-14907 Description: This update for samba fixes the following issues: - CVE-2019-14902: Fixed an issue where automatic replication of ACLs down subtree on AD Directory is not working (bsc#1160850). - CVE-2019-14907: Fixed a Server-side crash after charset conversion failure during NTLMSSP processing (bsc#1160888). ----------------------------------------- Patch: SUSE-2020-225 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Severity: moderate References: 1158830 Description: This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------- Patch: SUSE-2020-234 Released: Fri Jan 24 16:33:52 2020 Summary: Security update for python Severity: important References: 1027282,1041090,1042670,1068664,1073269,1073748,1078326,1078485,1079300,1081750,1083507,1084650,1086001,1088004,1088009,1109847,1111793,1113755,1122191,1129346,1130840,1130847,1138459,1141853,1149792,1149955,1153238,1153830,1159035,214983,298378,346490,367853,379534,380942,399190,406051,425138,426563,430761,432677,436966,437293,441088,462375,525295,534721,551715,572673,577032,581765,603255,617751,637176,638233,658604,673071,682554,697251,707667,718009,747125,747794,751718,754447,766778,794139,804978,827982,831442,834601,836739,856835,856836,857470,863741,885882,898572,901715,935856,945401,964182,984751,985177,985348,989523,997436,CVE-2007-2052,CVE-2008-1721,CVE-2008-2315,CVE-2008-2316,CVE-2008-3142,CVE-2008-3143,CVE-2008-3144,CVE-2011-1521,CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-1753,CVE-2013-4238,CVE-2014-1912,CVE-2014-4650,CVE-2014-7185,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-1000158,CVE-2017-18207,CVE-2018-1000030,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20852,CVE-2019-10160,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947,CVE-2019-9948 Description: This update for python fixes the following issues: Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions (bsc#1159035). ----------------------------------------- Patch: SUSE-2020-256 Released: Wed Jan 29 09:39:17 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1157794,1160970 Description: This update for aaa_base fixes the following issues: - Improves the way how the Java path is created to fix an issue with sapjvm. (bsc#1157794) - Drop 'dev.cdrom.autoclose' = 0 from sysctl config. (bsc#1160970) ----------------------------------------- Patch: SUSE-2020-262 Released: Thu Jan 30 11:02:42 2020 Summary: Security update for glibc Severity: moderate References: 1149332,1151582,1157292,1157893,1158996,CVE-2019-19126 Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2019-19126: Fixed to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition (bsc#1157292). Bug fixes: - Fixed z15 (s390x) strstr implementation that can return incorrect results if search string cross page boundary (bsc#1157893). - Fixed Hardware support in toolchain (bsc#1151582). - Fixed syscalls during early process initialization (SLE-8348). - Fixed an array overflow in backtrace for PowerPC (bsc#1158996). - Moved to posix_spawn on popen (bsc#1149332). ----------------------------------------- Patch: SUSE-2020-263 Released: Thu Jan 30 13:59:09 2020 Summary: Security update for wicked Severity: important References: 1160903,1160905,CVE-2019-18902,CVE-2020-7216 Description: This update for wicked fixes the following issues: - CVE-2019-18902: Fixed a use-after-free when receiving invalid DHCP6 client options (bsc#1160903). - CVE-2020-7216: Fixed a potential denial of service via a memory leak when processing packets with missing message type option in DHCP4 (bsc#1160905). ----------------------------------------- Patch: SUSE-2020-265 Released: Thu Jan 30 14:05:34 2020 Summary: Security update for e2fsprogs Severity: moderate References: 1160571,CVE-2019-5188 Description: This update for e2fsprogs fixes the following issues: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). ----------------------------------------- Patch: SUSE-2020-270 Released: Thu Jan 30 16:14:27 2020 Summary: Recommended update for ldb Severity: moderate References: 1161417 Description: This update for ldb fixes the following issue: - ship the ldb-tools package. (bsc#1161417) ----------------------------------------- Patch: SUSE-2020-279 Released: Fri Jan 31 12:01:39 2020 Summary: Recommended update for p11-kit Severity: moderate References: 1013125 Description: This update for p11-kit fixes the following issues: - Also build documentation (bsc#1013125) ----------------------------------------- Patch: SUSE-2020-330 Released: Wed Feb 5 17:33:24 2020 Summary: Recommended update for yast2-firstboot Severity: moderate References: 1094307,1123091,1134501,1143106,1154708,1156905,1159157 Description: This update for yast2-firstboot fixes the following issues: yast2-firstboot received the following fixes: - Improve the 'firstboot_licenses' client to give precedence to the directory argument, allowing to use it multiple times to show different licenses (bsc#1154708). - Add firstboot.rnc to the desktop file (bsc#1156905). - Remove the references to the already dropped automatic configuration feature (FATE#314695). autoyast received the following fixes: - Fixed conflicting items in rule dialogs (bsc#1123091). - Semi-automatic with partition: Do not use the common AY partition workflow (bsc#1134501). - Do not reset Base-Product while registration. Do not call registration in the second installation stage again. (bsc#1143106). - Fix profile validation for scripts elements (bsc#1156905). - UI: Report XML parsing errors instead of just crashing (bsc#1159157). yast2-schema received the following fixes: - Fix 'firstboot' and 'scripts' elements validation (bsc#1156905). - Add create_subvolumes element (bsc#1094307) ----------------------------------------- Patch: SUSE-2020-335 Released: Thu Feb 6 11:37:24 2020 Summary: Security update for systemd Severity: important References: 1084671,1092920,1106383,1133495,1151377,1154256,1155207,1155574,1156213,1156482,1158485,1159814,1161436,1162108,CVE-2019-20386,CVE-2020-1712 Description: This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) - bus_open leak sd_event_source when udevadm trigger。 (bsc#1161436 CVE-2019-20386) - fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814) - fileio: initialize errno to zero before we do fread() - fileio: try to read one byte too much in read_full_stream() - logind: consider 'greeter' sessions suitable as 'display' sessions of a user (bsc#1158485) - logind: never elect a session that is stopping as display - journal: include kmsg lines from the systemd process which exec()d us (#8078) - udevd: don't use monitor after manager_exit() - udevd: capitalize log messages in on_sigchld() - udevd: merge conditions to decrease indentation - Revert 'udevd: fix crash when workers time out after exit is signal caught' - core: fragments of masked units ought not be considered for NeedDaemonReload (#7060) (bsc#1156482) - udevd: fix crash when workers time out after exit is signal caught - udevd: wait for workers to finish when exiting (bsc#1106383) - Improve bash completion support (bsc#1155207) * shell-completion: systemctl: do not list template units in {re,}start * shell-completion: systemctl: pass current word to all list_unit* * bash-completion: systemctl: pass current partial unit to list-unit* (bsc#1155207) * bash-completion: systemctl: use systemctl --no-pager * bash-completion: also suggest template unit files * bash-completion: systemctl: add missing options and verbs * bash-completion: use the first argument instead of the global variable (#6457) - networkd: VXLan Make group and remote variable separate (bsc#1156213) - networkd: vxlan require Remote= to be a non multicast address (#8117) (bsc#1156213) - fs-util: let's avoid unnecessary strerror() - fs-util: introduce inotify_add_watch_and_warn() helper - ask-password: improve log message when inotify limit is reached (bsc#1155574) - shared/install: failing with -ELOOP can be due to the use of an alias in install_error() (bsc#1151377) - man: alias names can't be used with enable command (bsc#1151377) - Add boot option to not use swap at system start (jsc#SLE-7689) - Allow YaST to select Iranian (Persian, Farsi) keyboard layout (bsc#1092920) ----------------------------------------- Patch: SUSE-2020-339 Released: Thu Feb 6 13:03:22 2020 Summary: Recommended update for openldap2 Severity: low References: 1158921 Description: This update for openldap2 provides the following fix: - Add libldap-data to the product (as it contains ldap.conf). (bsc#1158921) ----------------------------------------- Patch: SUSE-2020-340 Released: Thu Feb 6 13:03:56 2020 Summary: Recommended update for python-rpm-macros Severity: moderate References: 1161770 Description: This update for python-rpm-macros fixes the following issues: - Add macros related to the Python dist metadata dependency generator. (bsc#1161770) ----------------------------------------- Patch: SUSE-2020-370 Released: Fri Feb 7 13:57:23 2020 Summary: Security update for wicked Severity: important References: 1160904,1160906,CVE-2019-18903,CVE-2020-7217 Description: This update for wicked fixes the following issues: - CVE-2019-18903: Fixed a use-after-free when receiving invalid DHCP6 IA_PD option (bsc#1160904). - CVE-2020-7217: Fixed a memory leak in DHCP4 fsm when processing packets for other client ids (bsc#1160906). ----------------------------------------- Patch: SUSE-2020-375 Released: Fri Feb 7 17:30:25 2020 Summary: Security update for docker-runc Severity: moderate References: 1160452,CVE-2019-19921 Description: This update for docker-runc fixes the following issues: - CVE-2019-19921: Fixed a volume mount race condition with shared mounts (bsc#1160452). ----------------------------------------- Patch: SUSE-2020-408 Released: Wed Feb 19 09:32:46 2020 Summary: Security update for sudo Severity: important References: 1162202,1162675,CVE-2019-18634 Description: This update for sudo fixes the following issues: Security issue fixed: - CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers (bsc#1162202). Non-security issue fixed: - Fixed an issue where sudo -l would ask for a password even though `listpw` was set to `never` (bsc#1162675). ----------------------------------------- Patch: SUSE-2020-417 Released: Wed Feb 19 11:40:02 2020 Summary: Recommended update for chrony Severity: moderate References: 1159840 Description: This update for chrony fixes the following issues: - Fix 'make check' builds made after 2019-12-20. Existing installations do not need to be updated as the bug only affects the test, but not chrony itself (bsc#1159840). ----------------------------------------- Patch: SUSE-2020-418 Released: Wed Feb 19 13:23:13 2020 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1163569 Description: This update for openssl-1_1 fixes the following issues: - FIPS: Fixed wrong return values of FIPS DSA and ECDH selftests (bsc#1163569) ----------------------------------------- Patch: SUSE-2020-31 Released: Mon Feb 24 10:36:36 2020 Summary: Recommended update for cloud-netconfig Severity: moderate References: 1135592,1144282,1157117,1157190 Description: This update for cloud-netconfig contains the following fixes: - Removed obsolete Group tag from spec file. - Update to version 1.3: + Fix IPv4 address handling on secondary NICs in Azure. - Update to version 1.2: + support AWS IMDSv2 token. - Update to version 1.1: + fix use of GATEWAY variable. (bsc#1157117, bsc#1157190) + remove secondary IPv4 address only when added by cloud-netconfig. (bsc#1144282) + simplify routing setup for single NIC systems (partly fixes bsc#1135592) ----------------------------------------- Patch: SUSE-2020-462 Released: Tue Feb 25 11:49:30 2020 Summary: Recommended update for xfsprogs Severity: moderate References: 1158504,1158509,1158630,1158758 Description: This update for xfsprogs fixes the following issues: - Allow the filesystem utility xfs_io to suffix sizes with k,m,g for kilobytes, megabytes or gigabytes respectively. (bsc#1158630) - Validate extent size hint parameters through libxfs to avoid output mismatch. (bsc#1158509) - Fix for 'xfs_repair' not to fail recovery of orphaned shortform directories. (bsc#1158504) - Fix for 'xfs_quota' to avoid false error reporting of project inheritance flag is not set. (bsc#1158758) ----------------------------------------- Patch: SUSE-2020-467 Released: Tue Feb 25 12:00:39 2020 Summary: Security update for python3 Severity: moderate References: 1162224,1162367,1162423,1162825,CVE-2019-9674,CVE-2020-8492 Description: This update for python3 fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP (bsc#1162367). Non-security issue fixed: - If the locale is 'C', coerce it to C.UTF-8 (bsc#1162423). ----------------------------------------- Patch: SUSE-2020-476 Released: Tue Feb 25 14:23:14 2020 Summary: Recommended update for perl Severity: moderate References: 1102840,1160039 Description: This update for perl fixes the following issues: - Some packages make assumptions about the date and time they are built. This update will solve the issues caused by calling the perl function timelocal expressing the year with two digit only instead of four digits. (bsc#1102840) (bsc#1160039) ----------------------------------------- Patch: SUSE-2020-480 Released: Tue Feb 25 17:38:22 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1160735 Description: This update for aaa_base fixes the following issues: - Change 'rp_filter' to increase the default priority to ethernet over the wifi. (bsc#1160735) ----------------------------------------- Patch: SUSE-2020-492 Released: Wed Feb 26 13:16:03 2020 Summary: Recommended update for yast2-sudo Severity: moderate References: 1156929 Description: This update for yast2-sudo fixes the following issues: - Prevent truncating the sudoers file after writing the changes. (bsc#1156929) ----------------------------------------- Patch: SUSE-2020-510 Released: Thu Feb 27 12:46:10 2020 Summary: Security update for python Severity: moderate References: 1162224,1162367,1162825,CVE-2019-9674,CVE-2020-8492 Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation, warning about dangers of zip-bombs (bsc#1162825). - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP (bsc#1162367). ----------------------------------------- Patch: SUSE-2020-521 Released: Thu Feb 27 18:08:56 2020 Summary: Recommended update for c-ares Severity: moderate References: 1125306,1159006 Description: This update for c-ares fixes the following issues: c-ares version update to 1.15.0: * Add ares_init_options() configurability for path to resolv.conf file * Ability to exclude building of tools (adig, ahost, acountry) in CMake * Report ARES_ENOTFOUND for .onion domain names as per RFC7686 (bsc#1125306) * Apply the IPv6 server blacklist to all nameserver sources * Prevent changing name servers while queries are outstanding * ares_set_servers_csv() on failure should not leave channel in a bad state * getaddrinfo - avoid infinite loop in case of NXDOMAIN * ares_getenv - return NULL in all cases * implement ares_getaddrinfo - Fixed a regression in DNS results that contain both A and AAAA answers. - Add netcfg as the build requirement and runtime requirement. ----------------------------------------- Patch: SUSE-2020-525 Released: Fri Feb 28 11:49:36 2020 Summary: Recommended update for pam Severity: moderate References: 1164562 Description: This update for pam fixes the following issues: - Add libdb as build-time dependency to enable pam_userdb module. Enable pam_userdb.so (jsc#sle-7258, bsc#1164562) ----------------------------------------- Patch: SUSE-2020-549 Released: Sat Feb 29 11:09:17 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1155439,1164950 Description: This update for libgcrypt fixes the following issues: - Run the FIPS self-tests from the constructor (bsc#1164950) ----------------------------------------- Patch: SUSE-2020-556 Released: Mon Mar 2 13:32:11 2020 Summary: Recommended update for 389-ds Severity: moderate References: 1155951 Description: This update for 389-ds to version 1.4.2.2 fixes the following issues: 389-ds was updated to 1.4.2.6 (fate#326677, bsc#1155951), bringing many bug and stability fixes. Issue addressed: - Enabled python lib389 installer tooling to match upstream and suse documentation. More information for this release at: https://directory.fedoraproject.org/docs/389ds/releases/release-1-4-2-1.html ----------------------------------------- Patch: SUSE-2020-566 Released: Tue Mar 3 09:14:05 2020 Summary: Recommended update for supportutils Severity: important References: 1023308,1089877,1145233,1154482,1156837,1162357,1162539 Description: This update for supportutils fixes the following issues: - Exclude /proc/pagetypeinfo as it can be an expensive operation on some systems (bsc#1162357). - Readded LPM/DLPAR data for power (bsc#1162539). - Strip trailing commas from process names #64 (bsc#1156837). - Dynamically select compression method (bsc#1145233). - Updated detailed unit information fix in systemd.txt (bsc#1023308). - Include IPv6 routes (bsc#1089877). - Removed root .snapshots directory from full file list (bsc#1154482). ----------------------------------------- Patch: SUSE-2020-572 Released: Tue Mar 3 13:25:41 2020 Summary: Recommended update for cyrus-sasl Severity: moderate References: 1162518 Description: This update for cyrus-sasl fixes the following issues: - Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518) - Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518) ----------------------------------------- Patch: SUSE-2020-573 Released: Tue Mar 3 13:37:28 2020 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1160160 Description: This update for ca-certificates-mozilla to 2.40 fixes the following issues: Updated to 2.40 state of the Mozilla NSS Certificate store (bsc#1160160): Removed certificates: - Certplus Class 2 Primary CA - Deutsche Telekom Root CA 2 - CN=Swisscom Root CA 2 - UTN-USERFirst-Client Authentication and Email added certificates: - Entrust Root Certification Authority - G4 ----------------------------------------- Patch: SUSE-2020-581 Released: Wed Mar 4 10:18:28 2020 Summary: Recommended update for openssh Severity: moderate References: 1161997 Description: This update for openssh fixes the following issues: - Switch to use the openssl 'SSH' Key Derivation Function (SSH KDF) (jsc#SLE-9443 bsc#1161997). This performs key derivation using OpenSSL's SSHKDF facility, which allows OpenSSH to benefit from the former's FIPS certification status. This key derivation function uses FIPS 140-2 certified algorithms. ----------------------------------------- Patch: SUSE-2020-624 Released: Tue Mar 10 10:39:09 2020 Summary: Recommended update for python-PyNaCl Severity: important References: 1161557 Description: This update for python-PyNaCl fixes the following issues: - Add python-dkimpy as the python-PyNaCl requires that. (SLE-7686, bsc#1161557) ----------------------------------------- Patch: SUSE-2020-633 Released: Tue Mar 10 16:23:08 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1139939,1151023 Description: This update for aaa_base fixes the following issues: - get_kernel_version: fix for current kernel on s390x (bsc#1151023, bsc#1139939) - added '-h'/'--help' to the command old - change feedback url from http://www.suse.de/feedback to https://github.com/openSUSE/aaa_base/issues ----------------------------------------- Patch: SUSE-2020-637 Released: Wed Mar 11 11:29:56 2020 Summary: Recommended update for cloud-netconfig Severity: moderate References: 1162705,1162707 Description: This update for cloud-netconfig fixes the following issues: - Copy routes from the default routing table. (bsc#1162705, bsc#1162707) On multi-NIC systems, cloud-netconfig creates separate routing tables with different default routes, so packets get routed via the network interfaces associated with the source IP address. Systems may have additional routing in place and in that case cloud-netconfig's NIC specific routing may bypass those routes. - Make the key CLOUD_NETCONFIG_MANAGE enable by default. Any network interface that has been configured automatically via cloud-netconfig has a configuration file associated. If the value is set to 'NO' (or the pair is removed altogether), cloud-netconfig will not handle secondary IPv4 addresses and routing policies for the associated network interface. ----------------------------------------- Patch: SUSE-2020-657 Released: Thu Mar 12 15:06:48 2020 Summary: Recommended update for cloud-regionsrv-client Severity: moderate References: 1158664 Description: This update for cloud-regionsrv-client contains the following fixes: - Update to version 9.0.8: + Properly handle IPv6 addresses in URLs - Update to version 9.0.7: + Fix crash with a stack trace if no current_smt is present. (bsc#1158664) ----------------------------------------- Patch: SUSE-2020-662 Released: Thu Mar 12 17:30:22 2020 Summary: Recommended update for dracut Severity: moderate References: 1154043,1157795,1160318,1164076 Description: This update for dracut fixes the following issues: - Suppress error in '%post' when 'vconsole.conf' is not present. (bsc#1154043) - Fix 'DM_MULTIPATH_DEVICE_PATH' in udev rules. (bsc#1157795) - 01fips: Use correct kernel image name for more platforms (bsc#1164076) - 01fips: handle SHA1 on machines without AVX (bsc#1160318) ----------------------------------------- Patch: SUSE-2020-668 Released: Fri Mar 13 10:48:58 2020 Summary: Security update for glibc Severity: moderate References: 1163184,1164505,1165784,CVE-2020-10029 Description: This update for glibc fixes the following issues: - CVE-2020-10029: Fixed a potential overflow in on-stack buffer during range reduction (bsc#1165784). - Fixed an issue where pthread were not always locked correctly (bsc#1164505). - Document mprotect and introduce section on memory protection (bsc#1163184). ----------------------------------------- Patch: SUSE-2020-689 Released: Fri Mar 13 17:09:01 2020 Summary: Recommended update for pam Severity: moderate References: 1166510 Description: This update for PAM fixes the following issue: - The license of libdb linked against pam_userdb is not always wanted, so we temporary disabled pam_userdb again. It will be published in a different package at a later time. (bsc#1166510) ----------------------------------------- Patch: SUSE-2020-690 Released: Fri Mar 13 17:09:28 2020 Summary: Recommended update for suse-build-key Severity: moderate References: 1166334 Description: This update for suse-build-key fixes the following issues: - created a new security@suse.de communication key (bsc#1166334) ----------------------------------------- Patch: SUSE-2020-694 Released: Mon Mar 16 10:56:47 2020 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1165281,1165534 Description: This update for openssl-1_1 fixes the following issues: - Fix a deadlock in the FIPS random generator code (bsc#1165281 bsc#1165534) ----------------------------------------- Patch: SUSE-2020-475 Released: Thu Mar 19 11:00:46 2020 Summary: Recommended update for systemd Severity: moderate References: 1160595 Description: This update for systemd fixes the following issues: - Remove TasksMax limit for both user and system slices (jsc#SLE-10123) - Backport IP filtering feature (jsc#SLE-7743 bsc#1160595) ----------------------------------------- Patch: SUSE-2020-722 Released: Thu Mar 19 11:21:57 2020 Summary: Security update for nghttp2 Severity: moderate References: 1159003,1166481,CVE-2019-18802 Description: This update for nghttp2 fixes the following issues: nghttp2 was update to version 1.40.0 (bsc#1166481) - lib: Add nghttp2_check_authority as public API - lib: Fix the bug that stream is closed with wrong error code - lib: Faster huffman encoding and decoding - build: Avoid filename collision of static and dynamic lib - build: Add new flag ENABLE_STATIC_CRT for Windows - build: cmake: Support building nghttpx with systemd - third-party: Update neverbleed to fix memory leak - nghttpx: Fix bug that mruby is incorrectly shared between backends - nghttpx: Reconnect h1 backend if it lost connection before sending headers - nghttpx: Returns 408 if backend timed out before sending headers - nghttpx: Fix request stal ----------------------------------------- Patch: SUSE-2020-727 Released: Thu Mar 19 13:57:15 2020 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1166848 Description: This update for openssl-1_1 fixes the following issues: - Fix a locking issue uncovered by the python testsuite (bsc#1166848) ----------------------------------------- Patch: SUSE-2020-729 Released: Thu Mar 19 14:44:22 2020 Summary: Recommended update for glibc Severity: moderate References: 1166106 Description: This update for glibc fixes the following issues: - Allow dlopen of filter object to work (bsc#1166106, BZ #16272) ----------------------------------------- Patch: SUSE-2020-737 Released: Fri Mar 20 13:47:16 2020 Summary: Recommended update for ruby2.5 Severity: important References: 1140844,1152990,1152992,1152994,1152995,1162396,1164804,CVE-2012-6708,CVE-2015-9251,CVE-2019-15845,CVE-2019-16201,CVE-2019-16254,CVE-2019-16255,CVE-2020-8130 Description: This update for ruby2.5 toversion 2.5.7 fixes the following issues: ruby 2.5 was updated to version 2.5.7 - CVE-2020-8130: Fixed a command injection in intree copy of rake (bsc#1164804). - CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and Shell#test (bsc#1152990). - CVE-2019-16254: Fixed am HTTP response splitting in WEBrick (bsc#1152992). - CVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch and File.fnmatch? (bsc#1152994). - CVE-2019-16201: Fixed a regular expression denial of service of WEBrick Digest access authentication (bsc#1152995). - CVE-2012-6708: Fixed an XSS in JQuery - CVE-2015-9251: Fixed an XSS in JQuery - Fixed unit tests (bsc#1140844) - Removed some unneeded test files (bsc#1162396). ----------------------------------------- Patch: SUSE-2020-738 Released: Fri Mar 20 13:53:58 2020 Summary: Recommended update for wicked Severity: important References: 1165180 Description: This update for wicked fixes the following issues: - Fix the package using old/wrong pattern for libzypp in package libwicked. (bsc#1165180) ----------------------------------------- Patch: SUSE-2020-748 Released: Mon Mar 23 16:13:57 2020 Summary: Recommended update for grub2 Severity: moderate References: 1161641,1162403 Description: This update for grub2 fixes the following issues: - Fix for minix file system detection using grub2-install. (bsc#1161641, bsc#1162403) ----------------------------------------- Patch: SUSE-2020-777 Released: Tue Mar 24 18:07:52 2020 Summary: Recommended update for python3 Severity: moderate References: 1165894 Description: This update for python3 fixes the following issue: - Rename idle icons to idle3 in order to not conflict with python2 variant of the package (bsc#1165894) ----------------------------------------- Patch: SUSE-2020-793 Released: Wed Mar 25 15:16:00 2020 Summary: Recommended update for systemd Severity: moderate References: 1139459,1161262,1162108,1164717,1165579,CVE-2020-1712 Description: This update for systemd fixes the following issues: - manager: fix job mode when signalled to shutdown etc (bsc#1161262) - remove fallback for user/exit.target - dbus method Manager.Exit() does not start exit.target - do not install rescue.target for alt-↑ - %j/%J unit specifiers Added support for I/O scheduler selection with blk-mq (bsc#1165579, bsc#1164717). Added the udev 60-ssd-scheduler.rules: - This rules file which select the default IO scheduler for SSDs is being moved out from the git repo since this is not related to systemd or udev at all and is maintained by the kernel team. - core: coldplug possible nop_job (bsc#1139459) - Revert 'udev: use 'deadline' IO scheduler for SSD disks' - Fix typo in function name - polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it (bsc#1162108 CVE-2020-1712) - sd-bus: introduce API for re-enqueuing incoming messages - polkit: on async pk requests, re-validate action/details ----------------------------------------- Patch: SUSE-2020-814 Released: Mon Mar 30 16:23:42 2020 Summary: Recommended update for QR-Code-generator, boost, libreoffice, myspell-dictionaries, xmlsec1 Severity: moderate References: 1161816,1162152,1167223 Description: This update for QR-Code-generator, boost, libreoffice, myspell-dictionaries, xmlsec1 fixes the following issues: libreoffice was updated to 6.4.2.2 (jsc#SLE-11174 jsc#SLE-11175 jsc#SLE-11176 bsc#1167223): Full Release Notes can be found on: https://wiki.documentfoundation.org/ReleaseNotes/6.4 - Fixed broken handling of non-ASCII characters in the KDE filedialog (bsc#1161816) - Move the animation library to core package bsc#1162152 xmlsec1 was updated to 1.2.28: * Added BoringSSL support (chenbd). * Added gnutls-3.6.x support (alonbl). * Added DSA and ECDSA key size getter for MSCNG (vmiklos). * Added --enable-mans configuration option (alonbl). * Added coninuous build integration for MacOSX (vmiklos). * Several other small fixes (more details). - Make sure to recommend at least one backend when you install just xmlsec1 - Drop the gnutls backend as based on the tests it is quite borked: * We still have nss and openssl backend for people to use Version update to 1.2.27: * Added AES-GCM support for OpenSSL and MSCNG (snargit). * Added DSA-SHA256 and ECDSA-SHA384 support for NSS (vmiklos). * Added RSA-OAEP support for MSCNG (vmiklos). * Continuous build integration in Travis and Appveyor. * Several other small fixes (more details). myspell-dictionaries was updated to 20191219: * Updated the English dictionaries: GB+US+CA+AU * Bring shipped Spanish dictionary up to version 2.5 boost was updated to fix: - add a backport of Boost.Optional::has_value() for LibreOffice The QR-Code-generator is shipped: - Initial commit, needed by libreoffice 6.4 ----------------------------------------- Patch: SUSE-2020-819 Released: Tue Mar 31 13:01:34 2020 Summary: Security update for icu Severity: important References: 1166844,CVE-2020-10531 Description: This update for icu fixes the following issues: - CVE-2020-10531: Fixed a potential integer overflow in UnicodeString:doAppend (bsc#1166844). ----------------------------------------- Patch: SUSE-2020-820 Released: Tue Mar 31 13:02:22 2020 Summary: Security update for glibc Severity: important References: 1167631,CVE-2020-1752 Description: This update for glibc fixes the following issues: - CVE-2020-1752: Fixed a use after free in glob which could have allowed a local attacker to create a specially crafted path that, when processed by the glob function, could potentially have led to arbitrary code execution (bsc#1167631). ----------------------------------------- Patch: SUSE-2020-823 Released: Tue Mar 31 13:28:14 2020 Summary: Recommended update for parted Severity: moderate References: 1161783,1164260 Description: This update for parted fixes the following issue: - Make parted work with pmemXs devices. (bsc#1164260) - Fix for error when parted output size crashing parted in yast. (bsc#1161783) ----------------------------------------- Patch: SUSE-2020-825 Released: Tue Mar 31 13:30:37 2020 Summary: Recommended update for openslp Severity: moderate References: 1165050,1165121 Description: This update for openslp fixes the following issues: - Add missing group prerequisites to the openslp-server package. (bsc#1165050) - Add missing openslp prerequisites to the openslp-server package. (bsc#1165121) ----------------------------------------- Patch: SUSE-2020-850 Released: Thu Apr 2 14:37:31 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1155350,1155357,1155360,1166880 Description: This update for mozilla-nss fixes the following issues: Added various fixes related to FIPS certification: * Use getrandom() to obtain entropy where possible. * Make DSA KAT FIPS compliant. * Use FIPS compliant hash when validating keypair. * Enforce FIPS requirements on RSA key generation. * Miscellaneous fixes to CAVS tests. * Enforce FIPS limits on how much data can be processed without rekeying. * Run self tests on library initialization in FIPS mode. * Disable non-compliant algorithms in FIPS mode (hashes and the SEED cipher). * Clear various temporary variables after use. * Allow MD5 to be used in TLS PRF. * Preferentially gather entropy from /dev/random over /dev/urandom. * Allow enabling FIPS mode consistently with NSS_FIPS environment variable. * Fix argument parsing bug in lowhashtest. ----------------------------------------- Patch: SUSE-2020-917 Released: Fri Apr 3 15:02:25 2020 Summary: Recommended update for pam Severity: moderate References: 1166510 Description: This update for pam fixes the following issues: - Moved pam_userdb into a separate package pam-extra. (bsc#1166510) ----------------------------------------- Patch: SUSE-2020-925 Released: Mon Apr 6 10:08:27 2020 Summary: Recommended update for python3-azuremetadata, regionServiceClientConfigAzure, regionServiceClientConfigSAPAzure Severity: moderate References: 1158698,1158707,1164818,1164819 Description: This update for python3-azuremetadata, regionServiceClientConfigAzure, regionServiceClientConfigSAPAzure fixes the following issues: regionServiceClientConfigAzure was updated to version 0.0.5: + Don't specify root device name explicitly (bsc#1158698, bsc#1158707) regionServiceClientConfigSAPAzure was updated to version 1.0.2: + Don't specify root device name explicitly (bsc#1158698, bsc#1158707) Changes in python3-azuremetadata: - Version 5.0.0 - Support new Azure metadata API (bsc#1164818, bsc#1164819) - Automatically detect root device (bsc#1158698, bsc#1158707) ----------------------------------------- Patch: SUSE-2020-934 Released: Tue Apr 7 03:46:20 2020 Summary: Recommended update for wget Severity: moderate References: 1167919 Description: This update for wget fixes the following issues: wget was updated to 1.20.3, fixing various bugs, including: - Fix for wget ignoring domains with leading '.' in environment variable 'no_proxy'. (bsc#1167919) ----------------------------------------- Patch: SUSE-2020-935 Released: Tue Apr 7 03:46:39 2020 Summary: Recommended update for xfsprogs Severity: moderate References: 1158630,1167205,1167206 Description: This update for xfsprogs fixes the following issues: - xfs_quota: reformat commands in the manpage. (bsc#1167206) Reformat commands in the manpage so that fstest can check that each command is actually documented. - xfs_db: document missing commands. (bsc#1167205) Document the commands 'attr_set', 'attr_remove', 'logformat' in the manpage. - xfs_io: allow size suffixes for the copy_range command. (bsc#1158630) Allow the usage of size suffixes k,m,g for kilobytes, megabytes or gigabytes respectively for the copy_range command ----------------------------------------- Patch: SUSE-2020-948 Released: Wed Apr 8 07:44:21 2020 Summary: Security update for gmp, gnutls, libnettle Severity: moderate References: 1152692,1155327,1166881,1168345,CVE-2020-11501 Description: This update for gmp, gnutls, libnettle fixes the following issues: Security issue fixed: - CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345) FIPS related bugfixes: - FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) - FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881) - FIPS: Added Diffie Hellman public key verification test. (bsc#1155327) ----------------------------------------- Patch: SUSE-2020-949 Released: Wed Apr 8 07:45:48 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1168669 Description: This update for mozilla-nss fixes the following issues: - Use secure_getenv() to avoid PR_GetEnvSecure() being called when NSPR is unavailable, resulting in an abort (bsc#1168669). ----------------------------------------- Patch: SUSE-2020-961 Released: Wed Apr 8 13:34:06 2020 Summary: Recommended update for e2fsprogs Severity: moderate References: 1160979 Description: This update for e2fsprogs fixes the following issues: - e2fsck: clarify overflow link count error message (bsc#1160979) - ext2fs: update allocation info earlier in ext2fs_mkdir() (bsc#1160979) - ext2fs: implement dir entry creation in htree directories (bsc#1160979) - tests: add test to excercise indexed directories with metadata_csum (bsc#1160979) - tune2fs: update dir checksums when clearing dir_index feature (bsc#1160979) ----------------------------------------- Patch: SUSE-2020-979 Released: Mon Apr 13 15:42:59 2020 Summary: Recommended update for parted Severity: moderate References: 1168756 Description: This update for parted fixes the following issue: - fix null pointer dereference. (bsc#1168756) ----------------------------------------- Patch: SUSE-2020-981 Released: Mon Apr 13 15:43:44 2020 Summary: Recommended update for rpm Severity: moderate References: 1156300 Description: This update for rpm fixes the following issues: - Fix for language package macros to avoid wrong requirement on shared library. (bsc#1156300) ----------------------------------------- Patch: SUSE-2020-993 Released: Wed Apr 15 07:57:07 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1164950,1165539,1166748,1167674 Description: This update for libgcrypt fixes the following issues: - FIPS: Restore the full _gcry_global_constructor function to run the self-test from the constructor (bsc#1164950). - FIPS: Remove an unneeded check in _gcry_global_constructor (bsc#1164950) - FIPS: Fix drbg to be threadsafe (bsc#1167674) - FIPS: Run self-tests from constructor during power-on (bsc#1166748) * Set up global_init as the constructor function: * Relax the entropy requirements on selftest. This is especially important for virtual machines to boot properly before the RNG is available: - FIPS: Switch the PCT to use the new signature operation (bsc#1165539) ----------------------------------------- Patch: SUSE-2020-995 Released: Wed Apr 15 08:30:39 2020 Summary: Security update for ruby2.5 Severity: moderate References: 1167244,1168938,CVE-2020-10663,CVE-2020-10933 Description: This update for ruby2.5 to version 2.5.8 fixes the following issues: - CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (bsc#1167244). - CVE-2020-10933: Heap exposure vulnerability in the socket library (bsc#1168938). ----------------------------------------- Patch: SUSE-2020-1000 Released: Wed Apr 15 14:18:57 2020 Summary: Recommended update for azure-cli tools, python-adal, python-applicationinsights, python-azure modules, python-msrest, python-msrestazure, python-pydocumentdb, python-uamqp, python-vsts-cd-manager Severity: moderate References: 1014478,1054413,1140565,982804,999200 Description: This update for azure-cli tools, python-adal, python-applicationinsights, python-azure modules, python-msrest, python-msrestazure, python-pydocumentdb, python-uamqp, python-vsts-cd-manager fixes the following issues: The Azure python modules and client tool stack was updated to the 2020 state. Various other python modules were added and updated. - python-PyYAML was updated to 5.1.2. - python-humanfriendly was updated 4.16.1. ----------------------------------------- Patch: SUSE-2020-1030 Released: Mon Apr 20 07:26:11 2020 Summary: Recommended update for yast2-registration Severity: important References: 1167945 Description: This update for yast2-registration fixes the following issues: - Fix for offline upgrade that fails the process at the registration due to a missing function. (bsc#1167945) ----------------------------------------- Patch: SUSE-2020-1042 Released: Tue Apr 21 08:00:15 2020 Summary: Recommended update for supportutils Severity: important References: 1162539,1165475 Description: This update for supportutils fixes the following issues: - Replaced Novell with SUSE FTP servers (bsc#1165475) - Added missed Power collection (bsc#1162539) - Added core file validation (bsc#1166126) - Changed filename prefixes from nts_ to scc_ referencing the SUSE Customer Center (SLE-8702, SLE-6762) ----------------------------------------- Patch: SUSE-2020-1047 Released: Tue Apr 21 10:33:06 2020 Summary: Recommended update for gnutls Severity: moderate References: 1168835 Description: This update for gnutls fixes the following issues: - Backport AES XTS support (bsc#1168835) ----------------------------------------- Patch: SUSE-2020-1059 Released: Wed Apr 22 09:41:59 2020 Summary: Recommended update for open-iscsi Severity: moderate References: 1159768,1164607 Description: This update for open-iscsi fixes the following issues: - Avoid logout of iscsi boot session. (bsc#1159768) - Fix iscsi.service so it handles restarts better. (bsc#1164607) ----------------------------------------- Patch: SUSE-2020-1061 Released: Wed Apr 22 10:45:41 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1169872 Description: This update for mozilla-nss fixes the following issues: - This implements API mechanisms for performing DSA and ECDSA hash-and-sign in a single call, which will be required in future FIPS cycles (bsc#1169872). - Always perform nssdbm checksumming on softoken load, even if nssdbm itself is not loaded. ----------------------------------------- Patch: SUSE-2020-1062 Released: Wed Apr 22 10:46:27 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1165539,1169569 Description: This update for libgcrypt fixes the following issues: This update for libgcrypt fixes the following issues: - FIPS: Verify that the generated signature and the original input differ in test_keys function for RSA, DSA and ECC (bsc#1165539) - Add zero-padding when qx and qy have different lengths when assembling the Q point from affine coordinates. - Ship the FIPS checksum file in the shared library package and create a separate trigger file for the FIPS selftests (bsc#1169569) ----------------------------------------- Patch: SUSE-2020-1069 Released: Wed Apr 22 16:48:00 2020 Summary: Recommended update for python-six Severity: moderate References: 1166139 Description: This update for python-six fixes the following issues: - Use setuptools for building to support pip 10.x and avoid packages to be unistalled. (bsc#1166139) ----------------------------------------- Patch: SUSE-2020-1083 Released: Thu Apr 23 11:31:23 2020 Summary: Security update for cups Severity: important References: 1168422,CVE-2020-3898 Description: This update for cups fixes the following issues: - CVE-2020-3898: Fixed a heap buffer overflow in ppdFindOption() (bsc#1168422). ----------------------------------------- Patch: SUSE-2020-1097 Released: Thu Apr 23 21:12:03 2020 Summary: Recommended update for python3-azuremetadata Severity: moderate References: 1169921 Description: This update for python3-azuremetadata fixes the following issues: - Use lsblk for root device detection (bsc#1169921) ----------------------------------------- Patch: SUSE-2020-1108 Released: Fri Apr 24 16:31:01 2020 Summary: Recommended update for gnutls Severity: moderate References: 1169992 Description: This update for gnutls fixes the following issues: - FIPS: Do not check for /etc/system-fips which we don't have (bsc#1169992) ----------------------------------------- Patch: SUSE-2020-1112 Released: Fri Apr 24 16:44:20 2020 Summary: Recommended update for suse-build-key Severity: moderate References: 1170347 Description: This update for suse-build-key fixes the following issues: - add a /usr/share/container-keys/ directory for GPG based Container verification. - Add the SUSE build key as 'suse-container-key.asc'. (PM-1845 bsc#1170347) ----------------------------------------- Patch: SUSE-2020-1129 Released: Tue Apr 28 08:51:43 2020 Summary: Recommended update for yast2-installation Severity: important References: 1169017 Description: This update for yast2-installation fixes the following issues: - Fix for detecting and configuring network with firstboot. (bsc#1169017) ----------------------------------------- Patch: SUSE-2020-1131 Released: Tue Apr 28 11:59:17 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1170571,1170572 Description: This update for mozilla-nss fixes the following issues: - FIPS: Add Softoken POSTs for new DSA and ECDSA hash-and-sign update functions. (bsc#1170571) - FIPS: Add pairwise consistency check for CKM_SHA224_RSA_PKCS. Remove ditto checks for CKM_RSA_PKCS, CKM_DSA and CKM_ECDSA, since these are served by the new CKM_SHA224_RSA_PKCS, CKM_DSA_SHA224, CKM_ECDSA_SHA224 checks. - FIPS: Replace bad attempt at unconditional nssdbm checksumming with a dlopen(), so it can be located consistently and perform its own self-tests. - FIPS: This fixes an instance of inverted logic due to a boolean being mistaken for a SECStatus, which caused key derivation to fail when the caller provided a valid subprime. ----------------------------------------- Patch: SUSE-2020-1132 Released: Tue Apr 28 16:38:21 2020 Summary: Security update for samba Severity: important References: 1169851,CVE-2020-10704 Description: This update for samba fixes the following issues: - CVE-2020-10704: Fixed a stack overflow in the AD DC (C)LDAP server (bsc#1169851). ----------------------------------------- Patch: SUSE-2020-1155 Released: Thu Apr 30 09:59:42 2020 Summary: Recommended update for python-azure-agent Severity: moderate References: 1167601,1167602 Description: This update for python-azure-agent fixes the following issues: - Set the hostname using hostnamectl to ensure setting is properly applied (bsc#1167601, bsc#1167602) ----------------------------------------- Patch: SUSE-2020-1160 Released: Thu Apr 30 17:40:19 2020 Summary: Recommended update for cloud-regionsrv-client Severity: moderate References: 1169599 Description: This update for cloud-regionsrv-client contains the following fix: - Update to version 9.0.9: (bsc#1169599) + Handle the /etc/hosts file with Python 3.4 if there are non ascii characters in the file. ----------------------------------------- Patch: SUSE-2020-1163 Released: Mon May 4 09:45:01 2020 Summary: Security update for permissions Severity: important References: 1160594,1160764,1161779,1163922,CVE-2019-3688,CVE-2019-3690,CVE-2020-8013 Description: This update for permissions fixes the following issues: Security issue fixed: - CVE-2020-8013: Fixed a local privilege escalation with mrsh and wodim (bsc#1163922). Non-security issues fixed: - Fixed regression where chkstat breaks without /proc available (bsc#1160764, bsc#1160594) - Fixed capability handling when doing multiple permission changes at once (bsc#1161779) - Fixed handling of relative directory symlinks in chkstat ----------------------------------------- Patch: SUSE-2020-1175 Released: Tue May 5 08:33:43 2020 Summary: Recommended update for systemd Severity: moderate References: 1165011,1168076 Description: This update for systemd fixes the following issues: - Fix check for address to keep interface names stable. (bsc#1168076) - Fix for checking non-normalized WHAT for network FS. (bsc#1165011) - Allow to specify an arbitrary string for when vfs is used. (bsc#1165011) ----------------------------------------- Patch: SUSE-2020-1181 Released: Tue May 5 12:02:39 2020 Summary: Recommended update for pciutils-ids Severity: moderate References: 1170160 Description: This update for pciutils-ids fixes the following issues: - Update the PCI utilities database to 20200324. (bsc#1170160) ----------------------------------------- Patch: SUSE-2020-1182 Released: Tue May 5 12:06:55 2020 Summary: Recommended update for chrony Severity: moderate References: 1099272,1156884,1161119 Description: This update for chrony fixes the following issues: - Read runtime servers from /var/run/netconfig/chrony.servers (bsc#1099272, bsc#1161119) - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. - Add chrony-pool-suse and chrony-pool-openSUSE subpackages that preconfigure chrony to use NTP servers from the respective pools for SUSE and openSUSE. (bsc#1156884, SLE-11424) - Add chrony-pool-empty to still allow installing chrony without preconfigured servers. ----------------------------------------- Patch: SUSE-2020-1192 Released: Tue May 5 14:35:05 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1169944 Description: This update for libgcrypt fixes the following issues: - FIPS: libgcrypt: Double free in test_keys() on failed signature verification [bsc#1169944] ----------------------------------------- Patch: SUSE-2020-1159 Released: Tue May 5 16:24:36 2020 Summary: Recommended update for python3-azuremetadata Severity: moderate References: 1170598,1170599,1170605,1170606 Description: This update for python3-azuremetadata fixes the following issues: python3-azuremetadata was updated to version 5.1.0: - Produce well-formed JSON and XML output when multiple filters are specified (bsc#1170598, bsc#1170599) regionServiceClientConfigSAPAzure was updated to 1.0.3 and regionServiceClientConfigAzure was updated to 0.0.6: - Report subscriptionId during registration (bsc#1170605, bsc#1170606) ----------------------------------------- Patch: SUSE-2020-1219 Released: Thu May 7 17:10:42 2020 Summary: Security update for openldap2 Severity: important References: 1170771,CVE-2020-12243 Description: This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). ----------------------------------------- Patch: SUSE-2020-1226 Released: Fri May 8 10:51:05 2020 Summary: Recommended update for gcc9 Severity: moderate References: 1149995,1152590,1167898 Description: This update for gcc9 fixes the following issues: This update ships the GCC 9.3 release. - Includes a fix for Internal compiler error when building HepMC (bsc#1167898) - Includes fix for binutils version parsing - Add libstdc++6-pp provides and conflicts to avoid file conflicts with same minor version of libstdc++6-pp from gcc10. - Add gcc9 autodetect -g at lto link (bsc#1149995) - Install go tool buildid for bootstrapping go ----------------------------------------- Patch: SUSE-2020-1267 Released: Wed May 13 11:58:58 2020 Summary: Recommended update for permissions Severity: important References: 1171173 Description: This update for permissions fixes the following issue: - Remove setuid bit for newgidmap and newuidmap in paranoid profile. (bsc#1171173) ----------------------------------------- Patch: SUSE-2020-1268 Released: Wed May 13 12:02:28 2020 Summary: Recommended update for dracut Severity: moderate References: 1165024,1167656,1169030,1169997 Description: This update for dracut fixes the following issues: - Solve bringing up network interface prematurely. (bsc#1169030) - shutdown: guard against read-only /run (bsc#1167656) - dracut-init: when is it not possible to load a module, prompt a warning message for dracut instead of a fatal error. (bsc#1169997) - Backport upstream typo fix in dmsquash-live-root.sh so that FSIMG variable is correctly set. (bsc#1165024) ----------------------------------------- Patch: SUSE-2020-1288 Released: Fri May 15 11:27:01 2020 Summary: Recommended update for regionServiceClientConfigAzure Severity: critical References: 1171465 Description: This update for regionServiceClientConfigAzure fixes the following issues: - Unify region server setup for SLES and SLES4SAP that provides configuring traffic routing through the datacenter. (bsc#1171465) ----------------------------------------- Patch: SUSE-2020-1290 Released: Fri May 15 16:39:59 2020 Summary: Recommended update for gnutls Severity: moderate References: 1171422 Description: This update for gnutls fixes the following issues: - Add RSA 4096 key generation support in FIPS mode (bsc#1171422) ----------------------------------------- Patch: SUSE-2020-1294 Released: Mon May 18 07:38:36 2020 Summary: Security update for file Severity: moderate References: 1154661,1169512,CVE-2019-18218 Description: This update for file fixes the following issues: Security issues fixed: - CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661). Non-security issue fixed: - Fixed broken '--help' output (bsc#1169512). ----------------------------------------- Patch: SUSE-2020-1298 Released: Mon May 18 07:42:49 2020 Summary: Security update for libbsd Severity: moderate References: 1160551,CVE-2019-20367 Description: This update for libbsd fixes the following issues: - CVE-2019-20367: Fixed an out-of-bounds read during a comparison for a symbol names from the string table (bsc#1160551). ----------------------------------------- Patch: SUSE-2020-1299 Released: Mon May 18 07:43:21 2020 Summary: Security update for libxml2 Severity: moderate References: 1159928,1161517,1161521,CVE-2019-19956,CVE-2019-20388,CVE-2020-7595 Description: This update for libxml2 fixes the following issues: - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2019-19956: Fixed a memory leak (bsc#1159928). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). ----------------------------------------- Patch: SUSE-2020-1303 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Severity: moderate References: 1169582 Description: This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------- Patch: SUSE-2020-1308 Released: Mon May 18 10:05:46 2020 Summary: Recommended update for psmisc Severity: moderate References: 1170247 Description: This update for psmisc fixes the following issues: - Allow not unique mounts as well as not unique mountpoint. (bsc#1170247) ----------------------------------------- Patch: SUSE-2020-1319 Released: Mon May 18 11:43:44 2020 Summary: Recommended update for tcsh Severity: moderate References: 1170527 Description: This update for tcsh fixes the following issues: - Fix for an issue when Midnight Commander freezes changing directory using tcsh shell. (bsc#1170527) ----------------------------------------- Patch: SUSE-2020-1328 Released: Mon May 18 17:16:04 2020 Summary: Recommended update for grep Severity: moderate References: 1155271 Description: This update for grep fixes the following issues: - Update testsuite expectations, no functional changes (bsc#1155271) ----------------------------------------- Patch: SUSE-2020-1339 Released: Tue May 19 13:21:40 2020 Summary: Security update for python Severity: moderate References: 1155094,1162825,CVE-2019-18348,CVE-2019-9674 Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). ----------------------------------------- Patch: SUSE-2020-1342 Released: Tue May 19 13:27:31 2020 Summary: Recommended update for python3 Severity: moderate References: 1149955,1165894,CVE-2019-16056 Description: This update for python3 fixes the following issues: - Changed the name of idle3 icons to idle3.png to avoid collision with Python 2 version (bsc#1165894). ----------------------------------------- Patch: SUSE-2020-1348 Released: Wed May 20 11:37:41 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1170908 Description: This update for mozilla-nss fixes the following issues: The following issues are fixed: - Add AES Keywrap POST. - Accept EACCES in lieu of ENOENT when trying to access /proc/sys/crypto/fips_enabled (bsc#1170908). ----------------------------------------- Patch: SUSE-2020-1349 Released: Wed May 20 11:39:00 2020 Summary: Recommended update for libsolv Severity: moderate References: 1159314 Description: This update for libsolv fixes the following issues: libsolv was updated to version 0.7.11: - fix solv_zchunk decoding error if large chunks are used (bsc#1159314) - treat retracted pathes as irrelevant - made add_update_target work with multiversion installs ----------------------------------------- Patch: SUSE-2020-1353 Released: Wed May 20 13:02:32 2020 Summary: Security update for freetype2 Severity: moderate References: 1079603,1091109,CVE-2018-6942 Description: This update for freetype2 to version 2.10.1 fixes the following issues: Security issue fixed: - CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c (bsc#1079603). Non-security issues fixed: - Update to version 2.10.1 * The bytecode hinting of OpenType variation fonts was flawed, since the data in the `CVAR' table wasn't correctly applied. * Auto-hinter support for Mongolian. * The handling of the default character in PCF fonts as introduced in version 2.10.0 was partially broken, causing premature abortion of charmap iteration for many fonts. * If `FT_Set_Named_Instance' was called with the same arguments twice in a row, the function returned an incorrect error code the second time. * Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug introduced in version 2.10.0). * Increased precision while computing OpenType font variation instances. * The flattening algorithm of cubic Bezier curves was slightly changed to make it faster. This can cause very subtle rendering changes, which aren't noticeable by the eye, however. * The auto-hinter now disables hinting if there are blue zones defined for a `style' (i.e., a certain combination of a script and its related typographic features) but the font doesn't contain any characters needed to set up at least one blue zone. - Add tarball signatures and freetype2.keyring - Update to version 2.10.0 * A bunch of new functions has been added to access and process COLR/CPAL data of OpenType fonts with color-layered glyphs. * As a GSoC 2018 project, Nikhil Ramakrishnan completely overhauled and modernized the API reference. * The logic for computing the global ascender, descender, and height of OpenType fonts has been slightly adjusted for consistency. * `TT_Set_MM_Blend' could fail if called repeatedly with the same arguments. * The precision of handling deltas in Variation Fonts has been increased.The problem did only show up with multidimensional designspaces. * New function `FT_Library_SetLcdGeometry' to set up the geometry of LCD subpixels. * FreeType now uses the `defaultChar' property of PCF fonts to set the glyph for the undefined character at glyph index 0 (as FreeType already does for all other supported font formats). As a consequence, the order of glyphs of a PCF font if accessed with FreeType can be different now compared to previous versions. This change doesn't affect PCF font access with cmaps. * `FT_Select_Charmap' has been changed to allow parameter value `FT_ENCODING_NONE', which is valid for BDF, PCF, and Windows FNT formats to access built-in cmaps that don't have a predefined `FT_Encoding' value. * A previously reserved field in the `FT_GlyphSlotRec' structure now holds the glyph index. * The usual round of fuzzer bug fixes to better reject malformed fonts. * `FT_Outline_New_Internal' and `FT_Outline_Done_Internal' have been removed.These two functions were public by oversight only and were never documented. * A new function `FT_Error_String' returns descriptions of error codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is defined. * `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector' are new functions limited to Adobe MultiMaster fonts to directly set and get the weight vector. - Enable subpixel rendering with infinality config: - Re-enable freetype-config, there is just too many fallouts. - Update to version 2.9.1 * Type 1 fonts containing flex features were not rendered correctly (bug introduced in version 2.9). * CVE-2018-6942: Older FreeType versions can crash with certain malformed variation fonts. * Bug fix: Multiple calls to `FT_Get_MM_Var' returned garbage. * Emboldening of bitmaps didn't work correctly sometimes, showing various artifacts (bug introduced in version 2.8.1). * The auto-hinter script ranges have been updated for Unicode 11. No support for new scripts have been added, however, with the exception of Georgian Mtavruli. - freetype-config is now deprecated by upstream and not enabled by default. - Update to version 2.10.1 * The `ftmulti' demo program now supports multiple hidden axes with the same name tag. * `ftview', `ftstring', and `ftgrid' got a `-k' command line option to emulate a sequence of keystrokes at start-up. * `ftview', `ftstring', and `ftgrid' now support screen dumping to a PNG file. * The bytecode debugger, `ttdebug', now supports variation TrueType fonts; a variation font instance can be selected with the new `-d' command line option. - Add tarball signatures and freetype2.keyring - Update to version 2.10.0 * The `ftdump' demo program has new options `-c' and `-C' to display charmaps in compact and detailed format, respectively. Option `-V' has been removed. * The `ftview', `ftstring', and `ftgrid' demo programs use a new command line option `-d' to specify the program window's width, height, and color depth. * The `ftview' demo program now displays red boxes for zero-width glyphs. * `ftglyph' has limited support to display fonts with color-layered glyphs.This will be improved later on. * `ftgrid' can now display bitmap fonts also. * The `ttdebug' demo program has a new option `-f' to select a member of a TrueType collection (TTC). * Other various improvements to the demo programs. - Remove 'Supplements: fonts-config' to avoid accidentally pulling in Qt dependencies on some non-Qt based desktops.(bsc#1091109) fonts-config is fundamental but ft2demos seldom installs by end users. only fonts-config maintainers/debuggers may use ft2demos along to debug some issues. - Update to version 2.9.1 * No changelog upstream. ----------------------------------------- Patch: SUSE-2020-1359 Released: Wed May 20 16:35:01 2020 Summary: Recommended update for man-pages Severity: moderate References: 1160568 Description: This update for man-pages fixes the following issues: - Move 'man.7' and 'mdoc.7' into separate directories to avoid conflicts with mandoc which is a light-weight man alternative for small systems. (bsc#1160568). ----------------------------------------- Patch: SUSE-2020-1362 Released: Thu May 21 09:31:43 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1171872 Description: This update for libgcrypt fixes the following issues: - FIPS: RSA/DSA/ECC test_keys() print out debug messages only in debug mode (bsc#1171872) ----------------------------------------- Patch: SUSE-2020-1374 Released: Thu May 21 19:06:58 2020 Summary: Recommended update for release-notes-sles Severity: moderate References: 1136157,1141324,1145275,1164600,1171069 Description: This update for release-notes-sles fixes the following issues: - Add new release notes for SLE 15.0.20200504. (bsc#1171069) - New notes: - Speed of ibmveth Interface Not Reported Accurately. (bsc#1136157) - New GeoIP tools (jsc#SLE-11184) - Document fixes and changed notes: - Ceph Client Packages Have Been Updated to Mimic 13.0 (FATE#324270) - Release notes for 15.0.20200221 (bsc#1164600) - Updated template text - Updated document to use documentation.suse.com URLs - New notes: - Reduced Memory Usage When Booting FADump Capture Kernel. (FATE#325306) - Boot and Driver Enablement for Raspberry Pi. (FATE#325730) - Driver Enablement for NXP SC16IS7xx UARTs. (FATE#326668) - NV-DIMM Support. (FATE#326969) - NVMe Multipath Handling. (FATE#327156) - Intel Optane DC Persistent Memory Operating Modes. (FATE#327794, bsc#1145275, jsc#SLE-7143) - Document fixes and changed notes (bsc#1164600): - Package insserv-compat Has Been Added to SAP Application Server Base Pattern (FATE#325727, bsc#1141324) ----------------------------------------- Patch: SUSE-2020-1400 Released: Mon May 25 14:09:02 2020 Summary: Recommended update for glibc Severity: moderate References: 1162930 Description: This update for glibc fixes the following issues: - nptl: wait for pending setxid request also in detached thread. (bsc#1162930) ----------------------------------------- Patch: SUSE-2020-1404 Released: Mon May 25 15:32:34 2020 Summary: Recommended update for zlib Severity: moderate References: 1138793,1166260 Description: This update for zlib fixes the following issues: - Including the latest fixes from IBM (bsc#1166260) IBM Z mainframes starting from version z15 provide DFLTCC instruction, which implements deflate algorithm in hardware with estimated compression and decompression performance orders of magnitude faster than the current zlib and ratio comparable with that of level 1. - Add SUSE specific fix to solve bsc#1138793. The fix will avoid to test if the app was linked with exactly same version of zlib like the one that is present on the runtime. ----------------------------------------- Patch: SUSE-2020-1409 Released: Mon May 25 17:01:33 2020 Summary: Security update for libxslt Severity: moderate References: 1140095,1140101,1154609,CVE-2019-13117,CVE-2019-13118,CVE-2019-18197 Description: This update for libxslt fixes the following issues: Security issues fixed: - CVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101). - CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters (bsc#1140095). - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609). ----------------------------------------- Patch: SUSE-2020-1422 Released: Tue May 26 12:32:27 2020 Summary: Recommended update for GeoIP Severity: moderate References: 1156194 Description: This update for GeoIP fixes the following issues: - Update README.SUSE with a description how to get the latest Geo IP data after the distribution changes. (jsc#SLE-11184, bsc#1156194, jsc#ECO-1405) ----------------------------------------- Patch: SUSE-2020-1427 Released: Tue May 26 14:55:16 2020 Summary: Recommended update for docker-runc Severity: moderate References: 1168481 Description: This update for docker-runc contains the following fixes: - Backport upstream fix that enable access to /dev/null in containers. Resolves many issues with the implementation of the runc devices cgroup code. Removes some of the disruptive aspects of 'runc update'. (bsc#1168481) ----------------------------------------- Patch: SUSE-2020-1487 Released: Wed May 27 15:24:08 2020 Summary: Recommended update for cloud-regionsrv-client Severity: important References: 1171704,1171705 Description: This update for cloud-regionsrv-client contains the following fixes: - Improve error message for failed update server access to determine product status. - Update to version 9.0.10. (bsc#1171704, bsc#1171705) + While the service starts After=network-online.target this is no guarantee that the cloud framework has configured the outgoing routing for the instance. This configuration on the framework side may take longer. Introduce a wait look that retries connections to the update infrastructure 3 times before giving up. ----------------------------------------- Patch: SUSE-2020-1492 Released: Wed May 27 18:32:41 2020 Summary: Recommended update for python-rpm-macros Severity: moderate References: 1171561 Description: This update for python-rpm-macros fixes the following issue: - Update to version 20200207.5feb6c1 (bsc#1171561) * Do not write .pyc files for tests ----------------------------------------- Patch: SUSE-2020-1506 Released: Fri May 29 17:22:11 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1087982,1170527 Description: This update for aaa_base fixes the following issues: - Not all XTerm based emulators do have a terminfo entry. (bsc#1087982) - Better support of Midnight Commander. (bsc#1170527) ----------------------------------------- Patch: SUSE-2020-1532 Released: Thu Jun 4 10:16:12 2020 Summary: Security update for libxml2 Severity: moderate References: 1172021,CVE-2019-19956 Description: This update for libxml2 fixes the following issues: - CVE-2019-19956: Reverted the upstream fix for this memory leak because it introduced other, more severe vulnerabilities (bsc#1172021). ----------------------------------------- Patch: SUSE-2020-1535 Released: Thu Jun 4 10:44:48 2020 Summary: Security update for libcroco Severity: low References: 1043898,1043899,CVE-2017-8834,CVE-2017-8871 Description: This update for libcroco fixes the following issues: Security issues fixed: - CVE-2017-8834: Fixed denial of service (memory allocation error) via a crafted CSS file (bsc#1043898). - CVE-2017-8871: Fixed denial of service (infinite loop and CPU consumption) via a crafted CSS file (bsc#1043899). ----------------------------------------- Patch: SUSE-2020-1541 Released: Thu Jun 4 13:23:27 2020 Summary: Recommended update for pciutils Severity: moderate References: 1170554 Description: This update for pciutils fixes the following issues: - Fix lspci outputs when few of the VPD data fields are displayed as unknown. (bsc#1170554, ltc#185587) ----------------------------------------- Patch: SUSE-2020-1542 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Severity: moderate References: 1172055 Description: This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------- Patch: SUSE-2020-1547 Released: Mon Jun 8 08:02:02 2020 Summary: Recommended update for fontconfig Severity: moderate References: 1172301 Description: This update for fontconfig fixes the following issues: - fontconfig-devel-32bit needs to require fontconfig-32bit, needed for Wine development (bsc#1172301) ----------------------------------------- Patch: SUSE-2020-1551 Released: Mon Jun 8 09:31:41 2020 Summary: Security update for vim Severity: moderate References: 1172225,CVE-2019-20807 Description: This update for vim fixes the following issues: - CVE-2019-20807: Fixed an issue where escaping from the restrictive mode of vim was possible using interfaces (bsc#1172225). ----------------------------------------- Patch: SUSE-2020-1558 Released: Mon Jun 8 10:36:32 2020 Summary: Recommended update for chrony Severity: moderate References: 1172113 Description: This update for chrony fixes the following issue: - Use iburst in the default pool statements to speed up initial synchronization. (bsc#1172113) ----------------------------------------- Patch: SUSE-2020-1559 Released: Mon Jun 8 10:38:24 2020 Summary: Recommended update for dracut Severity: moderate References: 1171388,975267 Description: This update for dracut fixes the following issues: - Detect the sysfs attribute 'is_boot_target' (bsc#975267, bsc#1171388) ----------------------------------------- Patch: SUSE-2020-1579 Released: Tue Jun 9 17:05:23 2020 Summary: Recommended update for audit Severity: important References: 1156159,1172295 Description: This update for audit fixes the following issues: - Fix hang on startup. (bsc#1156159) - Fix specfile to require libauparse0 and libaudit1 after splitting audit-libs. (bsc#1172295) ----------------------------------------- Patch: SUSE-2020-1584 Released: Tue Jun 9 18:39:15 2020 Summary: Security update for gnutls Severity: important References: 1172461,1172506,CVE-2020-13777 Description: This update for gnutls fixes the following issues: - CVE-2020-13777: Fixed an insecure session ticket key construction which could have made the TLS server to not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing an attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (bsc#1172506). - Fixed an improper handling of certificate chain with cross-signed intermediate CA certificates (bsc#1172461). ----------------------------------------- Version 1.0.6-Build1.10 2020-06-24T19:26:28 ----------------------------------------- Patch: SUSE-2020-1631 Released: Wed Jun 17 09:53:58 2020 Summary: Recommended update for fonts-config Severity: important References: 1049056,1092737,1101985,1106850,1111791,1172022 Description: This update for fonts-config fixes the following issues: - Update version from 20160921 to version 20200609+git0.42e2b1b * Check if it's required to use some default settings in /etc/sysconfig/fonts-config. (bsc#1172022) * Add variable to allow fonts-config to update default settings * Fix en-US, en-GB font matching. * Allow non-ASCII letters in font names. (bsc#1049056, bsc#1101985). * Update subpixel rendering config * Fix misspelling in configuration file. (bsc#1111791) * Fix wrong visualization for special characters and numbers. (bsc#1092737) * Support color emoji * Modern fonts for symbol * Add configurations for Noto Sans/Serif CJK * No longer create encodings.dir in /usr/share/fonts/encodings/ (bsc#1106850) ----------------------------------------- Patch: SUSE-2020-1640 Released: Wed Jun 17 15:46:04 2020 Summary: Recommended update for grub2 Severity: important References: 1166409,1166513 Description: This update for grub2 fixes the following issues: - Implement support searching for specific config files for netboot. (bsc#1166409) - Skip zfcpdump kernel from the grub boot menu (bsc#1166513) ----------------------------------------- Patch: SUSE-2020-1657 Released: Thu Jun 18 10:49:53 2020 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Severity: moderate References: 1172377,CVE-2020-13401 Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Docker was updated to 19.03.11-ce runc was updated to version 1.0.0-rc10 containerd was updated to version 1.2.13 - CVE-2020-13401: Fixed an issue where an attacker with CAP_NET_RAW capability, could have crafted IPv6 router advertisements, and spoof external IPv6 hosts, resulting in obtaining sensitive information or causing denial of service (bsc#1172377). ----------------------------------------- Patch: SUSE-2020-1677 Released: Thu Jun 18 18:16:39 2020 Summary: Security update for mozilla-nspr, mozilla-nss Severity: important References: 1159819,1169746,1171978,CVE-2019-17006,CVE-2020-12399 Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53 - CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978). - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes mozilla-nspr to version 4.25 ----------------------------------------- Patch: SUSE-2020-1682 Released: Fri Jun 19 09:44:54 2020 Summary: Security update for perl Severity: important References: 1171863,1171864,1171866,1172348,CVE-2020-10543,CVE-2020-10878,CVE-2020-12723 Description: This update for perl fixes the following issues: - CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have allowed overwriting of allocated memory with attacker's data (bsc#1171863). - CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of instructions into the compiled form of Perl regular expression (bsc#1171864). - CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a compiled regular expression (bsc#1171866). - Fixed a bad warning in features.ph (bsc#1172348). ----------------------------------------- Patch: SUSE-2020-1726 Released: Tue Jun 23 14:52:07 2020 Summary: Recommended update for python-M2Crypto Severity: moderate References: 1172226 Description: This update for python-M2Crypto fixes the following issues: - Release python3-M2crypto to LTSS channels, to allow using salt even when the Server Applications Module is not used. (bsc#1172226) ----------------------------------------- Version 1.0.6-Build1.12 2020-06-26T19:21:42 ----------------------------------------- Patch: SUSE-2020-1760 Released: Thu Jun 25 18:46:13 2020 Summary: Recommended update for systemd Severity: moderate References: 1157315,1162698,1164538,1169488,1171145,1172072 Description: This update for systemd fixes the following issues: - Merge branch 'SUSE/v234' into SLE15 units: starting suspend.target should not fail when suspend is successful (bsc#1172072) core/mount: do not add Before=local-fs.target or remote-fs.target if nofail mount option is set mount: let mount_add_extras() take care of remote-fs.target deps (bsc#1169488) mount: set up local-fs.target/remote-fs.target deps in mount_add_default_dependencies() too udev: rename the persistent link for ATA devices (bsc#1164538) shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) tmpfiles: remove unnecessary assert (bsc#1171145) test-engine: manager_free() was called too early pid1: by default make user units inherit their umask from the user manager (bsc#1162698) ----------------------------------------- Patch: SUSE-2020-1773 Released: Fri Jun 26 08:05:59 2020 Summary: Security update for curl Severity: important References: 1173027,CVE-2020-8177 Description: This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). ----------------------------------------- Version 1.0.6-Build1.18 2020-07-07T08:53:22 ----------------------------------------- Patch: SUSE-2020-1820 Released: Thu Jul 2 08:38:44 2020 Summary: Recommended update for dracut Severity: moderate References: 1161573 Description: This update for dracut fixes the following issue: - Fix dracut timeout on missing root device (bsc#1161573) ----------------------------------------- Patch: SUSE-2020-1822 Released: Thu Jul 2 11:30:42 2020 Summary: Security update for python3 Severity: important References: 1173274,CVE-2020-14422 Description: This update for python3 fixes the following issues: - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service (bsc#1173274). ----------------------------------------- Patch: SUSE-2020-1850 Released: Mon Jul 6 14:44:39 2020 Summary: Security update for mozilla-nss Severity: moderate References: 1168669,1173032,CVE-2020-12402 Description: This update for mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032) - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). ----------------------------------------- Patch: SUSE-2020-1852 Released: Mon Jul 6 16:50:21 2020 Summary: Recommended update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts Severity: moderate References: 1169444 Description: This update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts fixes the following issues: Changes in fontforge: - Support transforming bitmap glyphs from python. (bsc#1169444) - Allow python-Sphinx >= 3 Changes in ttf-converter: - Update from version 1.0 to version 1.0.6: * ftdump is now shipped additionally as new dependency for ttf-converter * Standardize output when converting vector and bitmap fonts * Add more subfamilies fixes (bsc#1169444) * Add --family and --subfamily arguments to force values on those fields * Add parameters to fix glyph unicode values --fix-glyph-unicode : Try to fix unicode points and glyph names based on glyph names containing hexadecimal codes (like '$0C00', 'char12345' or 'uni004F') --replace-unicode-values: When passed 2 comma separated numbers a,b the glyph with an unicode value of a is replaced with the unicode value b. Can be used more than once. --shift-unicode-values: When passed 3 comma separated numbers a,b,c this shifts the unicode values of glyphs between a and b (both included) by adding c. Can be used more than once. * Add --bitmapTransform parameter to transform bitmap glyphs. (bsc#1169444) When used, all glyphs are modified with the transformation function and values passed as parameters. The parameter has three values separated by commas: fliph|flipv|rotate90cw|rotate90ccw|rotate180|skew|transmove,xoff,yoff * Add support to convert bitmap fonts (bsc#1169444) * Rename MediumItalic subfamily to Medium Italic * Show some more information when removing duplicated glyphs * Add a --force-monospaced argument instead of hardcoding font names * Convert `BoldCond` subfamily to `Bold Condensed` * Fixes for Monospaced fonts and force the Nimbus Mono L font to be Monospaced. (bsc#1169444 #c41) * Add a --version argument * Fix subfamily names so the converted font's subfamily match the original ones. (bsc#1169444 #c41) Changes in xorg-x11-fonts: - Use ttf-converter 1.0.6 to build an Italic version of cu12.pcf.gz in the converted subpackage - Include the subfamily in the filename of converted fonts - Use ttf-converter's new bitmap font support to convert Schumacher Clean and Schumacher Clean Wide (bsc#1169444 #c41) - Replace some unicode values in cu-pua12.pcf.gz to fix them - Shift some unicode values in arabic24.pcf.gz and cuarabic12.pcf.gz so glyphs don't pretend to be latin characters when they're not. - Don't distribute converted fonts with wrong unicode values in their glyphs. (bsc#1169444) Bitstream-Charter-*.otb, Cursor.ttf,Sun-OPEN-LOOK-*.otb, MUTT-ClearlyU-Devangari-Extra-Regular, MUTT-ClearlyU-Ligature-Wide-Regular, and MUTT-ClearlyU-Devanagari-Regular Changes in ghostscript-fonts: - Force the converted Nimbus Mono font to be monospaced. (bsc#1169444 #c41) Use the --force-monospaced argument of ttf-converter 1.0.3 ----------------------------------------- Patch: SUSE-2020-1856 Released: Mon Jul 6 17:05:51 2020 Summary: Security update for openldap2 Severity: important References: 1172698,1172704,CVE-2020-8023 Description: This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). ----------------------------------------- Patch: SUSE-2020-1858 Released: Mon Jul 6 17:08:06 2020 Summary: Security update for permissions Severity: moderate References: 1171883 Description: This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) ----------------------------------------- Version 1.0.6-Build1.29 2020-07-30T12:26:31 ----------------------------------------- Patch: SUSE-2020-1611 Released: Fri Jun 12 09:38:03 2020 Summary: Recommended update for libsolv, libzypp, zypper Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990 Description: This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.13 to fix: - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.4 to fix: - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - update translations - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) zypper was updated to version 1.14.36: - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) ----------------------------------------- Patch: SUSE-2020-1396 Released: Fri Jul 3 12:33:05 2020 Summary: Security update for zstd Severity: moderate References: 1082318,1133297 Description: This update for zstd fixes the following issues: - Fix for build error caused by wrong static libraries. (bsc#1133297) - Correction in spec file marking the license as documentation. (bsc#1082318) - Add new package for SLE-15. (jsc#ECO-1886) ----------------------------------------- Patch: SUSE-2020-1869 Released: Tue Jul 7 15:08:12 2020 Summary: Recommended update for libsolv, libzypp, zypper Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990,1169947,1170801,1171224,1172135,1172925 Description: This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.14: - Enable zstd compression support - Support blacklisted packages in solver_findproblemrule() (bnc#1172135) - Support rules with multiple negative literals in choice rule generation - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.7: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Fix core dump with corrupted history file (bsc#1170801) zypper was updated to 1.14.37: - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) ----------------------------------------- Patch: SUSE-2020-1953 Released: Sat Jul 18 03:06:11 2020 Summary: Recommended update for parted Severity: important References: 1164260 Description: This update for parted fixes the following issue: - fix support of NVDIMM (pmemXs) devices (bsc#1164260) ----------------------------------------- Patch: SUSE-2020-1999 Released: Wed Jul 22 09:04:32 2020 Summary: Recommended update for dracut Severity: moderate References: 1172807 Description: This update for dracut fixes the following issues: - PXE boot process times out (bsc#1172807) ----------------------------------------- Patch: SUSE-2020-2065 Released: Wed Jul 29 11:09:18 2020 Summary: Security update for samba Severity: moderate References: 1173160,CVE-2020-10745 Description: This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). ----------------------------------------- Patch: SUSE-2020-2073 Released: Wed Jul 29 18:59:25 2020 Summary: Security update for grub2 Severity: important References: 1168994,1173812,1174463,1174570,CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707 Description: This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use grub_calloc for overflow check and return NULL when it would occur - Use gcc-9 compiler for overflow check builtins - Backport gcc-9 build fixes ----------------------------------------- Patch: SUSE-2020-2083 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Severity: moderate References: 1156913 Description: This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) ----------------------------------------- Version 1.0.6-Build1.33 2020-08-07T07:53:47 ----------------------------------------- Patch: SUSE-2020-2099 Released: Fri Jul 31 08:06:40 2020 Summary: Recommended update for systemd Severity: moderate References: 1173227,1173229,1173422 Description: This update for systemd fixes the following issues: - migrate-sysconfig-i18n.sh: fixed marker handling (bsc#1173229) The marker is used to make sure the script is run only once. Instead of storing it in /usr, use /var which is more appropriate for such file. Also make it owned by systemd package. - Fix inconsistent file modes for some ghost files (bsc#1173227) Ghost files are assumed by rpm to have mode 000 by default which is not consistent with file permissions set at runtime. Also /var/lib/systemd/random-seed was tracked wrongly as a directory. Also don't track (ghost) /etc/systemd/system/runlevel*.target aliases since we're not supposed to track units or aliases user might define/override. - Fix build of systemd on openSUSE Leap 15.2 (bsc#1173422) ----------------------------------------- Patch: SUSE-2020-2116 Released: Tue Aug 4 15:12:41 2020 Summary: Security update for libX11 Severity: important References: 1174628,CVE-2020-14344 Description: This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628) ----------------------------------------- Patch: SUSE-2020-2126 Released: Wed Aug 5 09:26:46 2020 Summary: Recommended update for cloud-regionsrv-client Severity: moderate References: 1173474,1173475 Description: This update for cloud-regionsrv-client fixes the following issues: - Introduce containerbuild-regionsrv service to allow container building tools to access required data for accessing Public Cloud RMTs (bsc#1173474, bsc#1173475) ----------------------------------------- Version 1.0.6-Build1.34 2020-08-08T07:53:28 ----------------------------------------- Patch: SUSE-2020-2174 Released: Fri Aug 7 16:30:42 2020 Summary: Recommended update for python-azure-agent Severity: important References: 1173866 Description: This update for python-azure-agent fixes the following issues: - Properly set the DHCP configuration to push the hostname to the DHCP server. (bsc#1173866) - Do not bring the interface down to push the hostname, just use 'ifup'. (bsc#1173866) ----------------------------------------- Version 1.0.6-Build1.37 2020-08-12T07:52:55 ----------------------------------------- Patch: SUSE-2020-2197 Released: Tue Aug 11 13:32:49 2020 Summary: Security update for libX11 Severity: important References: 1174628,CVE-2020-14344 Description: This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628). ----------------------------------------- Patch: SUSE-2020-2208 Released: Tue Aug 11 17:25:45 2020 Summary: Recommended update for rsyslog Severity: important References: 1173338 Description: This update for rsyslog fixes the following issues: - Fix for logrotate to avoid unexpected exit with coredump after logrotate. (bsc#1173338) ----------------------------------------- Version 1.0.6-Build1.39 2020-08-13T07:51:48 ----------------------------------------- Patch: SUSE-2020-2219 Released: Wed Aug 12 15:47:42 2020 Summary: Recommended update for supportutils-plugin-suse-public-cloud and python3-azuremetadata Severity: moderate References: 1170475,1170476,1173238,1173240,1173357,1174618,1174847 Description: This update for supportutils-plugin-suse-public-cloud and python3-azuremetadata fixes the following issues: supportutils-plugin-suse-public-cloud: - Fixes an error when supportutils-plugin-suse-public-cloud and supportutils-plugin-salt are installed at the same time (bsc#1174618) - Sensitive information like credentials (such as access keys) will be removed when the metadata is being collected (bsc#1170475, bsc#1170476) python3-azuremetadata: - Added latest support for `--listapis` and `--api` (bsc#1173238, bsc#1173240) - Detects when the VM is running in ASM (Azure Classic) and does now handle the condition to generate the data without requiring access to the full IMDS available, only in ARM instances (bsc#1173357, bsc#1174847) ----------------------------------------- Version 1.0.6-Build1.39 2020-08-14T07:51:46 ----------------------------------------- Patch: SUSE-2020-2221 Released: Thu Aug 13 09:06:20 2020 Summary: Recommended update for SUSEConnect Severity: moderate References: 1130864,1155911,1160007 Description: This update for SUSEConnect fixes the following issues: Update from version 0.3.22 to version 0.3.25 - Don't fail de-activation when '-release' package already got removed. - Fix cloud_provider detection on AWS large instances. (bsc#1160007) - Forbid de-registration for on-demand Public Cloud instances. (bsc#1155911) - Setup customer_center on read-only boot system. (bsc#1130864) ----------------------------------------- Patch: SUSE-2020-2223 Released: Thu Aug 13 09:12:03 2020 Summary: Recommended update for zypper-migration-plugin Severity: moderate References: 1100137,1107238,1171652 Description: This update for zypper-migration-plugin fixes the following issues: - Fix for an issue when not all release packages are installed after migration. (bsc#1171652) - Fix for snapper configuration to avoid migration failures. (jira#SLE-7752) - Fix for the issue when zypper migration tool does not provide a proper exit code if it is not mirrored on registration server. (bsc#1107238) - Fix for failing salt migration by check for closed standard input. (bsc#1100137) ----------------------------------------- Patch: SUSE-2020-2224 Released: Thu Aug 13 09:15:47 2020 Summary: Recommended update for glibc Severity: moderate References: 1171878,1172085 Description: This update for glibc fixes the following issues: - Fix concurrent changes on nscd aware files appeared by 'getent' when the NSCD cache was enabled. (bsc#1171878, BZ #23178) - Implement correct locking and cancellation cleanup in syslog functions. (bsc#1172085, BZ #26100) ----------------------------------------- Version 1.0.6-Build1.40 2020-08-15T07:53:14 ----------------------------------------- Patch: SUSE-2020-2243 Released: Fri Aug 14 15:27:12 2020 Summary: Recommended update for grub2 Severity: important References: 1174782,1175036,1175060 Description: This update for grub2 fixes the following issues: - A potential regression has been fixed that would cause systems with an updated 'grub2' to boot no longer due to a missing 'grub-calloc' linker symbol. (bsc#1174782) ----------------------------------------- Version 1.0.6-Build1.41 2020-08-18T07:52:08 ----------------------------------------- Patch: SUSE-2020-2256 Released: Mon Aug 17 15:08:46 2020 Summary: Recommended update for sysfsutils Severity: moderate References: 1155305 Description: This update for sysfsutils fixes the following issue: - Fix cdev name comparison. (bsc#1155305) ----------------------------------------- Version 1.0.6-Build1.44 2020-08-20T07:52:54 ----------------------------------------- Patch: SUSE-2020-2276 Released: Wed Aug 19 13:22:45 2020 Summary: Security update for python Severity: moderate References: 1174091,CVE-2019-20907 Description: This update for python fixes the following issues: - CVE-2019-20907: Avoid a possible infinite loop caused by specifically crafted tarballs (bsc#1174091). ----------------------------------------- Patch: SUSE-2020-2277 Released: Wed Aug 19 13:24:03 2020 Summary: Security update for python3 Severity: moderate References: 1174091,CVE-2019-20907 Description: This update for python3 fixes the following issues: - bsc#1174091, CVE-2019-20907: avoiding possible infinite loop in specifically crafted tarball. ----------------------------------------- Patch: SUSE-2020-2279 Released: Wed Aug 19 21:26:55 2020 Summary: Recommended update for libzypp Severity: moderate References: 1173106,1174011 Description: This update for libzypp fixes the following issues: - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) - Completey rework the purge-kernels algorithm. The new code is closer to the original perl script, grouping the packages by name before applying the keep spec. (bsc#1173106) - Set ZYPP_RPM_DEBUG=1 to capture verbose rpm command output. ----------------------------------------- Version 1.0.6-Build1.45 2020-08-21T07:54:07 ----------------------------------------- Patch: SUSE-2020-2284 Released: Thu Aug 20 16:04:17 2020 Summary: Recommended update for ca-certificates-mozilla Severity: important References: 1010996,1071152,1071390,1154871,1174673,973042 Description: This update for ca-certificates-mozilla fixes the following issues: update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 - reverted p11-kit nss trust integration as it breaks in fresh installations (bsc#1154871) ----------------------------------------- Version 1.0.6-Build1.46 2020-08-25T07:55:09 ----------------------------------------- Patch: SUSE-2020-2296 Released: Mon Aug 24 10:34:37 2020 Summary: Security update for gettext-runtime Severity: moderate References: 1106843,1113719,941629,CVE-2018-18751 Description: This update for gettext-runtime fixes the following issues: - Fix boo941629-unnessary-rpath-on-standard-path.patch (bsc#941629) - Added msgfmt-double-free.patch to fix a double free error (CVE-2018-18751 bsc#1113719) - Add patch msgfmt-reset-msg-length-after-remove.patch which does reset the length of message string after a line has been removed (bsc#1106843) ----------------------------------------- Version 1.0.6-Build1.47 2020-08-26T07:55:04 ----------------------------------------- Patch: SUSE-2020-2303 Released: Tue Aug 25 14:46:36 2020 Summary: Security update for grub2 Severity: important References: 1172745,1174421,CVE-2020-15705 Description: This update for grub2 fixes the following issues: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). - Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745). ----------------------------------------- Patch: SUSE-2020-2313 Released: Tue Aug 25 15:30:48 2020 Summary: Recommended update for python-azure-agent Severity: moderate References: 1175198 Description: This update for python-azure-agent contains the following fix: Drop unnecessary path for sudoers handle. (bsc#1175198) - sudoers file is managed by cloud-init we no longer need this hack ----------------------------------------- Patch: SUSE-2020-2314 Released: Tue Aug 25 15:31:17 2020 Summary: Recommended update for cloud-regionsrv-client Severity: moderate References: 1174731,1174732,1174743,1174791,1174837,1174937 Description: This update for cloud-regionsrv-client contains the following fixes: - Update to version 9.1.2: (bsc#1174791, bsc#1174937) + Implement changes to configure the client to use https only for outbound traffic - plugin-ec2 to version 1.0.1 (bsc#1174743, bsc#1174837) + Prefer IMDSv2 and switch all IMDS access requests to support v2 token based access method. - Update to version 9.1.1: (bsc#1174731, bsc#1174732) + Do not immediately failover to a sibling system. Upon contact failure to the target system give the server/route time to recover. We have seen network instability trigger a pre-mature failover during initial registration causing problems later during updates. + When we do failover make sure the access credentials are known to the new target ----------------------------------------- Version 1.0.6-Build1.49 2020-08-27T07:55:01 ----------------------------------------- Patch: SUSE-2020-2337 Released: Wed Aug 26 13:00:47 2020 Summary: Recommended update for dracut Severity: moderate References: 1172807 Description: This update for dracut fixes the following issue: - Fix typo in did setup conditional. (bsc#1172807) ----------------------------------------- Patch: SUSE-2020-2338 Released: Wed Aug 26 13:45:01 2020 Summary: Recommended update for cloud-regionsrv-client Severity: important References: 1175752,1175753 Description: This update for cloud-regionsrv-client fixes the following issues: - Fixed an issue where the cache object for the update server was incomplete (bsc#1175752, bsc#1175753) ----------------------------------------- Patch: SUSE-2020-2350 Released: Wed Aug 26 17:17:02 2020 Summary: Recommended update for hyper-v Severity: moderate References: 1093910,1100758,1174443,1174444 Description: This update for hyper-v fixes the following issues: - Remove dependency to network-online.target now that gethostname is used in kvp_daemon. (bsc#1174443, bsc#1174444) - Reopen the devices if read() or write() returns errors - Use either python2 or python3 for lsvmbus. (bsc#1093910) - Remove sysv init scripts - Enable build on aarch64 - Use gethostname for async name resolution. (bsc#1100758) - Asynchronous name resolution in kvp_daemon. (bsc#1100758) - kvp: eliminate 'may be used uninitialized' warning - Fixed Python pep8/flake8 warnings for lsvmbus - Replace GPLv2 boilerplate/reference with SPDX - Fix a warning of buffer overflow with gcc 8.0.1 - fcopy: set 'error' in case an unknown operation was requested - vss: fix loop device detection. - Fix IP reporting by KVP daemon with SRIOV - Fix a bug in the key delete code - Fix compiler warnings about major/target_fname ----------------------------------------- Version 1.0.6-Build1.51 2020-08-29T07:53:20 ----------------------------------------- Patch: SUSE-2020-2380 Released: Fri Aug 28 14:54:08 2020 Summary: Recommended update for supportutils-plugin-suse-public-cloud Severity: moderate References: 1175250,1175251 Description: This update for supportutils-plugin-suse-public-cloud contains the following fix: - Update to version 1.0.5: (bsc#1175250, bsc#1175251) + Query for new GCE initialization code packages ----------------------------------------- Patch: SUSE-2020-2384 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Severity: low References: 1170964 Description: This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) ----------------------------------------- Version 1.0.6-Build1.54 2020-09-02T07:54:24 ----------------------------------------- Patch: SUSE-2020-2411 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 Description: This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR → WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------- Patch: SUSE-2020-2420 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Severity: moderate References: 1174551,1174736 Description: This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------- Version 1.0.6-Build1.56 2020-09-03T07:54:19 ----------------------------------------- Patch: SUSE-2020-2446 Released: Wed Sep 2 09:33:22 2020 Summary: Security update for curl Severity: moderate References: 1175109,CVE-2020-8231 Description: This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------- Patch: SUSE-2020-2458 Released: Wed Sep 2 15:44:30 2020 Summary: Recommended update for iputils Severity: moderate References: 927831 Description: This update for iputils fixes the following issue: - ping: Remove workaround for bug in IP_RECVERR on raw sockets. (bsc#927831) ----------------------------------------- Version 1.0.6-Build1.57 2020-09-04T07:54:17 ----------------------------------------- Patch: SUSE-2020-2474 Released: Thu Sep 3 12:10:29 2020 Summary: Security update for libX11 Severity: moderate References: 1175239,CVE-2020-14363 Description: This update for libX11 fixes the following issues: - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239). ----------------------------------------- Version 1.0.6-Build1.59 2020-09-08T07:53:43 ----------------------------------------- Patch: SUSE-2020-2556 Released: Mon Sep 7 14:31:43 2020 Summary: Recommended update for python3-azuremetadata Severity: moderate References: 1175609,1175610 Description: This update for python3-azuremetadata contains the following fix: - Fix provides directive (bsc#1175609, bsc#1175610) + The provides directive must set a version or update does not work as expected ----------------------------------------- Version 1.0.6-Build1.62 2020-09-10T07:54:05 ----------------------------------------- Patch: SUSE-2020-2581 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Severity: moderate References: 1174154,CVE-2020-15719 Description: This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------- Patch: SUSE-2020-2583 Released: Wed Sep 9 15:27:54 2020 Summary: Security update for avahi Severity: moderate References: 1154063 Description: This update for avahi fixes the following issues: - When changing ownership of /var/lib/autoipd, only change ownership of files owned by avahi, to mitigate against possible exploits (bsc#1154063). ----------------------------------------- Version 1.0.6-Build1.63 2020-09-12T07:57:13 ----------------------------------------- Patch: SUSE-2020-2612 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Severity: moderate References: 1176179,CVE-2020-24977 Description: This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------- Version 1.0.6-Build1.64 2020-09-18T07:57:53 ----------------------------------------- Patch: SUSE-2020-2651 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Severity: moderate References: 1175811,1175830,1175831 Description: This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------- Version 1.0.6-Build1.67 2020-09-23T08:17:55 ----------------------------------------- Patch: SUSE-2020-2707 Released: Tue Sep 22 15:17:24 2020 Summary: Recommended update for python-azure-agent Severity: moderate References: 1176368,1176369 Description: This update for python-azure-agent fixes the following issues: - Update to version 2.2.49.2 (bsc#1176368, bsc#1176369) + Remove paa_use_hostnamectl.patch included upstream + Forwrad port proper_dhcp_config_set.patch + Do not use --unit with systemd-cgls (#1910) + Report processes that do not belong to the agent's cgroup (#1908) + Use controller mount point for extension cgroup path (#1899) + Improvements in setup of cgroups (#1896) + Remove ExtensionsMetricsData and per-process Memory data (#1884) + Fix return value of start_extension_command (#1927) + Remove import * (#1900) + Fix flaky ExtensionCleanupTest class (#1898) + Fix codecov badge (#1883) + Changed codecov to run on py3.8 (#1875) + Update documentation on /dev/random (#1909) + Mount options are in mount(8) (#1893) + Remove ssh host key thumbprint in report ready (#1913) + Emit AutoUpdate value at service start only (#1907) + Add logging for version mismatch (#1895) + Send telemetry event if libdir changes (#1897) + Add log collector utility (#1847) + Move AutoUpdate reporting to HeartBeat event (#1919) + Removing infinite download of extension manifest without a new GS (#1874) + Fix wrongful dir deletion (#1873) + Fix the cleanup-outdated-handlers to only delete handlers that are not present in the GS (#1889) + Expose periods of environment thread in waagent.conf (#1891) + Added user @kevinclark19a as Contributor. (#1906) - From 2.2.48.1 + Refactoring GoalState class out of Protocol, making Protocol thread-safe, removing stale dependencies of Protocol and removing the dependency on the file system to read the Protocol info + Fetch goal state when creating HostPluginProtocol (#1799) + Separate goal state from the protocol class (#1777) + Make protocol util a singleton per thread (#1743, #1756) + Fetch goal state before sending telemetry (#1751) + Remove file dependency (#1754) + Others (#1758, #1767, #1744, #1749, #1816, #1820) + New logs for goal state fetch (#1797) and refresh (#1794). + Thread name added to logs (#1778) + Populate telemetry events at creation time (#1791) + Periodic HeartBeat to be logged to the file (#1755) + Add unit test to verify call stacks on telemetry events (#1828) + Others (#1841, #1842, #1846) + Handling errors while reading extension status files (Limiting Size and Transient issues)(#1761) + Enable SWAP on Resource Disk as Application Certification Support suggested (#1762) + Update 'Provisioning' options in default configs ( #1853) + Drop Metadata Server Support (#1806, #1839, #1840 ) + Improve documentation of ResourceDisk.EnableSwapEncryption (#1782) + Removed is_snappy function (#1774) + Handle exceptions in monitor thread (#1770) + Fix timestamp for periodic operations in the monitor thread (#1879) + Fix permissions on the Ubuntu systemd service file (#1814) + Update hostname setting for SUSE distros (#1832) + Python 3.8 improvements + support for Ubuntu 20.04 (#1860, #1865, #1738) + Testing and dev-infra improvements [#1771, #1768, #1800, #1826, #1827, #1833] + Others (#1854, #1858) - From 2.2.46 + [#1741] Do not update goal state when refreshing the host plugin + [#1731] Fix upgrade sequence when update command fails + [#1725] Initialize CPU usage + [#1716, #1737] Added UTC logging and correcting the format + [#1651, #1729] Start sending PerformanceCounter metrics and additional memory information for Cgroups ----------------------------------------- Patch: SUSE-2020-2709 Released: Tue Sep 22 15:35:58 2020 Summary: Recommended update for pdate to version 1.0.5 (bsc#1174791, bsc#1174937) Severity: low References: 1174791,1174937 Description: - Update to version 1.0.5 (bsc#1174791, bsc#1174937) + New configuration to switch to https only outgoing traffic + Use latest API to query the metadata server and send additional data ----------------------------------------- Patch: SUSE-2020-2712 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Severity: moderate References: 1175568,CVE-2020-8027 Description: This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------- Version 1.0.6-Build1.68 2020-09-23T14:21:20 ----------------------------------------- Patch: SUSE-2020-2719 Released: Wed Sep 23 11:30:21 2020 Summary: Security update for samba Severity: important References: 1172810,1176579,CVE-2020-1472 Description: This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). - Add 'libsmbldap0' to 'libsmbldap2' package to fix upgrades from previous versions. (bsc#1172810) ----------------------------------------- Version 1.0.6-Build1.71 2020-09-30T07:55:58 ----------------------------------------- Patch: SUSE-2020-2780 Released: Tue Sep 29 11:27:51 2020 Summary: Recommended update for rsyslog Severity: moderate References: 1173433 Description: This update for rsyslog fixes the following issues: - Fix the URL for bug reporting. (bsc#1173433) ----------------------------------------- Patch: SUSE-2020-2784 Released: Tue Sep 29 12:43:24 2020 Summary: Security update for python-pip Severity: moderate References: 1176262,CVE-2019-20916 Description: This update for python-pip fixes the following issues: - CVE-2019-20916: Fixed a directory traversal in _download_http_url (bsc#1176262) ----------------------------------------- Patch: SUSE-2020-2795 Released: Tue Sep 29 14:29:33 2020 Summary: Recommended update for hyper-v Severity: moderate References: 1116957 Description: This update for hyper-v fixes the following issues: - Fixes an issue when hyper-v services not running after booting from SLES12SP3 ISO. (bsc#1116957) ----------------------------------------- Version 1.0.6-Build1.73 2020-10-02T07:58:23 ----------------------------------------- Patch: SUSE-2020-2814 Released: Thu Oct 1 09:55:30 2020 Summary: Security update for permissions Severity: moderate References: 1161335,1176625 Description: This update for permissions fixes the following issues: - whitelist WMP (bsc#1161335, bsc#1176625) ----------------------------------------- Patch: SUSE-2020-2817 Released: Thu Oct 1 10:38:37 2020 Summary: Recommended update for libzypp, zypper Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 Description: This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------- Version 1.0.6-Build1.74 2020-10-03T07:58:16 ----------------------------------------- Patch: SUSE-2020-2825 Released: Fri Oct 2 08:44:28 2020 Summary: Recommended update for suse-build-key Severity: moderate References: 1170347,1176759 Description: This update for suse-build-key fixes the following issues: - The SUSE Notary Container key is different from the build signing key, include this key instead as suse-container-key. (PM-1845 bsc#1170347) - The SUSE build key for SUSE Linux Enterprise 12 and 15 is extended by 4 more years. (bsc#1176759) ----------------------------------------- Version 1.0.6-Build1.77 2020-10-07T08:04:50 ----------------------------------------- Patch: SUSE-2020-2866 Released: Tue Oct 6 14:02:07 2020 Summary: Recommended update for python-azure-agent Severity: critical References: 1177161,1177257 Description: This update for python-azure-agent fixes the following issues: - Fixes an issue when the 'python-azure-agent' fails to initialize Azure instances. (bsc#1177161, bsc#1177257) ----------------------------------------- Patch: SUSE-2020-2869 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 Description: This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------- Version 1.0.6-Build1.78 2020-10-08T08:03:50 ----------------------------------------- Patch: SUSE-2020-1863 Released: Tue Jul 7 11:05:05 2020 Summary: Recommended update for python-portalocker, python-pytest Severity: moderate References: 1140565 Description: This update for python-portalocker, python-pytest fixes the following issues: python-portalocker is now included in the SUSE Linux Enterprise 15 Public Cloud Module (bsc#1140565, jsc#ECO-1257, jsc#PM-1598) ----------------------------------------- Version 1.0.6-Build1.80 2020-10-14T08:18:56 ----------------------------------------- Patch: SUSE-2020-2901 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 Description: This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------- Patch: SUSE-2020-2910 Released: Tue Oct 13 16:02:04 2020 Summary: Recommended update for cloud-regionsrv-client Severity: moderate References: 1176858,1176859 Description: This update for cloud-regionsrv-client contains the following fixes: - Update to version 9.1.4 (bsc#1176858, bsc#1176859) + Properly handle the exit code for SUSEConnect and provide log message with failure details for registration failure ----------------------------------------- Patch: SUSE-2020-2914 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 Description: This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon.