----------------------------------------- Version 1.0.5-Production-Build1.101 2020-04-19T17:47:38 ----------------------------------------- Patch: SUSE-2018-1223 Released: Tue Jun 26 11:41:00 2018 Summary: Security update for gpg2 Severity: important References: 1096745,CVE-2018-12020 Description: This update for gpg2 fixes the following security issue: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745). ----------------------------------------- Patch: SUSE-2018-1264 Released: Tue Jul 3 10:56:12 2018 Summary: Recommended update for curl Severity: moderate References: 1086367 Description: This update for curl provides the following fix: - Use OPENSSL_config() instead of CONF_modules_load_file() to avoid crashes due to conflicting openssl engines. (bsc#1086367) ----------------------------------------- Patch: SUSE-2018-1266 Released: Tue Jul 3 18:09:17 2018 Summary: Security update for cairo Severity: moderate References: 1049092,CVE-2017-9814 Description: This update for cairo fixes the following issues: The following security vulnerability was addressed: - CVE-2017-9814: Fixed and out-of-bounds read in cairo-truetype-subset.c by replacing the malloc implementation with _cairo_malloc and checking the size before memory allocation (bsc#1049092) ----------------------------------------- Patch: SUSE-2018-1268 Released: Tue Jul 3 18:09:41 2018 Summary: Security update for zsh Severity: moderate References: 1084656,1087026,1089030,CVE-2018-1071,CVE-2018-1083,CVE-2018-1100 Description: This update for zsh to version 5.5 fixes the following issues: Security issues fixed: - CVE-2018-1100: Fixes a buffer overflow in utils.c:checkmailpath() that can lead to local arbitrary code execution (bsc#1089030) - CVE-2018-1071: Fixed a stack-based buffer overflow in exec.c:hashcmd() (bsc#1084656) - CVE-2018-1083: Fixed a stack-based buffer overflow in gen_matches_files() at compctl.c (bsc#1087026) Non-security issues fixed: - The effect of the NO_INTERACTIVE_COMMENTS option extends into $(...) and `...` command substitutions when used on the command line. - The 'exec' and 'command' precommand modifiers, and options to them, are now parsed after parameter expansion. - Functions executed by ZLE widgets no longer have their standard input closed, but redirected from /dev/null instead. - There is an option WARN_NESTED_VAR, a companion to the existing WARN_CREATE_GLOBAL that causes a warning if a function updates a variable from an enclosing scope without using typeset -g. - zmodload now has an option -s to be silent on a failure to find a module but still print other errors. ----------------------------------------- Patch: SUSE-2018-1277 Released: Thu Jul 5 08:38:06 2018 Summary: Security update for unzip Severity: moderate References: 1080074,910683,914442,CVE-2014-9636,CVE-2018-1000035 Description: This update for unzip fixes the following issues: - CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442) - CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074) This non-security issue was fixed: +- Allow processing of Windows zip64 archives (Windows archivers set total_disks field to 0 but per standard, valid values are 1 and higher) (bnc#910683) ----------------------------------------- Patch: SUSE-2018-1279 Released: Thu Jul 5 08:41:25 2018 Summary: Security update for tiff Severity: moderate References: 1074317,1082332,1082825,1086408,1092949,CVE-2017-11613,CVE-2017-18013,CVE-2018-10963,CVE-2018-7456,CVE-2018-8905 Description: This update for tiff fixes the following security issues: These security issues were fixed: - CVE-2017-18013: Fixed a NULL pointer dereference in the tif_print.cTIFFPrintDirectory function that could have lead to denial of service (bsc#1074317). - CVE-2018-10963: Fixed an assertion failure in the TIFFWriteDirectorySec() function in tif_dirwrite.c, which allowed remote attackers to cause a denial of service via a crafted file (bsc#1092949). - CVE-2018-7456: Prevent a NULL Pointer dereference in the function TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013 (bsc#1082825). - CVE-2017-11613: Prevent denial of service in the TIFFOpen function. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If the value of td_imagelength is set close to the amount of system memory, it will hang the system or trigger the OOM killer (bsc#1082332). - CVE-2018-8905: Prevent heap-based buffer overflow in the function LZWDecodeCompat via a crafted TIFF file (bsc#1086408). ----------------------------------------- Patch: SUSE-2018-1292 Released: Mon Jul 9 11:57:14 2018 Summary: Security update for openslp Severity: important References: 1090638,CVE-2017-17833 Description: This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing ----------------------------------------- Patch: SUSE-2018-1299 Released: Wed Jul 11 15:55:21 2018 Summary: Security update for ucode-intel Severity: important References: 1087082,1087083,1100147,CVE-2018-3639,CVE-2018-3640 Description: This update for ucode-intel fixes the following issues: The microcode bundles was updated to the 20180703 release For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083). More information on: https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File Following chipsets are fixed in this round: Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx ----------------------------------------- Patch: SUSE-2018-1303 Released: Wed Jul 11 16:09:12 2018 Summary: Recommended update for SUSEConnect Severity: moderate References: 1093658,1094348 Description: This update for SUSEConnect provides the following fixes: - Add dependencies needed by the rmt-client-setup script as Recommends. (bsc#1093658, bsc#1094348) - Enhance error message generation. - Add not supported operation exception to PackageSearch API. ----------------------------------------- Patch: SUSE-2018-1324 Released: Fri Jul 13 14:02:52 2018 Summary: Initial update for kernel-azure Severity: moderate References: 1094420 Description: This update is the initial delivery of the Azure flavor of the Linux Kernel, which contains enhancements and optimizations for running the SUSE Linux Enterprise kernel in the Azure cloud. ----------------------------------------- Patch: SUSE-2018-1327 Released: Tue Jul 17 08:07:24 2018 Summary: Security update for perl Severity: moderate References: 1096718,CVE-2018-12015 Description: This update for perl fixes the following issues: - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) ----------------------------------------- Patch: SUSE-2018-1330 Released: Tue Jul 17 08:55:29 2018 Summary: Recommended update for yast2-registration Severity: moderate References: 1096813,1099691 Description: This update for yast2-registration fixes the following issues: - Use SCC credentials at upgrade when both NCC and SCC credentials are present in the system (bsc#1096813) - Added additional searchkeys to desktop file (fate#321043). ----------------------------------------- Patch: SUSE-2018-1332 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Severity: moderate References: 1073299,1093392 Description: This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------- Patch: SUSE-2018-1333 Released: Tue Jul 17 09:03:21 2018 Summary: Recommended update for bind Severity: moderate References: 901577,965748 Description: This update for bind provides the following fix: - Fixed ldapdump to use a temporary pseudo nameserver that conforms to BIND's expected syntax. Prior versions would not work correctly with an LDAP backed DNS server. (bsc#965748) - Add SPF records in dnszone-schema file. (bsc#901577) ----------------------------------------- Patch: SUSE-2018-1334 Released: Tue Jul 17 09:06:41 2018 Summary: Recommended update for mozilla-nss Severity: moderate References: 1096515 Description: This update for mozilla-nss provides the following fixes: - Update to NSS 3.36.4 required by Firefox 60.0.2. (bsc#1096515) - Fix a problem that would cause connections to a server that was recently upgraded to TLS 1.3 to result in a SSL_RX_MALFORMED_SERVER_HELLO error. - Fix a rare bug with PKCS#12 files. - Use relro linker option. ----------------------------------------- Patch: SUSE-2018-1346 Released: Thu Jul 19 09:25:08 2018 Summary: Security update for glibc Severity: moderate References: 1082318,1092877,1094150,1094154,1094161,CVE-2017-18269,CVE-2018-11236,CVE-2018-11237 Description: This update for glibc fixes the following security issues: - CVE-2017-18269: An SSE2-optimized memmove implementation for i386 did not correctly perform the overlapping memory check if the source memory range spaned the middle of the address space, resulting in corrupt data being produced by the copy operation. This may have disclosed information to context-dependent attackers, resulted in a denial of service or code execution (bsc#1094150). - CVE-2018-11236: Prevent integer overflow on 32-bit architectures when processing very long pathname arguments to the realpath function, leading to a stack-based buffer overflow (bsc#1094161). - CVE-2018-11237: An AVX-512-optimized implementation of the mempcpy function may have writen data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper (bsc#1092877, bsc#1094154). ----------------------------------------- Patch: SUSE-2018-1347 Released: Thu Jul 19 09:28:41 2018 Summary: Security update for libgcrypt Severity: moderate References: 1097410,CVE-2018-0495 Description: This update for libgcrypt fixes the following issue: The following security issue was fixed: - CVE-2018-0495: Fixed a novel side-channel attack, by enabling blinding for ECDSA signatures (bsc#1097410) ----------------------------------------- Patch: SUSE-2018-1348 Released: Thu Jul 19 09:32:11 2018 Summary: Security update for wireshark Severity: moderate References: 1094301,CVE-2018-11356,CVE-2018-11357,CVE-2018-11358,CVE-2018-11359,CVE-2018-11360,CVE-2018-11362 Description: This update for wireshark fixes vulnerabilities that could be used to trigger dissector crashes or cause dissectors to go into large infinite loops by making Wireshark read specially crafted packages from the network or capture files (bsc#1094301). This includes: - CVE-2018-11356: DNS dissector crash - CVE-2018-11357: Multiple dissectors could consume excessive memory - CVE-2018-11358: Q.931 dissector crash - CVE-2018-11359: The RRC dissector and other dissectors could crash - CVE-2018-11360: GSM A DTAP dissector crash - CVE-2018-11362: LDSS dissector crash ----------------------------------------- Patch: SUSE-2018-1349 Released: Thu Jul 19 09:35:42 2018 Summary: Security update for rubygem-sprockets Severity: moderate References: 1098369,CVE-2018-3760 Description: This update for rubygem-sprockets fixes the following issues: The following security vulnerability was addressed: - CVE-2018-3760: Fixed a path traversal issue in sprockets/server.rb:forbidden_request?(), which allowed remote attackers to read arbitrary files (bsc#1098369) ----------------------------------------- Patch: SUSE-2018-1353 Released: Thu Jul 19 09:50:32 2018 Summary: Security update for e2fsprogs Severity: moderate References: 1009532,1038194,915402,918346,960273,CVE-2015-0247,CVE-2015-1572 Description: This update for e2fsprogs fixes the following issues: Security issues fixed: - CVE-2015-0247: Fixed couple of heap overflows in e2fsprogs (fsck, dumpe2fs, e2image...) (bsc#915402). - CVE-2015-1572: Fixed potential buffer overflow in closefs() (bsc#918346). Bug fixes: - bsc#1038194: generic/405 test fails with /dev/mapper/thin-vol is inconsistent on ext4 file system. - bsc#1009532: resize2fs hangs when trying to resize a large ext4 file system. - bsc#960273: xfsprogs does not call %{?regenerate_initrd_post}. ----------------------------------------- Patch: SUSE-2018-1362 Released: Thu Jul 19 12:47:33 2018 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1100415 Description: ca-certificates-mozilla was updated to the 2.24 state of the Mozilla NSS Certificate store. (bsc#1100415) Following CAs were removed: * S-TRUST_Universal_Root_CA * TC_TrustCenter_Class_3_CA_II * TUeRKTRUST_Elektronik_Sertifika_Hizmet_Saglayicisi_H5 ----------------------------------------- Patch: SUSE-2018-1371 Released: Mon Jul 23 10:37:01 2018 Summary: Security update for openssl-1_1 Severity: moderate References: 1097158,1097624,1098592,CVE-2018-0732 Description: This update for openssl-1_1 fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) ----------------------------------------- Patch: SUSE-2018-1372 Released: Mon Jul 23 10:40:29 2018 Summary: Security update for openssl-1_1 Severity: moderate References: 1097158,1097624,1098592,CVE-2018-0732 Description: This update for openssl-1_1 fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) ----------------------------------------- Patch: SUSE-2018-1392 Released: Thu Jul 26 11:48:41 2018 Summary: Recommended update for yast2-core Severity: important References: 1099325 Description: This update for yast2-core fixes the following issues: - Fixed detection of aarch64 during an offline upgrade (bsc#1099325) ----------------------------------------- Patch: SUSE-2018-1396 Released: Thu Jul 26 16:23:09 2018 Summary: Security update for rpm Severity: moderate References: 1094735,1095148,943457,CVE-2017-7500 Description: This update for rpm fixes the following issues: This security vulnerability was fixed: - CVE-2017-7500: Fixed symlink attacks during RPM installation (bsc#943457) ----------------------------------------- Patch: SUSE-2018-1397 Released: Thu Jul 26 16:25:29 2018 Summary: Security update for util-linux Severity: moderate References: 1084300,CVE-2018-7738 Description: This update for util-linux fixes the following security issue: - CVE-2018-7738: Fix local vulnerability using embedded shell commands in a mountpoint name (bsc#1084300) ----------------------------------------- Patch: SUSE-2018-1398 Released: Thu Jul 26 16:27:58 2018 Summary: Security update for java-1_8_0-ibm Severity: important References: 1085449,1093311,CVE-2018-1417,CVE-2018-2783,CVE-2018-2790,CVE-2018-2794,CVE-2018-2795,CVE-2018-2796,CVE-2018-2797,CVE-2018-2798,CVE-2018-2799,CVE-2018-2800,CVE-2018-2814,CVE-2018-2825,CVE-2018-2826 Description: IBM Java was updated to version 8.0.5.15 [bsc#1093311, bsc#1085449] Security fixes: - CVE-2018-2826 CVE-2018-2825 CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 - Removed translations in the java-1_8_0-ibm-devel-32bit package as they conflict with those in java-1_8_0-ibm-devel. ----------------------------------------- Patch: SUSE-2018-1409 Released: Fri Jul 27 06:45:10 2018 Summary: Recommended update for systemd Severity: moderate References: 1039099,1083158,1088052,1091265,1093851,1095096,1095973,1098569 Description: This update for systemd provides the following fixes: - systemctl: Mask always reports the same unit names when different unknown units are passed. (bsc#1095973) - systemctl: Check the existence of all units, not just the first one. - scsi_id: Fix the prefix for pre-SPC inquiry reply. (bsc#1039099) - device: Make sure to always retroactively start device dependencies. (bsc#1088052) - locale-util: On overlayfs FTW_MOUNT causes nftw(3) to not list *any* files. - Fix pattern to detect distribution. - install: The 'user' and 'global' scopes are equivalent for user presets. (bsc#1093851) - install: Search for preset files in /run (#7715) - install: Consider globally enabled units as 'enabled' for the user. (bsc#1093851) - install: Consider non-Alias=/non-DefaultInstance= symlinks as 'indirect' enablement. - install: Only consider names in Alias= as 'enabling'. - udev: Whitelist mlx4_core locally-administered MAC addresses in the persistent rule generator. (bsc#1083158) - man: Updated systemd-analyze blame description for service-units with Type=simple. (bsc#1091265) - fileio: Support writing atomic files with timestamp. - fileio.c: Fix incorrect mtime - Drop runtime dependency on dracut, otherwise systemd pulls in tools to generate the initrd even in container/chroot installations that don't have a kernel. For environments where initrd matters, dracut should be pulled via a pattern. (bsc#1098569) - An update broke booting with encrypted partitions on NVMe (bsc#1095096) ----------------------------------------- Patch: SUSE-2018-1420 Released: Fri Jul 27 15:36:43 2018 Summary: Security update for the Linux Kernel Severity: important References: 1046303,1046305,1046306,1046307,1046540,1046542,1046543,1048129,1050242,1050252,1050529,1050536,1050538,1050545,1050549,1050662,1051510,1052766,1055968,1056427,1056643,1056651,1056653,1056657,1056658,1056662,1056686,1056787,1058115,1058513,1058659,1058717,1060463,1061024,1061840,1062897,1064802,1065600,1066110,1066129,1068032,1068054,1071218,1071995,1072829,1072856,1073513,1073765,1073960,1074562,1074578,1074701,1074741,1074873,1074919,1075006,1075007,1075262,1075419,1075748,1075876,1076049,1076115,1076372,1076830,1077338,1078248,1078353,1079152,1079747,1080039,1080542,1081599,1082485,1082504,1082869,1082962,1083647,1083900,1084001,1084570,1085308,1085539,1085626,1085933,1085936,1085937,1085938,1085939,1085941,1086282,1086283,1086286,1086288,1086319,1086323,1086400,1086652,1086739,1087078,1087082,1087084,1087092,1087205,1087210,1087213,1087214,1087284,1087405,1087458,1087939,1087978,1088354,1088690,1088704,1088722,1088796,1088804,1088821,1088866,1089115,1089268,1089467,1089608,1089663,1089664,1089667,1089669,1089752,1089753,1089878,1090150,1090457,1090605,1090643,1090646,1090658,1090734,1090888,1090953,1091158,1091171,1091424,1091594,1091666,1091678,1091686,1091781,1091782,1091815,1091860,1091960,1092100,1092472,1092710,1092772,1092888,1092904,1092975,1093023,1093027,1093035,1093118,1093148,1093158,1093184,1093205,1093273,1093290,1093604,1093641,1093649,1093653,1093655,1093657,1093663,1093721,1093728,1093904,1093990,1094244,1094356,1094420,1094541,1094575,1094751,1094825,1094840,1094912,1094978,1095042,1095094,1095115,1095155,1095265,1095321,1095337,1095467,1095573,1095735,1095893,1096065,1096480,1096529,1096696,1096705,1096728,1096753,1096790,1096793,1097034,1097105,1097234,1097356,1097373,1097439,1097465,1097468,1097470,1097471,1097472,1097551,1097780,1097796,1097800,1097941,1097961,1098016,1098043,1098050,1098174,1098176,1098236,1098401,1098425,1098435,1098599,1098626,1098706,1098983,1098995,1099029,1099041,1099109,1099142,1099183,1099715,1099792,1099918,1099924,1099966,1100132,1100209,1100340,1100362,1100382,1100394,1100416,1100418,1100491,1100602,1100633,1100843,1101296,1101315,1101324,971975,975772,CVE-2017-5715,CVE-2017-5753,CVE-2018-1000200,CVE-2018-1000204,CVE-2018-10087,CVE-2018-10124,CVE-2018-1092,CVE-2018-1093,CVE-2018-1094,CVE-2018-1118,CVE-2018-1120,CVE-2018-1130,CVE-2018-12233,CVE-2018-13053,CVE-2018-13405,CVE-2018-13406,CVE-2018-3639,CVE-2018-5803,CVE-2018-5848,CVE-2018-7492,CVE-2018-8781,CVE-2018-9385 Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following new feature was added: - NVDIMM memory error notification (ACPI 6.2) The following security bugs were fixed: - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function could have result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1100418) - CVE-2018-13053: The alarm_timer_nsleep function had an integer overflow via a large relative timeout because ktime_add_safe was not used (bnc#1099924) - CVE-2018-9385: Prevent overread of the 'driver_override' buffer (bsc#1100491) - CVE-2018-13405: The inode_init_owner function allowed local users to create files with an unintended group ownership allowing attackers to escalate privileges by making a plain file executable and SGID (bnc#1100416) - CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bsc#1068032) - CVE-2018-1118: Linux kernel vhost did not properly initialize memory in messages passed between virtual guests and the host operating system. This could have allowed local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file (bsc#1092472) - CVE-2018-12233: A memory corruption bug in JFS could have been triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability could be triggered by an unprivileged user with the ability to create files and execute programs (bsc#1097234) - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356) - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728) - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads the addresses of all prior memory writes are known may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1087082) - CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker could have caused utilities from psutils or procps (such as ps, w) to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks) (bsc#1093158) - CVE-2018-1094: The ext4_fill_super function did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bsc#1087007) - CVE-2018-1092: The ext4_iget function mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bsc#1087012) - 1093: The ext4_valid_block_bitmap function allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers (bsc#1087095) - CVE-2018-1000200: Prevent NULL pointer dereference which could have resulted in an out of memory (OOM) killing of large mlocked processes (bsc#1090150) - CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that allowed a local user to cause a denial of service by a number of certain crafted system calls (bsc#1092904) - CVE-2018-5803: Prevent error in the '_sctp_make_chunk()' function when handling SCTP packets length that could have been exploited to cause a kernel crash (bnc#1083900) - CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bsc#1082962) - CVE-2018-8781: The udl_fb_mmap function had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090643) - CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752) - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608) - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction (bsc#1068032) The following non-security bugs were fixed: - Fix copy_in_user() declaration (bsc#1052766). - 1wire: family module autoload fails because of upper/lower case mismatch (bsc#1051510). - 8021q: fix a memory leak for VLAN 0 device (networking-stable-18_01_12). - 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() (networking-stable-18_05_15). - 8139too: revisit napi_complete_done() usage (networking-stable-17_10_09). - 9p/trans_virtio: discard zero-length reply (bsc#1052766). - ACPI / APEI: Replace ioremap_page_range() with fixmap (bsc#1051510). - ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices (bsc#1051510). - ACPI / NUMA: ia64: Parse all entries of SRAT memory affinity table (bnc#1088796). - ACPI / bus: Do not call _STA on battery devices with unmet dependencies (bsc#1051510). - ACPI / button: make module loadable when booted in non-ACPI mode (bsc#1051510). - ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status() (bsc#1051510). - ACPI / scan: Initialize watchdog before PNP (bsc#1073960). - ACPI / scan: Send change uevent with offine environmental data (bsc#1082485). - ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs (bsc#1051510). - ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E (bsc#1051510). - ACPI / video: Default lcd_only to true on Win8-ready and newer machines (bsc#1051510). - ACPI / video: Only default only_lcd to true on Win8-ready _desktops_ (bsc#1051510). - ACPI / watchdog: Prefer iTCO_wdt on Lenovo Z50-70 (bsc#1051510). - ACPI / watchdog: properly initialize resources (bsc#1051510). - ACPI: EC: Fix debugfs_create_*() usage (bsc#1051510). - ACPI: acpi_pad: Fix memory leak in power saving threads (bsc#1051510). - ACPI: processor_perflib: Do not send _PPC change notification if not ready (bsc#1051510). - ACPI: sysfs: Make ACPI GPE mask kernel parameter cover all GPEs (bsc#1051510). - ACPICA: ACPI 6.0A: Changes to the NFIT ACPI table (bsc#1091424). - ACPICA: Events: add a return on failure from acpi_hw_register_read (bsc#1051510). - ACPICA: Fix memory leak on unusual memory leak (bsc#1051510). - ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (bsc#1051510). - ALSA: aloop: Add missing cable lock to ctl API callbacks (bsc#1051510). - ALSA: aloop: Mark paused device as inactive (bsc#1051510). - ALSA: asihpi: Hardening for potential Spectre v1 (bsc#1051510). - ALSA: caiaq: Add yet more sanity checks for invalid EPs (bsc#1051510). - ALSA: control: Hardening for potential Spectre v1 (bsc#1051510). - ALSA: control: fix a redundant-copy issue (bsc#1051510). - ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr (bsc#1051510). - ALSA: dice: fix OUI for TC group (bsc#1051510). - ALSA: dice: fix error path to destroy initialized stream data (bsc#1051510). - ALSA: dice: fix kernel NULL pointer dereference due to invalid calculation for array index (bsc#1051510). - ALSA: emu10k1: Fix kABI breakage (bsc#1093027). - ALSA: emu10k1: add a IOMMU workaround (bsc#1093027). - ALSA: emu10k1: add optional debug printouts with DMA addresses (bsc#1093027). - ALSA: emu10k1: make sure synth DMA pages are allocated with DMA functions (bsc#1093027). - ALSA: emu10k1: remove reserved_page (bsc#1093027). - ALSA: emu10k1: use dma_set_mask_and_coherent() (bsc#1093027). - ALSA: hda - Fix incorrect usage of IS_REACHABLE() (bsc#1051510). - ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream() (bsc#1051510). - ALSA: hda - New VIA controller suppor no-snoop path (bsc#1051510). - ALSA: hda - Skip jack and others for non-existing PCM streams (bsc#1051510). - ALSA: hda/ca0132 - use ARRAY_SIZE (bsc#1051510). - ALSA: hda/ca0132: Add DSP Volume set and New mixers for SBZ + R3Di (bsc#1096696). - ALSA: hda/ca0132: Add PCI region2 iomap for SBZ (bsc#1096696). - ALSA: hda/ca0132: Add dsp setup + gpio functions for r3di (bsc#1096696). - ALSA: hda/ca0132: Add extra exit functions for R3Di and SBZ (bsc#1096696). - ALSA: hda/ca0132: Add new control changes for SBZ + R3Di (bsc#1096696). - ALSA: hda/ca0132: Add pincfg for SBZ + R3Di, add fp hp auto-detect (bsc#1096696). - ALSA: hda/ca0132: Delete pointless assignments to struct auto_pin_cfg fields (bsc#1051510). - ALSA: hda/ca0132: Delete redundant UNSOL event requests (bsc#1051510). - ALSA: hda/ca0132: Do not test for QUIRK_NONE (bsc#1051510). - ALSA: hda/ca0132: Fix DMic data rate for Alienware M17x R4 (bsc#1051510). - ALSA: hda/ca0132: R3Di and SBZ quirk entires + alt firmware loading (bsc#1096696). - ALSA: hda/ca0132: Restore PCM Analog Mic-In2 (bsc#1051510). - ALSA: hda/ca0132: Restore behavior of QUIRK_ALIENWARE (bsc#1051510). - ALSA: hda/ca0132: add alt_select_in/out for R3Di + SBZ (bsc#1096696). - ALSA: hda/ca0132: add ca0132_alt_set_vipsource (bsc#1096696). - ALSA: hda/ca0132: add dsp setup related commands for the sbz (bsc#1096696). - ALSA: hda/ca0132: add extra init functions for r3di + sbz (bsc#1096696). - ALSA: hda/ca0132: add the ability to set src_id on scp commands (bsc#1096696). - ALSA: hda/ca0132: constify parameter table for effects (bsc#1096696). - ALSA: hda/ca0132: constify read-only members of string array (bsc#1096696). - ALSA: hda/ca0132: constify templates for control element set (bsc#1096696). - ALSA: hda/ca0132: fix array_size.cocci warnings (bsc#1096696). - ALSA: hda/ca0132: fix build failure when a local macro is defined (bsc#1051510). - ALSA: hda/ca0132: make array ca0132_alt_chmaps static (bsc#1051510). - ALSA: hda/ca0132: merge strings just for printk (bsc#1096696). - ALSA: hda/ca0132: update core functions for sbz + r3di (bsc#1096696). - ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation (bsc#1092975). - ALSA: hda/conexant - Add hp-mic-fix model string (bsc#1092975). - ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 (bsc#1051510). - ALSA: hda/realtek - Add shutup hint (bsc#1051510). - ALSA: hda/realtek - Add some fixes for ALC233 (bsc#1051510). - ALSA: hda/realtek - Clevo P950ER ALC1220 Fixup (bsc#1051510). - ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs (bsc#1051510). - ALSA: hda/realtek - Fix pop noise on Lenovo P50 and co (bsc#1051510). - ALSA: hda/realtek - Fix the problem of two front mics on more machines (bsc#1051510). - ALSA: hda/realtek - Fixup for HP x360 laptops with BandO speakers (bsc#1096705). - ALSA: hda/realtek - Fixup mute led on HP Spectre x360 (bsc#1096705). - ALSA: hda/realtek - Refactor alc269_fixup_hp_mute_led_mic*() (bsc#1096705). - ALSA: hda/realtek - Update ALC255 depop optimize (bsc#1051510). - ALSA: hda/realtek - adjust the location of one mic (bsc#1051510). - ALSA: hda/realtek - change the location for one of two front mics (bsc#1051510). - ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags (bsc#1051510). - ALSA: hda: Add ASRock H81M-HDS to the power_save blacklist (bsc#1051510). - ALSA: hda: Add Clevo W35xSS_370SS to the power_save blacklist (bsc#1051510). - ALSA: hda: Add Gigabyte P55A-UD3 and Z87-D3HP to the power_save blacklist (bsc#1051510). - ALSA: hda: Add Icelake PCI ID (bsc#1051510). - ALSA: hda: Add Intel NUC5i7RY to the power_save blacklist (bsc#1051510). - ALSA: hda: Add Intel NUC7i3BNB to the power_save blacklist (bsc#1051510). - ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist (bsc#1051510). - ALSA: hda: Hardening for potential Spectre v1 (bsc#1051510). - ALSA: hda: add dock and led support for HP EliteBook 830 G5 (bsc#1051510). - ALSA: hda: add dock and led support for HP ProBook 640 G4 (bsc#1051510). - ALSA: hdspm: Hardening for potential Spectre v1 (bsc#1051510). - ALSA: hiface: Add sanity checks for invalid EPs (bsc#1051510). - ALSA: line6: Add yet more sanity checks for invalid EPs (bsc#1051510). - ALSA: line6: Use correct endpoint type for midi output (bsc#1051510). - ALSA: line6: add support for POD HD DESKTOP (bsc#1051510). - ALSA: line6: add support for POD HD500X (bsc#1051510). - ALSA: line6: remove unnecessary initialization to PODHD500X (bsc#1051510). - ALSA: opl3: Hardening for potential Spectre v1 (bsc#1051510). - ALSA: pcm: Avoid potential races between OSS ioctls and read/write (bsc#1051510). - ALSA: pcm: Check PCM state at xfern compat ioctl (bsc#1051510). - ALSA: pcm: Fix UAF at PCM release via PCM timer access (bsc#1051510). - ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation (bsc#1051510). - ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls (bsc#1051510). - ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams (bsc#1051510). - ALSA: pcm: potential uninitialized return values (bsc#1051510). - ALSA: rawmidi: Fix missing input substream checks in compat ioctls (bsc#1051510). - ALSA: rme9652: Hardening for potential Spectre v1 (bsc#1051510). - ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl (bsc#1051510). - ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() (bsc#1051510). - ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device (bsc#1051510). - ALSA: seq: oss: Hardening for potential Spectre v1 (bsc#1051510). - ALSA: timer: Fix UBSAN warning at SNDRV_TIMER_IOCTL_NEXT_DEVICE ioctl (bsc#1051510). - ALSA: timer: Fix pause event notification (bsc#1051510). - ALSA: usb-audio: Add 'Keep Interface' control (bsc#1089467). - ALSA: usb-audio: Add a quirk for Nura's first gen headset (bsc#1051510). - ALSA: usb-audio: Add keep_iface flag (bsc#1089467). - ALSA: usb-audio: Add native DSD support for Luxman DA-06 (bsc#1051510). - ALSA: usb-audio: Add native DSD support for Mytek DACs (bsc#1051510). - ALSA: usb-audio: Add native DSD support for TEAC UD-301 (bsc#1051510). - ALSA: usb-audio: Add sample rate quirk for Plantronics C310/C520-M (bsc#1051510). - ALSA: usb-audio: Add sample rate quirk for Plantronics P610 (bsc#1051510). - ALSA: usb-audio: Add sanity checks for invalid EPs (bsc#1051510). - ALSA: usb-audio: Allow to override the longname string (bsc#1091678). - ALSA: usb-audio: Apply vendor ID matching for sample rate quirk (bsc#1051510). - ALSA: usb-audio: Avoid superfluous usb_set_interface() calls (bsc#1089467). - ALSA: usb-audio: Change the semantics of the enable option (bsc#1051510). - ALSA: usb-audio: Disable the quirk for Nura headset (bsc#1051510). - ALSA: usb-audio: FIX native DSD support for TEAC UD-501 DAC (bsc#1051510). - ALSA: usb-audio: Generic DSD detection for XMOS-based implementations (bsc#1051510). - ALSA: usb-audio: Give proper vendor/product name for Dell WD15 Dock (bsc#1091678). - ALSA: usb-audio: Initialize Dell Dock playback volumes (bsc#1089467). - ALSA: usb-audio: Integrate native DSD support for ITF-USB based DACs (bsc#1051510). - ALSA: usb-audio: Remove explicitly listed Mytek devices (bsc#1051510). - ALSA: usb-audio: Skip broken EU on Dell dock USB-audio (bsc#1090658). - ALSA: usb-audio: Support changing input on Sound Blaster E1 (bsc#1051510). - ALSA: usb-audio: add boot quirk for Axe-Fx III (bsc#1051510). - ALSA: usb-audio: add more quirks for DSD interfaces (bsc#1051510). - ALSA: usb-audio: simplify set_sync_ep_implicit_fb_quirk (bsc#1051510). - ALSA: usb: mixer: volume quirk for CM102-A+/102S+ (bsc#1051510). - ALSA: usx2y: Add sanity checks for invalid EPs (bsc#1051510). - ALSA: usx2y: Fix invalid stream URBs (bsc#1051510). - ALSA: vmaster: Propagate slave error (bsc#1051510). - ASoC: Intel: Skylake: Disable clock gating during firmware and library download (bsc#1051510). - ASoC: Intel: cht_bsw_rt5645: Analog Mic support (bsc#1051510). - ASoC: Intel: sst: remove redundant variable dma_dev_name (bsc#1051510). - ASoC: adau17x1: Handling of DSP_RUN register during fw setup (bsc#1051510). - ASoC: cirrus: i2s: Fix LRCLK configuration (bsc#1051510). - ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup (bsc#1051510). - ASoC: cs35l35: Add use_single_rw to regmap config (bsc#1051510). - ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it (bsc#1051510). - ASoC: fsl_esai: Fix divisor calculation failure at lower ratio (bsc#1051510). - ASoC: hdmi-codec: Fix module unloading caused kernel crash (bsc#1051510). - ASoC: hdmi-codec: fix spelling mistake: 'deteced' -> 'detected' (bsc#1051510). - ASoC: hdmi-codec: remove multi detection support (bsc#1051510). - ASoC: omap: Remove OMAP_MUX dependency from Nokia N810 audio support (bsc#1051510). - ASoC: rockchip: Fix dai_name for HDMI codec (bsc#1051510). - ASoC: rockchip: rk3288-hdmi-analog: Select needed codecs (bsc#1051510). - ASoC: rsnd: mark PM functions __maybe_unused (bsc#1051510). - ASoC: rt5514: Add the missing register in the readable table (bsc#1051510). - ASoC: samsung: i2s: Ensure the RCLK rate is properly determined (bsc#1051510). - ASoC: samsung: odroid: Drop requirement of clocks in the sound node (bsc#1051510). - ASoC: samsung: odroid: Fix 32000 sample rate handling (bsc#1051510). - ASoC: samsung: odroid: Fix EPLL frequency values (bsc#1051510). - ASoC: ssm2602: Replace reg_default_raw with reg_default (bsc#1051510). - ASoC: topology: Check widget kcontrols before deref (bsc#1051510). - ASoC: topology: Check widget kcontrols before deref (bsc#1051510). - ASoC: topology: Fix bugs of freeing soc topology (bsc#1051510). - ASoC: topology: Fix kcontrol name string handling (bsc#1051510). - ASoC: topology: create TLV data for dapm widgets (bsc#1051510). - ASoC: topology: fix some tiny memory leaks (bsc#1051510). - Bluetooth: Add a new 04ca:3015 QCA_ROME device (bsc#1051510). - Bluetooth: Apply QCA Rome patches for some ATH3012 models (bsc#1082504). - Bluetooth: Fix missing encryption refresh on Security Request (bsc#1051510). - Bluetooth: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for BTUSB_QCA_ROME (bsc#1051510). - Bluetooth: btrtl: Fix a error code in rtl_load_config() (bsc#1051510). - Bluetooth: btusb: Add Dell XPS 13 9360 to btusb_needs_reset_resume_table (bsc#1051510). - Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB (bsc#1051510). - Bluetooth: btusb: Add device ID for RTL8822BE (bsc#1051510). - Bluetooth: btusb: Only check needs_reset_resume DMI table for QCA rome chipsets (bsc#1051510). - Bluetooth: btusb: add ID for LiteOn 04ca:3016 (bsc#1051510). - Bluetooth: hci_bcm: Add 6 new ACPI HIDs (bsc#1051510). - Bluetooth: hci_bcm: Add active_low irq polarity quirk for Asus T100CHI (bsc#1051510). - Bluetooth: hci_bcm: Add support for BCM2E72 (bsc#1051510). - Bluetooth: hci_bcm: Add support for MINIX Z83-4 based devices (bsc#1051510). - Bluetooth: hci_bcm: Fix setting of irq trigger type (bsc#1051510). - Bluetooth: hci_bcm: Handle empty packet after firmware loading (bsc#1051510). - Bluetooth: hci_bcm: Make bcm_request_irq fail if no IRQ resource (bsc#1051510). - Bluetooth: hci_bcm: Remove DMI quirk for the MINIX Z83-4 (bsc#1051510). - Bluetooth: hci_bcm: Treat Interrupt ACPI resources as always being active-low (bsc#1051510). - Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader (bsc#1051510). - Btrfs: fix copy_items() return value when logging an inode (bsc#1097105). - Btrfs: fix xattr loss after power failure (bsc#1097105). - Btrfs: use btrfs_op instead of bio_op in __btrfs_map_block (bsc#1099918). - Correct bug reference in the patch (bnc#1095155) - Delete patches.arch/powerpc64-ftrace-Use-the-generic-version-of-ftrace_r.patch (bsc#1088804). - Downgrade printk level for MMC SDHCI host version error (bsc#1097941). - Fix kABI breakage due to acpi_ec gpe field change (bsc#1051510). - Fix kABI breakage due to snd_usb_audio_quirk profile_name addition (bsc#1091678). - Fix kABI breakage due to sound/timer.h inclusion (bsc#1051510). - Fix kABI breakage for iwl_fw_runtime_ops change (bsc#1051510). - Fix kABI breakage for iwlwifi (bsc#1051510). - Fix kABI breakage of iio_buffer (bsc#1051510). - Fix kABI incompatibility by snd_pcm_oss_runtime.rw_ref addition (bsc#1051510). - Fix the build error in adau17x1 soc driver (bsc#1051510) - Fix the build of da9063_wdt module (bsc#1100843) Backport the missing prerequisite commit, move the previous fixes into the sorted section and refresh. - GFS2: Take inode off order_write list when setting jdata flag (bsc#1052766). - HID: add backlight level quirk for Asus ROG laptops (bsc#1101324). - HID: cp2112: fix broken gpio_direction_input callback (bsc#1051510). - HID: debug: check length before copy_to_user() (bsc#1051510). - HID: hiddev: fix potential Spectre v1 (bsc#1051510). - HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device (bsc#1051510). - HID: i2c-hid: Fix 'incomplete report' noise (bsc#1051510). - HID: i2c-hid: fix size check and type usage (bsc#1051510). - HID: intel-ish-hid: Enable Gemini Lake ish driver (bsc#1073765,). - HID: intel-ish-hid: use put_device() instead of kfree() (bsc#1051510). - HID: intel_ish-hid: ipc: register more pm callbacks to support hibernation (bsc#1051510). - HID: lenovo: Add support for IBM/Lenovo Scrollpoint mice (bsc#1051510). - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() (bsc#1051510). - HID: wacom: Add support for One by Wacom (CTL-472 / CTL-672) (bsc#1100633). - HID: wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large (bsc#1051510). - HID: wacom: Correct touch maximum XY of 2nd-gen Intuos (bsc#1051510). - HID: wacom: EKR: ensure devres groups at higher indexes are released (bsc#1051510). - HID: wacom: Fix reporting of touch toggle (WACOM_HID_WD_MUTE_DEVICE) events (bsc#1051510). - HID: wacom: Release device resource data obtained by devres_alloc() (bsc#1051510). - HID: wacom: bluetooth: send exit report for recent Bluetooth devices (bsc#1051510). - IB/Hfi1: Read CCE Revision register to verify the device is responsive (bsc#1096793). - IB/core: Generate GID change event regardless of RoCE GID table property (bsc#1046306). - IB/core: Refer to RoCE port property instead of GID table property (bsc#1046306). - IB/cq: Do not force IB_POLL_DIRECT poll context for ib_process_cq_direct (bsc#1046306). - IB/hfi1 Use correct type for num_user_context (bsc#1096793). - IB/hfi1: Add a safe wrapper for _rcd_get_by_index (bsc#1096793). - IB/hfi1: Add tx_opcode_stats like the opcode_stats (bsc#1096793). - IB/hfi1: Complete check for locally terminated smp (bsc#1096793). - IB/hfi1: Compute BTH only for RDMA_WRITE_LAST/SEND_LAST packet (bsc#1096793). - IB/hfi1: Convert PortXmitWait/PortVLXmitWait counters to flit times (bsc#1096793). - IB/hfi1: Create common functions for affinity CPU mask operations (bsc#1096793). - IB/hfi1: Do not allocate PIO send contexts for VNIC (bsc#1096793). - IB/hfi1: Do not modify num_user_contexts module parameter (bsc#1096793). - IB/hfi1: Do not override given pcie_pset value (bsc#1096793). - IB/hfi1: Ensure VL index is within bounds (bsc#1096793). - IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used (bsc#1060463). - IB/hfi1: Fix a wrapping test to insure the correct timeout (bsc#1096793). - IB/hfi1: Fix for early release of sdma context (bsc#1096793). - IB/hfi1: Fix handling of FECN marked multicast packet (bsc#1060463). - IB/hfi1: Fix loss of BECN with AHG (bsc#1096793). - IB/hfi1: Fix memory leak in exception path in get_irq_affinity() (bsc#1096793). - IB/hfi1: Fix serdes loopback set-up (bsc#1096793). - IB/hfi1: Handle initial value of 0 for CCTI setting (bsc#1096793). - IB/hfi1: Inline common calculation (bsc#1096793). - IB/hfi1: Insure int mask for in-kernel receive contexts is clear (bsc#1096793). - IB/hfi1: Look up ibport using a pointer in receive path (bsc#1096793). - IB/hfi1: Optimize kthread pointer locking when queuing CQ entries (bsc#1096793). - IB/hfi1: Optimize packet type comparison using 9B and bypass code paths (bsc#1096793). - IB/hfi1: Prevent LNI hang when LCB can't obtain lanes (bsc#1096793). - IB/hfi1: Prohibit invalid Init to Armed state transition (bsc#1096793). - IB/hfi1: Race condition between user notification and driver state (bsc#1096793). - IB/hfi1: Re-order IRQ cleanup to address driver cleanup race (bsc#1060463). - IB/hfi1: Refactor assign_ctxt() IOCTL (bsc#1096793). - IB/hfi1: Refactor get_base_info (bsc#1096793). - IB/hfi1: Refactor get_ctxt_info (bsc#1096793). - IB/hfi1: Refactor get_user() IOCTLs (bsc#1096793). - IB/hfi1: Refactor hfi_user_exp_rcv_clear() IOCTLs (bsc#1096793). - IB/hfi1: Refactor hfi_user_exp_rcv_invalid() IOCTLs (bsc#1096793). - IB/hfi1: Refactor hfi_user_exp_rcv_setup() IOCTL (bsc#1096793). - IB/hfi1: Remove unused hfi1_cpulist variables (bsc#1096793). - IB/hfi1: Reorder incorrect send context disable (bsc#1096793). - IB/hfi1: Return correct value for device state (bsc#1096793). - IB/hfi1: Send 'reboot' as planned down remote reason (bsc#1096793). - IB/hfi1: Set port number for errorinfo MAD response (bsc#1096793). - IB/hfi1: Show fault stats in both TX and RX directions (bsc#1096793). - IB/hfi1: Update HFI to use the latest PCI API (bsc#1096793). - IB/hfi1: Use after free race condition in send context error path (bsc#1096793). - IB/hfi1: Validate PKEY for incoming GSI MAD packets (bsc#1096793). - IB/ipoib: Avoid memory leak if the SA returns a different DGID (bsc#1046307). - IB/ipoib: Change number of TX wqe to 64 (bsc#1096793). - IB/ipoib: Fix for notify send CQ failure messages (bsc#1096793). - IB/ipoib: Fix for potential no-carrier state (bsc#1046307). - IB/ipoib: Get rid of the tx_outstanding variable in all modes (bsc#1096793). - IB/ipoib: Use NAPI in UD/TX flows (bsc#1096793). - IB/mlx4: Fix integer overflow when calculating optimal MTT size (bsc#1071218). - IB/mlx4: Move mlx4_uverbs_ex_query_device_resp to include/uapi/ (bsc#1071218). - IB/mlx5: Enable ECN capable bits for UD RoCE v2 QPs (bsc#1046305). - IB/mlx5: Respect new UMR capabilities (bsc#1093205). - IB/mlx5: Set the default active rate and width to QDR and 4X (bsc#1046305). - IB/mlx5: Use unlimited rate when static rate is not supported (bsc#1046305). - IB/mlx5:: pr_err() and mlx5_ib_dbg() strings should end with newlines (bsc#1093205). - IB/rdmavt: Add trace for RNRNAK timer (bsc#1096793). - IB/rdmavt: Allocate CQ memory on the correct node (bsc#1058717). - IB/rdmavt: No need to cancel RNRNAK retry timer when it is running (bsc#1096793). - IB/rdmavt: Use correct numa node for SRQ allocation (bsc#1096793). - IB/srp: Fix completion vector assignment algorithm (bsc#1046306). - IB/srp: Fix srp_abort() (bsc#1046306). - IB/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write() (bsc#1046306). - IB/uverbs: Fix validating mandatory attributes (bsc#1046306). - IB/{hfi1, qib}: Add handling of kernel restart (bsc#1096793). - IB/{hfi1, rdmavt}: Fix memory leak in hfi1_alloc_devdata() upon failure (bsc#1096793). - IB/{rdmavt,hfi1}: Change hrtimer add to use pinned version (bsc#1096793). - Input: ALPS - fix TrackStick detection on Thinkpad L570 and Latitude 7370 (bsc#1051510). - Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro (bsc#1051510). - Input: atmel_mxt_ts - fix the firmware update (bsc#1051510). - Input: elan_i2c - add ELAN0612 (Lenovo v330 14IKB) ACPI ID (bsc#1051510). - Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID (bsc#1051510). - Input: elan_i2c_smbus - fix corrupted stack (bsc#1051510). - Input: elan_i2c_smbus - fix more potential stack buffer overflows (bsc#1051510). - Input: elantech - enable middle button of touchpads on ThinkPad P52 (bsc#1051510). - Input: elantech - fix V4 report decoding for module with middle key (bsc#1051510). - Input: goodix - add new ACPI id for GPD Win 2 touch screen (bsc#1051510). - Input: goodix - disable IRQs while suspended (bsc#1051510). - Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list (bsc#1051510). - Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad (bsc#1051510). - Input: leds - fix out of bound access (bsc#1051510). - Input: synaptics - Lenovo Carbon X1 Gen5 (2017) devices should use RMI (bsc#1051510). - Input: synaptics - Lenovo Thinkpad X1 Carbon G5 (2017) with Elantech trackpoints should use RMI (bsc#1051510). - Input: synaptics - add Intertouch support on X1 Carbon 6th and X280 (bsc#1051510). - Input: synaptics - add Lenovo 80 series ids to SMBus (bsc#1051510). - Input: synaptics - reset the ABS_X/Y fuzz after initializing MT axes (bsc#1051510). - Input: synaptics-rmi4 - fix an unchecked out of memory error path (bsc#1051510). - Input: synaptics: Add intertouch blacklist for Thinkpad Helix (bsc#1090457). - Input: xpad - add GPD Win 2 Controller USB IDs (bsc#1051510). - Input: xpad - fix GPD Win 2 controller name (bsc#1051510). - Input: xpad - sync supported devices with 360Controller (bsc#1051510). - Input: xpad - sync supported devices with XBCD (bsc#1051510). - KABI protect struct nd_region (). - KABI: hide ftrace_enabled in paca (bsc#1088804). - KEYS: DNS: limit the length of option strings (networking-stable-18_04_26). - KEYS: Use individual pages in big_key for crypto buffers (bsc#1051510). - KVM: MMU: consider host cache mode in MMIO page check (bsc#1087213). - KVM: PPC: Book3S HV: Fix ppc_breakpoint_available compile error (bsc#1061840). - KVM: PPC: Book3S HV: Handle migration with POWER9 disabled DAWR (bsc#1061840). - KVM: PPC: Book3S HV: Return error from h_set_dabr() on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Return error from h_set_mode(SET_DAWR) on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: trace_tlbie must not be called in realmode (bsc#1061840). - MD: Free bioset when md_run fails (bsc#1093023). - Move upstreamed ideapad-laptop patch to sorted section (bsc#1093035) - NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 (bsc#1090888). - NFC: fix device-allocation error return (bsc#1051510). - NFC: llcp: Limit size of SDP URI (bsc#1051510). - NFC: pn533: do not send USB data off of the stack (bsc#1051510). - NFS: Revert 'NFS: Move the flock open mode check into nfs_flock()' (bsc#1098983). - NFSv4: Revert commit 5f83d86cf531d ('NFSv4.x: Fix wraparound issues..') (git-fixes). - PCI/ASPM: Add L1 Substates definitions (bsc#1051510). - PCI/ASPM: Calculate LTR_L1.2_THRESHOLD from device characteristics (bsc#1051510). - PCI/DPC: Do not enable DPC if AER control is not allowed by the BIOS (bsc#1093184). - PCI/PME: Handle invalid data when reading Root Status (bsc#1051510). - PCI: Add ACS quirk for Intel 300 series (bsc#1051510). - PCI: Add ACS quirk for Intel 7th and 8th Gen mobile (bsc#1051510). - PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L (bsc#1051510). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 (bsc#1051510). - PCI: Add function 1 DMA alias quirk for Marvell 9128 (bsc#1051510). - PCI: Create SR-IOV virtfn/physfn links before attaching driver (bsc#1051510). - PCI: Detach driver before procfs and sysfs teardown on device remove (bsc#1051510). - PCI: Mark Broadcom HT1100 and HT2000 Root Port Extended Tags as broken (bsc#1051510). - PCI: Remove messages about reassigning resources (bsc#1051510). - PCI: Restore config space on runtime resume despite being unbound (bsc#1051510). - PCI: aardvark: Fix PCIe Max Read Request Size setting (bsc#1051510). - PCI: aardvark: Fix logic in advk_pcie_{rd,wr}_conf() (bsc#1051510). - PCI: aardvark: Set PIO_ADDR_LS correctly in advk_pcie_rd_conf() (bsc#1051510). - PCI: aardvark: Use ISR1 instead of ISR0 interrupt in legacy irq mode (bsc#1051510). - PCI: designware-ep: Fix find_first_zero_bit() usage (bsc#1051510). - PCI: hv: Fix a __local_bh_enable_ip warning in hv_compose_msi_msg() (bnc#1094541). - PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume (bsc#1051510). - PCI: shpchp: Enable bridge bus mastering if MSI is enabled (bsc#1051510). - PM / OPP: Add missing of_node_put(np) (bsc#1051510). - PM / OPP: Call notifier without holding opp_table->lock (bsc#1051510). - PM / OPP: Move error message to debug level (bsc#1051510). - PM / devfreq: Fix potential NULL pointer dereference in governor_store (bsc#1051510). - PM / s2idle: Clear the events_check_enabled flag (bsc#1051510). - PM / wakeirq: Fix unbalanced IRQ enable for wakeirq (bsc#1051510). - PM: docs: Drop an excess character from devices.rst (bsc#1051510). - Pass x86 as architecture on x86_64 and i386 (bsc#1093118). - Preliminary series sort - RDMA/bnxt_re: Fix broken RoCE driver due to recent L2 driver changes (bsc#1086283). - RDMA/bnxt_re: Remove redundant bnxt_qplib_disable_nq() call (bsc#1086283). - RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access (bsc#1046306). - RDMA/core: Reduce poll batch for direct cq polling (bsc#1046306). - RDMA/i40iw: Avoid panic when reading back the IRQ affinity hint (bsc#1084001). - RDMA/mlx4: Fix uABI structure layouts for 32/64 compat (bsc#1071218). - RDMA/mlx5: Fix crash while accessing garbage pointer and freed memory (bsc#1046305). - RDMA/mlx5: Protect from NULL pointer derefence (bsc#1046305). - RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS (bsc#1058513). - RDMA/rxe: Fix an out-of-bounds read (bsc#1050662). - RDMA/ucma: Allow resolving address w/o specifying source address (bsc#1046306). - RDMA/ucma: Introduce safer rdma_addr_size() variants (bsc#1046306). - RDMAVT: Fix synchronization around percpu_ref (bsc#1058717). - RDS: Check cmsg_len before dereferencing CMSG_DATA (networking-stable-17_12_31). - README.BRANCH: add Takashi as co-maintainer - Re-sort some patches to match SLE15 - Refresh patches.suse/btrfs-use-kvzalloc-to-allocate-btrfs_fs_info.patch - Fixed References (bsc#1062897). - Remove the old fallback for iTCO/WDAT conflict (bsc#1073960) Now the upstream fix is included, so let's rip off the old trickery. - Revert 'Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174' (bsc#1051510). - Revert 'Remove patces for bug 1087405 due to regression' This reverts commit f91a2ea5192d9e933c41600da5d1543155df381c. - Revert 'ath10k: send (re)assoc peer command when NSS changed' (bsc#1051510). - Revert 'drm/i915/edp: Allow alternate fixed mode for eDP if available.' (bsc#1093604). - Revert 'kernel-binary: do not package extract-cert when not signing modules' This reverts commit 10a8bc496a553b8069d490a8ae7508bdb19f58d9. - Revert 'rt2800: use TXOP_BACKOFF for probe frames' (bsc#1051510). - Revert 'scsi: core: return BLK_STS_OK for DID_OK in __scsi_error_from_host_byte()' (bsc#1099918). - Sort series.conf - USB: Accept bulk endpoints with 1024-byte maxpacket (bsc#1092888). - USB: serial: pl2303: new device id for Chilitag (bsc#1087092). - USB: serial: simple: add Motorola Tetra driver (bsc#1087092). - USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw (bsc#1090888). - Update patches.fixes/vti-fix-use-after-free-in-vti_tunnel_xmit-vti6_tnl_x.patch (bsc#1076830 networking-stable-17_10_09). - Update patches.suse/ceph-quota-add-counter-for-snaprealms-with-quota.patch (bsc#1089115). - Update patches.suse/ceph-quota-add-initial-infrastructure-to-support-cephfs-quotas.patch (bsc#1089115). - Update patches.suse/ceph-quota-cache-inode-pointer-in-ceph_snap_realm.patch (bsc#1089115). - Update patches.suse/ceph-quota-don-t-allow-cross-quota-renames.patch (bsc#1089115). - Update patches.suse/ceph-quota-support-for-ceph-quota-max_bytes.patch (bsc#1089115). - Update patches.suse/ceph-quota-support-for-ceph-quota-max_files.patch (bsc#1089115). - Update patches.suse/ceph-quota-update-mds-when-max_bytes-is-approaching.patch (bsc#1089115). - Update for above change patches.drivers/0003-md-cluster-Suspend-writes-in-RAID10-if-within-range.patch (bsc#1093023). - Update patches.suse/ceph-don-t-check-quota-for-snap-inode.patch (bsc#1089115). - Update patches.suse/ceph-fix-root-quota-realm-check.patch (bsc#1089115). - X.509: fix BUG_ON() when hash algorithm is unsupported (bsc#1051510). - X.509: fix NULL dereference when restricting key with unsupported_sig (bsc#1051510). - X.509: fix comparisons of ->pkey_algo (bsc#1051510). - X.509: reject invalid BIT STRING for subjectPublicKey (bsc#1051510). - acpi, nfit: quiet invalid block-aperture-region warnings (bsc#1091781). - acpi, nfit: rework NVDIMM leaf method detection (bsc#1091782). - acpi: Add helper for deactivating memory region (bsc#1100132). - acpi: nfit: Add support for detect platform CPU cache flush on power loss (bsc#1091424). - acpi: nfit: add persistent memory control flag for nd_region (bsc#1091424). - adding missing rcu_read_unlock in ipxip6_rcv (networking-stable-17_12_31). - af_netlink: ensure that NLMSG_DONE never fails in dumps (networking-stable-17_11_20). - afs: Connect up the CB.ProbeUuid (bsc#1052766). - afs: Fix missing error handling in afs_write_end() (bsc#1052766). - amd-xgbe: Add pre/post auto-negotiation phy hooks (networking-stable-18_04_26). - amd-xgbe: Improve KR auto-negotiation and training (networking-stable-18_04_26). - amd-xgbe: Only use the SFP supported transceiver signals (networking-stable-18_04_26). - amd-xgbe: Restore PCI interrupt enablement setting on resume (networking-stable-18_03_07). - apparmor: fix dangling symlinks to policy rawdata after replacement (bsc#1095893). - apparmor: fix display of .ns_name for containers (bsc#1095893). - apparmor: fix logging of the existence test for signals (bsc#1095893). - apparmor: fix memory leak on buffer on error exit path (bsc#1095893). - arch/*: Kconfig: fix documentation for NMI watchdog (bsc#1099918). - arm/arm64: smccc: Add SMCCC-specific return codes (bsc#1085308). - arm64: Add 'ssbd' command-line option (bsc#1085308). - arm64: Add ARCH_WORKAROUND_2 probing (bsc#1085308). - arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2 (bsc#1085308). - arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1 (bsc#1085308). - arm64: alternatives: Add dynamic patching feature (bsc#1085308). - arm64: fix endianness annotation for __apply_alternatives()/get_alt_insn() (bsc#1085308). - arm64: ssbd: Add global mitigation state accessor (bsc#1085308). - arm64: ssbd: Add prctl interface for per-thread mitigation (bsc#1085308). - arm64: ssbd: Introduce thread flag to control userspace mitigation (bsc#1085308). - arm64: ssbd: Restore mitigation status on CPU resume (bsc#1085308). - arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation (bsc#1085308). - arp: fix arp_filter on l3slave devices (networking-stable-18_04_10). - ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) (bsc#1051510). - ath10k: correct target assert problem due to CE5 stuck (bsc#1051510). - ath10k: search all IEs for variant before falling back (bsc#1051510). - ath9k: fix crash in spectral scan (bsc#1051510). - auxdisplay: fix broken menu (bsc#1051510). - auxdisplay: img-ascii-lcd: Only build on archs that have IOMEM (bsc#1051510). - auxdisplay: img-ascii-lcd: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510). - backlight: as3711_bl: Fix Device Tree node lookup (bsc#1051510). - backlight: max8925_bl: Fix Device Tree node lookup (bsc#1051510). - backlight: tdo24m: Fix the SPI CS between transfers (bsc#1051510). - backlight: tps65217_bl: Fix Device Tree node lookup (bsc#1051510). - bcache: Add __printf annotation to __bch_check_keys() (bsc#1093023). - bcache: Annotate switch fall-through (bsc#1093023). - bcache: Fix a compiler warning in bcache_device_init() (bsc#1093023). - bcache: Fix indentation (bsc#1093023). - bcache: Fix kernel-doc warnings (bsc#1093023). - bcache: Fix, improve efficiency of closure_sync() (bsc#1093023). - bcache: Reduce the number of sparse complaints about lock imbalances (bsc#1093023). - bcache: Remove an unused variable (bsc#1093023). - bcache: Suppress more warnings about set-but-not-used variables (bsc#1093023). - bcache: Use PTR_ERR_OR_ZERO() (bsc#1093023). - bcache: add CACHE_SET_IO_DISABLE to struct cache_set flags (bsc#1093023). - bcache: add backing_request_endio() for bi_end_io (bsc#1093023). - bcache: add io_disable to struct cached_dev (bsc#1093023). - bcache: add journal statistic (bsc#1093023). - bcache: add stop_when_cache_set_failed option to backing device (bsc#1093023). - bcache: add wait_for_kthread_stop() in bch_allocator_thread() (bsc#1093023). - bcache: allow quick writeback when backing idle (bsc#1093023). - bcache: closures: move control bits one bit right (bsc#1093023). - bcache: comment on direct access to bvec table (bsc#1093023). - bcache: correct flash only vols (check all uuids) (bsc#1093023). - bcache: count backing device I/O error for writeback I/O (bsc#1093023). - bcache: fix cached_dev->count usage for bch_cache_set_error() (bsc#1093023). - bcache: fix error return value in memory shrink (bsc#1093023). - bcache: fix for allocator and register thread race (bsc#1093023). - bcache: fix for data collapse after re-attaching an attached device (bsc#1093023). - bcache: fix high CPU occupancy during journal (bsc#1093023). - bcache: fix inaccurate io state for detached bcache devices (bsc#1093023). - bcache: fix incorrect sysfs output value of strip size (bsc#1093023). - bcache: fix kcrashes with fio in RAID5 backend dev (bsc#1093023). - bcache: fix misleading error message in bch_count_io_errors() (bsc#1093023). - bcache: fix unmatched generic_end_io_acct() and generic_start_io_acct() (bsc#1093023). - bcache: fix using of loop variable in memory shrink (bsc#1093023). - bcache: fix writeback target calc on large devices (bsc#1093023). - bcache: fix wrong return value in bch_debug_init() (bsc#1093023). - bcache: mark closure_sync() __sched (bsc#1093023). - bcache: move closure debug file into debug directory (bsc#1093023). - bcache: properly set task state in bch_writeback_thread() (bsc#1093023). - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set (bsc#1093023). - bcache: reduce cache_set devices iteration by devices_max_used (bsc#1093023). - bcache: ret IOERR when read meets metadata error (bsc#1093023). - bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n (bsc#1093023). - bcache: return attach error when no cache set exist (bsc#1093023). - bcache: segregate flash only volume write streams (bsc#1093023). - bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error() (bsc#1093023). - bcache: set dc->io_disable to true in conditional_stop_bcache_device() (bsc#1093023). - bcache: set error_limit correctly (bsc#1093023). - bcache: set writeback_rate_update_seconds in range [1, 60] seconds (bsc#1093023). - bcache: stop dc->writeback_rate_update properly (bsc#1093023). - bcache: stop writeback thread after detaching (bsc#1093023). - bcache: store disk name in struct cache and struct cached_dev (bsc#1093023). - bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set (bsc#1093023). - bcache: writeback: properly order backing device IO (bsc#1093023). - bdi: Fix oops in wb_workfn() (bsc#1052766). - bdi: wake up concurrent wb_shutdown() callers (bsc#1052766). - be2net: Fix HW stall issue in Lancer (bsc#1086288). - be2net: Fix error detection logic for BE3 (bsc#1050252). - be2net: Handle transmit completion errors in Lancer (bsc#1086288). - bfq-iosched: ensure to clear bic/bfqq pointers when preparing request (bsc#1052766). - bfq: Re-enable auto-loading when built as a module (bsc#1099918). - bio-integrity: move the bio integrity profile check earlier in bio_integrity_prep (bsc#1093023). - bitmap: fix memset optimization on big-endian systems (bsc#1051510). - bitops: Introduce assign_bit() (bsc#1093023). - blacklist.conf: blacklist further commits not needed (bsc#1085933, bsc#1085938, bsc#1085939) - blacklist.conf: blacklist tools specific change bsc#1085941 - blk-mq-debugfs: fix device sched directory for default scheduler (bsc#1099918). - blk-mq: do not keep offline CPUs mapped to hctx 0 (bsc#1099918). - blk-mq: make sure hctx->next_cpu is set correctly (bsc#1099918). - blk-mq: make sure that correct hctx->next_cpu is set (bsc#1099918). - blk-mq: reinit q->tag_set_list entry only after grace period (bsc#1099918). - blk-mq: simplify queue mapping and schedule with each possisble CPU (bsc#1099918). - block, bfq: add missing invocations of bfqg_stats_update_io_add/remove (bsc#1099918). - block, bfq: fix occurrences of request finish method's old name (bsc#1099918). - block, bfq: put async queues for root bfq groups too (bsc#1052766). - block/loop: fix deadlock after loop_set_status (bsc#1052766). - block/swim: Remove extra put_disk() call from error path (bsc#1099918). - block: Add comment to submit_bio_wait() (bsc#1093023). - block: Fix __bio_integrity_endio() documentation (bsc#1099918). - block: Fix cloning of requests with a special payload (bsc#1099918). - block: Set BIO_TRACE_COMPLETION on new bio during split (bsc#1052766). - block: cope with WRITE ZEROES failing in blkdev_issue_zeroout() (bsc#1099918). - block: factor out __blkdev_issue_zero_pages() (bsc#1099918). - block: sed-opal: Fix a couple off by one bugs (bsc#1099918). - bnx2x: Collect the device debug information during Tx timeout (bsc#1086323). - bnx2x: Deprecate pci_get_bus_and_slot() (bsc#1086323). - bnx2x: Replace doorbell barrier() with wmb() (bsc#1086323). - bnx2x: Use NETIF_F_GRO_HW (bsc#1086323). - bnx2x: Use pci_ari_enabled() instead of local copy (bsc#1086323). - bnx2x: fix slowpath null crash (bsc#1086323). - bnx2x: fix spelling mistake: 'registeration' -> 'registration' (bsc#1086323). - bnx2x: use the right constant (bsc#1086323). - bnxt_en: Add BCM5745X NPAR device IDs (bsc#1086282). - bnxt_en: Add IRQ remapping logic (bsc#1086282). - bnxt_en: Add TC to hardware QoS queue mapping logic (bsc#1086282). - bnxt_en: Add ULP calls to stop and restart IRQs (bsc#1086282). - bnxt_en: Add cache line size setting to optimize performance (bsc#1086282). - bnxt_en: Add extended port statistics support (bsc#1086282). - bnxt_en: Add support for ndo_set_vf_trust (bsc#1086282). - bnxt_en: Add the new firmware API to query hardware resources (bsc#1086282). - bnxt_en: Adjust default rings for multi-port NICs (bsc#1086282). - bnxt_en: Always forward VF MAC address to the PF (bsc#1086282). - bnxt_en: Change IRQ assignment for RDMA driver (bsc#1086282). - bnxt_en: Check max_tx_scheduler_inputs value from firmware (bsc#1086282). - bnxt_en: Check the lengths of encapsulated firmware responses (bsc#1086282). - bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only (bsc#1086282). - bnxt_en: Display function level rx/tx_discard_pkts via ethtool (bsc#1086282). - bnxt_en: Do not allow VF to read EEPROM (bsc#1086282). - bnxt_en: Do not reserve rings on VF when min rings were not provisioned by PF (bsc#1086282). - bnxt_en: Do not set firmware time from VF driver on older firmware (bsc#1086282). - bnxt_en: Eliminate duplicate barriers on weakly-ordered archs (bsc#1086282). - bnxt_en: Expand bnxt_check_rings() to check all resources (bsc#1086282). - bnxt_en: Fix NULL pointer dereference at bnxt_free_irq() (bsc#1086282). - bnxt_en: Fix ethtool -x crash when device is down (bsc#1086282). - bnxt_en: Fix firmware message delay loop regression (bsc#1086282). - bnxt_en: Fix regressions when setting up MQPRIO TX rings (bsc#1086282). - bnxt_en: Fix vnic accounting in the bnxt_check_rings() path (bsc#1086282). - bnxt_en: Forward VF MAC address to the PF (bsc#1086282). - bnxt_en: Ignore src port field in decap filter nodes (bsc#1050242). - bnxt_en: Implement new method for the PF to assign SRIOV resources (bsc#1086282). - bnxt_en: Implement new method to reserve rings (bsc#1086282). - bnxt_en: Improve resource accounting for SRIOV (bsc#1086282). - bnxt_en: Improve ring allocation logic (bsc#1086282). - bnxt_en: Improve valid bit checking in firmware response message (bsc#1086282). - bnxt_en: Include additional hardware port statistics in ethtool -S (bsc#1086282). - bnxt_en: Increase RING_IDLE minimum threshold to 50 (bsc#1086282). - bnxt_en: Need to include RDMA rings in bnxt_check_rings() (bsc#1086282). - bnxt_en: Pass complete VLAN TCI to the stack (bsc#1086282). - bnxt_en: Read phy eeprom A2h address only when optical diagnostics is supported (bsc#1086282). - bnxt_en: Refactor bnxt_close_nic() (bsc#1086282). - bnxt_en: Refactor bnxt_need_reserve_rings() (bsc#1086282). - bnxt_en: Refactor hardware resource data structures (bsc#1086282). - bnxt_en: Refactor the functions to reserve hardware rings (bsc#1086282). - bnxt_en: Remap TC to hardware queues when configuring PFC (bsc#1086282). - bnxt_en: Reserve RSS and L2 contexts for VF (bsc#1086282). - bnxt_en: Reserve completion rings and MSIX for bnxt_re RDMA driver (bsc#1086282). - bnxt_en: Reserve resources for RFS (bsc#1086282). - bnxt_en: Reserve rings at driver open if none was reserved at probe time (bsc#1086282). - bnxt_en: Reserve rings in bnxt_set_channels() if device is down (bsc#1086282). - bnxt_en: Restore MSIX after disabling SRIOV (bsc#1086282). - bnxt_en: Set initial default RX and TX ring numbers the same in combined mode (bsc#1086282). - bnxt_en: Simplify ring alloc/free error messages (bsc#1086282). - bnxt_en: Support max-mtu with VF-reps (bsc#1086282). - bnxt_en: Update firmware interface to 1.9.0 (bsc#1086282). - bnxt_en: Update firmware interface to 1.9.1.15 (bsc#1086282). - bnxt_en: Use a dedicated VNIC mode for RDMA (bsc#1086282). - bnxt_en: close and open NIC, only when the interface is in running state (bsc#1086282). - bnxt_en: do not allow wildcard matches for L2 flows (bsc#1050242). - bnxt_en: export a common switchdev PARENT_ID for all reps of an adapter (bsc#1086282). - bnxt_en: fix clear flags in ethtool reset handling (bsc#1050242). - bnxt_en: reduce timeout on initial HWRM calls (bsc#1086282). - bonding: discard lowest hash bit for 802.3ad layer3+4 (networking-stable-17_11_20). - bonding: do not set slave_dev npinfo before slave_enable_netpoll in bond_enslave (networking-stable-18_04_26). - bonding: fix the err path for dev hwaddr sync in bond_enslave (networking-stable-18_04_10). - bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave (networking-stable-18_04_10). - bonding: process the err returned by dev_set_allmulti properly in bond_enslave (networking-stable-18_04_10). - bonding: send learning packets for vlans on slave (networking-stable-18_05_15). - bpf, ppc64: fix out of bounds access in tail call (bsc#1083647). - bpf, x64: fix memleak when not converging after image (bsc#1083647). - bpf: add schedule points in percpu arrays management (bsc#1083647). - bpf: fix bpf_skb_adjust_net/bpf_skb_proto_xlat to deal with gso sctp skbs (bsc#1076830). - bpf: fix mlock precharge on arraymaps (bsc#1083647). - bpf: make bnxt compatible w/ bpf_xdp_adjust_tail (bsc#1086282). - bpf: properly enforce index mask to prevent out-of-bounds speculation (bsc#1098425). - brcmfmac: Fix check for ISO3166 code (bsc#1051510). - brd: fix overflow in __brd_direct_access (bsc#1052766). - bridge: check iface upper dev when setting master via ioctl (networking-stable-18_05_15). - Btrfs: Take trans lock before access running trans in check_delayed_ref (bsc#1097105). - Btrfs: return error value if create_io_em failed in cow_file_range (bsc#1097105). - can: af_can: can_pernet_init(): add missing error handling for kzalloc returning NULL (bsc#1051510). - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once (bsc#1051510). - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once (bsc#1051510). - can: c_can: do not indicate triple sampling support for D_CAN (bsc#1051510). - can: cc770: Fix queue stall and dropped RTR reply (bsc#1051510). - can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack (bsc#1051510). - can: cc770: Fix use after free in cc770_tx_interrupt() (bsc#1051510). - can: ems_usb: cancel urb on -EPIPE and -EPROTO (bsc#1051510). - can: esd_usb2: Fix can_dlc value for received RTR, frames (bsc#1051510). - can: esd_usb2: cancel urb on -EPIPE and -EPROTO (bsc#1051510). - can: flex_can: Correct the checking for frame length in flexcan_start_xmit() (bsc#1051510). - can: flexcan: fix VF610 state transition issue (bsc#1051510). - can: flexcan: fix i.MX28 state transition issue (bsc#1051510). - can: flexcan: fix i.MX6 state transition issue (bsc#1051510). - can: flexcan: fix p1010 state transition issue (bsc#1051510). - can: flexcan: fix state transition regression (bsc#1051510). - can: flexcan: implement error passive state quirk (bsc#1051510). - can: flexcan: rename legacy error state quirk (bsc#1051510). - can: gs_usb: fix busy loop if no more TX context is available (bsc#1051510). - can: gs_usb: fix return value of the 'set_bittiming' callback (bsc#1051510). - can: hi311x: Acquire SPI lock on ->do_get_berr_counter (bsc#1051510). - can: hi311x: Work around TX complete interrupt erratum (bsc#1051510). - can: ifi: Check core revision upon probe (bsc#1051510). - can: ifi: Fix transmitter delay calculation (bsc#1051510). - can: ifi: Repair the error handling (bsc#1051510). - can: kvaser_usb: Correct return value in printout (bsc#1051510). - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() (bsc#1051510). - can: kvaser_usb: Ignore CMD_FLUSH_QUEUE_REPLY messages (bsc#1051510). - can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() (bsc#1051510). - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO (bsc#1051510). - can: kvaser_usb: free buf in error paths (bsc#1051510). - can: kvaser_usb: ratelimit errors if incomplete messages are received (bsc#1051510). - can: mcba_usb: cancel urb on -EPROTO (bsc#1051510). - can: mcba_usb: fix device disconnect bug (bsc#1051510). - can: peak/pci: fix potential bug when probe() fails (bsc#1051510). - can: peak/pcie_fd: fix echo_skb is occupied! bug (bsc#1051510). - can: peak/pcie_fd: fix potential bug in restarting tx queue (bsc#1051510). - can: peak/pcie_fd: remove useless code when interface starts (bsc#1051510). - can: peak: Add support for new PCIe/M2 CAN FD interfaces (bsc#1051510). - can: peak: fix potential bug in packet fragmentation (bsc#1051510). - can: sun4i: fix loopback mode (bsc#1051510). - can: sun4i: handle overrun in RX FIFO (bsc#1051510). - can: ti_hecc: Fix napi poll return value for repoll (bsc#1051510). - can: usb_8dev: cancel urb on -EPIPE and -EPROTO (bsc#1051510). - can: vxcan: improve handling of missing peer name attribute (bsc#1051510). - cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN (networking-stable-18_04_13). - cdrom: information leak in cdrom_ioctl_media_changed() (bsc#1051510). - ceph: adding protection for showing cap reservation info (bsc#1089115). - ceph: always update atime/mtime/ctime for new inode (bsc#1089115). - ceph: change variable name to follow common rule (bsc#1089115). - ceph: check if mds create snaprealm when setting quota (bsc#1089115). - ceph: do not wait on writeback when there is no more dirty pages (bsc#1089115). - ceph: filter out used flags when printing unused open flags (bsc#1089115). - ceph: fix alignment of rasize (bsc#1098236). - ceph: fix dentry leak in splice_dentry() (bsc#1098236). - ceph: fix invalid point dereference for error case in mdsc destroy (bsc#1089115). - ceph: fix rsize/wsize capping in ceph_direct_read_write() (bsc#1089115). - ceph: fix st_nlink stat for directories (bsc#1093904). - ceph: fix use-after-free in ceph_statfs() (bsc#1098236). - ceph: fix wrong check for the case of updating link count (bsc#1098236). - ceph: keep consistent semantic in fscache related option combination (bsc#1089115). - ceph: mark the cap cache as unreclaimable (bsc#1089115). - ceph: optimize mds session register (bsc#1089115). - ceph: optimize memory usage (bsc#1089115). - ceph: optimizing cap allocation (bsc#1089115). - ceph: optimizing cap reservation (bsc#1089115). - ceph: prevent i_version from going back (bsc#1098236). - ceph: quota: report root dir quota usage in statfs (bsc#1089115). - ceph: release unreserved caps if having enough available caps (bsc#1089115). - ceph: return proper bool type to caller instead of pointer (bsc#1089115). - ceph: support file lock on directory (bsc#1098236). - ceph: use seq_show_option for string type options (bsc#1089115). - cfg80211: clear wep keys after disconnection (bsc#1051510). - cfg80211: further limit wiphy names to 64 bytes (bsc#1051510). - cfg80211: limit wiphy names to 128 bytes (bsc#1051510). - cgroup: Fix deadlock in cpu hotplug path (Git-fixes). - cgroup: Reinit cgroup_taskset structure before cgroup_migrate_execute() returns (Git-fixes). - cifs: Check for timeout on Negotiate stage (bsc#1091171). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734). - config: arm64: enable Spectre-v4 per-thread mitigation - coresight: Fix disabling of CoreSight TPIU (bsc#1051510). - cpufreq: intel_pstate: Add HWP boost utility and sched util hooks (bsc#1066110). - cpufreq: intel_pstate: Fix scaling max/min limits with Turbo 3.0 (bsc#1051510). - cpufreq: intel_pstate: HWP boost performance on IO wakeup (bsc#1066110). - cpufreq: intel_pstate: New sysfs entry to control HWP boost (bsc#1066110). - cpufreq: intel_pstate: enable boost for Skylake Xeon (bsc#1066110). - cpufreq: schedutil: Avoid using invalid next_freq (git-fixes). - cpuidle: fix broadcast control when broadcast can not be entered (Git-fixes). - cros_ec: fix nul-termination for firmware build info (bsc#1051510). - crypto: AF_ALG - remove SGL terminator indicator when chaining (bsc#1051510). - crypto: aes-generic - build with -Os on gcc-7+ (bsc#1051510). - crypto: aes-generic - fix aes-generic regression on powerpc (bsc#1051510). - crypto: af_alg - fix possible uninit-value in alg_bind() (bsc#1051510). - crypto: ahash - Fix early termination in hash walk (bsc#1051510). - crypto: arm,arm64 - Fix random regeneration of S_shipped (bsc#1051510). - crypto: atmel-aes - fix the keys zeroing on errors (bsc#1051510). - crypto: caam - Fix null dereference at error path (bsc#1051510). - crypto: caam - fix DMA mapping dir for generated IV (bsc#1051510). - crypto: caam - fix IV DMA mapping and updating (bsc#1051510). - crypto: caam - fix incorrect define (bsc#1051510). - crypto: caam - strip input zeros from RSA input buffer (bsc#1051510). - crypto: caam/qi - fix IV DMA mapping and updating (bsc#1051510). - crypto: caam/qi - fix IV DMA mapping and updating (bsc#1051510). - crypto: ccp - Fix sparse, use plain integer as NULL pointer (git-fixes 200664d5237f). - crypto: drbg - set freed buffers to NULL (bsc#1051510). - crypto: lrw - Free rctx->ext with kzfree (bsc#1051510). - crypto: omap-sham - fix memleak (bsc#1051510). - crypto: qat - remove unused and redundant pointer vf_info (bsc#1051510). - crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss (bsc#1051510). - crypto: vmx - Remove overly verbose printk from AES XTS init (bsc#1051510). - crypto: vmx - Remove overly verbose printk from AES init routines (bsc#1051510). - crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one (bsc#1051510). - cxgb4: Correct ntuple mask validation for hash filters (bsc#1064802 bsc#1066129). - cxgb4: fix error return code in adap_init0() (bsc#1064802 bsc#1066129). - cxgb4: fix offset in collecting TX rate limit info (bsc#1073513). - cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages (bsc#1046542). - dax, dm: allow device-mapper to operate without dax support (bsc#1093023). - dax: check for QUEUE_FLAG_DAX in bdev_dax_supported() (bsc#1101315). - dccp: do not restart ccid2_hc_tx_rto_expire() if sk in closed state (networking-stable-18_01_28). - dccp: fix tasklet usage (networking-stable-18_05_15). - delayacct: Account blkio completion on the correct task (bsc#1052766). - dell_rbu: make firmware payload memory uncachable (bsc#1087978). - device-dax: allow MAP_SYNC to succeed (bsc#1052766). - devlink: Remove redundant free on error path (networking-stable-18_03_28). - direct-io: Prevent NULL pointer access in submit_page_section (bsc#1052766). - disable patches.drivers/s390-qeth-use-Read-device-to-query-hypervisor-for-MA.patch Backport of mainline commit b7493e91c11a ('s390/qeth: use Read device to query hypervisor for MAC') changes assigned MAC address (and breaks networking) on one of our machines and it's not clear which address is actually correct (bsc#1094575). - dlm: fix a clerical error when set SCTP_NODELAY (bsc#1091594). - dlm: make sctp_connect_to_sock() return in specified time (bsc#1080542). - dlm: remove O_NONBLOCK flag in sctp_connect_to_sock (bsc#1080542). - dm btree: fix serious bug in btree_split_beneath() (bsc#1093023). - dm bufio: add missed destroys of client mutex (bsc#1093023). - dm bufio: check result of register_shrinker() (bsc#1093023). - dm bufio: delete outdated comment (bsc#1093023). - dm bufio: do not embed a bio in the dm_buffer structure (bsc#1093023). - dm bufio: eliminate unnecessary labels in dm_bufio_client_create() (bsc#1093023). - dm bufio: fix buffer alignment (bsc#1093023). - dm bufio: fix integer overflow when limiting maximum cache size (bsc#1093023). - dm bufio: fix shrinker scans when (nr_to_scan lower than retain_target) (bsc#1093023). - dm bufio: get rid of slab cache name allocations (bsc#1093023). - dm bufio: move dm-bufio.h to include/linux/ (bsc#1093023). - dm bufio: relax alignment constraint on slab cache (bsc#1093023). - dm bufio: remove code that merges slab caches (bsc#1093023). - dm bufio: reorder fields in dm_buffer structure (bsc#1093023). - dm bufio: support non-power-of-two block sizes (bsc#1093023). - dm bufio: use REQ_OP_READ and REQ_OP_WRITE (bsc#1093023). - dm bufio: use slab cache for dm_buffer structure allocations (bsc#1093023). - dm cache background tracker: limit amount of background work that may be issued at once (bsc#1093023). - dm cache policy smq: allocate cache blocks in order (bsc#1093023). - dm cache policy smq: change max background work from 10240 to 4096 blocks (bsc#1093023). - dm cache policy smq: handle races with queuing background_work (bsc#1093023). - dm cache policy smq: take origin idle status into account when queuing writebacks (bsc#1093023). - dm cache: convert dm_cache_metadata.ref_count from atomic_t to refcount_t (bsc#1093023). - dm cache: fix race condition in the writeback mode overwrite_bio optimisation (bsc#1093023). - dm cache: lift common migration preparation code to alloc_migration() (bsc#1093023). - dm cache: pass cache structure to mode functions (bsc#1093023). - dm cache: remove all obsolete writethrough-specific code (bsc#1093023). - dm cache: remove usused deferred_cells member from struct cache (bsc#1093023). - dm cache: simplify get_per_bio_data() by removing data_size argument (bsc#1093023). - dm cache: submit writethrough writes in parallel to origin and cache (bsc#1093023). - dm crypt: allow unaligned bv_offset (bsc#1093023). - dm crypt: fix crash by adding missing check for auth key size (bsc#1093023). - dm crypt: fix error return code in crypt_ctr() (bsc#1093023). - dm crypt: fix memory leak in crypt_ctr_cipher_old() (bsc#1093023). - dm crypt: limit the number of allocated pages (bsc#1093023). - dm crypt: reject sector_size feature if device length is not aligned to it (bsc#1093023). - dm crypt: remove BIOSET_NEED_RESCUER flag (bsc#1093023). - dm crypt: wipe kernel key copy after IV initialization (bsc#1093023). - dm flakey: check for null arg_name in parse_features() (bsc#1093023). - dm integrity: allow unaligned bv_offset (bsc#1093023). - dm integrity: count and display checksum failures (bsc#1093023). - dm integrity: do not check integrity for failed read operations (bsc#1093023). - dm integrity: do not store cipher request on the stack (bsc#1093023). - dm integrity: fail early if required HMAC key is not available (bsc#1093023). - dm integrity: make blk_integrity_profile structure const (bsc#1093023). - dm integrity: optimize writing dm-bufio buffers that are partially changed (bsc#1093023). - dm integrity: use init_completion instead of COMPLETION_INITIALIZER_ONSTACK (bsc#1093023). - dm integrity: use kvfree for kvmalloc'd memory (bsc#1099918). - dm io: remove BIOSET_NEED_RESCUER flag from bios bioset (bsc#1093023). - dm ioctl: constify ioctl lookup table (bsc#1093023). - dm log writes: add support for DAX (bsc#1093023). - dm log writes: add support for inline data buffers (bsc#1093023). - dm log writes: do not use all the cpu while waiting to log blocks (bsc#1093023). - dm log writes: fix >512b sectorsize support (bsc#1093023). - dm log writes: fix max length used for kstrndup (bsc#1093023). - dm log writes: record metadata flag for better flags record (bsc#1093023). - dm mpath: fix bio-based multipath queue_if_no_path handling (bsc#1099918). - dm raid: add component device size checks to avoid runtime failure (bsc#1093023). - dm raid: avoid passing array_in_sync variable to raid_status() callees (bsc#1093023). - dm raid: bump target version to reflect numerous fixes (bsc#1093023). - dm raid: consume sizes after md_finish_reshape() completes changing them (bsc#1093023). - dm raid: correct resizing state relative to reshape space in ctr (bsc#1093023). - dm raid: display a consistent copy of the MD status via raid_status() (bsc#1093023). - dm raid: do not use 'const' in function return (bsc#1099918). - dm raid: ensure 'a' chars during reshape (bsc#1093023). - dm raid: fix deadlock caused by premature md_stop_writes() (bsc#1093023). - dm raid: fix incorrect status output at the end of a 'recover' process (bsc#1093023). - dm raid: fix incorrect sync_ratio when degraded (bsc#1093023). - dm raid: fix nosync status (bsc#1093023). - dm raid: fix panic when attempting to force a raid to sync (bsc#1093023). - dm raid: fix parse_raid_params() variable range issue (bsc#1093023). - dm raid: fix raid set size revalidation (bsc#1093023). - dm raid: fix raid_resume() to keep raid set frozen as needed (bsc#1093023). - dm raid: fix rs_get_progress() synchronization state/ratio (bsc#1093023). - dm raid: make raid_sets symbol static (bsc#1093023). - dm raid: simplify rs_get_progress() (bsc#1093023). - dm raid: small cleanup and remove unsed 'struct raid_set' member (bsc#1093023). - dm raid: stop keeping raid set frozen altogether (bsc#1093023). - dm raid: use rs_is_raid*() (bsc#1093023). - dm raid: validate current raid sets redundancy (bsc#1093023). - dm rq: do not update rq partially in each ending bio (bsc#1093023). - dm rq: make dm-sq requeuing behavior consistent with dm-mq behavior (bsc#1093023). - dm space map metadata: use ARRAY_SIZE (bsc#1093023). - dm stripe: get rid of a Variable Length Array (VLA) (bsc#1093023). - dm table: fix regression from improper dm_dev_internal.count refcount_t conversion (bsc#1093023). - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 (bsc#1093023). - dm thin: fix trailing semicolon in __remap_and_issue_shared_cell (bsc#1093023). - dm zoned: avoid triggering reclaim from inside dmz_map() (bsc#1099918). - dm zoned: ignore last smaller runt zone (bsc#1093023). - dm-crypt: do not clear bvec->bv_page in crypt_free_buffer_pages() (bsc#1093023). - dm-crypt: do not mess with BIP_BLOCK_INTEGRITY (bsc#1093023). - dm-raid: fix a race condition in request handling (bsc#1093023). - dm: backfill missing calls to mutex_destroy() (bsc#1093023). - dm: clear all discard attributes in queue_limits when discards are disabled (bsc#1093023). - dm: convert DM printk macros to pr level macros (bsc#1099918). - dm: convert dm_dev_internal.count from atomic_t to refcount_t (bsc#1093023). - dm: convert table_device.count from atomic_t to refcount_t (bsc#1093023). - dm: correctly handle chained bios in dec_pending() (bsc#1093023). - dm: discard support requires all targets in a table support discards (bsc#1093023). - dm: do not set 'discards_supported' in targets that do not need it (bsc#1093023). - dm: ensure bio submission follows a depth-first tree walk (bsc#1093023). - dm: ensure bio-based DM's bioset and io_pool support targets' maximum IOs (bsc#1093023). - dm: fix __send_changing_extent_only() to send first bio and chain remainder (bsc#1093023). - dm: fix comment above dm_accept_partial_bio (bsc#1093023). - dm: fix printk() rate limiting code (bsc#1099918). - dm: fix various targets to dm_register_target after module __init resources created (bsc#1093023). - dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE (bsc#1093023). - dm: move dm_table_destroy() to same header as dm_table_create() (bsc#1093023). - dm: remove BIOSET_NEED_RESCUER based dm_offload infrastructure (bsc#1093023). - dm: remove stale comment blocks (bsc#1093023). - dm: remove unused 'num_write_bios' target interface (bsc#1093023). - dm: remove unused macro DM_MOD_NAME_SIZE (bsc#1093023). - dm: rename 'bio' member of dm_io structure to 'orig_bio' (bsc#1093023). - dm: safely allocate multiple bioset bios (bsc#1093023). - dm: set QUEUE_FLAG_DAX accordingly in dm_table_set_restrictions() (bsc#1093023). - dm: simplify start of block stats accounting for bio-based (bsc#1093023). - dm: small cleanup in dm_get_md() (bsc#1093023). - dm: use bio_split() when splitting out the already processed bio (bsc#1099918). - dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved (bsc#1051510). - dmaengine: at_xdmac: fix rare residue corruption (bsc#1051510). - dmaengine: dmatest: fix container_of member in dmatest_callback (bsc#1051510). - dmaengine: dmatest: move callback wait queue to thread context (bsc#1051510). - dmaengine: dmatest: warn user when dma test times out (bsc#1051510). - dmaengine: edma: Align the memcpy acnt array size with the transfer (bsc#1051510). - dmaengine: ioat: Fix error handling path (bsc#1051510). - dmaengine: jz4740: disable/unprepare clk if probe fails (bsc#1051510). - dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type (bsc#1051510). - dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63 (bsc#1051510). - dmaengine: ti-dma-crossbar: Fix possible race condition with dma_inuse (bsc#1051510). - docs: disable KASLR when debugging kernel (bsc#1051510). - dpaa_eth: increment the RX dropped counter when needed (networking-stable-18_03_28). - dpaa_eth: remove duplicate increment of the tx_errors counter (networking-stable-18_03_28). - dpaa_eth: remove duplicate initialization (networking-stable-18_03_28). - drbd: Fix drbd_request_prepare() discard handling (bsc#1099918). - driver core: Do not ignore class_dir_create_and_add() failure (bsc#1051510). - driver core: Move device_links_purge() after bus_remove_device() (bsc#1099918). - drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4 (bsc#1046306). - drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4 (bsc#1046306). - drivers: net: bnx2x: use setup_timer() helper (bsc#1086323). - drm/amd/powerplay: Fix enum mismatch (bsc#1051510). - drm/amdgpu/sdma: fix mask in emit_pipeline_sync (bsc#1051510). - drm/amdgpu/si: implement get/set pcie_lanes asic callback (bsc#1051510). - drm/amdgpu: Add APU support in vi_set_uvd_clocks (bsc#1051510). - drm/amdgpu: Add APU support in vi_set_vce_clocks (bsc#1051510). - drm/amdgpu: Add an ATPX quirk for hybrid laptop (bsc#1051510). - drm/amdgpu: Fix PCIe lane width calculation (bsc#1051510). - drm/amdgpu: Fix always_valid bos multiple LRU insertions (bsc#1051510). - drm/amdgpu: Fix deadlock on runtime suspend (bsc#1051510). - drm/amdgpu: Use kvmalloc_array for allocating VRAM manager nodes array (bsc#1051510). - drm/amdgpu: adjust timeout for ib_ring_tests(v2) (bsc#1051510). - drm/amdgpu: disable GFX ring and disable PQ wptr in hw_fini (bsc#1051510). - drm/amdgpu: set COMPUTE_PGM_RSRC1 for SGPR/VGPR clearing shaders (bsc#1051510). - drm/amdkfd: fix clock counter retrieval for node without GPU (bsc#1051510). - drm/armada: fix leak of crtc structure (bsc#1051510). - drm/ast: Fixed 1280x800 Display Issue (bsc#1051510). - drm/atmel-hlcdc: check stride values in the first plane (bsc#1051510). - drm/atomic: Clean old_state/new_state in drm_atomic_state_default_clear() (bsc#1051510). - drm/atomic: Clean private obj old_state/new_state in drm_atomic_state_default_clear() (bsc#1051510). - drm/bridge: analogix dp: Fix runtime PM state in get_modes() callback (bsc#1051510). - drm/bridge: tc358767: do no fail on hi-res displays (bsc#1051510). - drm/bridge: tc358767: filter out too high modes (bsc#1051510). - drm/bridge: tc358767: fix 1-lane behavior (bsc#1051510). - drm/bridge: tc358767: fix AUXDATAn registers access (bsc#1051510). - drm/bridge: tc358767: fix DP0_MISC register set (bsc#1051510). - drm/bridge: tc358767: fix timing calculations (bsc#1051510). - drm/bridge: vga-dac: Fix edid memory leak (bsc#1051510). - drm/dumb-buffers: Integer overflow in drm_mode_create_ioctl() (bsc#1051510). - drm/exynos/dsi: mask frame-done interrupt (bsc#1051510). - drm/exynos: Allow DRM_EXYNOS on s5pv210 (bsc#1051510). - drm/exynos: Fix default value for zpos plane property (bsc#1051510). - drm/exynos: fix comparison to bitshift when dealing with a mask (bsc#1051510). - drm/exynos: g2d: use monotonic timestamps (bsc#1051510). - drm/fsl-dcu: enable IRQ before drm_atomic_helper_resume() (bsc#1051510). - drm/hisilicon: Ensure LDI regs are properly configured (bsc#1051510). - drm/i915/audio: Fix audio detection issue on GLK (bsc#1051510). - drm/i915/audio: set minimum CD clock to twice the BCLK (bsc#1095265). - drm/i915/bios: filter out invalid DDC pins from VBT child devices (bsc#1051510). - drm/i915/execlists: Use rmb() to order CSB reads (bsc#1051510). - drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk (bsc#1051510). - drm/i915/glk: Add MODULE_FIRMWARE for Geminilake (bsc#1095265). - drm/i915/gvt: fix memory leak of a cmd_entry struct on error exit path (bsc#1051510). - drm/i915/gvt: throw error on unhandled vfio ioctls (bsc#1051510). - drm/i915/lvds: Move acpi lid notification registration to registration phase (bsc#1051510). - drm/i915/psr: Chase psr.enabled only under the psr.lock (bsc#1051510). - drm/i915/userptr: reject zero user_size (bsc#1051510). - drm/i915: Adjust eDP's logical vco in a reliable place (bsc#1095265). - drm/i915: Apply batch location restrictions before pinning (bsc#1051510). - drm/i915: Call i915_perf_fini() on init_hw error unwind (bsc#1051510). - drm/i915: Disable LVDS on Radiant P845 (bsc#1051510). - drm/i915: Do no use kfree() to free a kmem_cache_alloc() return value (bsc#1051510). - drm/i915: Do not request a bug report for unsafe module parameters (bsc#1051510). - drm/i915: Enable display WA#1183 from its correct spot (bsc#1051510). - drm/i915: Enable provoking vertex fix on Gen9 systems (bsc#1051510). - drm/i915: Fix LSPCON TMDS output buffer enabling from low-power state (bsc#1051510). - drm/i915: Fix context ban and hang accounting for client (bsc#1051510). - drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log (bsc#1051510). - drm/i915: Remove stale asserts from i915_gem_find_active_request() (bsc#1051510). - drm/i915: Remove stale asserts from i915_gem_find_active_request() (bsc#1051510). - drm/i915: Remove unbannable context spam from reset (bsc#1051510). - drm/i915: Restore planes after load detection (bsc#1051510). - drm/i915: Restore planes after load detection (bsc#1051510). - drm/i915: Try GGTT mmapping whole object as partial (bsc#1051510). - drm/imx: move arming of the vblank event to atomic_flush (bsc#1051510). - drm/meson: Fix an un-handled error path in 'meson_drv_bind_master()' (bsc#1051510). - drm/meson: Fix some error handling paths in 'meson_drv_bind_master()' (bsc#1051510). - drm/meson: fix vsync buffer update (bsc#1051510). - drm/msm/dsi: use correct enum in dsi_get_cmd_fmt (bsc#1051510). - drm/msm: Fix possible null dereference on failure of get_pages() (bsc#1051510). - drm/msm: do not deref error pointer in the msm_fbdev_create error path (bsc#1100209). - drm/msm: fix leak in failed get_pages (bsc#1051510). - drm/nouveau/bar/gf100: add config option to limit BAR2 to 16MiB (bsc#1095094). - drm/nouveau/bios/iccsense: rails for power sensors have a mask of 0xf8 for version 0x10 (bsc#1095094). - drm/nouveau/bios/init: add a new devinit script interpreter entry-point (bsc#1095094). - drm/nouveau/bios/init: add or/link args separate from output path (bsc#1095094). - drm/nouveau/bios/init: bump script offset to 32-bits (bsc#1095094). - drm/nouveau/bios/init: remove internal use of nvbios_init.bios (bsc#1095094). - drm/nouveau/bios/init: rename 'crtc' to 'head' (bsc#1095094). - drm/nouveau/bios/init: rename nvbios_init() to nvbios_devinit() (bsc#1095094). - drm/nouveau/bios/volt: Parse min and max for Version 0x40 (bsc#1095094). - drm/nouveau/bios: Demote missing fp table message to NV_DEBUG (bsc#1095094). - drm/nouveau/bl: fix backlight regression (bsc#1095094). - drm/nouveau/devinit: use new devinit script interpreter entry-point (bsc#1095094). - drm/nouveau/disp/dp: determine a failsafe link training rate (bsc#1095094). - drm/nouveau/disp/dp: determine link bandwidth requirements from head state (bsc#1095094). - drm/nouveau/disp/dp: no need for lt_state except during manual link training (bsc#1095094). - drm/nouveau/disp/dp: only check for re-train when the link is active (bsc#1095094). - drm/nouveau/disp/dp: remove DP_PWR method (bsc#1095094). - drm/nouveau/disp/dp: store current link configuration in nvkm_ior (bsc#1095094). - drm/nouveau/disp/dp: train link only when actively displaying an image (bsc#1095094). - drm/nouveau/disp/dp: use cached link configuration when checking link status (bsc#1095094). - drm/nouveau/disp/dp: use new devinit script interpreter entry-point (bsc#1095094). - drm/nouveau/disp/g84-: Extend NVKM HDMI power control method to set InfoFrames (bsc#1095094). - drm/nouveau/disp/g84-: port OR HDMI control to nvkm_ior (bsc#1095094). - drm/nouveau/disp/g84-gt200: Use supplied HDMI InfoFrames (bsc#1095094). - drm/nouveau/disp/g94-: port OR DP drive setting control to nvkm_ior (bsc#1095094). - drm/nouveau/disp/g94-: port OR DP lane mapping to nvkm_ior (bsc#1095094). - drm/nouveau/disp/g94-: port OR DP link power control to nvkm_ior (bsc#1095094). - drm/nouveau/disp/g94-: port OR DP link setup to nvkm_ior (bsc#1095094). - drm/nouveau/disp/g94-: port OR DP training pattern control to nvkm_ior (bsc#1095094). - drm/nouveau/disp/gf119-: avoid creating non-existent heads (bsc#1095094). - drm/nouveau/disp/gf119-: port OR DP VCPI control to nvkm_ior (bsc#1095094). - drm/nouveau/disp/gf119: Use supplied HDMI InfoFrames (bsc#1095094). - drm/nouveau/disp/gf119: add missing drive vfunc ptr (bsc#1095094). - drm/nouveau/disp/gk104-: Use supplied HDMI InfoFrames (bsc#1095094). - drm/nouveau/disp/gm200-: allow non-identity mapping of SOR != macro links (bsc#1095094). - drm/nouveau/disp/gt215-: port HDA ELD controls to nvkm_ior (bsc#1095094). - drm/nouveau/disp/gt215: Use supplied HDMI InfoFrames (bsc#1095094). - drm/nouveau/disp/nv04: avoid creation of output paths (bsc#1095094). - drm/nouveau/disp/nv50-: avoid creating ORs that are not present on HW (bsc#1095094). - drm/nouveau/disp/nv50-: execute supervisor on its own workqueue (bsc#1095094). - drm/nouveau/disp/nv50-: fetch head/OR state at beginning of supervisor (bsc#1095094). - drm/nouveau/disp/nv50-: implement a common supervisor 1.0 (bsc#1095094). - drm/nouveau/disp/nv50-: implement a common supervisor 2.0 (bsc#1095094). - drm/nouveau/disp/nv50-: implement a common supervisor 2.1 (bsc#1095094). - drm/nouveau/disp/nv50-: implement a common supervisor 2.2 (bsc#1095094). - drm/nouveau/disp/nv50-: implement a common supervisor 3.0 (bsc#1095094). - drm/nouveau/disp/nv50-: port OR manual sink detection to nvkm_ior (bsc#1095094). - drm/nouveau/disp/nv50-: port OR power state control to nvkm_ior (bsc#1095094). - drm/nouveau/disp/nv50-gt21x: remove workaround for dp->tmds hotplug issues (bsc#1095094). - drm/nouveau/disp: Add mechanism to convert HDMI InfoFrames to hardware format (bsc#1095094). - drm/nouveau/disp: Silence DCB warnings (bsc#1095094). - drm/nouveau/disp: add tv encoders to output resource mapping (bsc#1095094). - drm/nouveau/disp: common implementation of scanoutpos method in nvkm_head (bsc#1095094). - drm/nouveau/disp: delay output path / connector construction until oneinit() (bsc#1095094). - drm/nouveau/disp: fork off some new hw-specific implementations (bsc#1095094). - drm/nouveau/disp: identity-map display paths to output resources (bsc#1095094). - drm/nouveau/disp: introduce acquire/release display path methods (bsc#1095094). - drm/nouveau/disp: introduce input/output resource abstraction (bsc#1095094). - drm/nouveau/disp: introduce object to track per-head functions/state (bsc#1095094). - drm/nouveau/disp: move vblank_{get,put} methods into nvkm_head (bsc#1095094). - drm/nouveau/disp: remove hw-specific customisation of output paths (bsc#1095094). - drm/nouveau/disp: rename nvkm_output to nvkm_outp (bsc#1095094). - drm/nouveau/disp: rename nvkm_output_dp to nvkm_dp (bsc#1095094). - drm/nouveau/disp: s/nvkm_connector/nvkm_conn/ (bsc#1095094). - drm/nouveau/disp: shuffle functions around (bsc#1095094). - drm/nouveau/falcon: use a more reasonable msgqueue timeout value (bsc#1095094). - drm/nouveau/fb/gf100-: zero mmu debug buffers (bsc#1095094). - drm/nouveau/fb/ram/nv40-: use new devinit script interpreter entry-point (bsc#1095094). - drm/nouveau/fbcon: fix oops without fbdev emulation (bsc#1094751). - drm/nouveau/hwmon: Add config for all sensors and their settings (bsc#1095094). - drm/nouveau/hwmon: Add nouveau_hwmon_ops structure with .is_visible/.read_string (bsc#1095094). - drm/nouveau/hwmon: Change permissions to numeric (bsc#1095094). - drm/nouveau/hwmon: Remove old code, add .write/.read operations (bsc#1095094). - drm/nouveau/hwmon: expose the auto_point and pwm_min/max attrs (bsc#1095094). - drm/nouveau/kms/nv04-nv40: improve overlay error detection, fix pitch setting (bsc#1095094). - drm/nouveau/kms/nv04-nv40: prevent undisplayable framebuffers from creation (bsc#1095094). - drm/nouveau/kms/nv04-nv4x: fix exposed format list (bsc#1095094). - drm/nouveau/kms/nv04: use new devinit script interpreter entry-point (bsc#1095094). - drm/nouveau/kms/nv10-nv40: add NV21 support to overlay (bsc#1095094). - drm/nouveau/mc/gf100: add pmu to reset mask (bsc#1095094). - drm/nouveau/mpeg: print more debug info when rejecting dma objects (bsc#1095094). - drm/nouveau/pmu/fuc: do not use movw directly anymore (bsc#1051510). - drm/nouveau/pmu/gt215-: abstract detection of whether reset is needed (bsc#1095094). - drm/nouveau/pmu/gt215: fix reset (bsc#1095094). - drm/nouveau/tegra: Do not leave GPU in reset (bsc#1095094). - drm/nouveau/tegra: Skip manual unpowergating when not necessary (bsc#1095094). - drm/nouveau/therm/gm200: Added (bsc#1095094). - drm/nouveau/therm: fix spelling mistake on array thresolds (bsc#1095094). - drm/nouveau/tmr: remove nvkm_timer_alarm_cancel() (bsc#1095094). - drm/nouveau: Clean up nv50_head_atomic_check_mode() and fix blankus calculation (bsc#1095094). - drm/nouveau: Convert nouveau to use new iterator macros, v2 (bsc#1095094). - drm/nouveau: Drop drm_vblank_cleanup (bsc#1095094). - drm/nouveau: Enable stereoscopic 3D output over HDMI (bsc#1095094). - drm/nouveau: Fix deadlock in nv50_mstm_register_connector() (bsc#1051510). - drm/nouveau: Fix deadlock on runtime suspend (bsc#1051510). - drm/nouveau: Fix merge commit (bsc#1095094). - drm/nouveau: Handle drm_atomic_helper_swap_state failure (bsc#1095094). - drm/nouveau: Handle frame-packing mode geometry and timing effects (bsc#1095094). - drm/nouveau: Pass mode-dependent AVI and Vendor HDMI InfoFrames to NVKM (bsc#1095094). - drm/nouveau: Skip vga_fini on non-PCI device (bsc#1095094). - drm/nouveau: Use the drm_driver.dumb_destroy default (bsc#1095094). - drm/nouveau: silence suspend/resume debugging messages (bsc#1095094). - drm/nouveau: use drm_for_each_connector_iter() (bsc#1095094). - drm/omap: DMM: Check for DMM readiness after successful transaction commit (bsc#1051510). - drm/omap: fix possible NULL ref issue in tiler_reserve_2d (bsc#1051510). - drm/omap: fix uninitialized ret variable (bsc#1051510). - drm/omap: handle alloc failures in omap_connector (bsc#1051510). - drm/omap: silence unititialized variable warning (bsc#1051510). - drm/panel: simple: Fix the bus format for the Ontat panel (bsc#1051510). - drm/psr: Fix missed entry in PSR setup time table (bsc#1051510). - drm/qxl: Call qxl_bo_unref outside atomic context (bsc#1051510). - drm/radeon: Fix PCIe lane width calculation (bsc#1051510). - drm/radeon: Fix deadlock on runtime suspend (bsc#1051510). - drm/radeon: add PX quirk for Asus K73TK (bsc#1051510). - drm/radeon: make MacBook Pro d3_delay quirk more generic (bsc#1051510). - drm/rockchip: Clear all interrupts before requesting the IRQ (bsc#1051510). - drm/rockchip: Respect page offset for PRIME mmap calls (bsc#1051510). - drm/rockchip: dw-mipi-dsi: fix possible un-balanced runtime PM enable (bsc#1051510). - drm/sun4i: Fix dclk_set_phase (bsc#1051510). - drm/sun4i: Fix error path handling (bsc#1051510). - drm/tegra: Shutdown on driver unbind (bsc#1051510). - drm/tilcdc: ensure nonatomic iowrite64 is not used (bsc#1051510). - drm/vc4: Fix memory leak during BO teardown (bsc#1051510). - drm/vc4: Fix scaling of uni-planar formats (bsc#1051510). - drm/virtio: fix vq wait_event condition (bsc#1051510). - drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros (bsc#1051510). - drm/vmwgfx: Fix a buffer object leak (bsc#1051510). - drm/vmwgfx: Set dmabuf_size when vmw_dmabuf_init is successful (bsc#1051510). - drm/vmwgfx: Unpin the screen object backup buffer when not used (bsc#1051510). - drm: Allow determining if current task is output poll worker (bsc#1051510). - drm: Match sysfs name in link removal to link creation (bsc#1051510). - drm: bridge: dw-hdmi: Fix overflow workaround for Amlogic Meson GX SoCs (bsc#1051510). - drm: nouveau: remove dead code and pointless local lut storage (bsc#1095094). - drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen2 (bsc#1051510). - drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen3 (bsc#1051510). - drm: set FMODE_UNSIGNED_OFFSET for drm files (bsc#1051510). - e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes (bsc#1075876). - eCryptfs: do not pass up plaintext names when using filename encryption (bsc#1052766). - earlycon: Use a pointer table to fix __earlycon_table stride (bsc#1099918). - efi/esrt: Use memunmap() instead of kfree() to free the remapping (bsc#1051510). - emulex/benet: Constify *be_misconfig_evt_port_state (bsc#1086288). - ethernet/broadcom: Use zeroing memory allocator than allocator/memset (bsc#1086282). - ethernet: Use octal not symbolic permissions (bsc#1086288). - ethtool: do not print warning for applications using legacy API (networking-stable-18_01_12). - etnaviv: fix gem object list corruption (bsc#1051510). - etnaviv: fix submit error path (bsc#1051510). - ext4: add bounds checking to ext4_xattr_find_entry() (bsc#1052766). - ext4: do not update checksum of new initialized bitmaps (bsc#1052766). - ext4: eliminate sleep from shutdown ioctl (bsc#1052766). - ext4: fix hole length detection in ext4_ind_map_blocks() (bsc#1090953). - ext4: fix offset overflow on 32-bit archs in ext4_iomap_begin() (bsc#1079747). - ext4: fix unsupported feature message formatting (bsc#1098435). - ext4: move call to ext4_error() into ext4_xattr_check_block() (bsc#1052766). - ext4: pass -ESHUTDOWN code to jbd2 layer (bsc#1052766). - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS (bsc#1052766). - ext4: protect i_disksize update by i_data_sem in direct write path (bsc#1052766). - ext4: set h_journal if there is a failure starting a reserved handle (bsc#1052766). - ext4: shutdown should not prevent get_write_access (bsc#1052766). - extcon: intel-cht-wc: Set direction and drv flags for V5 boost GPIO (bsc#1051510). - f2fs: avoid hungtask when GC encrypted block if io_bits is set (bsc#1052766). - f2fs: expose some sectors to user in inline data or dentry case (bsc#1052766). - f2fs: fix a panic caused by NULL flush_cmd_control (bsc#1086400). - f2fs: fix heap mode to reset it back (bsc#1052766). - f2fs: fix to clear CP_TRIMMED_FLAG (bsc#1052766). - f2fs: fix to wake up all sleeping flusher (bsc#1099918). - fanotify: fix logic of events on child (bsc#1052766). - fbdev: controlfb: Add missing modes to fix out of bounds access (bsc#1051510). - fealnx: Fix building error on MIPS (networking-stable-17_11_20). - fib_semantics: Do not match route with mismatching tclassid (networking-stable-18_03_07). - firewire-ohci: work around oversized DMA reads on JMicron controllers (bsc#1051510). - firmware: add helper to unregister pm ops (bsc#1085937). - firmware: always enable the reboot notifier (bsc#1085937). - firmware: dmi_scan: Fix UUID length safety check (bsc#1051510). - firmware: dmi_scan: Fix handling of empty DMI strings (bsc#1051510). - firmware: fix capturing errors on fw_cache_init() on early init (bsc#1085937). - firmware: fix checking for return values for fw_add_devm_name() (bsc#1051510). - firmware: fix detecting error on register_reboot_notifier() (bsc#1085936). - firmware: move kill_requests_without_uevent() up above (bsc#1085937). - firmware: provide helpers for registering the syfs loader (bsc#1085937). - firmware: share fw fallback killing on reboot/suspend (bsc#1085937). - flow_dissector: properly cap thoff field (networking-stable-18_01_28). - fs/aio: Add explicit RCU grace period when freeing kioctx (bsc#1088722). - fs/aio: Use RCU accessors for kioctx_table->table[] (bsc#1088722). - fs/binfmt_misc.c: do not allow offset overflow (bsc#1099142). - fs/fat/inode.c: fix sb_rdonly() change (bsc#1052766). - fs/reiserfs/journal.c: add missing resierfs_warning() arg (bsc#1052766). - fsnotify: Fix fsnotify_mark_connector race (bsc#1052766). - fsnotify: Hide kABI changes in fsnotify_mark_connector (bsc#1052766). - ftrace: Fix selftest goto location on error (bsc#1099918). - fuse: fix READDIRPLUS skipping an entry (bsc#1088690). - geneve: Fix function matching VNI and tunnel ID on big-endian (bsc#1051510). - geneve: fix fill_info when link down (bsc#1051510). - gfs2: Fix debugfs glocks dump (bsc#1052766). - gpio: No NULL owner (bsc#1051510). - gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE (bsc#1051510). - gpio: davinci: Assign first bank regs for unbanked case (bsc#1051510). - gpio: fix 'gpio-line-names' property retrieval (bsc#1051510). - gpio: fix aspeed_gpio unmask irq (bsc#1051510). - gpio: fix error path in lineevent_create (bsc#1051510). - gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510). - gpio: label descriptors using the device name (bsc#1051510). - gpio: stmpe: i2c transfer are forbiden in atomic context (bsc#1051510). - gpioib: do not free unrequested descriptors (bsc#1051510). - gpu: ipu-v3: pre: fix device node leak in ipu_pre_lookup_by_phandle (bsc#1051510). - gpu: ipu-v3: prg: avoid possible array underflow (bsc#1051510). - gpu: ipu-v3: prg: fix device node leak in ipu_prg_lookup_by_phandle (bsc#1051510). - hdlc_ppp: carrier detect ok, do not turn off negotiation (networking-stable-18_03_07). - hv_netvsc: Fix a network regression after ifdown/ifup (bsc#1094420). - hwmon: (ina2xx) Fix access to uninitialized mutex (bsc#1051510). - hwmon: (ina2xx) Make calibration register value fixed (bsc#1051510). - hwmon: (jc42) optionally try to disable the SMBUS timeout (bsc#1051510). - hwmon: (nct6775) Fix writing pwmX_mode (bsc#1051510). - hwmon: (pmbus/adm1275) Accept negative page register values (bsc#1051510). - hwmon: (pmbus/max8688) Accept negative page register values (bsc#1051510). - hwtracing: stm: fix build error on some arches (bsc#1051510). - i2c: designware: fix poll-after-enable regression (bsc#1051510). - i2c: i801: Restore configuration at shutdown (bsc#1051510). - i2c: i801: Save register SMBSLVCMD value only once (bsc#1051510). - i2c: ismt: Separate I2C block read from SMBus block read (bsc#1051510). - i2c: mv64xxx: Apply errata delay only in standard mode (bsc#1051510). - i2c: pmcmsp: fix error return from master_xfer (bsc#1051510). - i2c: pmcmsp: return message count on master_xfer success (bsc#1051510). - i2c: viperboard: return message count on master_xfer success (bsc#1051510). - i40e: Close client on suspend and restore client MSIx on resume (bsc#1088821). - i40e: Do not allow use more TC queue pairs than MSI-X vectors exist (bsc#1094978). - i40e: Fix attach VF to VM issue (bsc#1056658 bsc#1056662). - i40e: Fix the number of queues available to be mapped for use (bsc#1094978). - i40e: program fragmented IPv4 filter input set (bsc#1056658 bsc#1056662). - i40evf: Do not schedule reset_task when device is being removed (bsc#1056658 bsc#1056662). - i40evf: do not rely on netif_running() outside rtnl_lock() (bsc#1056658 bsc#1056662). - i40evf: ignore link up if not running (bsc#1056658 bsc#1056662). - i40iw: Zero-out consumer key on allocate stag for FMR (bsc#1058659). - ibmvnic: Check CRQ command return codes (bsc#1094840). - ibmvnic: Create separate initialization routine for resets (bsc#1094840). - ibmvnic: Fix non-fatal firmware error reset (bsc#1093990). - ibmvnic: Fix partial success login retries (bsc#1094840). - ibmvnic: Fix statistics buffers memory leak (bsc#1093990). - ibmvnic: Free coherent DMA memory if FW map failed (bsc#1093990). - ibmvnic: Handle error case when setting link state (bsc#1094840). - ibmvnic: Introduce active CRQ state (bsc#1094840). - ibmvnic: Introduce hard reset recovery (bsc#1094840). - ibmvnic: Mark NAPI flag as disabled when released (bsc#1094840). - ibmvnic: Only do H_EOI for mobility events (bsc#1094356). - ibmvnic: Return error code if init interrupted by transport event (bsc#1094840). - ibmvnic: Set resetting state at earliest possible point (bsc#1094840). - ide: Make ide_cdrom_prep_fs() initialize the sense buffer pointer (bsc#1099918). - ide: ide-atapi: fix compile error with defining macro DEBUG (bsc#1099918). - ide:ide-cd: fix kernel panic resulting from missing scsi_req_init (bsc#1099918). - idr: fix invalid ptr dereference on item delete (bsc#1051510). - ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() (networking-stable-18_03_28). - igb: Allow to remove administratively set MAC on VFs (bsc#1056651). - igb: Clear TXSTMP when ptp_tx_work() is timeout (bsc#1056651). - igb: Fix a test with HWTSTAMP_TX_ON (bsc#1056651 bsc#1056643). - iio: ABI: Fix name of timestamp sysfs file (bsc#1051510). - iio: ad7793: Fix the serial interface reset (bsc#1051510). - iio: ad7793: implement IIO_CHAN_INFO_SAMP_FREQ (bsc#1051510). - iio: ad_sigma_delta: Implement a dedicated reset function (bsc#1051510). - iio: adc/accel: Fix up module licenses (bsc#1051510). - iio: adc: cpcap: fix incorrect validation (bsc#1051510). - iio: adc: mcp320x: Fix oops on module unload (bsc#1051510). - iio: adc: mcp320x: Fix readout of negative voltages (bsc#1051510). - iio: adc: meson-saradc: fix the bit_idx of the adc_en clock (bsc#1051510). - iio: adc: stm32: fix scan of multiple channels with DMA (bsc#1051510). - iio: adc: ti-ads1015: add 10% to conversion wait time (bsc#1051510). - iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling path of 'twl4030_madc_probe()' (bsc#1051510). - iio: adc: twl4030: Fix an error handling path in 'twl4030_madc_probe()' (bsc#1051510). - iio: adis_lib: Initialize trigger before requesting interrupt (bsc#1051510). - iio: buffer: check if a buffer has been set up when poll is called (bsc#1051510). - iio: buffer: fix the function signature to match implementation (bsc#1051510). - iio: core: Return error for failed read_reg (bsc#1051510). - iio: fix kernel-doc build errors (bsc#1051510). - iio: health: max30102: Add power enable parameter to get_temp function (bsc#1051510). - iio: health: max30102: Temperature should be in milli Celsius (bsc#1051510). - iio: imu: st_lsm6dsx: fix endianness in st_lsm6dsx_read_oneshot() (bsc#1051510). - iio: st_pressure: st_accel: Initialise sensor platform data properly (bsc#1051510). - iio: st_pressure: st_accel: pass correct platform data to init (bsc#1051510). - iio: trigger: stm32-timer: fix get/set down count direction (bsc#1051510). - iio: trigger: stm32-timer: fix get/set down count direction (bsc#1051510). - iio: trigger: stm32-timer: preset shouldn't be buffered (bsc#1051510). - iio:buffer: make length types match kfifo types (bsc#1051510). - iio:kfifo_buf: check for uint overflow (bsc#1051510). - ima: Fallback to the builtin hash algorithm (bsc#1091686). - infiniband: drop unknown function from core_priv.h (bsc#1046306). - init: fix false positives in W+X checking (bsc#1093721). - initial support (display-only) for GP108 (bsc#1095094). - intel_th: Use correct device when freeing buffers (bsc#1051510). - iommu/amd: Take into account that alloc_dev_data() may return NULL (bsc#975772). - iommu/vt-d: Clear pasid table entry when memory unbound (bsc#1087214). - iommu/vt-d: Fix race condition in add_unmap() (bsc#1096790, bsc#1097034). - iov_iter: fix memory leak in pipe_get_pages_alloc() (bsc#1092710). - iov_iter: fix return type of __pipe_get_pages() (bsc#1092710). - ip6_gre: better validate user provided tunnel names (networking-stable-18_04_10). - ip6_gre: fix device features for ioctl setup (networking-stable-17_12_31). - ip6_gre: init dev->mtu and dev->hard_header_len correctly (networking-stable-18_01_28). - ip6_gre: ip6gre_tap device should keep dst (networking-stable-17_10_09). - ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err (networking-stable-17_11_14). - ip6_gre: skb_push ipv6hdr before packing the header in ip6gre_header (networking-stable-17_10_09). - ip6_tunnel: better validate user provided tunnel names (networking-stable-18_04_10). - ip6_tunnel: disable dst caching if tunnel is dual-stack (networking-stable-18_01_12). - ip6_tunnel: do not allow loading ip6_tunnel if ipv6 is disabled in cmdline (networking-stable-17_10_09). - ip6_vti: adjust vti mtu according to mtu of lower device (bsc#1082869). - ip6mr: fix stale iterator (networking-stable-18_02_06). - ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds (git-fixes). - ip_gre: fix IFLA_MTU ignored on NEWLINK (bsc#1076830). - ip_tunnel: better validate user provided tunnel names (networking-stable-18_04_10). - ipip: only increase err_count for some certain type icmp in ipip_err (networking-stable-17_11_14). - ipv4: Fix use-after-free when flushing FIB tables (networking-stable-17_12_31). - ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY (networking-stable-18_01_28). - ipv4: fix fnhe usage by non-cached routes (networking-stable-18_05_15). - ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg (networking-stable-18_05_15). - ipv4: igmp: guard against silly MTU values (bsc#1082869). - ipv6 sit: work around bogus gcc-8 -Wrestrict warning (networking-stable-18_03_07). - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL (git-fixes). - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy (networking-stable-18_04_26). - ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() (networking-stable-18_03_28). - ipv6: fix udpv6 sendmsg crash caused by too small MTU (networking-stable-18_01_28). - ipv6: flowlabel: do not leave opt->tot_len with garbage (networking-stable-17_11_14). - ipv6: mcast: better catch silly mtu values (networking-stable-17_12_31). - ipv6: old_dport should be a __be16 in __ip6_datagram_connect() (networking-stable-18_03_28). - ipv6: omit traffic class when calculating flow hash (bsc#1095042). - ipv6: sit: better validate user provided tunnel names (networking-stable-18_04_10). - ipv6: sr: fix NULL pointer dereference in seg6_do_srh_encap()- v4 pkts (git-fixes). - ipv6: sr: fix NULL pointer dereference when setting encap source address (networking-stable-18_03_28). - ipv6: sr: fix TLVs not being copied using setsockopt (networking-stable-18_01_12). - ipv6: sr: fix scheduling in RCU when creating seg6 lwtunnel state (networking-stable-18_03_28). - ipv6: sr: fix seg6 encap performances with TSO enabled (networking-stable-18_04_10). - ipv6: the entire IPv6 header chain must fit the first fragment (networking-stable-18_04_10). - irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis (bsc#1098401). - isdn: eicon: fix a missing-check bug (bsc#1051510). - iw_cxgb4: Atomically flush per QP HW CQEs (bsc#1046543). - iw_cxgb4: Fix an error handling path in 'c4iw_get_dma_mr()' (bsc#1064802 bsc#1066129). - iw_cxgb4: print mapped ports correctly (bsc#1046543). - iwlmvm: tdls: Check TDLS channel switch support (bsc#1051510). - iwlwifi: add a bunch of new 9000 PCI IDs (1051510). - iwlwifi: add shared clock PHY config flag for some devices (bsc#1051510). - iwlwifi: avoid collecting firmware dump if not loaded (bsc#1051510). - iwlwifi: fix non_shared_ant for 9000 devices (bsc#1051510). - iwlwifi: fw: harden page loading code (bsc#1051510). - iwlwifi: mvm: Correctly set IGTK for AP (bsc#1051510). - iwlwifi: mvm: Correctly set the tid for mcast queue (bsc#1051510). - iwlwifi: mvm: Direct multicast frames to the correct station (bsc#1051510). - iwlwifi: mvm: Fix channel switch for count 0 and 1 (bsc#1051510). - iwlwifi: mvm: Increase session protection time after CS (bsc#1051510). - iwlwifi: mvm: always init rs with 20mhz bandwidth rates (bsc#1051510). - iwlwifi: mvm: clear tx queue id when unreserving aggregation queue (bsc#1051510). - iwlwifi: mvm: do not warn in queue sync on RF-kill (bsc#1051510). - iwlwifi: mvm: fix 'failed to remove key' message (bsc#1051510). - iwlwifi: mvm: fix IBSS for devices that support station type API (bsc#1051510). - iwlwifi: mvm: fix TSO with highly fragmented SKBs (bsc#1051510). - iwlwifi: mvm: fix TX of CCMP 256 (bsc#1051510). - iwlwifi: mvm: fix array out of bounds reference (bsc#1051510). - iwlwifi: mvm: fix assert 0x2B00 on older FWs (bsc#1051510). - iwlwifi: mvm: fix error checking for multi/broadcast sta (bsc#1051510). - iwlwifi: mvm: fix race in queue notification wait (bsc#1051510). - iwlwifi: mvm: fix security bug in PN checking (bsc#1051510). - iwlwifi: mvm: honor the max_amsdu_subframes limit (bsc#1051510). - iwlwifi: mvm: make sure internal station has a valid id (bsc#1051510). - iwlwifi: mvm: remove DQA non-STA client mode special case (bsc#1051510). - iwlwifi: mvm: set the correct tid when we flush the MCAST sta (bsc#1051510). - iwlwifi: pcie: compare with number of IRQs requested for, not number of CPUs (bsc#1051510). - ixgbe: do not set RXDCTL.RLPML for 82599 (bsc#1056657). - ixgbe: prevent ptp_rx_hang from running when in FILTER_ALL mode (bsc#1056657 bsc#1056653). - jbd2: if the journal is aborted then do not allow update of the log tail (bsc#1052766). - jffs2_kill_sb(): deal with failed allocations (bsc#1052766). - kABI: protect ife_tlv_meta_decode (kabi). - kABI: protect struct cstate (kabi). - kABI: protect struct ipv6_pinfo (kabi). - kABI: protect tap_create_cdev (kabi). - kabi protect struct acpi_nfit_desc (bsc#1091424). - kabi/severities: Ignore kABI incompatibility for meson drm The symbols are used only between meson modules, so mostly internal. - kabi/severities: Ignore removed bugs.c symbols The second wave of SSBD patches drops those symbols and we can ignore them from kABI because nothing external should use them - they were exported only for kvm. - kabi/severities: add 'drivers/md/bcache/* PASS' for above change. - kabi/severities: add nvdimm internal symbols to kabi ignore list - kabi: add struct bpf_map back (References: bsc#1098425). - kcm: lock lower socket in kcm_attach (networking-stable-18_03_28). - kconfig: Avoid format overflow warning from GCC 8.1 (bsc#1051510). - kconfig: Do not leak main menus during parsing (bsc#1051510). - kconfig: Fix automatic menu creation mem leak (bsc#1051510). - kconfig: Fix expr_free() E_NOT leak (bsc#1051510). - kernel-binary: also default klp_symbols to 0 here. - kernel-binary: pass ARCH= to kernel build Recent kernel does not save CONFIG_64BIT so it has to be specified by arch. - kernel-binary: pass MAKE_ARGS to install script as well. - kernel-{binary,docs}.spec sort dependencies. - kernel/acct.c: fix the acct->needcheck check in check_free_space() (Git-fixes). - kernel/async.c: revert 'async: simplify lowest_in_progress()' (Git-fixes). - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE (bsc#1051510). - kernel/relay.c: revert 'kernel/relay.c: fix potential memory leak' (Git-fixes). - kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only() signals (Git-fixes). - kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL (Git-fixes). - kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal() (Git-fixes). - kexec: export PG_swapbacked to VMCOREINFO (bsc#1088354). - kexec_file: do not add extra alignment to efi memmap (bsc#1089268). - klp_symbols: make --klp-symbols argument semantic sane It selects build of klp symbols and defaults to off - kmod: fix wait on recursive loop (bsc#1099792). - kmod: reduce atomic operations on kmod_concurrent and simplify (bsc#1099792). - kmod: throttle kmod thread limit (bsc#1099792). - kobject: do not use WARN for registration failures (bsc#1051510). - kvm: Introduce nopvspin kernel parameter (bsc#1056427). - kvm: nVMX: Enforce cpl=0 for VMX instructions (bsc#1099183). - l2tp: check sockaddr length in pppol2tp_connect() (networking-stable-18_04_26). - l2tp: do not accept arbitrary sockets (bsc#1076830). - lan78xx: Crash in lan78xx_writ_reg (Workqueue: events lan78xx_deferred_multicast_write) (networking-stable-18_04_10). - leds: pm8058: Silence pointer to integer size warning (bsc#1051510). - lib/kobject: Join string literals back (bsc#1051510). - lib/string_helpers: Add missed declaration of struct task_struct (bsc#1099918). - lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly (bsc#1051510). - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs (bsc#1051510). - libata: Blacklist some Sandisk SSDs for NCQ (bsc#1051510). - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk (bsc#1051510). - libata: blacklist Micron 500IT SSD with MU01 firmware (bsc#1051510). - libata: zpodd: make arrays cdb static, reduces object code size (bsc#1051510). - libata: zpodd: small read overflow in eject_tray() (bsc#1051510). - libceph, ceph: change permission for readonly debugfs entries (bsc#1089115). - libceph: adding missing message types to ceph_msg_type_name() (bsc#1089115). - libceph: fix misjudgement of maximum monitor number (bsc#1089115). - libceph: reschedule a tick in finish_hunting() (bsc#1089115). - libceph: un-backoff on tick when we have a authenticated session (bsc#1089115). - libceph: validate con->state at the top of try_write() (bsc#1089115). - libnvdimm, btt: add a couple of missing kernel-doc lines (bsc#1087210). - libnvdimm, btt: clean up warning and error messages (bsc#1087205). - libnvdimm, btt: fix format string warnings (bsc#1087205). - libnvdimm, dimm: handle EACCES failures from label reads (). - libnvdimm, label: change min label storage size per UEFI 2.7 (bsc#1091666). - libnvdimm, namespace: use a safe lookup for dimm device name (bsc#1095321). - libnvdimm, nfit: fix persistence domain reporting (bsc#1091424). - libnvdimm, pmem: Add sysfs notifications to badblocks (). - libnvdimm, pmem: Do not flush power-fail protected CPU caches (bsc#1091424). - libnvdimm, pmem: Unconditionally deep flush on *sync (bsc#1091424). - libnvdimm, region, pmem: fix 'badblocks' sysfs_get_dirent() reference lifetime (). - libnvdimm, region: hide persistence_domain when unknown (bsc#1091424). - libnvdimm: expose platform persistence attribute for nd_region (bsc#1091424). - libnvdimm: re-enable deep flush for pmem devices via fsync() (bsc#1091424). - llc: better deal with too small mtu (networking-stable-18_05_15). - llc: fix NULL pointer deref for SOCK_ZAPPED (networking-stable-18_04_26). - llc: hold llc_sap before release_sock() (networking-stable-18_04_26). - lock_parent() needs to recheck if dentry got __dentry_kill'ed under it (bsc#1052766). - locking/atomics, dm-integrity: Convert ACCESS_ONCE() to READ_ONCE()/WRITE_ONCE() (bsc#1093023). - locking/atomics: COCCINELLE/treewide: Convert trivial ACCESS_ONCE() patterns to READ_ONCE()/WRITE_ONCE() (bsc#1093023). - locking/qspinlock: Ensure node is initialised before updating prev->next (bsc#1050549). - locking/qspinlock: Ensure node->count is updated before initialising node (bsc#1050549). - locking: Remove smp_read_barrier_depends() from queued_spin_lock_slowpath() (bsc#1050549). - loop: handle short DIO reads (bsc#1052766). - lsm: fix smack_inode_removexattr and xattr_getsecurity memleak (bsc#1051510). - mac80211: Adjust SAE authentication timeout (bsc#1051510). - mac80211: Do not disconnect on invalid operating class (bsc#1051510). - mac80211: Fix condition validating WMM IE (bsc#1051510). - mac80211: Fix sending ADDBA response for an ongoing session (bsc#1051510). - mac80211: Fix setting TX power on monitor interfaces (bsc#1051510). - mac80211: drop frames with unexpected DS bits from fast-rx to slow path (bsc#1051510). - mac80211: mesh: fix wrong mesh TTL offset calculation (bsc#1051510). - mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 (bsc#1051510). - mac80211: use timeout from the AddBA response instead of the request (bsc#1051510). - macros.kernel-source: Fix building non-x86 KMPs - macros.kernel-source: define linux_arch for KMPs (boo#1098050). CONFIG_64BIT is no longer defined so KMP spec files need to include %{?linux_make_arch} in any make call to build modules or descent into the kernel directory for any reason. - macros.kernel-source: ignore errors when using make to print kernel release There is no way to handle the errors anyway and including the error into package version does not give good results. - macvlan: filter out unsupported feature flags (networking-stable-18_03_28). - macvlan: fix memory hole in macvlan_dev (bsc#1099918). - macvlan: remove unused fields in struct macvlan_dev (bsc#1099918). - mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush sequence (bsc#1051510). - mailbox: bcm-flexrm-mailbox: Fix mask used in CMPL_START_ADDR_VALUE() (bsc#1051510). - mailbox: mailbox-test: do not rely on rx_buffer content to signal data ready (bsc#1051510). - mbcache: initialize entry->e_referenced in mb_cache_entry_create() (bsc#1052766). - md-cluster: choose correct label when clustered layout is not supported (bsc#1093023). - md-cluster: do not update recovery_offset for faulty device (bsc#1093023). - md-cluster: make function cluster_check_sync_size static (bsc#1093023). - md-multipath: Use seq_putc() in multipath_status() (bsc#1093023). - md/bitmap: clear BITMAP_WRITE_ERROR bit before writing it to sb (bsc#1093023). - md/bitmap: copy correct data for bitmap super (bsc#1093023). - md/bitmap: revert a patch (bsc#1093023). - md/r5cache: call mddev_lock/unlock() in r5c_journal_mode_show (bsc#1093023). - md/r5cache: fix io_unit handling in r5l_log_endio() (bsc#1093023). - md/r5cache: move mddev_lock() out of r5c_journal_mode_set() (bsc#1093023). - md/r5cache: print more info of log recovery (bsc#1093023). - md/raid0: attach correct cgroup info in bio (bsc#1093023). - md/raid1,raid10: silence warning about wait-within-wait (bsc#1093023). - md/raid1/10: add missed blk plug (bsc#1093023). - md/raid1: Fix trailing semicolon (bsc#1093023). - md/raid1: exit sync request if MD_RECOVERY_INTR is set (bsc#1093023). - md/raid1: fix NULL pointer dereference (bsc#1093023). - md/raid5: cap worker count (bsc#1093023). - md/raid5: correct degraded calculation in raid5_error (bsc#1093023). - md/raid5: simplify uninitialization of shrinker (bsc#1093023). - md: Delete gendisk before cleaning up the request queue (bsc#1093023). - md: allow metadata update while suspending (bsc#1093023). - md: always hold reconfig_mutex when calling mddev_suspend() (bsc#1093023). - md: be cautious about using ->curr_resync_completed for ->recovery_offset (bsc#1093023). - md: do not call bitmap_create() while array is quiesced (bsc#1093023). - md: do not check MD_SB_CHANGE_CLEAN in md_allow_write (bsc#1093023). - md: document lifetime of internal rdev pointer (bsc#1093023). - md: fix a potential deadlock of raid5/raid10 reshape (bsc#1093023). - md: fix a race condition for flush request handling (bsc#1093023). - md: fix deadlock error in recent patch (bsc#1093023). - md: fix two problems with setting the 're-add' device state (bsc#1098176). - md: forbid a RAID5 from having both a bitmap and a journal (bsc#1093023). - md: free unused memory after bitmap resize (bsc#1093023). - md: limit mdstat resync progress to max_sectors (bsc#1093023). - md: move suspend_hi/lo handling into core md code (bsc#1093023). - md: only allow remove_and_add_spares when no sync_thread running (bsc#1093023). - md: raid10: remove VLAIS (bsc#1093023). - md: raid10: remove a couple of redundant variables and initializations (bsc#1093023). - md: raid5: avoid string overflow warning (bsc#1093023). - md: release allocated bitset sync_set (bsc#1093023). - md: remove redundant variable q (bsc#1093023). - md: remove special meaning of ->quiesce(.., 2) (bsc#1093023). - md: rename some drivers/md/ files to have an 'md-' prefix (bsc#1093023). - md: replace seq_release_private with seq_release (bsc#1093023). - md: separate request handling (bsc#1093023). - md: use TASK_IDLE instead of blocking signals (bsc#1093023). - md: use lockdep_assert_held (bsc#1093023). - md: use mddev_suspend/resume instead of ->quiesce() (bsc#1093023). - media: atomisp_fops.c: disable atomisp_compat_ioctl32 (bsc#1051510). - media: au0828: add VIDEO_V4L2 dependency (bsc#1051510). - media: cx231xx: Add support for AverMedia DVD EZMaker 7 (bsc#1051510). - media: cx23885: Override 888 ImpactVCBe crystal frequency (bsc#1051510). - media: cx23885: Set subdev host data to clk_freq pointer (bsc#1051510). - media: dmxdev: fix error code for invalid ioctls (bsc#1051510). - media: dvb_frontend: fix locking issues at dvb_frontend_get_event() (bsc#1051510). - media: em28xx: Add Hauppauge SoloHD/DualHD bulk models (bsc#1051510). - media: em28xx: USB bulk packet size fix (bsc#1051510). - media: lgdt3306a: Fix a double kfree on i2c device remove (bsc#1051510). - media: lgdt3306a: Fix module count mismatch on usb unplug (bsc#1051510). - media: smiapp: fix timeout checking in smiapp_read_nvm (bsc#1099918). - media: uvcvideo: Support realtek's UVC 1.5 device (bsc#1099109). - media: v4l2-compat-ioctl32: do not oops on overlay (bsc#1051510). - media: v4l2-compat-ioctl32: prevent go past max size (bsc#1051510). - media: videobuf2-core: do not go out of the buffer range (bsc#1051510). - media: vivid: check if the cec_adapter is valid (bsc#1051510). - mei: me: add cannon point device ids (). - mei: me: add cannon point device ids for 4th device (). - mei: remove dev_err message on an unsupported ioctl (bsc#1051510). - mfd: cros ec: spi: Do not send first message too soon (bsc#1051510). - mfd: intel-lpss: Fix Intel Cannon Lake LPSS I2C input clock (bsc#1051510). - mfd: intel-lpss: Program REMAP register in PIO mode (bsc#1051510). - mkspec: only build docs for default variant kernel. - mlxsw: spectrum: Disable MAC learning for ovs port (networking-stable-17_12_31). - mlxsw: spectrum: Forbid linking to devices that have uppers FIX (stable-fixes). - mlxsw: spectrum: Prevent mirred-related crash on removal (networking-stable-17_10_09). - mlxsw: spectrum: Relax sanity checks during enslavement (networking-stable-18_01_12). - mlxsw: spectrum_buffers: Set a minimum quota for CPU port traffic (networking-stable-18_03_28). - mlxsw: spectrum_router: Do not log an error on missing neighbor (networking-stable-18_01_28). - mlxsw: spectrum_router: Fix NULL pointer deref (networking-stable-18_01_12). - mlxsw: spectrum_router: Fix error path in mlxsw_sp_vr_create (networking-stable-18_03_07). - mlxsw: spectrum_router: Simplify a piece of code (networking-stable-18_01_12). - mlxsw: spectrum_switchdev: Check success of FDB add operation (networking-stable-18_03_07). - mm, oom_reaper: skip mm structs with mmu notifiers (bsc#1099918). - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality). - mm, percpu: add support for __GFP_NOWARN flag (bsc#1089753). - mm, slab: reschedule cache_reap() on the same CPU (VM Functionality, bsc#1097796). - mm, swap: fix false error message in __swp_swapcount() (VM Functionality, bsc#1098043). - mm, swap: fix race between swap count continuation operations (VM Functionality, bsc#1097373). mm, swap: fix race between swap count continuation operations - KABI fix (VM Functionality, bsc#1097373). - mm, thp: do not cause memcg oom for thp (bnc#1089663). - mm/fadvise: discard partial page if endbyte is also EOF (bsc#1052766). - mm/filemap.c: fix NULL pointer in page_cache_tree_insert() (bsc#1052766). - mm/huge_memory.c: __split_huge_page() use atomic ClearPageDirty() (VM Functionality, bsc#1097800). - mm/khugepaged.c: convert VM_BUG_ON() to collapse fail (VM Functionality, bsc#1097468). - mm/ksm.c: fix inconsistent accounting of zero pages (VM Functionality, bsc#1097780). - mm/mempolicy.c: avoid use uninitialized preferred_node (VM Functionality, bsc#1097465). - mm/page_owner: fix recursion bug after changing skip entries (VM Functionality, bsc#1097472). - mm/pkeys, powerpc, x86: Provide an empty vma_pkey() in linux/pkeys.h (bsc#1078248). - mm/pkeys, x86, powerpc: Display pkey in smaps if arch supports pkeys (bsc#1078248). - mm/pkeys: Add an empty arch_pkeys_enabled() (bsc#1078248). - mm/pkeys: Remove include of asm/mmu_context.h from pkeys.h (bsc#1078248). - mm/shmem: do not wait for lock_page() in shmem_unused_huge_shrink() (bnc#1089667). - mm/thp: do not wait for lock_page() in deferred_split_scan() (VM Functionality, bsc#1097470). - mm: Fix memory size alignment in devm_memremap_pages_release() (VM Functionality, bsc#1097439). - mm: fix device-dax pud write-faults triggered by get_user_pages() (bsc#1052766). - mm: fix the NULL mapping case in __isolate_lru_page() (bnc#971975 VM -- git fixes). - mmc: dw_mmc: exynos: fix the suspend/resume issue for exynos5433 (bsc#1051510). - mmc: jz4740: Fix race condition in IRQ mask update (bsc#1051510). - mmc: sdhci-iproc: add SDHCI_QUIRK2_HOST_OFF_CARD_ON for cygnus (bsc#1051510). - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register (bsc#1051510). - mmc: sdhci-iproc: remove hard coded mmc cap 1.8v (bsc#1051510). - mmc: sdhci-pci: Fix voltage switch for some Intel host controllers (bsc#1051510). - mmc: sdhci-pci: Only do AMD tuning for HS200 (bsc#1051510). - mq-deadline: Enable auto-loading when built as module (bsc#1099918). - mremap: Remove LATENCY_LIMIT from mremap to reduce the number of TLB shootdowns (bnc#1095115). - mtd: cmdlinepart: Update comment for introduction of OFFSET_CONTINUOUS (bsc#1099918). - mtd: jedec_probe: Fix crash in jedec_read_mfr() (bsc#1099918). - mtd: nand: fsl_ifc: Fix eccstat array overflow for IFC ver >= 2.0.0 (bsc#1099918). - mtd: partitions: add helper for deleting partition (bsc#1099918). - mtd: partitions: remove sysfs files when deleting all master's partitions (bsc#1099918). - mtd: ubi: wl: Fix error return code in ubi_wl_init() (bsc#1051510). - mwifiex: pcie: tighten a check in mwifiex_pcie_process_event_ready() (bsc#1051510). - n_tty: Access echo_* variables carefully (bsc#1051510). - n_tty: Fix stall at n_tty_receive_char_special() (bsc#1051510). - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) (bnc#1094825). - nbd: do not start req until after the dead connection logic (bsc#1099918). - nbd: fix -ERESTARTSYS handling (bsc#1099918). - nbd: fix nbd device deletion (bsc#1099918). - nbd: fix return value in error handling path (bsc#1099918). - nbd: wait uninterruptible for the dead timeout (bsc#1099918). - net sched actions: fix refcnt leak in skbmod (networking-stable-18_05_15). - net sched actions: return explicit error when tunnel_key mode is not specified (bsc#1056787). - net/ipv6: Fix route leaking between VRFs (networking-stable-18_04_10). - net/ipv6: Increment OUTxxx counters after netfilter hook (networking-stable-18_04_10). - net/iucv: Free memory obtained by kzalloc (networking-stable-18_03_28). - net/mlx4_en: Fix an error handling path in 'mlx4_en_init_netdev()' (networking-stable-18_05_15). - net/mlx4_en: Verify coalescing parameters are in range (networking-stable-18_05_15). - net/mlx5: E-Switch, Include VF RDMA stats in vport statistics (networking-stable-18_05_15). - net/mlx5: Eliminate query xsrq dead code (bsc#1046303). - net/mlx5: Fix build break when CONFIG_SMP=n (bsc#1046303). - net/mlx5: Fix mlx5_get_vector_affinity function (bsc#1046303). - net/mlx5e: Allow offloading ipv4 header re-write for icmp (bsc#1046303). - net/mlx5e: Do not reset Receive Queue params on every type change (bsc#1046303). - net/mlx5e: Err if asked to offload TC match on frag being first (networking-stable-18_05_15). - net/mlx5e: Fixed sleeping inside atomic context (bsc#1046303). - net/mlx5e: Remove unused define MLX5_MPWRQ_STRIDES_PER_PAGE (bsc#1046303). - net/mlx5e: TX, Use correct counter in dma_map error flow (networking-stable-18_05_15). - net/sched: cls_u32: fix cls_u32 on filter replace (networking-stable-18_03_07). - net/sched: fix NULL dereference in the error path of tcf_bpf_init() (bsc#1056787). - net/sched: fix NULL dereference in the error path of tunnel_key_init() (bsc#1056787). - net/sched: fix NULL dereference on the error path of tcf_skbmod_init() (bsc#1056787). - net/sctp: Always set scope_id in sctp_inet6_skb_msgname (networking-stable-17_11_20). - net/unix: do not show information about sockets from other namespaces (networking-stable-17_11_14). - net/usb/qmi_wwan.c: Add USB id for lt4120 modem (bsc#1087092). - net: Allow neigh contructor functions ability to modify the primary_key (networking-stable-18_01_28). - net: Fix hlist corruptions in inet_evict_bucket() (networking-stable-18_03_28). - net: Only honor ifindex in IP_PKTINFO if non-0 (networking-stable-18_03_28). - net: Set sk_prot_creator when cloning sockets to the right proto (networking-stable-17_10_09). - net: af_packet: fix race in PACKET_{R|T}X_RING (networking-stable-18_04_26). - net: bonding: Fix transmit load balancing in balance-alb mode if specified by sysfs (networking-stable-17_10_09). - net: bonding: fix tlb_dynamic_lb default value (networking-stable-17_10_09). - net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks (networking-stable-17_12_31). - net: bridge: fix returning of vlan range op errors (networking-stable-17_11_14). - net: core: fix module type in sock_diag_bind (networking-stable-18_01_12). - net: dsa: bcm_sf2: Clear IDDQ_GLOBAL_PWR bit for PHY (networking-stable-17_12_31). - net: dsa: check master device before put (networking-stable-17_11_14). - net: dsa: mv88e6xxx: lock mutex when freeing IRQs (networking-stable-17_10_09). - net: emac: Fix napi poll list corruption (networking-stable-17_10_09). - net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred (networking-stable-18_03_28). - net: ethernet: sun: niu set correct packet size in skb (networking-stable-18_05_15). - net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface (networking-stable-18_03_28). - net: ethernet: ti: cpsw: fix net watchdog timeout (networking-stable-18_03_07). - net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode (networking-stable-18_05_15). - net: ethernet: ti: cpsw: fix tx vlan priority mapping (networking-stable-18_04_26). - net: ethtool: Add missing kernel doc for FEC parameters (bsc#1046540). - net: fec: Fix unbalanced PM runtime calls (networking-stable-18_03_28). - net: fec: defer probe if regulator is not ready (networking-stable-18_01_12). - net: fec: free/restore resource in related probe error pathes (networking-stable-18_01_12). - net: fec: restore dev_id in the cases of probe error (networking-stable-18_01_12). - net: fec: unmap the xmit buffer that are not transferred by DMA (networking-stable-17_12_31). - net: fix deadlock while clearing neighbor proxy table (networking-stable-18_04_26). - net: fix possible out-of-bound read in skb_network_protocol() (networking-stable-18_04_10). - net: fool proof dev_valid_name() (networking-stable-18_04_10). - net: igmp: Use correct source address on IGMPv3 reports (networking-stable-17_12_31). - net: igmp: add a missing rcu locking section (git-fixes). - net: igmp: fix source address check for IGMPv3 reports (git-fixes). - net: ipv4: avoid unused variable warning for sysctl (git-fixes). - net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68 (networking-stable-18_03_07). - net: ipv6: keep sk status consistent after datagram connect failure (networking-stable-18_03_28). - net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case (networking-stable-17_12_31). - net: phy: Fix mask value write on gmii2rgmii converter speed register (networking-stable-17_10_09). - net: phy: Tell caller result of phy_change() (networking-stable-18_03_28). - net: phy: fix phy_start to consider PHY_IGNORE_INTERRUPT (networking-stable-18_03_07). - net: phy: marvell: Limit 88m1101 autoneg errata to 88E1145 as well (networking-stable-17_12_31). - net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround (networking-stable-17_12_31). - net: qcom/emac: specify the correct size when mapping a DMA buffer (networking-stable-17_10_09). - net: qdisc_pkt_len_init() should be more robust (networking-stable-18_01_28). - net: qlge: use memmove instead of skb_copy_to_linear_data (bsc#1050529 bsc#1086319). - net: realtek: r8169: implement set_link_ksettings() (networking-stable-17_12_12). - net: reevalulate autoflowlabel setting after sysctl setting (networking-stable-17_12_31). - net: remove hlist_nulls_add_tail_rcu() (networking-stable-17_12_12). - net: sched: fix error path in tcf_proto_create() when modules are not configured (networking-stable-18_05_15). - net: sched: ife: check on metadata length (networking-stable-18_04_26). - net: sched: ife: handle malformed tlv length (networking-stable-18_04_26). - net: sched: ife: signal not finding metaid (networking-stable-18_04_26). - net: sched: report if filter is too large to dump (networking-stable-18_03_07). - net: stmmac: enable EEE in MII, GMII or RGMII only (networking-stable-18_01_12). - net: support compat 64-bit time in {s,g}etsockopt (networking-stable-18_05_15). - net: systemport: Correct IPG length settings (networking-stable-17_11_20). - net: systemport: Rewrite __bcm_sysport_tx_reclaim() (networking-stable-18_03_28). - net: tcp: close sock if net namespace is exiting (networking-stable-18_01_28). - net: validate attribute sizes in neigh_dump_table() (networking-stable-18_04_26). - net: vrf: Add support for sends to local broadcast address (networking-stable-18_01_28). - net_sched: fq: take care of throttled flows before reuse (networking-stable-18_05_15). - netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed (networking-stable-17_11_20). - netfilter: use skb_to_full_sk in ip6_route_me_harder (bsc#1076830). - netlink: avoid a double skb free in genlmsg_mcast() (git-fixes). - netlink: do not proceed if dump's start() errs (networking-stable-17_10_09). - netlink: do not set cb_running if dump's start() errs (networking-stable-17_11_14). - netlink: ensure to loop over all netns in genlmsg_multicast_allns() (networking-stable-18_03_07). - netlink: extack needs to be reset each time through loop (networking-stable-18_01_28). - netlink: make sure nladdr has correct size in netlink_connect() (networking-stable-18_04_10). - netlink: put module reference if dump start fails (git-fixes). - netlink: reset extack earlier in netlink_rcv_skb (networking-stable-18_01_28). - nfit-test: Add platform cap support from ACPI 6.2a to test (bsc#1091424). - nfit: skip region registration for incomplete control regions (bsc#1091666). - nfp: use full 40 bits of the NSP buffer address (bsc#1055968). - nl80211: relax ht operation checks for mesh (bsc#1051510). - nubus: Avoid array underflow and overflow (bsc#1099918). - nubus: Fix up header split (bsc#1099918). - nvme-fabrics: allow duplicate connections to the discovery controller (bsc#1098706). - nvme-fabrics: allow internal passthrough command on deleting controllers (bsc#1098706). - nvme-fabrics: centralize discovery controller defaults (bsc#1098706). - nvme-fabrics: fix and refine state checks in __nvmf_check_ready (bsc#1098706). - nvme-fabrics: handle the admin-only case properly in nvmf_check_ready (bsc#1098706). - nvme-fabrics: refactor queue ready check (bsc#1098706). - nvme-fabrics: remove unnecessary controller subnqn validation (bsc#1098706). - nvme-fc: change controllers first connect to use reconnect path (bsc#1098706). - nvme-fc: fix nulling of queue data on reconnect (bsc#1098706). - nvme-fc: release io queues to allow fast fail (bsc#1098706). - nvme-fc: remove reinit_request routine (bsc#1098706). - nvme-fc: remove setting DNR on exception conditions (bsc#1098706). - nvme-multipath: fix sysfs dangerously created links (bsc#1096529). - nvme-rdma: Fix command completion race at error recovery (bsc#1099041). - nvme-rdma: correctly check for target keyed sgl support (bsc#1099041). - nvme-rdma: do not override opts->queue_size (bsc#1099041). - nvme-rdma: fix error flow during mapping request data (bsc#1099041). - nvme-rdma: fix possible double free condition when failing to create a controller (bsc#1099041). - nvme/multipath: Fix multipath disabled naming collisions (bsc#1098706). - nvme: Set integrity flag for user passthrough commands (bsc#1098706). - nvme: Skip checking heads without namespaces (bsc#1098706). - nvme: Use admin command effects for admin commands (bsc#1098706). - nvme: add quirk to force medium priority for SQ creation (). - nvme: allow duplicate controller if prior controller being deleted (bsc#1098706). - nvme: check return value of init_srcu_struct function (bsc#1098706). - nvme: do not send keep-alives to the discovery controller (). - nvme: expand nvmf_check_if_ready checks (bsc#1098706). - nvme: fix NULL pointer dereference in nvme_init_subsystem (bsc#1098706). - nvme: fix extended data LBA supported setting (). - nvme: fix lockdep warning in nvme_mpath_clear_current_path (). - nvme: fix potential memory leak in option parsing (bsc#1098706). - nvme: move init of keep_alive work item to controller initialization (bsc#1098706). - nvme: target: fix buffer overflow (). - nvmet-fc: increase LS buffer count per fc port (bsc#1098706). - nvmet: fix space padding in serial number (). - nvmet: switch loopback target state to connecting when resetting (bsc#1098706). - objtool, perf: Fix GCC 8 -Wrestrict error (Fix gcc 8 restrict error). - ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute (bsc#1052766). - ocfs2/dlm: Fix up kABI in dlm_ctxt (bsc#1052766). - ocfs2/dlm: wait for dlm recovery done when migrating all lock resources (bsc#1052766). - ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid (bsc#1052766). - of: overlay: validate offset from property fixups (bsc#1051510). - of: platform: stop accessing invalid dev in of_platform_device_destroy (bsc#1051510). - of: unittest: for strings, account for trailing \0 in property length field (bsc#1051510). - omapdrm: panel: fix compatible vendor string for td028ttec1 (bsc#1051510). - openvswitch: Do not swap table in nlattr_set() after OVS_ATTR_NESTED is found (networking-stable-18_05_15). - ovl: Put upperdentry if ovl_check_origin() fails (bsc#1088704). - ovl: Return -ENOMEM if an allocation fails ovl_lookup() (bsc#1096065). - ovl: fix failure to fsync lower dir (bsc#108871). - ovl: fix lookup with middle layer opaque dir and absolute path redirects (bsc#1090605). - p54: do not unregister leds when they are not initialized (bsc#1051510). - parport_pc: Add support for WCH CH382L PCI-E single parallel port card (bsc#1051510). - partitions/msdos: Unable to mount UFS 44bsd partitions (bsc#1051510). - pinctrl/amd: Fix build dependency on pinmux code (bsc#1051510). - pinctrl/amd: save pin registers over suspend/resume (bsc#1051510). - pinctrl: adi2: Fix Kconfig build problem (bsc#1051510). - pinctrl: armada-37xx: Fix direction_output() callback behavior (bsc#1051510). - pinctrl: artpec6: dt: add missing pin group uart5nocts (bsc#1051510). - pinctrl: baytrail: Enable glitch filter for GPIOs used as interrupts (bsc#1051510). - pinctrl: denverton: Fix UART2 RTS pin mode (bsc#1051510). - pinctrl: pxa: pxa2xx: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510). - pinctrl: rockchip: enable clock when reading pin direction register (bsc#1051510). - pinctrl: samsung: Fix NULL pointer exception on external interrupts on S3C24xx (bsc#1051510). - pinctrl: samsung: Fix invalid register offset used for Exynos5433 external interrupts (bsc#1051510). - pinctrl: sh-pfc: r8a7795-es1: Fix MOD_SEL1 bit[25:24] to 0x3 when using STP_ISEN_1_D (bsc#1051510). - pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI pins group (bsc#1051510). - pinctrl: sunxi: Fix A64 UART mux value (bsc#1051510). - pinctrl: sunxi: Fix A80 interrupt pin bank (bsc#1051510). - pinctrl: sx150x: Add a static gpio/pinctrl pin range mapping (bsc#1051510). - pinctrl: sx150x: Register pinctrl before adding the gpiochip (bsc#1051510). - pinctrl: sx150x: Unregister the pinctrl on release (bsc#1051510). - pipe: fix off-by-one error when checking buffer limits (bsc#1051510). - pktcdvd: Fix a recently introduced NULL pointer dereference (bsc#1099918). - pktcdvd: Fix pkt_setup_dev() error path (bsc#1099918). - platform/chrome: Use proper protocol transfer function (bsc#1051510). - platform/chrome: cros_ec_lpc: remove redundant pointer request (bsc#1051510). - platform/x86: asus-wireless: Fix NULL pointer dereference (bsc#1051510). - platform/x86: asus-wmi: Fix NULL pointer dereference (bsc#1051510). - platform/x86: fujitsu-laptop: Support Lifebook U7x7 hotkeys (bsc#1087284). - platform/x86: ideapad-laptop: Add MIIX 720-12IKB to no_hw_rfkill (bsc#1093035). - platform/x86: ideapad-laptop: Apply no_hw_rfkill to Y20-15IKBM, too (bsc#1098626). - platform/x86: thinkpad_acpi: suppress warning about palm detection (bsc#1051510). - power: supply: ab8500_charger: Bail out in case of error in 'ab8500_charger_init_hw_registers()' (bsc#1051510). - power: supply: ab8500_charger: Fix an error handling path (bsc#1051510). - power: supply: axp288_charger: Properly stop work on probe-error / remove (bsc#1051510). - powerpc/64s/idle: avoid sync for KVM state when waking from idle (bsc#1061840). - powerpc/64s: Fix mce accounting for powernv (bsc#1094244). - powerpc/fadump: Do not use hugepages when fadump is active (bsc#1092772). - powerpc/fadump: exclude memory holes while reserving memory in second kernel (bsc#1092772). - powerpc/kvm: Fix guest boot failure on Power9 since DAWR changes (bsc#1061840). - powerpc/kvm: Fix lockups when running KVM guests on Power8 (bsc#1061840). - powerpc/livepatch: Fix KABI breaker in stacktrace.c (bsc#1071995 bsc#1072856 bsc#1087458 bsc#1089664 bsc#1089669). - powerpc/livepatch: Fix build error with kprobes disabled (bsc#1071995). - powerpc/mm: Fix thread_pkey_regs_init() (bsc#1078248, git-fixes). - powerpc/perf: Add blacklisted events for Power9 DD2.1 (bsc1056686). - powerpc/perf: Add blacklisted events for Power9 DD2.2 (bsc1056686). - powerpc/perf: Fix kernel address leak via sampling registers (bsc1056686). - powerpc/perf: Infrastructure to support addition of blacklisted events (bsc1056686). - powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer (bsc1056686). - powerpc/perf: Prevent kernel address leak via perf_get_data_addr() (bsc1056686). - powerpc/perf: fix bug references. - powerpc/pkeys: Detach execute_only key on !PROT_EXEC (bsc#1078248, git-fixes). - powerpc/pkeys: Drop private VM_PKEY definitions (bsc#1078248). - powerpc/ptrace: Fix enforcement of DAWR constraints (bsc#1099918). - powerpc/xmon: Also setup debugger hooks when single-stepping (bsc#1072829). - powerpc64/ftrace: Add a field in paca to disable ftrace in unsafe code paths (bsc#1088804). - powerpc64/ftrace: Add helpers to hard disable ftrace (bsc#1088804). - powerpc64/ftrace: Delay enabling ftrace on secondary cpus (bsc#1088804). - powerpc64/ftrace: Disable ftrace during hotplug (bsc#1088804). - powerpc64/ftrace: Disable ftrace during kvm guest entry/exit (bsc#1088804). - powerpc64/ftrace: Rearrange #ifdef sections in ftrace.h (bsc#1088804). - powerpc64/ftrace: Use the generic version of ftrace_replace_code() (bsc#1088804). - powerpc64/kexec: Hard disable ftrace before switching to the new kernel (bsc#1088804). - powerpc64/module: Tighten detection of mcount call sites with -mprofile-kernel (bsc#1088804). - powerpc: Machine check interrupt is a non-maskable interrupt (bsc#1094244). - ppp: avoid loop in xmit recursion detection code (networking-stable-18_03_28). - ppp: fix race in ppp device destruction (networking-stable-17_11_14). - ppp: prevent unregistered channels from connecting to PPP units (networking-stable-18_03_07). - ppp: unlock all_ppp_mutex before registering device (networking-stable-18_01_28). - pppoe: check sockaddr length in pppoe_connect() (networking-stable-18_04_26). - pppoe: take ->needed_headroom of lower device into account on xmit (networking-stable-18_01_28). - pptp: remove a buggy dst release in pptp_connect() (networking-stable-18_04_10). - printk: fix possible reuse of va_list variable (bsc#1100602). - procfs: add tunable for fd/fdinfo dentry retention (bsc#1086652). - ptr_ring: add barriers (networking-stable-17_12_31). - pty: cancel pty slave port buf's work in tty_release (bsc#1051510). - pwm: lpss: platform: Save/restore the ctrl register over a suspend/resume (bsc#1051510). - pwm: rcar: Fix a condition to prevent mismatch value setting to duty (bsc#1051510). - pwm: stmpe: Fix wrong register offset for hwpwm=2 case (bsc#1051510). - qed: Fix l2 initializations over iWARP personality (bsc#1050536 bsc#1050545). - qed: Fix non TCP packets should be dropped on iWARP ll2 connection (bsc#1050545). - qed: Free RoCE ILT Memory on rmmod qedr (bsc#1050536 bsc#1050545). - qed: Use after free in qed_rdma_free() (bsc#1050536 bsc#1050545). - qede: Fix gfp flags sent to rdma event node allocation (bsc#1050538 bsc#1050545). - qede: Fix qedr link update (bsc#1050538 bsc#1050545). - qla2xxx: Mask off Scope bits in retry delay (bsc#1068054). - qmi_wwan: Add missing skb_reset_mac_header-call (networking-stable-17_11_20). - qmi_wwan: Add support for Quectel EP06 (networking-stable-18_02_06). - qmi_wwan: do not steal interfaces from class drivers (bsc#1092888). - r8169: fix powering up RTL8168h (bsc#1051510). - r8169: fix setting driver_data after register_netdev (bsc#1051510). - radeon: hide pointless #warning when compile testing (bsc#1051510). - radix tree test suite: add item_delete_rcu() (bsc#1095467). - radix tree test suite: fix compilation issue (bsc#1095467). - radix tree test suite: fix mapshift build target (bsc#1095467). - radix tree test suite: multi-order iteration race (bsc#1095467). - radix tree: fix multi-order iteration race (bsc#1095467). - raid10: check bio in r10buf_pool_free to void NULL pointer dereference (bsc#1098174). - raid1: copy write hint from master bio to behind bio (bsc#1093023). - raid1: prevent freeze_array/wait_all_barriers deadlock (bsc#1093023). - raid1: remove obsolete code in raid1_write_request (bsc#1093023). - raid5-ppl: PPL support for disks with write-back cache enabled (bsc#1093023). - raid5-ppl: fix handling flush requests (bsc#1093023). - raid5: Set R5_Expanded on parity devices as well as data (bsc#1093023). - raid5: remove raid5_build_block (bsc#1093023). - raid: remove tile specific raid6 implementation (bsc#1093023). - random: crng_reseed() should lock the crng instance that it is modifying (bsc#1051510). - random: use a different mixing algorithm for add_device_randomness() (bsc#1051510). - random: use a tighter cap in credit_entropy_bits_safe() (bsc#1051510). - rbd: use GFP_NOIO for parent stat and data requests (bsc#1093728). - rds: Incorrect reference counting in TCP socket creation (bsc#1076830). - rds: MP-RDS may use an invalid c_path (networking-stable-18_04_13). - rds: do not leak kernel memory to user land (networking-stable-18_05_15). - regulator: Do not return or expect -errno from of_map_mode() (bsc#1099029). - regulator: cpcap: Fix standby mode (bsc#1051510). - regulator: gpio: Fix some error handling paths in 'gpio_regulator_probe()' (bsc#1091960). - regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' (bsc#1051510). - resource: fix integer overflow at reallocation (bsc#1086739). - restore cond_resched() in shrink_dcache_parent() (bsc#1098599). - rfkill: gpio: fix memory leak in probe error path (bsc#1051510). - rhashtable: Fix rhlist duplicates insertion (bsc#1051510). - rmdir(),rename(): do shrink_dcache_parent() only on success (bsc#1100340). - rocker: fix possible null pointer dereference in rocker_router_fib_event_work (networking-stable-18_02_06). - route: check sysctl_fib_multipath_use_neigh earlier than hash (networking-stable-18_04_10). - rpm/config.sh: Fixup BUGZILLA_PRODUCT variable - rpm/kernel-docs.spec.in: Fix and cleanup for 4.13 doc build (bsc#1048129) The whole DocBook stuff has been deleted. The PDF build still non-working thus the sub-packaging disabled so far. - rpm/kernel-source.changes.old: Add pre-SLE15 history (bsc#1098995). - rpm/modules.fips include module list from dracut - rt2x00: do not pause queue unconditionally on error path (bsc#1051510). - rtc-opal: Fix handling of firmware error codes, prevent busy loops (bsc#1051510). - rtc: hctosys: Ensure system time does not overflow time_t (bsc#1051510). - rtc: pcf8563: fix output clock rate (bsc#1051510). - rtc: pl031: make interrupt optional (bsc#1051510). - rtc: snvs: Fix usage of snvs_rtc_enable (bsc#1051510). - rtc: tx4939: avoid unintended sign extension on a 24 bit shift (bsc#1051510). - rtl8187: Fix NULL pointer dereference in priv->conf_mutex (bsc#1051510). - rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c (bsc#1051510). - rxrpc: Fix send in rxrpc_send_data_packet() (networking-stable-18_03_07). - s390/archrandom: Reconsider s390 arch random implementation (bnc#1096753, LTC#168037). - s390/archrandom: Rework arch random implementation (bnc#1096753, LTC#168037). - s390/cio: update chpid descriptor after resource accessibility event (bnc#1093148, LTC#167307). - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero (bnc#1096753, LTC#168037). - s390/dasd: fix IO error for newly defined devices (bnc#1093148, LTC#167307). - s390/qdio: do not merge ERROR output buffers (bsc#1099715). - s390/qdio: fix access to uninitialized qdio_q fields (bnc#1096753, LTC#168037). - s390/qeth: do not dump control cmd twice (bsc#1099715). - s390/qeth: fix IPA command submission race (networking-stable-18_03_07). - s390/qeth: fix IPA command submission race (bsc#1099715). - s390/qeth: fix MAC address update sequence (bnc#1093148, LTC#167307). - s390/qeth: fix overestimated count of buffer elements (bsc#1099715). - s390/qeth: fix overestimated count of buffer elements (networking-stable-18_03_07). - s390/qeth: free netdevice when removing a card (networking-stable-18_03_28). - s390/qeth: free netdevice when removing a card (bsc#1099715). - s390/qeth: lock read device while queueing next buffer (bsc#1099715). - s390/qeth: lock read device while queueing next buffer (networking-stable-18_03_28). - s390/qeth: translate SETVLAN/DELVLAN errors (bnc#1093148, LTC#167307). - s390/qeth: use Read device to query hypervisor for MAC (bsc#1061024). - s390/qeth: when thread completes, wake up all waiters (bsc#1099715). - s390/qeth: when thread completes, wake up all waiters (networking-stable-18_03_28). - s390/uprobes: implement arch_uretprobe_is_alive() (bnc#1093148, LTC#167307). - s390/zcrypt: Fix CCA and EP11 CPRB processing failure memory leak (bnc#1096753, LTC#168037). - sch_netem: fix skb leak in netem_enqueue() (networking-stable-18_03_28). - sched/numa: Stagger NUMA balancing scan periods for new threads (Automatic NUMA Balancing ()). - sched: Make resched_cpu() unconditional (Git-fixes). - sched: Stop resched_cpu() from sending IPIs to offline CPUs (Git-fixes). - sched: Stop switched_to_rt() from sending IPIs to offline CPUs (Git-fixes). - scripts/git_sort/git_sort.py: - scripts/git_sort/git_sort.py: add Viro's vfs git - scsi: core: return BLK_STS_OK for DID_OK in __scsi_error_from_host_byte() (bsc#1099918). - scsi: ipr: Format HCAM overlay ID 0x41 (bsc#1097961). - scsi: ipr: new IOASC update (bsc#1097961). - scsi: lpfc: Add per io channel NVME IO statistics (bsc#1088866). - scsi: lpfc: Change IO submit return to EBUSY if remote port is recovering (bsc#1088866). - scsi: lpfc: Comment cleanup regarding Broadcom copyright header (bsc#1088866). - scsi: lpfc: Correct fw download error message (bsc#1088866). - scsi: lpfc: Correct missing remoteport registration during link bounces (bsc#1088866). - scsi: lpfc: Correct target queue depth application changes (bsc#1088866). - scsi: lpfc: Driver NVME load fails when CPU cnt > WQ resource cnt (bsc#1088866). - scsi: lpfc: Enhance log messages when reporting CQE errors (bsc#1088866). - scsi: lpfc: Enlarge nvmet asynchronous receive buffer counts (bsc#1088866). - scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1093290). - scsi: lpfc: Fix Abort request WQ selection (bsc#1088866). - scsi: lpfc: Fix MDS diagnostics failure (Rx andlt; Tx) (bsc#1088866). - scsi: lpfc: Fix NULL pointer access in lpfc_nvme_info_show (bsc#1088866). - scsi: lpfc: Fix NULL pointer reference when resetting adapter (bsc#1088866). - scsi: lpfc: Fix crash in blk_mq layer when executing modprobe -r lpfc (bsc#1088866). - scsi: lpfc: Fix driver not recovering NVME rports during target link faults (bsc#1088866). - scsi: lpfc: Fix lingering lpfc_wq resource after driver unload (bsc#1088866). - scsi: lpfc: Fix multiple PRLI completion error path (bsc#1088866). - scsi: lpfc: Fix nvme remoteport registration race conditions (bsc#1088866). - scsi: lpfc: Fix port initialization failure (bsc#1093290). - scsi: lpfc: Fix up log messages and stats counters in IO submit code path (bsc#1088866). - scsi: lpfc: Handle new link fault code returned by adapter firmware (bsc#1088866). - scsi: lpfc: correct oversubscription of nvme io requests for an adapter (bsc#1088866). - scsi: lpfc: enhance LE data structure copies to hardware (bsc#1088866). - scsi: lpfc: fix spelling mistakes: 'mabilbox' and 'maibox' (bsc#1088866). - scsi: lpfc: update driver version to 12.0.0.2 (bsc#1088866). - scsi: lpfc: update driver version to 12.0.0.3 (bsc#1088866). - scsi: lpfc: update driver version to 12.0.0.4 (bsc#1088866). - scsi: qla2xxx: Add FC-NVMe abort processing (bsc#1084570). - scsi: qla2xxx: Add changes for devloss timeout in driver (bsc#1084570). - scsi: qla2xxx: Cleanup code to improve FC-NVMe error handling (bsc#1084570). - scsi: qla2xxx: Delete session for nport id change (bsc#1077338). - scsi: qla2xxx: Fix Async GPN_FT for FCP and FC-NVMe scan (bsc#1084570). - scsi: qla2xxx: Fix FC-NVMe IO abort during driver reset (bsc#1084570). - scsi: qla2xxx: Fix n2n_ae flag to prevent dev_loss on PDB change (bsc#1084570). - scsi: qla2xxx: Fix retry for PRLI RJT with reason of BUSY (bsc#1084570). - scsi: qla2xxx: Fix small memory leak in qla2x00_probe_one on probe failure (bsc#1077338). - scsi: qla2xxx: Remove nvme_done_list (bsc#1084570). - scsi: qla2xxx: Remove unneeded message and minor cleanup for FC-NVMe (bsc#1084570). - scsi: qla2xxx: Restore ZIO threshold setting (bsc#1084570). - scsi: qla2xxx: Return busy if rport going away (bsc#1084570). - scsi: qla2xxx: Set IIDMA and fcport state before qla_nvme_register_remote() (bsc#1084570). - scsi: qla2xxx: Update driver version to 10.00.00.06-k (bsc#1084570). - scsi: raid_class: Add 'JBOD' RAID level (bsc#1093023). - scsi: sg: mitigate read/write abuse (bsc#1101296). - scsi: target: fix crash with iscsi target and dvd (bsc#1099918). - sctp: delay the authentication for the duplicated cookie-echo chunk (networking-stable-18_05_15). - sctp: do not check port in sctp_inet6_cmp_addr (networking-stable-18_04_26). - sctp: do not leak kernel memory to user space (networking-stable-18_04_10). - sctp: do not retransmit upon FragNeeded if PMTU discovery is disabled (networking-stable-18_01_12). - sctp: fix dst refcnt leak in sctp_v6_get_dst() (networking-stable-18_03_07). - sctp: fix the handling of ICMP Frag Needed for too small MTUs (networking-stable-18_01_12). - sctp: fix the issue that the cookie-ack with auth can't get processed (networking-stable-18_05_15). - sctp: full support for ipv6 ip_nonlocal_bind and IP_FREEBIND (networking-stable-17_11_14). - sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr (git-fixes). - sctp: potential read out of bounds in sctp_ulpevent_type_enabled() (networking-stable-17_10_09). - sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg (networking-stable-18_05_15). - sctp: reset owner sk for data chunks on out queues when migrating a sock (networking-stable-17_11_14). - sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 (networking-stable-18_04_10). - sctp: use right member as the param of list_for_each_entry (git-fixes). - sctp: use the old asoc when making the cookie-ack chunk in dupcook_d (networking-stable-18_05_15). - sdhci: Advertise 2.0v supply on SDIO host controller (bsc#1051510). - selinux: KASAN: slab-out-of-bounds in xattr_getsecurity (bsc#1051510). - selinux: ensure the context is NUL terminated in security_context_to_sid_core() (bsc#1051510). - selinux: skip bounded transition processing if the policy isn't loaded (bsc#1051510). - serdev: fix memleak on module unload (bsc#1051510). - serdev: fix receive_buf return value when no callback (bsc#1051510). - serdev: fix registration of second slave (bsc#1051510). - serdev: ttyport: add missing open() error handling (bsc#1051510). - serdev: ttyport: add missing receive_buf sanity checks (bsc#1051510). - serdev: ttyport: enforce tty-driver open() requirement (bsc#1051510). - serdev: ttyport: fix NULL-deref on hangup (bsc#1051510). - serdev: ttyport: fix tty locking in close (bsc#1051510). - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X (bsc#1051510). - serial: 8250: omap: Fix idling of clocks for unused uarts (bsc#1051510). - serial: 8250_dw: Disable clock on error (bsc#1051510). - serial: 8250_fintek: Fix finding base_port with activated SuperIO (bsc#1051510). - serial: 8250_pci: Add Brainboxes UC-260 4 port serial device (bsc#1051510). - serial: altera: ensure port->regshift is honored consistently (bsc#1051510). - serial: arc_uart: Fix out-of-bounds access through DT alias (bsc#1051510). - serial: core: mark port as initialized in autoconfig (bsc#1051510). - serial: fsl_lpuart: Fix out-of-bounds access through DT alias (bsc#1051510). - serial: imx: Fix out-of-bounds access through serial port index (bsc#1051510). - serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS (bsc#1051510). - serial: mxs-auart: Fix out-of-bounds access through serial port index (bsc#1051510). - serial: omap: Fix EFR write on RTS deassertion (bsc#1051510). - serial: samsung: Fix out-of-bounds access through serial port index (bsc#1051510). - serial: samsung: fix maxburst parameter for DMA transactions (bsc#1051510). - serial: sh-sci: Fix out-of-bounds access through DT alias (bsc#1051510). - serial: sh-sci: Stop using printk format %pCr (bsc#1051510). - serial: sh-sci: prevent lockup on full TTY buffers (bsc#1051510). - serial: xuartps: Fix out-of-bounds access through DT alias (bsc#1051510). - sget(): handle failures of register_shrinker() (bsc#1052766). - sh_eth: fix SH7757 GEther initialization (networking-stable-18_01_12). - sh_eth: fix TSU resource handling (networking-stable-18_01_12). - skbuff: Fix not waking applications when errors are enqueued (networking-stable-18_03_28). - sky2: Increase D3 delay to sky2 stops working after suspend (bsc#1051510). - slip: Check if rstate is initialized before uncompressing (networking-stable-18_04_13). - sock: free skb in skb_complete_tx_timestamp on error (networking-stable-17_12_31). - soreuseport: fix mem leak in reuseport_add_sock() (networking-stable-18_02_06). - spi: Fix scatterlist elements size in spi_map_buf (bsc#1051510). - spi: a3700: Fix clk prescaling for coefficient over 15 (bsc#1051510). - spi: a3700: Return correct value on timeout detection (bsc#1051510). - spi: armada-3700: Fix failing commands with quad-SPI (bsc#1051510). - spi: atmel: fixed spin_lock usage inside atmel_spi_remove (bsc#1051510). - spi: atmel: init FIFOs before spi enable (bsc#1051510). - spi: bcm-qspi: Fix use after free in bcm_qspi_probe() in error path (bsc#1051510). - spi: imx: do not access registers while clocks disabled (bsc#1051510). - spi: sh-msiof: Fix DMA transfer size check (bsc#1051510). - spi: spi-axi: fix potential use-after-free after deregistration (bsc#1051510). - spi: sun4i: disable clocks in the remove function (bsc#1051510). - spi: sun6i: disable/unprepare clocks on remove (bsc#1051510). - spi: xilinx: Detect stall with Unknown commands (bsc#1051510). - srcu: Provide ordering for CPU not involved in grace period (bsc#1052766). - staging: bcm2835-audio: Release resources on module_exit() (bsc#1051510). - staging: comedi: fix comedi_nsamples_left (bsc#1051510). - staging: comedi: ni_mio_common: ack ai fifo error interrupts (bsc#1051510). - staging: iio: ad5933: switch buffer mode to software (bsc#1051510). - staging: iio: ad7192: Fix - use the dedicated reset function avoiding dma from stack (bsc#1051510). - staging: iio: adc: ad7192: fix external frequency setting (bsc#1051510). - staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr (bsc#1051510). - staging: vchiq_2835_arm: Fix NULL ptr dereference in free_pagelist (bsc#1051510). - staging: wilc1000: Fix bssid buffer offset in Txq (bsc#1051510). - stm class: Fix a use-after-free (bsc#1051510). - stm class: Use vmalloc for the master map (bsc#1051510). - stmmac: reset last TSO segment size after device open (networking-stable-17_12_12). - strparser: Do not call mod_delayed_work with a timeout of LONG_MAX (networking-stable-18_04_26). - strparser: Fix incorrect strp->need_bytes value (networking-stable-18_04_26). - strparser: Fix sign of err codes (networking-stable-18_04_10). - sunrpc: remove incorrect HMAC request initialization (bsc#1051510). - supported.conf: Remove external flag from iwlwifi modules (bsc#1093273) - supported.conf: fix folder of the driver module - swap: divide-by-zero when zero length swap file on ssd (bsc#1051510). - swiotlb: suppress warning when __GFP_NOWARN is set (bsc#1051510). - tap: reference to KVA of an unloaded module causes kernel panic (networking-stable-17_11_14). - target: transport should handle st FM/EOM/ILI reads (bsc#1081599). - tcp: do not read out-of-bounds opsize (networking-stable-18_04_26). - tcp: fix data delivery rate (networking-stable-17_10_09). - tcp: ignore Fast Open on repair mode (networking-stable-18_05_15). - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets (networking-stable-18_04_26). - tcp: release sk_frag.page in tcp_disconnect (networking-stable-18_02_06). - tcp: revert F-RTO extension to detect more spurious timeouts (networking-stable-18_03_07). - tcp: revert F-RTO middle-box workaround (bsc#1076830). - tcp_bbr: fix to zero idle_restart only upon S/ACKed data (networking-stable-18_05_15). - tcp_bbr: record 'full bw reached' decision in new full_bw_reached bit (networking-stable-17_12_31). - tcp_bbr: reset full pipe detection on loss recovery undo (networking-stable-17_12_31). - tcp_bbr: reset long-term bandwidth sampling on loss recovery undo (networking-stable-17_12_31). - tcp_nv: fix division by zero in tcpnv_acked() (networking-stable-17_11_20). - team: Fix double free in error path (networking-stable-18_03_28). - team: avoid adding twice the same option to the event list (networking-stable-18_04_26). - team: fix netconsole setup over team (networking-stable-18_04_26). - team: move dev_mc_sync after master_upper_dev_link in team_port_add (networking-stable-18_04_10). - tee: check shm references are consistent in offset/size (bsc#1051510). - tee: shm: fix use-after-free via temporarily dropped reference (bsc#1051510). - test_firmware: fix missing unlock on error in config_num_requests_store() (bsc#1051510). - test_firmware: fix setting old custom fw path back on exit (bsc#1051510). - test_firmware: fix setting old custom fw path back on exit, second try (bsc#1051510). - tg3: APE heartbeat changes (bsc#1086286). - tg3: Add Macronix NVRAM support (bsc#1086286). - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent() (bsc#1086286). - tg3: prevent scheduling while atomic splat (bsc#1086286). - thermal/drivers/step_wise: Fix temperature regulation misbehavior (bsc#1051510). - thermal: bcm2835: Stop using printk format %pCr (bsc#1051510). - thermal: enable broadcom menu for arm64 bcm2835 (bsc#1095573). - thermal: exynos: Propagate error value from tmu_read() (bsc#1051510). - thermal: exynos: Reading temperature makes sense only when TMU is turned on (bsc#1051510). - thermal: imx: Fix race condition in imx_thermal_probe() (bsc#1051510). - thermal: int3400_thermal: fix error handling in int3400_thermal_probe() (bsc#1051510). - thermal: int3403_thermal: Fix NULL pointer deref on module load / probe (bsc#1051510). - thermal: power_allocator: fix one race condition issue for thermal_instances list (bsc#1051510). - thunderbolt: Prevent crash when ICM firmware is not running (bsc#1090888). - thunderbolt: Resume control channel after hibernation image is created (bsc#1051510). - thunderbolt: Serialize PCIe tunnel creation with PCI rescan (bsc#1090888). - thunderbolt: Wait a bit longer for ICM to authenticate the active NVM (bsc#1090888). - timekeeping: Eliminate the stale declaration of ktime_get_raw_and_real_ts64() (bsc#1099918). - timers: Invoke timer_start_debug() where it makes sense (Git-fixes). - timers: Reinitialize per cpu bases on hotplug (Git-fixes). - timers: Unconditionally check deferrable base (Git-fixes). - timers: Use deferrable base independent of base::nohz_active (Git-fixes). - tipc: add policy for TIPC_NLA_NET_ADDR (networking-stable-18_04_26). - tipc: fix a memory leak in tipc_nl_node_get_link() (networking-stable-18_01_28). - tipc: fix hanging poll() for stream sockets (networking-stable-17_12_31). - tipc: fix memory leak in tipc_accept_from_sock() (networking-stable-17_12_12). - tools headers: Restore READ_ONCE() C++ compatibility (bsc#1093023). - tools/lib/subcmd/pager.c: do not alias select() params (Fix gcc 8 restrict error). - tracing/uprobe_event: Fix strncpy corner case (bsc#1099918). - tracing: Fix converting enum's from the map in trace_event_eval_update() (bsc#1099918). - tracing: Fix missing tab for hwlat_detector print format (bsc#1099918). - tracing: Kconfig text fixes for CONFIG_HWLAT_TRACER (bsc#1099918). - tracing: Make the snapshot trigger work with instances (bsc#1099918). - tracing: probeevent: Fix to support minus offset from symbol (bsc#1099918). - tty fix oops when rmmod 8250 (bsc#1051510). - tty/serial: atmel: add new version check for usart (bsc#1051510). - tty/serial: atmel: use port->name as name in request_irq() (bsc#1051510). - tty: Avoid possible error pointer dereference at tty_ldisc_restore() (bsc#1051510). - tty: Do not call panic() at tty_ldisc_init() (bsc#1051510). - tty: Use __GFP_NOFAIL for tty_ldisc_get() (bsc#1051510). - tty: fix __tty_insert_flip_char regression (bsc#1051510). - tty: fix tty_ldisc_receive_buf() documentation (bsc#1051510). - tty: improve tty_insert_flip_char() fast path (bsc#1051510). - tty: improve tty_insert_flip_char() slow path (bsc#1051510). - tty: make n_tty_read() always abort if hangup is in progress (bsc#1051510). - tty: n_gsm: Allow ADM response in addition to UA for control dlci (bsc#1051510). - tty: n_gsm: Fix DLCI handling for ADM mode if debug and 2 is not set (bsc#1051510). - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode (bsc#1051510). - tty: pl011: Avoid spuriously stuck-off interrupts (bsc#1051510). - tty: vt: fix up tabstops properly (bsc#1051510). - tun/tap: sanitize TUNSETSNDBUF input (networking-stable-17_11_14). - tun: allow positive return values on dev_get_valid_name() call (networking-stable-17_11_14). - tun: bail out from tun_get_user() if the skb is empty (networking-stable-17_10_09). - tun: call dev_get_valid_name() before register_netdevice() (networking-stable-17_11_14). - ubi: Fix error for write access (bsc#1051510). - ubi: Fix race condition between ubi volume creation and udev (bsc#1051510). - ubi: Reject MLC NAND (bsc#1051510). - ubi: block: Fix locking for idr_alloc/idr_remove (bsc#1051510). - ubi: fastmap: Cancel work upon detach (bsc#1051510). - ubi: fastmap: Cancel work upon detach (bsc#1051510). - ubi: fastmap: Do not flush fastmap work on detach (bsc#1051510). - ubi: fastmap: Erase outdated anchor PEBs during attach (bsc#1051510). - ubifs: Check ubifs_wbuf_sync() return code (bsc#1052766). - ubifs: free the encrypted symlink target (bsc#1052766). - udf: Avoid overflow when session starts at large offset (bsc#1052766). - udf: Fix leak of UTF-16 surrogates into encoded strings (bsc#1052766). - usb: core: Add quirk for HP v222w 16GB Mini (bsc#1090888). - usb: quirks: add control message delay for 1b1c:1b20 (bsc#1087092). - usb: typec: ucsi: Fix for incorrect status data issue (bsc#1100132). - usb: typec: ucsi: Increase command completion timeout value (bsc#1090888). - usb: typec: ucsi: acpi: Workaround for cache mode issue (bsc#1100132). - usb: xhci: Disable slot even when virt-dev is null (bsc#1085539). - usb: xhci: Fix potential memory leak in xhci_disable_slot() (bsc#1085539). - usb: xhci: Make some static functions global (). - usbip: usbip_host: delete device from busid_table after rebind (bsc#1096480). - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors (bsc#1096480). - usbip: usbip_host: fix bad unlock balance during stub_probe() (bsc#1096480). - usbip: usbip_host: fix to hold parent lock for device_attach() calls (bsc#1096480). - usbip: usbip_host: run rebind from exit when module is removed (bsc#1096480). - usbip: vudc: fix null pointer dereference on udc->lock (bsc#1087092). - userns: Do not fail follow_automount based on s_user_ns (bsc#1099918). - vfb: fix video mode and line_length being set when loaded (bsc#1100362). - vfio: Use get_user_pages_longterm correctly (bsc#1095337). - vfio: disable filesystem-dax page pinning (bsc#1095337). - vfio: platform: Fix reset module leak in error path (bsc#1099918). - vhost: Fix vhost_copy_to_user() (networking-stable-18_04_13). - vhost: correctly remove wait queue during poll failure (networking-stable-18_04_10). - vhost: fix vhost_vq_access_ok() log check (networking-stable-18_04_13). - vhost: validate log when IOTLB is enabled (networking-stable-18_04_10). - vhost_net: add missing lock nesting notation (networking-stable-18_04_10). - vhost_net: stop device during reset owner (networking-stable-18_02_06). - video/fbdev/stifb: Return -ENOMEM after a failed kzalloc() in stifb_init_fb() (bsc#1090888 bsc#1099966). - video/hdmi: Allow 'empty' HDMI infoframes (bsc#1051510). - video: fbdev/mmp: add MODULE_LICENSE (bsc#1051510). - video: fbdev: atmel_lcdfb: fix display-timings lookup (bsc#1051510). - video: fbdev: aty: do not leak uninitialized padding in clk to userspace (bsc#1051510). - video: fbdev: au1200fb: Release some resources if a memory allocation fails (bsc#1051510). - video: fbdev: au1200fb: Return an error code if a memory allocation fails (bsc#1051510). - virtio-gpu: fix ioctl and expose the fixed status to userspace (bsc#1100382). - virtio: add ability to iterate over vqs (bsc#1051510). - virtio: release virtio index when fail to device_register (bsc#1051510). - virtio_console: do not tie bufs to a vq (bsc#1051510). - virtio_console: drop custom control queue cleanup (bsc#1051510). - virtio_console: free buffers after reset (bsc#1051510). - virtio_console: move removal code (bsc#1051510). - virtio_console: reset on out of memory (bsc#1051510). - virtio_net: fix adding vids on big-endian (networking-stable-18_04_26). - virtio_net: split out ctrl buffer (networking-stable-18_04_26). - virtio_ring: fix num_free handling in error case (bsc#1051510). - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi (networking-stable-18_04_26). - vlan: also check phy_driver ts_info for vlan's real device (networking-stable-18_04_10). - vlan: fix a use-after-free in vlan_device_event() (networking-stable-17_11_20). - vmw_balloon: fix inflation with batching (bsc#1051510). - vmw_balloon: fixing double free when batching mode is off (bsc#1051510). - vmxnet3: avoid xmit reset due to a race in vmxnet3 (bsc#1091860). - vmxnet3: fix incorrect dereference when rxvlan is disabled (bsc#1091860). - vmxnet3: increase default rx ring sizes (bsc#1091860). - vmxnet3: repair memory leak (bsc#1051510). - vmxnet3: set the DMA mask before the first DMA map operation (bsc#1091860). - vmxnet3: use DMA memory barriers where required (bsc#1091860). - vmxnet3: use correct flag to indicate LRO feature (bsc#1091860). - vrf: Fix use after free and double free in vrf_finish_output (networking-stable-18_04_10). - vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend (bsc#1051510). - vt: change SGR 21 to follow the standards (bsc#1051510). - vt: prevent leaking uninitialized data to userspace via /dev/vcs* (bsc#1051510). - vti6: Change minimum MTU to IPV4_MIN_MTU, vti6 can carry IPv4 too (bsc#1082869). - vti6: Fix dev->max_mtu setting (bsc#1082869). - vti6: Keep set MTU on link creation or change, validate it (bsc#1082869). - vti6: Properly adjust vti6 MTU from MTU of lower device (bsc#1082869). - vti6: better validate user provided tunnel names (networking-stable-18_04_10). - vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit (bsc#1076830). - vxlan: fix the issue that neigh proxy blocks all icmpv6 packets (networking-stable-17_11_20). - w1: mxc_w1: Enable clock before calling clk_get_rate() on it (bsc#1051510). - wait: add wait_event_killable_timeout() (bsc#1099792). - watchdog: da9063: Fix setting/changing timeout (bsc#1100843). - watchdog: da9063: Fix timeout handling during probe (bsc#1100843). - watchdog: da9063: Fix updating timeout value (bsc#1100843). - watchdog: f71808e_wdt: Fix WD_EN register read (bsc#1051510). - watchdog: f71808e_wdt: Fix magic close handling (bsc#1051510). - watchdog: sp5100_tco: Fix watchdog disable bit (bsc#1051510). - wcn36xx: Fix dynamic power saving (bsc#1051510). - wcn36xx: Introduce mutual exclusion of fw configuration (bsc#1051510). - wl1251: check return from call to wl1251_acx_arp_ip_filter (bsc#1051510). - workqueue: Allow retrieval of current task's work struct (bsc#1051510). - workqueue: use put_device() instead of kfree() (bsc#1051510). - x86,sched: Allow topologies where NUMA nodes share an LLC (bsc#1091158). - x86/cpu_entry_area: Map also trace_idt_table (bsc#1089878). - x86/intel_rdt: Add command line parameter to control L2_CDP (). - x86/intel_rdt: Add two new resources for L2 Code and Data Prioritization (CDP) (). - x86/intel_rdt: Enable L2 CDP in MSR IA32_L2_QOS_CFG (). - x86/intel_rdt: Enumerate L2 Code and Data Prioritization (CDP) feature (). - x86/mm: add a function to check if a pfn is UC/UC-/WC (bsc#1087213). - x86/pkeys: Add arch_pkeys_enabled() (bsc#1078248). - x86/pkeys: Move vma_pkey() into asm/pkeys.h (bsc#1078248). - x86/pti: do not report XenPV as vulnerable (bsc#1097551). - x86/setup: Do not reserve a crash kernel region if booted on Xen PV (bsc#1085626). - x86/stacktrace: Clarify the reliable success paths (bnc#1058115). - x86/stacktrace: Do not fail for ORC with regs on stack (bnc#1058115). - x86/stacktrace: Do not unwind after user regs (bnc#1058115). - x86/stacktrace: Enable HAVE_RELIABLE_STACKTRACE for the ORC unwinder (bnc#1058115). - x86/stacktrace: Remove STACKTRACE_DUMP_ONCE (bnc#1058115). - x86/tsc: Future-proof native_calibrate_tsc() (bsc#1074873). - x86/unwind/orc: Detect the end of the stack (bnc#1058115). - xen/acpi: off by one in read_acpi_id() (bnc#1065600). - xen/netfront: raise max number of slots in xennet_get_responses() (bnc#1076049). - xen: do not print error message in case of missing Xenstore entry (bnc#1065600). - xhci: Add port status decoder for tracing purposes (). - xhci: Fix USB ports for Dell Inspiron 5775 (bsc#1090888). - xhci: add definitions for all port link states (). - xhci: add port speed ID to portsc tracing (). - xhci: add port status tracing (). - xhci: fix endpoint context tracer output (bsc#1087092). - xhci: workaround for AMD Promontory disabled ports wakeup (bsc#1087092). - xhci: zero usb device slot_id member when disabling and freeing a xhci slot (bsc#1090888). - xprtrdma: Fix list corruption / DMAR errors during MR recovery (git-fixes). - xprtrdma: Return -ENOBUFS when no pages are available (git-fixes). ----------------------------------------- Patch: SUSE-2018-1459 Released: Tue Jul 31 12:48:26 2018 Summary: Recommended update for yast2 Severity: moderate References: 1098919,1099691 Description: This update for yast2 fixes the following issues: - Network: Prevent from crashing when trying to delete some ip aliases from the original devices. (bsc#1098919) - Added additional searchkeys to desktop file. (fate#321043) ----------------------------------------- Patch: SUSE-2018-1469 Released: Wed Aug 1 13:59:43 2018 Summary: Security update for polkit Severity: moderate References: 1099031,CVE-2018-1116 Description: This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-1116: Fix uid comparison lacking in polkit_backend_interactive_authority_check_authorization (bsc#1099031). ----------------------------------------- Patch: SUSE-2018-1476 Released: Thu Aug 2 14:20:03 2018 Summary: Security update for cups Severity: moderate References: 1096405,1096406,1096407,1096408,CVE-2018-4180,CVE-2018-4181,CVE-2018-4182,CVE-2018-4183 Description: This update for cups fixes the following issues: The following security vulnerabilities were fixed: - Fixed a local privilege escalation to root and sandbox bypasses in the scheduler - CVE-2018-4180: Fixed a local privilege escalation to root in dnssd backend (bsc#1096405) - CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive (bsc#1096406) - CVE-2018-4182: Fixed a sandbox bypass due to insecure error handling (bsc#1096407) - CVE-2018-4183: Fixed a sandbox bypass due to profile misconfiguration (bsc#1096408) ----------------------------------------- Patch: SUSE-2018-1478 Released: Thu Aug 2 14:35:56 2018 Summary: Recommended update for openssl-1_1 Severity: important References: 1084011,1090765 Description: This update for openssl-1_1 fixes the following issues: - Suggest libopenssl1_1-hmac from libopenssl1_1 package to avoid dependency issues during updates. (bsc#1090765) - Relax CN name restrictions. (bsc#1084011) ----------------------------------------- Patch: SUSE-2018-1486 Released: Fri Aug 3 16:08:24 2018 Summary: Recommended update for several YaST modules Severity: moderate References: 1065258,1073633,1078359,1081605,1083851,1085134,1089643,1089699,1094157,1094875,1094924,1094963,1095253,1096240,1096758,1097634,1098594,1099691,760213,966637 Description: This update fixes the following issues: yast2-update: - Update encryption device names according to the values in the crypttab file. (bsc#1094963) - Flush the disk cache after restoring the backup to mitigate risk of data loss after unexpected reboot/poweroff after aborting upgrade. (bsc#1089643) - Added additional searchkeys to desktop file (fate#321043, bsc#1099691) yast2-storage-ng: - Partitioner: when creating a partition, use only regions of the selected type: primary, logical or extended (bsc#1097634). - AutoYaST: Export BIOS RAID devices correctly. (bsc#1098594) - AutoYaST: Do not crash when reusing partitions on non-disk devices like DASD or BIOS RAID. (bsc#1098594) - Added additional searchkeys to desktop file (fate#321043). - Mask systemd mount and swap units while expert partitioner is running. (bsc#1073633) - Partitioner: Add checkbox to format system volumes when importing mount points. (bsc#1078359, bsc#1094924) - Partitioner: Honor default subvolumes when importing the root mount point. (related to bsc#1078359, bsc#1083851 and fate#318196) - Partitioner: Honor default snapshots configuration when importing the root mount point. (bsc#966637) - Fixed crash in the error callback when the text contained non-ASCII characters in the translated message. (bsc#1096758) - Allow for numbers > 32 bit in region dialog. (bsc#1065258) - Fix 'Arbitrary Option Value' translation. (bsc#1081605) - Better auto-generated names for encryption devices: + Based on the udev id of the encrypted devices instead of its kernel name. (bsc#760213) + Adapted when partition numbers change, if doable. (bsc#1094157) + Prevent collision with other DeviceMapper names. (bsc#1094157) Do not write LUKS password of the proposal into YaST logs. - Do not crash when registering a zero-sized device into the logs. - AutoYaST: Fix handling of empty Btrfs subvolume prefixes. (bsc#1096240) - Added method to update encryption names according to a crypttab file. (needed for bsc#1094963) - Added additional searchkeys to desktop file (fate#321043, bsc#1099691) yast2-firstboot: - Allow going back from finish step and unified halt. (bsc#1095253) yast2-installation: - Firstboot.service: Shutdown on failure preventing the service to hang because of a systemd dependency when trying to call halt directly from the firsboot clients. (bsc#1095253) - Fixed possibly broken system after aborting upgrade running over SSH (caused by a partially finished rollback). (bsc#1089643) - Added additional searchkeys to desktop file (fate#321043). - Adapted testsuite to change in yast2-storage-ng. (bsc#1073633) libstorage-ng: - Handle device type attribute of udevadm info output. - Expose Device#devicegraph. (needed for bsc#1094157) - Do not try to activate LUKS on devices used by multipath. (bsc#1089699) - Encryption#set_dm_table_name adjusts #name. (bsc#1094157, bsc#1094963) - Added translations for Indonesian, Russian, Chinese (Taiwan), Portuguese (Brazil), Spanish, Slovak, Czech, Italian, Catalan and French. - Return better exception. (related to bsc#1094963) ----------------------------------------- Patch: SUSE-2018-1488 Released: Fri Aug 3 17:27:16 2018 Summary: Recommended update for samba Severity: moderate References: 1065551,1071090,1088574,1093864,1094881,1099702 Description: This update provides version 4.7.8 of samba and fixes the following issues: - Update tevent to version 0.9.36. - Update talloc to verison 2.1.11. - Use new foreground execution flags for systemd samba daemons. (bsc#1088574, bsc#1071090, bsc#1065551, bsc#1094881) - Add missing package descriptions for several sub-packages. (bsc#1093864) - s3/smbd: Generic fix for incorrect reporting of stream dos attributes on a directory. - ceph/VFS: Add asynchronous fsync to ceph module, fake using synchronous call. - s3/libsmbclient: Fix hard-coded connection error return of ETIMEDOUT. - s3/smbd: Fix SMB2-FLUSH against directories. - s3/smbd/printing: Re-implement delete-on-close semantics for print files missing since 3.5.x. - python: Fix talloc frame use in make_simple_acl(). - winbindd on the AD DC is slow for passdb queries. - No Backtrace given by Samba's AD DC by default. - winbindd doesn't recover loss of netlogon secure channel in case the peer DC is rebooted. - s3/smbd: Fix interaction between chown and SD flags. - s4-heimdal: Fix the format-truncation errors. - vfs_ceph: Add fake async pwrite/pread send/recv hooks. - printing: Return the same error code as Windows does on upload failures. - winbind: Improve child selection. - winbind: Maintain a binding handle per domain and always go via wb_domain_request_send(). - winbindd doesn't recover loss of netlogon secure channel in case the peer DC is rebooted. - Looking up the user using the UPN results in user name with the REALM instead of the DOMAIN. - rpc_server: Init local_server_* in make_internal_rpc_pipe_socketpair. - smbclient: Fix broken notify. - libads: Fix the build --without-ads. - winbindd: Don't split the rid for SID_NAME_DOMAIN sids in wb_lookupsids. - winbindd: Initialize type = SID_NAME_UNKNOWN in wb_lookupsids_single_done(). - s4:rpc_server: Fix call_id truncation in dcesrv_find_fragmented_call(). - A disconnecting winbind client can cause a problem in the winbind parent child communication. - winbind: Use one queue for all domain children. - Minimize the lifetime of winbindd_cli_state->{pw,gr}ent_state. - winbind should avoid using fstrcpy(domain->dcname,...) on a char *. - The winbind parent should find the dc of a foreign domain via the primary domain. - nsswitch: Fix memory leak in winbind_open_pipe_sock() when the privileged pipe is not accessable. - Fix broken server side GENSEC_FEATURE_LDAP_STYLE handling (NTLMSSP NTLM2 packet check failed due to invalid signature!). - s3/VFS: Fix memory leak in vfs_ceph. - rpc_server: Fix NetSessEnum with stale sessions. - dfree cache returning incorrect data for sub directory mounts. - Looking up the user using the UPN results in user name with the REALM instead of the DOMAIN. - s3/passdb: Do not return OK if we don't have pinfo set up. - s3/utils: Do not segfault on error in DoDNSUpdate(). - s4/auth_sam: Allow logons with an empty domain name. - s3/ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here. - s3/smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir(). - Round-tripping ACL get/set through vfs_fruit will increase the number of ACE entries without limit. - s3/smbd/SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues. - s3/smbd: Files or directories can't be opened DELETE_ON_CLOSE without delete access. - s3/smbd: Fix memory leak in vfswrap_getwd(). - s3/smbd: Unix extensions attempts to change wrong field in fchown call. - s3/smbd: Don't use the directory cache for SMB2/3. - build: Fix libceph-common detection. - build: Fix ceph_statx check when configured with libcephfs_dir. - vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async. - ctdb-scripts: Drop 'net serverid wipe' from 50.samba event script. - s3/lib/messages: Don't use the result of sec_init() before calling sec_init(). - smbd can panic if the client-supplied channel sequence number wraps. - dsdb: Fix Uninitialized scalar variable. - s3/libsmb: Allow -U'\\administrator' to work. - Windows 10 cannot logon on Samba NT4 domain. - smbc_opendir should not return EEXIST with invalid login credentials. - s3/smbd: Map nterror on smb2_flush errorpath. - libsmb: Use smb2 tcon if conn_protocol >= SMB2_02. - subnet: Avoid a segfault when renaming subnet objects. - 'wbinfo --name-to-sid' returns misleading result on invalid query. - s3/smbd: Do not crash if we fail to init the session table. - Allow AESNI to be used on all processor supporting AESNI. ----------------------------------------- Patch: SUSE-2018-1490 Released: Fri Aug 3 17:43:36 2018 Summary: Security update for kernel-firmware Severity: moderate References: 1095735,CVE-2017-5715 Description: This update for kernel-firmware to version 20180525 fixes the following issues: This security issue was fixed: - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction (bsc#1095735) ----------------------------------------- Patch: SUSE-2018-1491 Released: Fri Aug 3 17:43:44 2018 Summary: Recommended update for yast2-ftp-server Severity: moderate References: 1041829,921303 Description: This update for yast2-ftp-server fixes the following issues: Feature update: fate#321043: Added additional searchkeys to desktop file. Security issues fixed: - bsc#921303: Drop SSLv2 and SSLv3 as it is dropped for security reason for vsftpd. Bug fixes: - bsc#1041829: Do not modify value when Browse dialog is canceled. ----------------------------------------- Patch: SUSE-2018-1492 Released: Fri Aug 3 18:25:54 2018 Summary: Recommended update for release-notes-ha Severity: low References: 1101526 Description: This update for the SUSE Linux Enterprise High Availability release-notes fixes the following issues: - Hawk Data Files Installed to /usr/share/hawk. (FATE#321020) - SCSI Locking on Multipath With mpathpersist Resource Agent. (FATE#324044) - Probing Guest Nodes for Resource Status. (FATE#324441) ----------------------------------------- Patch: SUSE-2018-1504 Released: Mon Aug 6 19:25:39 2018 Summary: Security update for the Linux Kernel Severity: important References: 1012382,1037697,1046299,1046300,1046302,1046303,1046305,1046306,1046307,1046533,1046543,1050242,1050536,1050538,1050540,1051510,1054245,1056651,1056787,1058169,1058659,1060463,1068032,1075087,1075360,1077338,1077761,1077989,1085042,1085536,1085539,1086301,1086313,1086314,1086324,1086457,1087092,1087202,1087217,1087233,1090098,1090888,1091041,1091171,1093148,1093666,1094119,1096330,1097583,1097584,1097585,1097586,1097587,1097588,1098633,1099193,1100132,1100884,1101143,1101337,1101352,1101564,1101669,1101674,1101789,1101813,1101816,1102088,1102097,1102147,1102340,1102512,1102851,1103216,1103220,1103230,1103421,CVE-2017-18344,CVE-2018-5390 Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2018-5390 aka SegmentSmack: A remote attacker even with relatively low bandwidth could have caused lots of CPU usage by triggering the worst case scenario during IP and/or TCP fragment reassembly (bsc#1102340) CVE-2017-18344: The timer_create syscall implementation didn't properly validate input, which could have lead to out-of-bounds access. This allowed userspace applications to read arbitrary kernel memory in some setups. (bsc#1102851) The following non-security bugs were fixed: - acpi, apei, einj: Subtract any matching Register Region from Trigger resources (bsc#1051510). - acpi, nfit: Fix scrub idle detection (bsc#1094119). - acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value (bsc#1051510). - acpi/processor: Finish making acpi_processor_ppc_has_changed() void (bsc#1051510). - ahci: Disable Lpm on Lenovo 50 series laptops with a too old BIOS (bsc#1051510). - alsa: hda - Handle pm failure during hotplug (bsc#1051510). - alsa: hda/realtek - Add Panasonic CF-SZ6 headset jack quirk (bsc#1051510). - alsa: hda/realtek - Yet another Clevo P950 quirk entry (bsc#1101143). - alsa: hda/realtek - two more lenovo models need fixup of MIC_LOCATION (bsc#1051510). - alsa: hda: add mute led support for HP ProBook 455 G5 (bsc#1051510). - alsa: rawmidi: Change resized buffers atomically (bsc#1051510). - alx: take rtnl before calling __alx_open from resume (bsc#1051510). - arm64: kpti: Use early_param for kpti= command-line option (bsc#1103220). - arm: module: fix modsign build error (bsc#1093666). - asoc: mediatek: preallocate pages use platform device (bsc#1051510). - ath9k_htc: Add a sanity check in ath9k_htc_ampdu_action() (bsc#1051510). - atl1c: reserve min skb headroom (bsc#1051510). - audit: Fix wrong task in comparison of session ID (bsc#1051510). - audit: ensure that 'audit=1' actually enables audit for PID 1 (bsc#1051510). - audit: return on memory error to avoid null pointer dereference (bsc#1051510). - b44: Initialize 64-bit stats seqcount (bsc#1051510). - backlight: as3711_bl: Fix Device Tree node leaks (bsc#1051510). - backlight: lm3630a: Bump REG_MAX value to 0x50 instead of 0x1F (bsc#1051510). - batman-adv: Accept only filled wifi station info (bsc#1051510). - batman-adv: Always initialize fragment header priority (bsc#1051510). - batman-adv: Avoid race in TT TVLV allocator helper (bsc#1051510). - batman-adv: Avoid storing non-TT-sync flags on singular entries too (bsc#1051510). - batman-adv: Fix TT sync flags for intermediate TT responses (bsc#1051510). - batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump (bsc#1051510). - batman-adv: Fix bat_v best gw refcnt after netlink dump (bsc#1051510). - batman-adv: Fix check of retrieved orig_gw in batadv_v_gw_is_eligible (bsc#1051510). - batman-adv: Fix debugfs path for renamed hardif (bsc#1051510). - batman-adv: Fix debugfs path for renamed softif (bsc#1051510). - batman-adv: Fix internal interface indices types (bsc#1051510). - batman-adv: Fix lock for ogm cnt access in batadv_iv_ogm_calc_tq (bsc#1051510). - batman-adv: Fix multicast packet loss with a single WANT_ALL_IPV4/6 flag (bsc#1051510). - batman-adv: Fix netlink dumping of BLA backbones (bsc#1051510). - batman-adv: Fix netlink dumping of BLA claims (bsc#1051510). - batman-adv: Fix skbuff rcsum on packet reroute (bsc#1051510). - batman-adv: Ignore invalid batadv_iv_gw during netlink send (bsc#1051510). - batman-adv: Ignore invalid batadv_v_gw during netlink send (bsc#1051510). - batman-adv: Use default throughput value on cfg80211 error (bsc#1051510). - batman-adv: fix TT sync flag inconsistencies (bsc#1051510). - batman-adv: fix header size check in batadv_dbg_arp() (bsc#1051510). - batman-adv: fix multicast-via-unicast transmission with AP isolation (bsc#1051510). - batman-adv: fix packet checksum in receive path (bsc#1051510). - batman-adv: fix packet loss for broadcasted DHCP packets to a server (bsc#1051510). - batman-adv: invalidate checksum on fragment reassembly (bsc#1051510). - batman-adv: update data pointers after skb_cow() (bsc#1051510). - blk-mq: count allocated but not started requests in iostats inflight (bsc#1077989). - blk-mq: fix sysfs inflight counter (bsc#1077989). - block: always set partition number to '0' in blk_partition_remap() (bsc#1054245). - block: always set partition number to '0' in blk_partition_remap() (bsc#1077989). - block: bio_check_eod() needs to consider partitions (bsc#1077989). - block: fail op_is_write() requests to read-only partitions (bsc#1077989). - block: pass 'run_queue' to blk_mq_request_bypass_insert (bsc#1077989). - block: set request_list for request (bsc#1077989). - bluetooth: avoid recursive locking in hci_send_to_channel() (bsc#1051510). - bluetooth: hci_ll: Add support for the external clock (bsc#1051510). - bluetooth: hci_ll: Fix download_firmware() return when __hci_cmd_sync fails (bsc#1051510). - bluetooth: hci_nokia: select BT_HCIUART_H4 (bsc#1051510). - bluetooth: hci_uart: fix kconfig dependency (bsc#1051510). - bnxt_en: Always set output parameters in bnxt_get_max_rings() (bsc#1050242). - bnxt_en: Always set output parameters in bnxt_get_max_rings() (bsc#1050242). - bnxt_en: Do not modify max IRQ count after rdma driver requests/frees IRQs (bsc#1050242). - bnxt_en: Do not modify max IRQ count after rdma driver requests/frees IRQs (bsc#1050242). - bnxt_en: Fix for system hang if request_irq fails (bsc#1050242). - bnxt_en: Fix for system hang if request_irq fails (bsc#1050242). - bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic (bsc#1050242). - bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic (bsc#1050242). - bnxt_en: Fix the vlan_tci exact match check (bsc#1050242). - bnxt_en: Fix the vlan_tci exact match check (bsc#1050242). - bonding: re-evaluate force_primary when the primary slave name changes (networking-stable-18_06_20). - btrfs: Do not remove block group still has pinned down bytes (bsc#1086457). - bus: arm-cci: Fix use of smp_processor_id() in preemptible context (bsc#1051510). - bus: arm-ccn: Check memory allocation failure (bsc#1051510). - bus: arm-ccn: Fix use of smp_processor_id() in preemptible context (bsc#1051510). - bus: arm-ccn: fix module unloading Error: Removing state 147 which has instances left (bsc#1051510). - can: bcm: check for null sk before deferencing it via the call to sock_net (bsc#1051510). - can: m_can.c: fix setup of CCCR register: clear CCCR NISO bit before checking can.ctrlmode (bsc#1051510). - can: mpc5xxx_can: check of_iomap return before use (bsc#1051510). - can: peak_canfd: fix firmware v3.3.0: limit allocation to 32-bit DMA addr only (bsc#1051510). - can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK (bsc#1051510). - can: xilinx_can: fix RX overflow interrupt not being enabled (bsc#1051510). - can: xilinx_can: fix device dropping off bus on RX overrun (bsc#1051510). - can: xilinx_can: fix incorrect clear of non-processed interrupts (bsc#1051510). - can: xilinx_can: fix power management handling (bsc#1051510). - can: xilinx_can: fix recovery from error states not being propagated (bsc#1051510). - can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting (bsc#1051510). - cdc_ncm: avoid padding beyond end of skb (networking-stable-18_06_20). - cfg80211: initialize sinfo in cfg80211_get_station (bsc#1051510). - checkpatch: add 6 missing types to --list-types (bsc#1051510). - cifs: Fix infinite loop when using hard mount option (bsc#1091171). - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097). - clk: Do not show the incorrect clock phase (bsc#1051510). - clk: Do not write error code into divider register (bsc#1051510). - clk: Fix __set_clk_rates error print-string (bsc#1051510). - clk: at91: PLL recalc_rate() now using cached MUL and DIV values (bsc#1051510). - clk: at91: fix clk-generated parenting (bsc#1051510). - clk: axi-clkgen: Correctly handle nocount bit in recalc_rate() (bsc#1051510). - clk: bcm2835: De-assert/assert PLL reset signal when appropriate (bsc#1051510). - clk: fix false-positive Wmaybe-uninitialized warning (bsc#1051510). - clk: fix mux clock documentation (bsc#1051510). - clk: fix set_rate_range when current rate is out of range (bsc#1051510). - clk: hi3660: fix incorrect uart3 clock freqency (bsc#1051510). - clk: hi6220: change watchdog clock source (bsc#1051510). - clk: hi6220: mark clock cs_atb_syspll as critical (bsc#1051510). - clk: hisilicon: fix potential NULL dereference in hisi_clk_alloc() (bsc#1051510). - clk: hisilicon: mark wdt_mux_p[] as const (bsc#1051510). - clk: honor CLK_MUX_ROUND_CLOSEST in generic clk mux (bsc#1051510). - clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU (bsc#1051510). - clk: imx7d: fix mipi dphy div parent (bsc#1051510). - clk: mediatek: add the option for determining PLL source clock (bsc#1051510). - clk: mediatek: mark mtk_infrasys_init_early __init (bsc#1051510). - clk: meson: gxbb: fix clk_mclk_i958 divider flags (bsc#1051510). - clk: meson: gxbb: fix meson cts_amclk divider flags (bsc#1051510). - clk: meson: gxbb: fix wrong clock for SARADC/SANA (bsc#1051510). - clk: meson: meson8b: fix protection against undefined clks (bsc#1051510). - clk: meson: mpll: fix mpll0 fractional part ignored (bsc#1051510). - clk: meson: mpll: use 64-bit maths in params_from_rate (bsc#1051510). - clk: meson: remove unnecessary rounding in the pll clock (bsc#1051510). - clk: mvebu: use correct bit for 98DX3236 NAND (bsc#1051510). - clk: qcom: Base rcg parent rate off plan frequency (bsc#1051510). - clk: qcom: clk-smd-rpm: Fix the reported rate of branches (bsc#1051510). - clk: qcom: common: fix legacy board-clock registration (bsc#1051510). - clk: qcom: msm8916: Fix bimc gpu clock ops (bsc#1051510). - clk: qcom: msm8916: fix mnd_width for codec_digcodec (bsc#1051510). - clk: renesas: div6: Document fields used for parent selection (bsc#1051510). - clk: renesas: r8a7745: Remove PLL configs for MD19=0 (bsc#1051510). - clk: renesas: r8a7745: Remove nonexisting scu-src[0789] clocks (bsc#1051510). - clk: renesas: r8a7795: Correct pwm, gpio, and i2c parent clocks on ES2.0 (bsc#1051510). - clk: renesas: rcar-gen2: Fix PLL0 on R-Car V2H and E2 (bsc#1051510). - clk: rockchip: Fix wrong parent for SDMMC phase clock for rk3228 (bsc#1051510). - clk: rockchip: Prevent calculating mmc phase if clock rate is zero (bsc#1051510). - clk: samsung: Fix m2m scaler clock on Exynos542x (bsc#1051510). - clk: samsung: exynos3250: Fix PLL rates (bsc#1051510). - clk: samsung: exynos5250: Add missing clocks for FIMC LITE SYSMMU devices (bsc#1051510). - clk: samsung: exynos5250: Fix PLL rates (bsc#1051510). - clk: samsung: exynos5260: Fix PLL rates (bsc#1051510). - clk: samsung: exynos5433: Fix PLL rates (bsc#1051510). - clk: samsung: exynos7: Fix PLL rates (bsc#1051510). - clk: samsung: s3c2410: Fix PLL rates (bsc#1051510). - clk: scpi: error when clock fails to register (bsc#1051510). - clk: scpi: fix return type of __scpi_dvfs_round_rate (bsc#1051510). - clk: si5351: Rename internal plls to avoid name collisions (bsc#1051510). - clk: si5351: fix PLL reset (bsc#1051510). - clk: socfpga: Fix the smplsel on Arria10 and Stratix10 (bsc#1051510). - clk: sunxi-ng: Fix fractional mode for N-M clocks (bsc#1051510). - clk: sunxi-ng: Make fractional helper less chatty (bsc#1051510). - clk: sunxi-ng: Wait for lock when using fractional mode (bsc#1051510). - clk: sunxi-ng: a31: Fix CLK_OUT_* clock ops (bsc#1051510). - clk: sunxi-ng: add CLK_SET_RATE_PARENT flag to H3 GPU clock (bsc#1051510). - clk: sunxi-ng: add CLK_SET_RATE_UNGATE to all H3 PLLs (bsc#1051510). - clk: sunxi-ng: allow set parent clock (PLL_CPUX) for CPUX clock on H3 (bsc#1051510). - clk: sunxi-ng: h3: gate then ungate PLL CPU clk after rate change (bsc#1051510). - clk: sunxi-ng: multiplier: Fix fractional mode (bsc#1051510). - clk: sunxi-ng: nm: Check if requested rate is supported by fractional clock (bsc#1051510). - clk: sunxi-ng: sun5i: Fix bit offset of audio PLL post-divider (bsc#1051510). - clk: sunxi-ng: sun6i: Export video PLLs (bsc#1051510). - clk: sunxi-ng: sun6i: Rename HDMI DDC clock to avoid name collision (bsc#1051510). - clk: sunxi: fix build warning (bsc#1051510). - clk: sunxi: fix uninitialized access (bsc#1051510). - clk: tegra: Fix cclk_lp divisor register (bsc#1051510). - clk: tegra: Fix pll_u rate configuration (bsc#1051510). - clk: tegra: Use readl_relaxed_poll_timeout_atomic() in tegra210_clock_init() (bsc#1051510). - clk: ti: dra7-atl-clock: fix child-node lookups (bsc#1051510). - clk: uniphier: fix DAPLL2 clock rate of Pro5 (bsc#1051510). - clk: x86: Do not gate clocks enabled by the firmware (bsc#1051510). - clockevents/drivers/cs5535: Improve resilience to spurious interrupts (bsc#1051510). - clocksource/drivers/stm32: Fix kernel panic with multiple timers (bsc#1051510). - cnic: Fix an error handling path in 'cnic_alloc_bnx2x_resc()' (bsc#1086324). - cnic: Fix an error handling path in 'cnic_alloc_bnx2x_resc()' (bsc#1086324). - cpufreq: CPPC: Initialize shared perf capabilities of CPUs (bsc#1100884). - cpufreq: Fix new policy initialization during limits updates via sysfs (bsc#1100884). - cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path (bsc#1100884). - cpufreq: docs: Add missing cpuinfo_cur_freq description (bsc#1051510). - cpufreq: docs: Drop intel-pstate.txt from index.txt (bsc#1051510). - cpufreq: governors: Fix long idle detection logic in load calculation (bsc#1100884). - cpufreq: powernv: Fix hardlockup due to synchronous smp_call in timer interrupt (bsc#1100884). - cpuidle: powernv: Fix promotion from snooze if next state disabled (bsc#1100884). - crash_dump: is_kdump_kernel can be boolean (bsc#1103230). - crypto: caam/qi - explicitly set dma_ops (bsc#1051510). - crypto: ccp - remove unused variable qim (bsc#1051510). - crypto: change transient busy return code to -ENOSPC (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Add authenc versions of ctr and sha (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Check error code with IS_ERR macro (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Fix IV updated in XTS operation (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Fix Indentation (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Fix an error code in chcr_hash_dma_map() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Fix indentation warning (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Fix iv passed in fallback path for rfc3686 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Fix src buffer dma length (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Make function aead_ccm_validate_input static (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Move DMA un/mapping to chcr from lld cxgb4 driver (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Remove allocation of sg list to implement 2K limit of dsgl header (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Remove dst sg size zero check (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Remove unused parameter (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Update IV before sending request to HW (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Use kernel round function to align lengths (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Use x8_ble gf multiplication to calculate IV (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - check for sg null (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - do not leak pointers to authenc keys (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak (bsc#1051510). - crypto: crypto4xx - remove bad list_del (bsc#1051510). - crypto: gf128mul - The x8_ble multiplication functions (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: sha512-mb - add some missing unlock on error (bsc#1051510). - cxgb4/cxgb4vf: Notify link changes to OS-dependent code (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4/cxgb4vf: add support for ndo_set_vf_vlan (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4/cxgb4vf: check fw caps to set link mode mask (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4/cxgb4vf: link management changes for new SFP (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Add FORCE_PAUSE bit to 32 bit port caps (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Add HMA support (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Add TP Congestion map entry for single-port (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Add new T5 device id (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Add new T6 device ids (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Add support for ethtool i2c dump (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Add support to initialise/read SRQ entries (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Add support to query HW SRQ parameters (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Adds CPL support for Shared Receive Queues (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Check alignment constraint for T6 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Check for kvzalloc allocation failure (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Fix error handling path in 'init_one()' (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Fix queue free path of ULD drivers (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Fix {vxlan/geneve}_port initialization (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: IPv6 filter takes 2 tids (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Setup FW queues before registering netdev (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Support firmware rdma write completion work request (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Support firmware rdma write with immediate work request (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: add new T5 device id's (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: avoid schedule while atomic (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: change the port capability bits definition (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: clean up init_one (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: collect SGE PF/VF queue map (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: collect hardware dump in second kernel (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: copy adap index to PF0-3 adapter instances (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: copy mbox log size to PF0-3 adap instances (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: copy the length of cpl_tx_pkt_core to fw_wr (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: copy vlan_id in ndo_get_vf_config (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: depend on firmware event for link status (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: do L1 config when module is inserted (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: do not display 50Gbps as unsupported speed (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: do not fail vf instatiation in slave mode (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: do not set needs_free_netdev for mgmt dev's (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: enable ZLib_DEFLATE when building cxgb4 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: enable inner header checksum calculation (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: fix the wrong conversion of Mbps to Kbps (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: free up resources of pf 0-3 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: increase max tx rate limit to 100 Gbps (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: notify fatal error to uld drivers (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: remove dead code when allocating filter (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: restructure VF mgmt code (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: rework on-chip memory read (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: support new ISSI flash parts (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: update LE-TCAM collection for T6 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: update dump collection logic to use compression (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: update latest firmware version supported (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: update latest firmware version supported (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: use CLIP with LIP6 on T6 for TCAM filters (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: use zlib deflate to compress firmware dump (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: zero the HMA memory (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4vf: Forcefully link up virtual interfaces (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4vf: display pause settings (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgbit: call neigh_event_send() to update MAC address (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - dccp: do not free ccid2_hc_tx_sock struct in dccp_disconnect() (networking-stable-18_06_08). - device property: Allow iterating over available child fwnodes (bsc#1098633). - device property: Introduce fwnode_call_bool_op() for ops that return bool (bsc#1098633). - device property: Introduce fwnode_device_is_available() (bsc#1098633). - device property: Introduce fwnode_get_mac_address() (bsc#1098633). - device property: Introduce fwnode_get_phy_mode() (bsc#1098633). - device property: Introduce fwnode_irq_get() (bsc#1098633). - device property: Move FW type specific functionality to FW specific files (bsc#1098633). - device property: Move fwnode graph ops to firmware specific locations (bsc#1098633). - device property: preserve usecount for node passed to of_fwnode_graph_get_port_parent() (bsc#1098633). - dmaengine: fsl-edma: disable clks on all error paths (bsc#1051510). - dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() (bsc#1051510). - dmaengine: mv_xor_v2: Fix clock resource by adding a register clock (bsc#1051510). - dmaengine: omap-dma: port_window support correction for both direction (bsc#1051510). - dmaengine: pl330: fix a race condition in case of threaded irqs (bsc#1051510). - dmaengine: pl330: report BURST residue granularity (bsc#1051510). - dmaengine: qcom: bam_dma: get num-channels and num-ees from dt (bsc#1051510). - dmaengine: qcom_hidma: check pending interrupts (bsc#1051510). - dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue() (bsc#1051510). - dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 (bsc#1051510). - dmaengine: tegra-apb: Really fix runtime-pm usage (bsc#1051510). - dmaengine: tegra210-adma: fix of_irq_get() error check (bsc#1051510). - dmaengine: xilinx_dma: Fix error code format specifier (bsc#1051510). - dmaengine: zynqmp_dma: Fix race condition in the probe (bsc#1051510). - doc: Rename .system_keyring to .builtin_trusted_keys (bsc#1051510). - doc: SKB_GSO_[IPIP|SIT] have been replaced (bsc#1051510). - docs-rst: fix broken links to dynamic-debug-howto in kernel-parameters (bsc#1051510). - docs: segmentation-offloads.txt: Fix ref to SKB_GSO_TUNNEL_REMCSUM (bsc#1051510). - docu: admin-guide: intel_pstate: Fix sysfs path (bsc#1051510). - dp83640: Ensure against premature access to PHY registers after reset (bsc#1051510). - drbd: fix access after free (bsc#1051510). - driver core: Fix link to device power management documentation (bsc#1051510). - driver core: Partially revert 'driver core: correct device's shutdown order' (bsc#1051510). - drivers/firmware: psci_checker: Add missing destroy_timer_on_stack() (bsc#1051510). - drivers/net/ethernet/qlogic/qed: Fix __qed_spq_block() ordering (bsc#1086314 bsc#1086313 bsc#1086301). - drivers/net/ethernet/qlogic/qed: Fix __qed_spq_block() ordering (bsc#1086314 bsc#1086313 bsc#1086301). - drivers: net: i40evf: use setup_timer() helper (bsc#1101816). - drivers: net: i40evf: use setup_timer() helper (bsc#1101816). - drm/bridge/sii8620: fix potential buffer overflow (bsc#1051510). - drm/exynos: Fix dma-buf import (bsc#1051510). - drm/i915/dp: Send DPCD ON for MST before phy_up (bsc#1051510). - drm/i915: Fix hotplug irq ack on i965/g4x (bsc#1051510). - drm/i915: Only call tasklet_kill() on the first prepare_reset (bsc#1051510). - drm/nouveau/drm/nouveau: Fix runtime pm leak in nv50_disp_atomic_commit() (bsc#1090888). - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (bsc#1051510). - drm/nouveau: Avoid looping through fake MST connectors (bsc#1051510). - drm/nouveau: Use drm_connector_list_iter_* for iterating connectors (bsc#1051510). - drm/rockchip: Fix build warning in analogix_dp-rockchip.c (bsc#1085536). - drm/rockchip: analogix_dp: Remove unnecessary init code (bsc#1085536). - drm/rockchip: dw_hdmi: Move HDMI vpll clock enable to bind() (bsc#1087092). - drm/rockchip: inno_hdmi: Fix error handling path (bsc#1087092). - drm/rockchip: inno_hdmi: reorder clk_disable_unprepare call in unbind (bsc#1087092). - drm/tegra: Acquire a reference to the IOVA cache (bsc#1090888). - drm/udl: fix display corruption of the last line (bsc#1101337). - drm: Use kvzalloc for allocating blob property memory (bsc#1101352). - drm: mali-dp: Uninitialized variable in malidp_se_check_scaling() (bsc#1087092). - drm: rcar-du: Remove zpos field from rcar_du_vsp_plane_state structure (bsc#1085539). - drm: rcar-du: lvds: Fix LVDCR1 for R-Car gen3 (bsc#1085539). - dvb_frontend: do not use-after-free the frontend struct (bsc#1051510). - efi/efi_test: Prevent an Oops in efi_runtime_query_capsulecaps() (bsc#1051510). - enic: do not overwrite error code (bsc#1037697). - enic: enable rq before updating rq descriptors (bsc#1037697). - enic: set DMA mask to 47 bit (networking-stable-18_06_08). - ethtool: add ethtool_intersect_link_masks (bsc#1101816). - ethtool: add ethtool_intersect_link_masks (bsc#1101816). - firewire: net: max MTU off by one (bsc#1051510). - firmware: arm_scpi: fix endianness of dev_id in struct dev_pstate_set (bsc#1051510). - firmware: dmi: Optimize dmi_matches (bsc#1051510). - firmware: tegra: Fix locking bugs in BpmP (bsc#1051510). - fix kabi due to perf_event.h uapi field change (). - fm10k: Fix configuration for macvlan offload (bsc#1101813). - fm10k: Fix configuration for macvlan offload (bsc#1101813). - fm10k: Fix misuse of net_ratelimit() (bsc#1101813). - fm10k: Fix misuse of net_ratelimit() (bsc#1101813). - fm10k: Use seq_putc() in fm10k_dbg_desc_break() (bsc#1101813). - fm10k: Use seq_putc() in fm10k_dbg_desc_break() (bsc#1101813). - fm10k: add missing fall through comment (bsc#1101813). - fm10k: add missing fall through comment (bsc#1101813). - fm10k: avoid divide by zero in rare cases when device is resetting (bsc#1101813). - fm10k: avoid divide by zero in rare cases when device is resetting (bsc#1101813). - fm10k: avoid needless delay when loading driver (bsc#1101813). - fm10k: avoid needless delay when loading driver (bsc#1101813). - fm10k: avoid possible truncation of q_vector->name (bsc#1101813). - fm10k: avoid possible truncation of q_vector->name (bsc#1101813). - fm10k: bump version number (bsc#1101813). - fm10k: bump version number (bsc#1101813). - fm10k: bump version number (bsc#1101813). - fm10k: bump version number (bsc#1101813). - fm10k: clarify action when updating the VLAN table (bsc#1101813). - fm10k: clarify action when updating the VLAN table (bsc#1101813). - fm10k: cleanup unnecessary parenthesis in fm10k_iov.c (bsc#1101813). - fm10k: cleanup unnecessary parenthesis in fm10k_iov.c (bsc#1101813). - fm10k: correct typo in fm10k_pf.c (bsc#1101813). - fm10k: correct typo in fm10k_pf.c (bsc#1101813). - fm10k: do not assume VLAN 1 is enabled (bsc#1101813). - fm10k: do not assume VLAN 1 is enabled (bsc#1101813). - fm10k: do not loop while resetting VFs due to VFLR event (bsc#1101813). - fm10k: do not loop while resetting VFs due to VFLR event (bsc#1101813). - fm10k: do not protect fm10k_queue_mac_request by fm10k_host_mbx_ready (bsc#1101813). - fm10k: do not protect fm10k_queue_mac_request by fm10k_host_mbx_ready (bsc#1101813). - fm10k: fix 'failed to kill vid' message for VF (bsc#1101813). - fm10k: fix 'failed to kill vid' message for VF (bsc#1101813). - fm10k: fix function doxygen comments (bsc#1101813). - fm10k: fix function doxygen comments (bsc#1101813). - fm10k: fix incorrect warning for function prototype (bsc#1101813). - fm10k: fix incorrect warning for function prototype (bsc#1101813). - fm10k: fix typos on fall through comments (bsc#1101813). - fm10k: fix typos on fall through comments (bsc#1101813). - fm10k: introduce a message queue for MAC/VLAN messages (bsc#1101813). - fm10k: introduce a message queue for MAC/VLAN messages (bsc#1101813). - fm10k: mark pm functions as __maybe_unused (bsc#1101813). - fm10k: mark pm functions as __maybe_unused (bsc#1101813). - fm10k: move fm10k_prepare_for_reset and fm10k_handle_reset (bsc#1101813). - fm10k: move fm10k_prepare_for_reset and fm10k_handle_reset (bsc#1101813). - fm10k: prefer %s and __func__ for diagnostic prints (bsc#1101813). - fm10k: prefer %s and __func__ for diagnostic prints (bsc#1101813). - fm10k: prepare_for_reset() when we lose pcie Link (bsc#1101813). - fm10k: prepare_for_reset() when we lose pcie Link (bsc#1101813). - fm10k: prevent race condition of __FM10K_SERVICE_SCHED (bsc#1101813). - fm10k: prevent race condition of __FM10K_SERVICE_SCHED (bsc#1101813). - fm10k: reduce duplicate fm10k_stat macro code (bsc#1101813). - fm10k: reduce duplicate fm10k_stat macro code (bsc#1101813). - fm10k: reschedule service event if we stall the PF<->SM mailbox (bsc#1101813). - fm10k: reschedule service event if we stall the PF->SM mailbox (bsc#1101813). - fm10k: setup VLANs for l2 accelerated macvlan interfaces (bsc#1101813). - fm10k: setup VLANs for l2 accelerated macvlan interfaces (bsc#1101813). - fm10k: simplify reading PFVFLRE register (bsc#1101813). - fm10k: simplify reading PFVFLRE register (bsc#1101813). - fm10k: stop adding VLAN 0 to the VLAN table (bsc#1101813). - fm10k: stop adding VLAN 0 to the VLAN table (bsc#1101813). - fm10k: stop spurious link down messages when Tx FIFO is full (bsc#1101813). - fm10k: stop spurious link down messages when Tx FIFO is full (bsc#1101813). - fm10k: use generic pm hooks instead of legacy pcie power hooks (bsc#1101813). - fm10k: use generic pm hooks instead of legacy pcie power hooks (bsc#1101813). - fm10k: use macro to avoid passing the array and size separately (bsc#1101813). - fm10k: use macro to avoid passing the array and size separately (bsc#1101813). - fm10k: use spinlock to implement mailbox lock (bsc#1101813). - fm10k: use spinlock to implement mailbox lock (bsc#1101813). - fm10k: use the MAC/VLAN queue for VF<->PF MAC/VLAN requests (bsc#1101813). - fm10k: use the MAC/VLAN queue for VF->PF MAC/VLAN requests (bsc#1101813). - fm10k: use variadic arguments to fm10k_add_stat_strings (bsc#1101813). - fm10k: use variadic arguments to fm10k_add_stat_strings (bsc#1101813). - fm10k: warn if the stat size is unknown (bsc#1101813). - fm10k: warn if the stat size is unknown (bsc#1101813). - fsi: core: register with postcore_initcall (bsc#1051510). - fuse: Remove the buggy retranslation of pids in fuse_dev_do_read (bsc#1051510). - fuse: atomic_o_trunc should truncate pagecache (bsc#1051510). - fuse: do not keep dead fuse_conn at fuse_fill_super() (bsc#1051510). - fuse: fix congested state leak on aborted connections (bsc#1051510). - fuse: fix control dir setup and teardown (bsc#1051510). - gpio: acpi: work around false-positive -Wstring-overflow warning (bsc#1051510). - gpio: brcmstb: allow all instances to be wakeup sources (bsc#1051510). - gpio: brcmstb: check return value of gpiochip_irqchip_add() (bsc#1051510). - gpio: brcmstb: correct the configuration of level interrupts (bsc#1051510). - gpio: brcmstb: release the bgpio lock during irq handlers (bsc#1051510). - gpio: brcmstb: switch to handle_level_irq flow (bsc#1051510). - gpio: pca953x: fix vendor prefix for PCA9654 (bsc#1051510). - gpio: reject invalid gpio before getting gpio_desc (bsc#1051510). - gpio: tegra: fix unbalanced chained_irq_enter/exit (bsc#1051510). - gpu: host1x: Acquire a reference to the IOVA cache (bsc#1090888). - hwmon: (aspeed-pwm) add THERMAL dependency (bsc#1051510). - hwmon: (ftsteutates) Fix clearing alarm sysfs entries (bsc#1051510). - hwmon: (ltc2990) Fix incorrect conversion of negative temperatures (bsc#1051510). - hwmon: (nct6683) Enable EC access if disabled at boot (bsc#1051510). - hwmon: (stts751) buffer overrun on wrong chip configuration (bsc#1051510). - hwmon: (tmp102) Fix first temperature reading (bsc#1051510). - hwmon: Deal with errors from the thermal subsystem (bsc#1051510). - hwrng: stm32 - add reset during probe (bsc#1051510). - i2c: axxia: enable clock before calling clk_get_rate() (bsc#1051510). - i2c: designware: Round down ACPI provided clk to nearest supported clk (bsc#1051510). - i2c: mux: pinctrl: mention correct module name in Kconfig help text (bsc#1051510). - i2c: tegra: Fix NACK error handling (bsc#1051510). - i40e/i40evf: Add support for new mechanism of updating adaptive ITR (bsc#1101816). - i40e/i40evf: Add support for new mechanism of updating adaptive ITR (bsc#1101816). - i40e/i40evf: Bump driver versions (bsc#1101816). - i40e/i40evf: Bump driver versions (bsc#1101816). - i40e/i40evf: Clean up logic for adaptive ITR (bsc#1101816). - i40e/i40evf: Clean up logic for adaptive ITR (bsc#1101816). - i40e/i40evf: Clean-up of bits related to using q_vector->reg_idx (bsc#1101816). - i40e/i40evf: Clean-up of bits related to using q_vector->reg_idx (bsc#1101816). - i40e/i40evf: Detect and recover hung queue scenario (bsc#1101816). - i40e/i40evf: Detect and recover hung queue scenario (bsc#1101816). - i40e/i40evf: Do not bother setting the CLEARPBA bit (bsc#1101816). - i40e/i40evf: Do not bother setting the CLEARPBA bit (bsc#1101816). - i40e/i40evf: Enable NVMUpdate to retrieve AdminQ and add preservation flags for NVM update (bsc#1101816). - i40e/i40evf: Enable NVMUpdate to retrieve AdminQ and add preservation flags for NVM update (bsc#1101816). - i40e/i40evf: Only track one ITR setting per ring instead of Tx/Rx (bsc#1101816). - i40e/i40evf: Only track one ITR setting per ring instead of Tx/Rx (bsc#1101816). - i40e/i40evf: Record ITR register location in the q_vector (bsc#1101816). - i40e/i40evf: Record ITR register location in the q_vector (bsc#1101816). - i40e/i40evf: Split container ITR into current_itr and target_itr (bsc#1101816). - i40e/i40evf: Split container ITR into current_itr and target_itr (bsc#1101816). - i40e/i40evf: Update DESC_NEEDED value to reflect larger value (bsc#1101816). - i40e/i40evf: Update DESC_NEEDED value to reflect larger value (bsc#1101816). - i40e/i40evf: Use ring pointers to clean up _set_itr_per_queue (bsc#1101816). - i40e/i40evf: Use ring pointers to clean up _set_itr_per_queue (bsc#1101816). - i40e/i40evf: Use usec value instead of reg value for ITR defines (bsc#1101816). - i40e/i40evf: Use usec value instead of reg value for ITR defines (bsc#1101816). - i40e/i40evf: always set the CLEARPBA flag when re-enabling interrupts (bsc#1101816). - i40e/i40evf: always set the CLEARPBA flag when re-enabling interrupts (bsc#1101816). - i40e/i40evf: bundle more descriptors when allocating buffers (bsc#1101816). - i40e/i40evf: bundle more descriptors when allocating buffers (bsc#1101816). - i40e/i40evf: cleanup incorrect function doxygen comments (bsc#1101816). - i40e/i40evf: cleanup incorrect function doxygen comments (bsc#1101816). - i40e/i40evf: do not trust VF to reset itself (bsc#1101816). - i40e/i40evf: do not trust VF to reset itself (bsc#1101816). - i40e/i40evf: fix incorrect default ITR values on driver load (bsc#1101816). - i40e/i40evf: fix incorrect default ITR values on driver load (bsc#1101816). - i40e/i40evf: organize and re-number feature flags (bsc#1101816). - i40e/i40evf: organize and re-number feature flags (bsc#1101816). - i40e/i40evf: rename bytes_per_int to bytes_per_usec (bsc#1101816). - i40e/i40evf: rename bytes_per_int to bytes_per_usec (bsc#1101816). - i40e/i40evf: use DECLARE_BITMAP for state (bsc#1101816). - i40e/i40evf: use DECLARE_BITMAP for state (bsc#1101816). - i40e/i40evf: use SW variables for hang detection (bsc#1101816). - i40e/i40evf: use SW variables for hang detection (bsc#1101816). - i40e/virtchnl: fix application of sizeof to pointer (bsc#1101816). - i40e/virtchnl: fix application of sizeof to pointer (bsc#1101816). - i40e: Add advertising 10G LR mode (bsc#1101816). - i40e: Add advertising 10G LR mode (bsc#1101816). - i40e: Add delay after EMP reset for firmware to recover (bsc#1101816). - i40e: Add delay after EMP reset for firmware to recover (bsc#1101816). - i40e: Add infrastructure for queue channel support (bsc#1101816). - i40e: Add infrastructure for queue channel support (bsc#1101816). - i40e: Add macro for PF reset bit (bsc#1101816). - i40e: Add macro for PF reset bit (bsc#1101816). - i40e: Add new PHY types for 25G AOC and ACC support (bsc#1101816). - i40e: Add new PHY types for 25G AOC and ACC support (bsc#1101816). - i40e: Add returning AQ critical error to SW (bsc#1101816). - i40e: Add returning AQ critical error to SW (bsc#1101816). - i40e: Add support for 'ethtool -m' (bsc#1101816). - i40e: Add support for 'ethtool -m' (bsc#1101816). - i40e: Cleanup i40e_vlan_rx_register (bsc#1101816). - i40e: Cleanup i40e_vlan_rx_register (bsc#1101816). - i40e: Delete an error message for a failed memory allocation in i40e_init_interrupt_scheme() (bsc#1101816). - i40e: Delete an error message for a failed memory allocation in i40e_init_interrupt_scheme() (bsc#1101816). - i40e: Disable iWARP VSI PETCP_ENA flag on netdev down events (bsc#1101816). - i40e: Disable iWARP VSI PETCP_ENA flag on netdev down events (bsc#1101816). - i40e: Display error message if module does not meet thermal requirements (bsc#1101816). - i40e: Display error message if module does not meet thermal requirements (bsc#1101816). - i40e: Enable VF to negotiate number of allocated queues (bsc#1101816). - i40e: Enable VF to negotiate number of allocated queues (bsc#1101816). - i40e: Fix FLR reset timeout issue (bsc#1101816). - i40e: Fix FLR reset timeout issue (bsc#1101816). - i40e: Fix a potential NULL pointer dereference (bsc#1101816). - i40e: Fix a potential NULL pointer dereference (bsc#1101816). - i40e: Fix for NUP NVM image downgrade failure (bsc#1101816). - i40e: Fix for NUP NVM image downgrade failure (bsc#1101816). - i40e: Fix for adding multiple ethtool filters on the same location (bsc#1101816). - i40e: Fix for adding multiple ethtool filters on the same location (bsc#1101816). - i40e: Fix for blinking activity instead of link LEDs (bsc#1101816). - i40e: Fix for blinking activity instead of link LEDs (bsc#1101816). - i40e: Fix kdump failure (bsc#1101816). - i40e: Fix kdump failure (bsc#1101816). - i40e: Fix link down message when interface is brought up (bsc#1101816). - i40e: Fix link down message when interface is brought up (bsc#1101816). - i40e: Fix multiple issues with UDP tunnel offload filter configuration (bsc#1101816). - i40e: Fix multiple issues with UDP tunnel offload filter configuration (bsc#1101816). - i40e: Fix permission check for VF MAC filters (bsc#1101816). - i40e: Fix permission check for VF MAC filters (bsc#1101816). - i40e: Fix recalculation of MSI-X vectors for VMDq (bsc#1101816). - i40e: Fix recalculation of MSI-X vectors for VMDq (bsc#1101816). - i40e: Fix reporting of supported link modes (bsc#1101816). - i40e: Fix reporting of supported link modes (bsc#1101816). - i40e: Fix the polling mechanism of GLGEN_RSTAT.DEVSTATE (bsc#1101816). - i40e: Fix the polling mechanism of GLGEN_RSTAT.DEVSTATE (bsc#1101816). - i40e: Fix unqualified module message while bringing link up (bsc#1101816). - i40e: Fix unqualified module message while bringing link up (bsc#1101816). - i40e: Prevent setting link speed on I40E_DEV_ID_25G_B (bsc#1101816). - i40e: Prevent setting link speed on I40E_DEV_ID_25G_B (bsc#1101816). - i40e: Prevent setting link speed on KX_X722 (bsc#1101816). - i40e: Prevent setting link speed on KX_X722 (bsc#1101816). - i40e: Properly maintain flow director filters list (bsc#1101816). - i40e: Properly maintain flow director filters list (bsc#1101816). - i40e: Remove limit of 64 max queues per channel (bsc#1101816). - i40e: Remove limit of 64 max queues per channel (bsc#1101816). - i40e: Retry AQC GetPhyAbilities to overcome I2CRead hangs (bsc#1101816). - i40e: Retry AQC GetPhyAbilities to overcome I2CRead hangs (bsc#1101816). - i40e: Stop dropping 802.1ad tags - eth proto 0x88a8 (bsc#1101816). - i40e: Stop dropping 802.1ad tags - eth proto 0x88a8 (bsc#1101816). - i40e: add check for return from find_first_bit call (bsc#1101816). - i40e: add check for return from find_first_bit call (bsc#1101816). - i40e: add doxygen comment for new mode parameter (bsc#1101816). - i40e: add doxygen comment for new mode parameter (bsc#1101816). - i40e: add function doc headers for ethtool stats functions (bsc#1101816). - i40e: add function doc headers for ethtool stats functions (bsc#1101816). - i40e: add function header for i40e_get_rxfh (bsc#1101816). - i40e: add function header for i40e_get_rxfh (bsc#1101816). - i40e: add helper conversion function for link_speed (bsc#1101816). - i40e: add helper conversion function for link_speed (bsc#1101816). - i40e: add tx_busy to ethtool stats (bsc#1101816). - i40e: add tx_busy to ethtool stats (bsc#1101816). - i40e: allow XPS with QoS enabled (bsc#1101816). - i40e: allow XPS with QoS enabled (bsc#1101816). - i40e: always return VEB stat strings (bsc#1101816). - i40e: always return VEB stat strings (bsc#1101816). - i40e: always return all queue stat strings (bsc#1101816). - i40e: always return all queue stat strings (bsc#1101816). - i40e: avoid divide by zero (bsc#1101816). - i40e: avoid divide by zero (bsc#1101816). - i40e: avoid overflow in i40e_ptp_adjfreq() (bsc#1101816). - i40e: avoid overflow in i40e_ptp_adjfreq() (bsc#1101816). - i40e: broadcast filters can trigger overflow promiscuous (bsc#1101816). - i40e: broadcast filters can trigger overflow promiscuous (bsc#1101816). - i40e: calculate ethtool stats size in a separate function (bsc#1101816). - i40e: calculate ethtool stats size in a separate function (bsc#1101816). - i40e: change flags to use 64 bits (bsc#1101816). - i40e: change flags to use 64 bits (bsc#1101816). - i40e: change ppp name to ddp (bsc#1101816). - i40e: change ppp name to ddp (bsc#1101816). - i40e: check for invalid DCB config (bsc#1101816). - i40e: check for invalid DCB config (bsc#1101816). - i40e: cleanup unnecessary parens (bsc#1101816). - i40e: cleanup unnecessary parens (bsc#1101816). - i40e: cleanup whitespace for some ethtool stat definitions (bsc#1101816). - i40e: cleanup whitespace for some ethtool stat definitions (bsc#1101816). - i40e: cleanup wording in a header comment (bsc#1101816). - i40e: cleanup wording in a header comment (bsc#1101816). - i40e: convert i40e_get_settings_link_up to new API (bsc#1101816). - i40e: convert i40e_get_settings_link_up to new API (bsc#1101816). - i40e: convert i40e_phy_type_to_ethtool to new API (bsc#1101816). - i40e: convert i40e_phy_type_to_ethtool to new API (bsc#1101816). - i40e: convert i40e_set_link_ksettings to new API (bsc#1101816). - i40e: convert i40e_set_link_ksettings to new API (bsc#1101816). - i40e: disallow programming multiple filters with same criteria (bsc#1101816). - i40e: disallow programming multiple filters with same criteria (bsc#1101816). - i40e: display priority_xon and priority_xoff stats (bsc#1101816). - i40e: display priority_xon and priority_xoff stats (bsc#1101816). - i40e: do not clear suspended state until we finish resuming (bsc#1101816). - i40e: do not clear suspended state until we finish resuming (bsc#1101816). - i40e: do not enter PHY debug mode while setting LEDs behaviour (bsc#1101816). - i40e: do not enter PHY debug mode while setting LEDs behaviour (bsc#1101816). - i40e: do not force filter failure in overflow promiscuous (bsc#1101816). - i40e: do not force filter failure in overflow promiscuous (bsc#1101816). - i40e: do not hold spinlock while resetting VF (bsc#1101816). - i40e: do not hold spinlock while resetting VF (bsc#1101816). - i40e: do not leak memory addresses (bsc#1101816). - i40e: do not leak memory addresses (bsc#1101816). - i40e: drop i40e_pf *pf from i40e_vc_disable_vf() (bsc#1101816). - i40e: drop i40e_pf *pf from i40e_vc_disable_vf() (bsc#1101816). - i40e: ensure reset occurs when disabling VF (bsc#1101816). - i40e: ensure reset occurs when disabling VF (bsc#1101816). - i40e: factor out re-enable functions for ATR and SB (bsc#1101816). - i40e: factor out re-enable functions for ATR and SB (bsc#1101816). - i40e: fix a typo (bsc#1101816). - i40e: fix a typo (bsc#1101816). - i40e: fix a typo in i40e_pf documentation (bsc#1101816). - i40e: fix a typo in i40e_pf documentation (bsc#1101816). - i40e: fix clearing link masks in i40e_get_link_ksettings (bsc#1101816). - i40e: fix clearing link masks in i40e_get_link_ksettings (bsc#1101816). - i40e: fix comment typo (bsc#1101816). - i40e: fix comment typo (bsc#1101816). - i40e: fix flags declaration (bsc#1101816). - i40e: fix flags declaration (bsc#1101816). - i40e: fix for flow director counters not wrapping as expected (bsc#1101816). - i40e: fix for flow director counters not wrapping as expected (bsc#1101816). - i40e: fix for wrong partition id calculation on OCP mezz cards (bsc#1101816). - i40e: fix for wrong partition id calculation on OCP mezz cards (bsc#1101816). - i40e: fix handling of vf_states variable (bsc#1101816). - i40e: fix handling of vf_states variable (bsc#1101816). - i40e: fix i40e_phy_type_to_ethtool function header (bsc#1101816). - i40e: fix i40e_phy_type_to_ethtool function header (bsc#1101816). - i40e: fix incorrect register definition (bsc#1101816). - i40e: fix incorrect register definition (bsc#1101816). - i40e: fix link reporting (bsc#1101816). - i40e: fix link reporting (bsc#1101816). - i40e: fix merge error (bsc#1101816). - i40e: fix merge error (bsc#1101816). - i40e: fix reading LLDP configuration (bsc#1101816). - i40e: fix reading LLDP configuration (bsc#1101816). - i40e: fix typo in function description (bsc#1101816). - i40e: fix typo in function description (bsc#1101816). - i40e: fix whitespace issues in i40e_ethtool.c (bsc#1101816). - i40e: fix whitespace issues in i40e_ethtool.c (bsc#1101816). - i40e: fold prefix strings directly into stat names (bsc#1101816). - i40e: fold prefix strings directly into stat names (bsc#1101816). - i40e: free skb after clearing lock in ptp_stop (bsc#1101816). - i40e: free skb after clearing lock in ptp_stop (bsc#1101816). - i40e: free the skb after clearing the bitlock (bsc#1101816). - i40e: free the skb after clearing the bitlock (bsc#1101816). - i40e: group autoneg PHY types together (bsc#1101816). - i40e: group autoneg PHY types together (bsc#1101816). - i40e: hold the RTNL lock while changing interrupt schemes (bsc#1101816). - i40e: hold the RTNL lock while changing interrupt schemes (bsc#1101816). - i40e: ignore skb->xmit_more when deciding to set RS bit (bsc#1101816). - i40e: ignore skb->xmit_more when deciding to set RS bit (bsc#1101816). - i40e: implement split pci error reset handler (bsc#1101816). - i40e: implement split pci error reset handler (bsc#1101816). - i40e: limit lan queue count in large CPU count machine (bsc#1101816). - i40e: limit lan queue count in large CPU count machine (bsc#1101816). - i40e: make const array patterns static, reduces object code size (bsc#1101816). - i40e: make const array patterns static, reduces object code size (bsc#1101816). - i40e: make i40evf_map_rings_to_vectors void (bsc#1101816). - i40e: make i40evf_map_rings_to_vectors void (bsc#1101816). - i40e: make use of i40e_vc_disable_vf (bsc#1101816). - i40e: make use of i40e_vc_disable_vf (bsc#1101816). - i40e: mark pm functions as __maybe_unused (bsc#1101816). - i40e: mark pm functions as __maybe_unused (bsc#1101816). - i40e: move AUTO_DISABLED flags into the state field (bsc#1101816). - i40e: move AUTO_DISABLED flags into the state field (bsc#1101816). - i40e: move I40E_FLAG_FILTER_SYNC to a state bit (bsc#1101816). - i40e: move I40E_FLAG_FILTER_SYNC to a state bit (bsc#1101816). - i40e: move I40E_FLAG_TEMP_LINK_POLLING to state field (bsc#1101816). - i40e: move I40E_FLAG_TEMP_LINK_POLLING to state field (bsc#1101816). - i40e: move I40E_FLAG_UDP_FILTER_SYNC to the state field (bsc#1101816). - i40e: move I40E_FLAG_UDP_FILTER_SYNC to the state field (bsc#1101816). - i40e: move client flags into state bits (bsc#1101816). - i40e: move client flags into state bits (bsc#1101816). - i40e: prevent service task from running while we're suspended (bsc#1101816). - i40e: prevent service task from running while we're suspended (bsc#1101816). - i40e: re-enable PTP L4 capabilities for XL710 if FW >6.0 (bsc#1101816). - i40e: re-enable PTP L4 capabilities for XL710 if FW >6.0 (bsc#1101816). - i40e: re-number feature flags to remove gaps (bsc#1101816). - i40e: re-number feature flags to remove gaps (bsc#1101816). - i40e: redfine I40E_PHY_TYPE_MAX (bsc#1101816). - i40e: redfine I40E_PHY_TYPE_MAX (bsc#1101816). - i40e: reduce lrxqthresh from 2 to 1 (bsc#1101816). - i40e: reduce lrxqthresh from 2 to 1 (bsc#1101816). - i40e: refactor FW version checking (bsc#1101816). - i40e: refactor FW version checking (bsc#1101816). - i40e: refactor promisc_changed in i40e_sync_vsi_filters (bsc#1101816). - i40e: refactor promisc_changed in i40e_sync_vsi_filters (bsc#1101816). - i40e: relax warning message in case of version mismatch (bsc#1101816). - i40e: relax warning message in case of version mismatch (bsc#1101816). - i40e: remove duplicate pfc stats (bsc#1101816). - i40e: remove duplicate pfc stats (bsc#1101816). - i40e: remove i40e_fcoe files (bsc#1101816). - i40e: remove i40e_fcoe files (bsc#1101816). - i40e: remove ifdef SPEED_25000 (bsc#1101816). - i40e: remove ifdef SPEED_25000 (bsc#1101816). - i40e: remove logically dead code (bsc#1101816). - i40e: remove logically dead code (bsc#1101816). - i40e: remove redundant initialization of read_size (bsc#1101816). - i40e: remove redundant initialization of read_size (bsc#1101816). - i40e: rename 'change' variable to 'autoneg_changed' (bsc#1101816). - i40e: rename 'change' variable to 'autoneg_changed' (bsc#1101816). - i40e: rename 'cmd' variables in ethtool interface (bsc#1101816). - i40e: rename 'cmd' variables in ethtool interface (bsc#1101816). - i40e: restore TCPv4 input set when re-enabling ATR (bsc#1101816). - i40e: restore TCPv4 input set when re-enabling ATR (bsc#1101816). - i40e: restore promiscuous after reset (bsc#1101816). - i40e: restore promiscuous after reset (bsc#1101816). - i40e: shutdown all IRQs and disable MSI-X when suspended (bsc#1101816). - i40e: shutdown all IRQs and disable MSI-X when suspended (bsc#1101816). - i40e: simplify member variable accesses (bsc#1101816). - i40e: simplify member variable accesses (bsc#1101816). - i40e: split i40e_get_strings() into smaller functions (bsc#1101816). - i40e: split i40e_get_strings() into smaller functions (bsc#1101816). - i40e: stop using cmpxchg flow in i40e_set_priv_flags() (bsc#1101816). - i40e: stop using cmpxchg flow in i40e_set_priv_flags() (bsc#1101816). - i40e: track filter type statistics when deleting invalid filters (bsc#1101816). - i40e: track filter type statistics when deleting invalid filters (bsc#1101816). - i40e: track id can be 0 (bsc#1101816). - i40e: track id can be 0 (bsc#1101816). - i40e: update VFs of link state after GET_VF_RESOURCES (bsc#1101816). - i40e: update VFs of link state after GET_VF_RESOURCES (bsc#1101816). - i40e: update data pointer directly when copying to the buffer (bsc#1101816). - i40e: update data pointer directly when copying to the buffer (bsc#1101816). - i40e: use WARN_ONCE to replace the commented BUG_ON size check (bsc#1101816). - i40e: use WARN_ONCE to replace the commented BUG_ON size check (bsc#1101816). - i40e: use a local variable instead of calculating multiple times (bsc#1101816). - i40e: use a local variable instead of calculating multiple times (bsc#1101816). - i40e: use admin queue for setting LEDs behavior (bsc#1101816). - i40e: use admin queue for setting LEDs behavior (bsc#1101816). - i40e: use newer generic pm support instead of legacy pm callbacks (bsc#1101816). - i40e: use newer generic pm support instead of legacy pm callbacks (bsc#1101816). - i40e: use separate state bit for miscellaneous IRQ setup (bsc#1101816). - i40e: use separate state bit for miscellaneous IRQ setup (bsc#1101816). - i40e: use the more traditional 'i' loop variable (bsc#1101816). - i40e: use the more traditional 'i' loop variable (bsc#1101816). - i40evf: Allow turning off offloads when the VF has VLAN set (bsc#1101816). - i40evf: Allow turning off offloads when the VF has VLAN set (bsc#1101816). - i40evf: Clean-up flags for promisc mode to avoid high polling rate (bsc#1101816). - i40evf: Clean-up flags for promisc mode to avoid high polling rate (bsc#1101816). - i40evf: Correctly populate rxitr_idx and txitr_idx (bsc#1101816). - i40evf: Correctly populate rxitr_idx and txitr_idx (bsc#1101816). - i40evf: Do not clear MSI-X PBA manually (bsc#1101816). - i40evf: Do not clear MSI-X PBA manually (bsc#1101816). - i40evf: Drop i40evf_fire_sw_int as it is prone to races (bsc#1101816). - i40evf: Drop i40evf_fire_sw_int as it is prone to races (bsc#1101816). - i40evf: Enable VF to request an alternate queue allocation (bsc#1101816). - i40evf: Enable VF to request an alternate queue allocation (bsc#1101816). - i40evf: Fix a hardware reset support in VF driver (bsc#1101816). - i40evf: Fix a hardware reset support in VF driver (bsc#1101816). - i40evf: Fix double locking the same resource (bsc#1101816). - i40evf: Fix double locking the same resource (bsc#1101816). - i40evf: Fix link up issue when queues are disabled (bsc#1101816). - i40evf: Fix link up issue when queues are disabled (bsc#1101816). - i40evf: Fix turning TSO, GSO and GRO on after (bsc#1101816). - i40evf: Fix turning TSO, GSO and GRO on after (bsc#1101816). - i40evf: Make VF reset warning message more clear (bsc#1101816). - i40evf: Make VF reset warning message more clear (bsc#1101816). - i40evf: Replace GFP_ATOMIC with GFP_KERNEL in i40evf_add_vlan (bsc#1101816). - i40evf: Replace GFP_ATOMIC with GFP_KERNEL in i40evf_add_vlan (bsc#1101816). - i40evf: Use an iterator of the same type as the list (bsc#1101816). - i40evf: Use an iterator of the same type as the list (bsc#1101816). - i40evf: enable support for VF VLAN tag stripping control (bsc#1101816). - i40evf: enable support for VF VLAN tag stripping control (bsc#1101816). - i40evf: fix client notify of l2 params (bsc#1101816). - i40evf: fix client notify of l2 params (bsc#1101816). - i40evf: fix ring to vector mapping (bsc#1101816). - i40evf: fix ring to vector mapping (bsc#1101816). - i40evf: hold the critical task bit lock while opening (bsc#1101816). - i40evf: hold the critical task bit lock while opening (bsc#1101816). - i40evf: lower message level (bsc#1101816). - i40evf: lower message level (bsc#1101816). - i40evf: release bit locks in reverse order (bsc#1101816). - i40evf: release bit locks in reverse order (bsc#1101816). - i40evf: remove flags that are never used (bsc#1101816). - i40evf: remove flags that are never used (bsc#1101816). - i40evf: remove flush_scheduled_work call in i40evf_remove (bsc#1101816). - i40evf: remove flush_scheduled_work call in i40evf_remove (bsc#1101816). - i40evf: use GFP_ATOMIC under spin lock (bsc#1101816). - i40evf: use GFP_ATOMIC under spin lock (bsc#1101816). - i40evf: use __dev_c_sync routines in .set_rx_mode (bsc#1101816). - i40evf: use __dev_c_sync routines in .set_rx_mode (bsc#1101816). - i40evf: use spinlock to protect (mac|vlan)_filter_list (bsc#1101816). - i40evf: use spinlock to protect (mac|vlan)_filter_list (bsc#1101816). - i40iw: Fix memory leak in error path of create QP (bsc#1058659). - i40iw: Fix memory leak in error path of create QP (bsc#1058659). - i40iw: Refactor of driver generated AEs (bsc#1058659). - i40iw: Refactor of driver generated AEs (bsc#1058659). - i40iw: Tear-down connection after CQP Modify QP failure (bsc#1058659). - i40iw: Tear-down connection after CQP Modify QP failure (bsc#1058659). - i40iw: Use correct address in dst_neigh_lookup for IPv6 (bsc#1058659). - i40iw: Use correct address in dst_neigh_lookup for IPv6 (bsc#1058659). - ib/core: Fix error code for invalid GID entry (bsc#1046306). - ib/core: Fix error code for invalid GID entry (bsc#1046306). - ib/core: Honor port_num while resolving GID for ib link layer (bsc#1046306). - ib/core: Honor port_num while resolving GID for ib link layer (bsc#1046306). - ib/core: Make ib_mad_client_id atomic (bsc#1046306). - ib/core: Make ib_mad_client_id atomic (bsc#1046306). - ib/core: Make testing MR flags for writability a static inline function (bsc#1046306). - ib/core: Make testing MR flags for writability a static inline function (bsc#1046306). - ib/core: Remove duplicate declaration of gid_cache_wq (bsc#1046306). - ib/core: Remove duplicate declaration of gid_cache_wq (bsc#1046306). - ib/hfi1: Add bypass register defines and replace blind constants (bsc#1060463). - ib/hfi1: Add bypass register defines and replace blind constants (bsc#1060463). - ib/hfi1: Fix fault injection init/exit issues (bsc#1060463). - ib/hfi1: Fix fault injection init/exit issues (bsc#1060463). - ib/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values (bsc#1060463). - ib/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values (bsc#1060463). - ib/hfi1: Fix user context tail allocation for DMA_RTAIL (bsc#1060463). - ib/hfi1: Fix user context tail allocation for DMA_RTAIL (bsc#1060463). - ib/hfi1: Return actual error value from program_rcvarray() (bsc#1060463). - ib/hfi1: Return actual error value from program_rcvarray() (bsc#1060463). - ib/iser: Do not reduce max_sectors (bsc#1046306). - ib/iser: Do not reduce max_sectors (bsc#1046306). - ib/isert: Fix for lib/dma_debug check_sync warning (bsc#1046306). - ib/isert: Fix for lib/dma_debug check_sync warning (bsc#1046306). - ib/isert: fix T10-pi check mask setting (bsc#1046306). - ib/isert: fix T10-pi check mask setting (bsc#1046306). - ib/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' (bsc#1046302). - ib/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' (bsc#1046302). - ib/mlx4: Mark user MR as writable if actual virtual memory is writable (bsc#1046302). - ib/mlx4: Mark user MR as writable if actual virtual memory is writable (bsc#1046302). - ib/mlx5: Fetch soft WQE's on fatal error state (bsc#1046305). - ib/mlx5: Fetch soft WQE's on fatal error state (bsc#1046305). - ib/mlx5: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046305). - ib/mlx5: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046305). - ib/qedr: Remove GID add/del dummy routines (bsc#1086314 bsc#1086313 bsc#1086301). - ib/qedr: Remove GID add/del dummy routines (bsc#1086314 bsc#1086313 bsc#1086301). - ib/rxe: Fix for oops in rxe_register_device on ppc64le arch (bsc#1046306). - ib/rxe: Fix for oops in rxe_register_device on ppc64le arch (bsc#1046306). - ib/rxe: add RXE_START_MASK for rxe_opcode ib_OPCODE_RC_SEND_ONLY_INV (bsc#1046306). - ib/rxe: add RXE_START_MASK for rxe_opcode ib_OPCODE_RC_SEND_ONLY_INV (bsc#1046306). - ib/rxe: avoid double kfree_skb (bsc#1046306). - ib/rxe: avoid double kfree_skb (bsc#1046306). - ib/umem: Use the correct mm during ib_umem_release (bsc#1046306). - ib/umem: Use the correct mm during ib_umem_release (bsc#1046306). - ib/uverbs: Fix possible oops with duplicate ioctl attributes (bsc#1046306). - ib/uverbs: Fix possible oops with duplicate ioctl attributes (bsc#1046306). - ibmvnic: Fix error recovery on login failure (bsc#1101789). - igb: Fix not adding filter elements to the list (bsc#1056651). - igb: Fix not adding filter elements to the list (bsc#1056651). - igb: Fix queue selection on MAC filters on i210 (bsc#1056651). - igb: Fix queue selection on MAC filters on i210 (bsc#1056651). - iio: BME280: Updates to Humidity readings need ctrl_reg write! (bsc#1051510). - iio: accel: st_accel: fix data-ready line configuration (bsc#1051510). - iio: accel: st_accel_i2c: fix i2c_device_id table (bsc#1051510). - iio: accel: st_accel_spi: fix spi_device_id table (bsc#1051510). - iio: adc: sun4i-gpadc-iio: fix unbalanced irq enable/disable (bsc#1051510). - iio: adc: twl4030: Return an error if we can not enable the vusb3v1 regulator in 'twl4030_madc_probe()' (bsc#1051510). - iio: gyro: st_gyro: fix L3GD20H support (bsc#1051510). - iio: humidity: hts221: remove warnings in hts221_parse_{temp,rh}_caldata() (bsc#1051510). - iio: imu: inv_mpu6050: test whoami first and against all known values (bsc#1051510). - iio: magnetometer: st_magn: fix drdy line configuration for LIS3MDL (bsc#1051510). - iio: magnetometer: st_magn_core: enable multiread by default for LIS3MDL (bsc#1051510). - iio: magnetometer: st_magn_spi: fix spi_device_id table (bsc#1051510). - iio: pressure: bmp280: fix relative humidity unit (bsc#1051510). - iio: pressure: st_pressure: fix drdy configuration for LPS22HB and LPS25H (bsc#1051510). - iio: pressure: zpa2326: Remove always-true check which confuses gcc (bsc#1051510). - iio: pressure: zpa2326: report interrupted case as failure (bsc#1051510). - iio: trigger: stm32-timer: fix quadrature mode get routine (bsc#1051510). - iio: trigger: stm32-timer: fix write_raw return value (bsc#1051510). - iio: tsl2583: correct values in integration_time_available (bsc#1051510). - infiniband: fix a possible use-after-free bug (bsc#1046306). - infiniband: fix a possible use-after-free bug (bsc#1046306). - iommu/vt-d: Clear Page Request Overflow fault bit (). - iommu/vt-d: Clear Page Request Overflow fault bit (). - ip6_tunnel: remove magic mtu value 0xFFF8 (networking-stable-18_06_08). - ipc/shm: fix use-after-free of shm file via remap_file_pages() (bnc#1102512). - ipmr: properly check rhltable_init() return value (networking-stable-18_06_08). - ipv4: remove warning in ip_recv_error (networking-stable-18_06_08). - ipv6: allow pmTU exceptions to local routes (networking-stable-18_06_20). - ipv6: sr: fix memory OOB access in seg6_do_srh_encap/inline (networking-stable-18_06_08). - iw_cxgb4: Add ib_device->get_netdev support (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - iw_cxgb4: correctly enforce the max reg_mr depth (bsc#1046543). - iw_cxgb4: correctly enforce the max reg_mr depth (bsc#1046543). - iw_cxgb4: initialize ib_mr fields for user mrs (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - ixgbe/fm10k: Record macvlan stats instead of Rx queue for macvlan offloaded rings (bsc#1101674). - ixgbe/fm10k: Record macvlan stats instead of Rx queue for macvlan offloaded rings (bsc#1101674). - ixgbe/ixgbevf: Free IRQ when pci error recovery removes the device (bsc#1101674). - ixgbe/ixgbevf: Free IRQ when pci error recovery removes the device (bsc#1101674). - ixgbe: Add receive length error counter (bsc#1101674). - ixgbe: Add receive length error counter (bsc#1101674). - ixgbe: Add support for macvlan offload RSS on X550 and clean-up pool handling (bsc#1101674). - ixgbe: Add support for macvlan offload RSS on X550 and clean-up pool handling (bsc#1101674). - ixgbe: Assume provided MAC filter has been verified by macvlan (bsc#1101674). - ixgbe: Assume provided MAC filter has been verified by macvlan (bsc#1101674). - ixgbe: Avoid to write the RETA table when unnecessary (bsc#1101674). - ixgbe: Avoid to write the RETA table when unnecessary (bsc#1101674). - ixgbe: Clear SWFW_SYNC register during init (bsc#1101674). - ixgbe: Clear SWFW_SYNC register during init (bsc#1101674). - ixgbe: Default to 1 pool always being allocated (bsc#1101674). - ixgbe: Default to 1 pool always being allocated (bsc#1101674). - ixgbe: Do not assume dev->num_tc is equal to hardware TC config (bsc#1101674). - ixgbe: Do not assume dev->num_tc is equal to hardware TC config (bsc#1101674). - ixgbe: Do not manipulate macvlan Tx queues when performing macvlan offload (bsc#1101674). - ixgbe: Do not manipulate macvlan Tx queues when performing macvlan offload (bsc#1101674). - ixgbe: Do not report unsupported timestamping filters for X550 (bsc#1101674). - ixgbe: Do not report unsupported timestamping filters for X550 (bsc#1101674). - ixgbe: Drop l2_accel_priv data pointer from ring struct (bsc#1101674). - ixgbe: Drop l2_accel_priv data pointer from ring struct (bsc#1101674). - ixgbe: Drop support for macvlan specific unicast lists (bsc#1101674). - ixgbe: Drop support for macvlan specific unicast lists (bsc#1101674). - ixgbe: Fix && vs || typo (bsc#1101674). - ixgbe: Fix handling of macvlan Tx offload (bsc#1101674). - ixgbe: Fix handling of macvlan Tx offload (bsc#1101674). - ixgbe: Fix interaction between SR-IOV and macvlan offload (bsc#1101674). - ixgbe: Fix interaction between SR-IOV and macvlan offload (bsc#1101674). - ixgbe: Fix kernel-doc format warnings (bsc#1101674). - ixgbe: Fix kernel-doc format warnings (bsc#1101674). - ixgbe: Fix limitations on macvlan so we can support up to 63 offloaded devices (bsc#1101674). - ixgbe: Fix limitations on macvlan so we can support up to 63 offloaded devices (bsc#1101674). - ixgbe: Fix logic operator typo (bsc#1101674). - ixgbe: Fix setting of TC configuration for macvlan case (bsc#1101674). - ixgbe: Fix setting of TC configuration for macvlan case (bsc#1101674). - ixgbe: Perform reinit any time number of VFs change (bsc#1101674). - ixgbe: Perform reinit any time number of VFs change (bsc#1101674). - ixgbe: Remove an obsolete comment about ITR (bsc#1101674). - ixgbe: Remove an obsolete comment about ITR (bsc#1101674). - ixgbe: There is no need to update num_rx_pools in L2 fwd offload (bsc#1101674). - ixgbe: There is no need to update num_rx_pools in L2 fwd offload (bsc#1101674). - ixgbe: Update adaptive ITR algorithm (bsc#1101674). - ixgbe: Update adaptive ITR algorithm (bsc#1101674). - ixgbe: Use ring values to test for Tx pending (bsc#1101674). - ixgbe: Use ring values to test for Tx pending (bsc#1101674). - ixgbe: add counter for times Rx pages gets allocated, not recycled (bsc#1101674). - ixgbe: add counter for times Rx pages gets allocated, not recycled (bsc#1101674). - ixgbe: add error checks when initializing the PHY (bsc#1101674). - ixgbe: add error checks when initializing the PHY (bsc#1101674). - ixgbe: add status reg reads to ixgbe_check_remove (bsc#1101674). - ixgbe: add status reg reads to ixgbe_check_remove (bsc#1101674). - ixgbe: add support for reporting 5G link speed (bsc#1101674). - ixgbe: add support for reporting 5G link speed (bsc#1101674). - ixgbe: advertise highest capable link speed (bsc#1101674). - ixgbe: advertise highest capable link speed (bsc#1101674). - ixgbe: avoid bringing rings up/down as macvlans are added/removed (bsc#1101674). - ixgbe: avoid bringing rings up/down as macvlans are added/removed (bsc#1101674). - ixgbe: declare ixgbe_mac_operations structures as const (bsc#1101674). - ixgbe: declare ixgbe_mac_operations structures as const (bsc#1101674). - ixgbe: enable multicast on shutdown for WOL (bsc#1101674). - ixgbe: enable multicast on shutdown for WOL (bsc#1101674). - ixgbe: extend firmware version support (bsc#1101674). - ixgbe: extend firmware version support (bsc#1101674). - ixgbe: fix crash when injecting AER after failed reset (bsc#1101674). - ixgbe: fix crash when injecting AER after failed reset (bsc#1101674). - ixgbe: fix disabling hide VLAN on VF reset (bsc#1101674). - ixgbe: fix disabling hide VLAN on VF reset (bsc#1101674). - ixgbe: fix possible race in reset subtask (bsc#1101674). - ixgbe: fix possible race in reset subtask (bsc#1101674). - ixgbe: fix read-modify-write in x550 phy setup (bsc#1101674). - ixgbe: fix read-modify-write in x550 phy setup (bsc#1101674). - ixgbe: fix the FWSM.PT check in ixgbe_mng_present() (bsc#1101674). - ixgbe: fix the FWSM.PT check in ixgbe_mng_present() (bsc#1101674). - ixgbe: force VF to grab new MAC on driver reload (bsc#1101674). - ixgbe: force VF to grab new MAC on driver reload (bsc#1101674). - ixgbe: introduce a helper to simplify code (bsc#1101674). - ixgbe: introduce a helper to simplify code (bsc#1101674). - ixgbe: remove redundant initialization of 'pool' (bsc#1101674). - ixgbe: remove redundant initialization of 'pool' (bsc#1101674). - ixgbe: remove unused enum latency_range (bsc#1101674). - ixgbe: remove unused enum latency_range (bsc#1101674). - ixgbe: restore normal RSS after last macvlan offload is removed (bsc#1101674). - ixgbe: restore normal RSS after last macvlan offload is removed (bsc#1101674). - ixgbe: return error on unsupported SFP module when resetting (bsc#1101674). - ixgbe: return error on unsupported SFP module when resetting (bsc#1101674). - ixgbe: split Tx/Rx ring clearing for ethtool loopback test (bsc#1101674). - ixgbe: split Tx/Rx ring clearing for ethtool loopback test (bsc#1101674). - ixgbe: use ARRAY_SIZE for array sizing calculation on array buf (bsc#1101674). - ixgbe: use ARRAY_SIZE for array sizing calculation on array buf (bsc#1101674). - ixgbevf: Fix kernel-doc format warnings (bsc#1101674). - ixgbevf: Fix kernel-doc format warnings (bsc#1101674). - ixgbevf: add build_skb support (bsc#1101674). - ixgbevf: add build_skb support (bsc#1101674). - ixgbevf: add counters for Rx page allocations (bsc#1101674). - ixgbevf: add counters for Rx page allocations (bsc#1101674). - ixgbevf: add ethtool private flag for legacy Rx (bsc#1101674). - ixgbevf: add ethtool private flag for legacy Rx (bsc#1101674). - ixgbevf: add function for checking if we can reuse page (bsc#1101674). - ixgbevf: add function for checking if we can reuse page (bsc#1101674). - ixgbevf: add support for DMA_ATTR_SKIP_CPU_SYNC/WEAK_ORDERING (bsc#1101674). - ixgbevf: add support for DMA_ATTR_SKIP_CPU_SYNC/WEAK_ORDERING (bsc#1101674). - ixgbevf: add support for padding packet (bsc#1101674). - ixgbevf: add support for padding packet (bsc#1101674). - ixgbevf: add support for using order 1 pages to receive large frames (bsc#1101674). - ixgbevf: add support for using order 1 pages to receive large frames (bsc#1101674). - ixgbevf: allocate the rings as part of q_vector (bsc#1101674). - ixgbevf: allocate the rings as part of q_vector (bsc#1101674). - ixgbevf: break out Rx buffer page management (bsc#1101674). - ixgbevf: break out Rx buffer page management (bsc#1101674). - ixgbevf: clear rx_buffer_info in configure instead of clean (bsc#1101674). - ixgbevf: clear rx_buffer_info in configure instead of clean (bsc#1101674). - ixgbevf: do not bother clearing tx_buffer_info in ixgbevf_clean_tx_ring() (bsc#1101674). - ixgbevf: do not bother clearing tx_buffer_info in ixgbevf_clean_tx_ring() (bsc#1101674). - ixgbevf: fix MAC address changes through ixgbevf_set_mac() (bsc#1101674). - ixgbevf: fix MAC address changes through ixgbevf_set_mac() (bsc#1101674). - ixgbevf: fix ixgbevf_xmit_frame()'s return type (bsc#1101674). - ixgbevf: fix ixgbevf_xmit_frame()'s return type (bsc#1101674). - ixgbevf: fix possible race in the reset subtask (bsc#1101674). - ixgbevf: fix possible race in the reset subtask (bsc#1101674). - ixgbevf: fix unused variable warning (bsc#1101674). - ixgbevf: fix unused variable warning (bsc#1101674). - ixgbevf: improve performance and reduce size of ixgbevf_tx_map() (bsc#1101674). - ixgbevf: improve performance and reduce size of ixgbevf_tx_map() (bsc#1101674). - ixgbevf: make sure all frames fit minimum size requirements (bsc#1101674). - ixgbevf: make sure all frames fit minimum size requirements (bsc#1101674). - ixgbevf: only DMA sync frame length (bsc#1101674). - ixgbevf: only DMA sync frame length (bsc#1101674). - ixgbevf: remove redundant initialization of variable 'dma' (bsc#1101674). - ixgbevf: remove redundant initialization of variable 'dma' (bsc#1101674). - ixgbevf: remove redundant setting of xcast_mode (bsc#1101674). - ixgbevf: remove redundant setting of xcast_mode (bsc#1101674). - ixgbevf: setup queue counts (bsc#1101674). - ixgbevf: setup queue counts (bsc#1101674). - ixgbevf: update code to better handle incrementing page count (bsc#1101674). - ixgbevf: update code to better handle incrementing page count (bsc#1101674). - ixgbevf: use ARRAY_SIZE for various array sizing calculations (bsc#1101674). - ixgbevf: use ARRAY_SIZE for various array sizing calculations (bsc#1101674). - ixgbevf: use length to determine if descriptor is done (bsc#1101674). - ixgbevf: use length to determine if descriptor is done (bsc#1101674). - ixgbevf: use page_address offset from page (bsc#1101674). - ixgbevf: use page_address offset from page (bsc#1101674). - jump_label: Add branch hints to static_branch_{un,}likely() (bnc#1101669 optimise numa balancing for fast migrate). - kABI: fixes for nvme (bsc#1077989). - kABI: fixes for qla2xxx (bsc#1077989). - kabi mlx5 hide cpu_rmap (bsc#1046303). - kabi/severities: add qed inter module symbols to kabi ignore list - kabi: breakage for of/device change (bsc#1051510). - kabi: cxgb4 MU (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - kabi: due to perf_event.h uapi field change (). - kabi: for rtl_deinit_deferred_work() rewrite (bsc#1051510). - kabi: mlx5 hide cpu_rmap (bsc#1046303). - kabi: mvpp2 10gkr support (bsc#1098633). - kabi: powerpc: mmu_context: provide old version of mm_iommu_ua_to_hpa (bsc#1077761, git-fixes). - kabi: protect fwnode_handle (bsc#1098633). - kcm: Fix use-after-free caused by clonned sockets (networking-stable-18_06_08). - kernel/params.c: downgrade warning for unsafe parameters (bsc#1051510). - keys: DNS: fix parsing multiple options (bsc#1051510). - kvm: PPC: Check if IOMMU page is contained in the pinned physical page (bsc#1077761, git-fixes). - kvm: x86: fix vcpu initialization with userspace lapic (bsc#1101564). - kvm: x86: move LAPIC initialization after VMCS creation (bsc#1101564). - libnvdimm, label: fix index block size calculation (bsc#1102147). - libnvdimm: add an api to cast a 'struct nd_region' to its 'struct device' (bsc#1094119). - mailbox: PCC: erroneous error message when parsing ACPI PCCT (bsc#1096330). - mailbox: bcm2835: Fix of_xlate return value (bsc#1051510). - mdio-sun4i: Fix a memory leak (bsc#1051510). - media: coda/imx-vdoa: Check for platform_get_resource() error (bsc#1051510). - media: cx25840: Use subdev host data for PLL override (bsc#1051510). - media: cx88: Get rid of spurious call to cx8800_start_vbi_dma() (bsc#1051510). - media: cxusb: restore RC_MAP for MyGica T230 (bsc#1051510). - media: dt-bindings: media: rcar_vin: Use status 'okay' (bsc#1051510). - media: dvb-core: always call invoke_release() in fe_free() (bsc#1051510). - media: dvb_frontend: fix ifnullfree.cocci warnings (bsc#1051510). - media: dvb_frontend: only use kref after initialized (bsc#1051510). - media: dvb_net: ensure that dvb_net_ule_handle is fully initialized (bsc#1051510). - media: mxl111sf: Fix potential null pointer dereference (bsc#1051510). - media: omap3isp/isp: remove an unused static var (bsc#1051510). - media: s5p-jpeg: fix number of components macro (bsc#1051510). - media: s5p-mfc: Fix lock contention - request_firmware() once (bsc#1051510). - media: staging: omap4iss: Include asm/cacheflush.h after generic includes (bsc#1051510). - media: vivid: potential integer overflow in vidioc_g_edid() (bsc#1051510). - mfd: tps65218: Reorder tps65218_regulator_id enum (bsc#1051510). - mfd: tps65911-comparator: Fix a build error (bsc#1051510). - mfd: tps65911-comparator: Fix an off by one bug (bsc#1051510). - mlxsw: spectrum: Forbid creation of VLAN 1 over port/LAG (networking-stable-18_06_08). - mmc: cavium: Fix use-after-free in of_platform_device_destroy (bsc#1051510). - mmc: dw_mmc: fix card threshold control configuration (bsc#1051510). - mmc: meson-gx: remove CLK_DIVIDER_ALLOW_ZERO clock flag (bsc#1051510). - mmc: sdhci-msm: fix issue with power irq (bsc#1051510). - mmc: sdhci-of-esdhc: disable SD clock for clock value 0 (bsc#1051510). - mmc: sdhci-of-esdhc: fix eMMC couldn't work after kexec (bsc#1051510). - mmc: sdhci-of-esdhc: fix the mmc error after sleep on ls1046ardb (bsc#1051510). - mmc: sdhci-xenon: Fix clock resource by adding an optional bus clock (bsc#1051510). - mmc: sdhci-xenon: wait 5ms after set 1.8V signal enable (bsc#1051510). - mmc: tmio: remove outdated comment (bsc#1051510). - modsign: log module name in the event of an error (bsc#1093666). - modsign: print module name along with error message (bsc#1093666). - module: make it clear when we're handling the module copy in info->hdr (bsc#1093666). - module: setup load info before module_sig_check() (bsc#1093666). - mvpp2: fix multicast address filter (bsc#1098633). - net-sysfs: Fix memory leak in XPS configuration (networking-stable-18_06_08). - net/mlx4: Fix irq-unsafe spinlock usage (networking-stable-18_06_08). - net/mlx4_core: Fix error handling in mlx4_init_port_info (bsc#1046300). - net/mlx4_core: Fix error handling in mlx4_init_port_info (bsc#1046300). - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper (bsc#1046300). - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper (bsc#1046300). - net/mlx4_en: Do not reuse RX page when XDP is set (bsc#1046299). - net/mlx4_en: Do not reuse RX page when XDP is set (bsc#1046299). - net/mlx5: Adjust clock overflow work period (bsc#1046303). - net/mlx5: Adjust clock overflow work period (bsc#1046303). - net/mlx5: Eswitch, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046303). - net/mlx5: Eswitch, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046303). - net/mlx5: FPGA, Call DMA unmap with the right size (bsc#1046303). - net/mlx5: FPGA, Call DMA unmap with the right size (bsc#1046303). - net/mlx5: Fix command interface race in polling mode (bsc#1046300). - net/mlx5: Fix command interface race in polling mode (bsc#1046300). - net/mlx5: Fix dump_command mailbox length printed (bsc#1046303). - net/mlx5: Fix dump_command mailbox length printed (bsc#1046303). - net/mlx5: Fix incorrect raw command length parsing (bsc#1046300). - net/mlx5: Fix incorrect raw command length parsing (bsc#1046300). - net/mlx5: Fix wrong size allocation for QoS ETC TC regitster (bsc#1046300). - net/mlx5: Fix wrong size allocation for QoS ETC TC regitster (bsc#1046300). - net/mlx5: Free IRQs in shutdown path (bsc#1046303). - net/mlx5: Free IRQs in shutdown path (bsc#1046303). - net/mlx5: IPSec, Fix a race between concurrent sandbox QP commands (bsc#1046303). - net/mlx5: IPSec, Fix a race between concurrent sandbox QP commands (bsc#1046303). - net/mlx5: Properly deal with flow counters when deleting rules (bsc#1046303). - net/mlx5: Properly deal with flow counters when deleting rules (bsc#1046303). - net/mlx5: Protect from command bit overflow (bsc#1046303). - net/mlx5: Protect from command bit overflow (bsc#1046303). - net/mlx5: Refactor num of blocks in mailbox calculation (bsc#1046303). - net/mlx5: Refactor num of blocks in mailbox calculation (bsc#1046303). - net/mlx5: Vport, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046303). - net/mlx5: Vport, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046303). - net/mlx5e: Do not allow aRFS for encapsulated packets (bsc#1046303). - net/mlx5e: Do not allow aRFS for encapsulated packets (bsc#1046303). - net/mlx5e: Do not attempt to dereference the ppriv struct if not being eswitch manager (bsc#1046300). - net/mlx5e: Do not attempt to dereference the ppriv struct if not being eswitch manager (bsc#1046300). - net/mlx5e: Fix quota counting in aRFS expire flow (bsc#1046303). - net/mlx5e: Fix quota counting in aRFS expire flow (bsc#1046303). - net/mlx5e: Refine ets validation function (bsc#1075360). - net/mlx5e: Remove redundant vport context vlan update (bsc#1046303). - net/mlx5e: Remove redundant vport context vlan update (bsc#1046303). - net/mlx5e: When RXFCS is set, add FCS data into checksum calculation (networking-stable-18_06_08). - net/packet: refine check for priv area size (networking-stable-18_06_08). - net/sched: act_simple: fix parsing of TCA_DEF_DATA (networking-stable-18_06_20). - net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used (bsc#1056787). - net/sched: fix NULL dereference in the error path of tcf_sample_init() (bsc#1056787). - net: add rb_to_skb() and other rb tree helpers (bsc#1102340). - net: cxgb3_main: fix potential Spectre v1 (bsc#1046533). - net: cxgb3_main: fix potential Spectre v1 (bsc#1046533). - net: define the TSO header size in net/tso.h (bsc#1098633). - net: dsa: add error handling for pskb_trim_rcsum (networking-stable-18_06_20). - net: ethernet: davinci_emac: fix error handling in probe() (networking-stable-18_06_08). - net: ethernet: ti: cpdma: correct error handling for chan create (networking-stable-18_06_08). - net: ethtool: Add macro to clear a link mode setting (bsc#1101816). - net: ethtool: Add macro to clear a link mode setting (bsc#1101816). - net: in virtio_net_hdr only add VLAN_HLEN to csum_start if payload holds vlan (networking-stable-18_06_20). - net: ipv4: add missing RTA_TABLE to rtm_ipv4_policy (networking-stable-18_06_08). - net: metrics: add proper netlink validation (networking-stable-18_06_08). - net: mvmdio: add xmdio xsmi support (bsc#1098633). - net: mvmdio: check the MII_ADDR_C45 bit is not set for smi operations (bsc#1098633). - net: mvmdio: introduce an ops structure (bsc#1098633). - net: mvmdio: put the poll intervals in the ops structure (bsc#1098633). - net: mvmdio: remove duplicate locking (bsc#1098633). - net: mvmdio: reorder headers alphabetically (bsc#1098633). - net: mvmdio: simplify the smi read and write error paths (bsc#1098633). - net: mvmdio: use GENMASK for masks (bsc#1098633). - net: mvmdio: use tabs for defines (bsc#1098633). - net: mvpp2: Add hardware offloading for VLAN filtering (bsc#1098633). - net: mvpp2: Add support for unicast filtering (bsc#1098633). - net: mvpp2: Do not use dynamic allocs for local variables (bsc#1098633). - net: mvpp2: Fix DMA address mask size (bsc#1098633). - net: mvpp2: Fix TCAM filter reserved range (bsc#1098633). - net: mvpp2: Fix clk error path in mvpp2_probe (bsc#1098633). - net: mvpp2: Fix clock resource by adding an optional bus clock (bsc#1098633). - net: mvpp2: Fix clock resource by adding missing mg_core_clk (bsc#1098633). - net: mvpp2: Fix parser entry init boundary check (bsc#1098633). - net: mvpp2: Make mvpp2_prs_hw_read a parser entry init function (bsc#1098633). - net: mvpp2: Prevent userspace from changing TX affinities (bsc#1098633). - net: mvpp2: Simplify MAC filtering function parameters (bsc#1098633). - net: mvpp2: Use relaxed I/O in data path (bsc#1098633). - net: mvpp2: add comments about smp_processor_id() usage (bsc#1098633). - net: mvpp2: add ethtool GOP statistics (bsc#1098633). - net: mvpp2: add support for TX interrupts and RX queue distribution modes (bsc#1098633). - net: mvpp2: adjust the coalescing parameters (bsc#1098633). - net: mvpp2: align values in ethtool get_coalesce (bsc#1098633). - net: mvpp2: allocate zeroed tx descriptors (bsc#1098633). - net: mvpp2: check ethtool sets the Tx ring size is to a valid min value (bsc#1098633). - net: mvpp2: cleanup probed ports in the probe error path (bsc#1098633). - net: mvpp2: do not call txq_done from the Tx path when Tx irqs are used (bsc#1098633). - net: mvpp2: do not disable GMAC padding (bsc#1098633). - net: mvpp2: do not select the internal source clock (bsc#1098633). - net: mvpp2: do not set GMAC autoneg when using XLG MAC (bsc#1098633). - net: mvpp2: do not sleep in set_rx_mode (bsc#1098633). - net: mvpp2: do not unmap TSO headers buffers (bsc#1098633). - net: mvpp2: dynamic reconfiguration of the comphy/GoP/MAC (bsc#1098633). - net: mvpp2: enable ACPI support in the driver (bsc#1098633). - net: mvpp2: enable UDP/TCP checksum over IPv6 (bsc#1098633). - net: mvpp2: enable basic 10G support (bsc#1098633). - net: mvpp2: fallback using h/w and random mac if the dt one isn't valid (bsc#1098633). - net: mvpp2: fix GOP statistics loop start and stop conditions (bsc#1098633). - net: mvpp2: fix MVPP21_ISR_RXQ_GROUP_REG definition (bsc#1098633). - net: mvpp2: fix TSO headers allocation and management (bsc#1098633). - net: mvpp2: fix invalid parameters order when calling the tcam init (bsc#1098633). - net: mvpp2: fix parsing fragmentation detection (bsc#1098633). - net: mvpp2: fix port list indexing (bsc#1098633). - net: mvpp2: fix the RSS table entry offset (bsc#1098633). - net: mvpp2: fix the packet size configuration for 10G (bsc#1098633). - net: mvpp2: fix the synchronization module bypass macro name (bsc#1098633). - net: mvpp2: fix the txq_init error path (bsc#1098633). - net: mvpp2: fix typo in the tcam setup (bsc#1098633). - net: mvpp2: fix use of the random mac address for PPv2.2 (bsc#1098633). - net: mvpp2: improve the link management function (bsc#1098633). - net: mvpp2: initialize the GMAC when using a port (bsc#1098633). - net: mvpp2: initialize the GoP (bsc#1098633). - net: mvpp2: initialize the RSS tables (bsc#1098633). - net: mvpp2: initialize the Tx FIFO size (bsc#1098633). - net: mvpp2: initialize the XLG MAC when using a port (bsc#1098633). - net: mvpp2: initialize the comphy (bsc#1098633). - net: mvpp2: introduce per-port nrxqs/ntxqs variables (bsc#1098633). - net: mvpp2: introduce queue_vector concept (bsc#1098633). - net: mvpp2: jumbo frames support (bsc#1098633). - net: mvpp2: limit TSO segments and use stop/wake thresholds (bsc#1098633). - net: mvpp2: make the phy optional (bsc#1098633). - net: mvpp2: move from cpu-centric naming to 'software thread' naming (bsc#1098633). - net: mvpp2: move the mac retrieval/copy logic into its own function (bsc#1098633). - net: mvpp2: move the mii configuration in the ndo_open path (bsc#1098633). - net: mvpp2: mvpp2_check_hw_buf_num() can be static (bsc#1098633). - net: mvpp2: only free the TSO header buffers when it was allocated (bsc#1098633). - net: mvpp2: remove RX queue group reset code (bsc#1098633). - net: mvpp2: remove mvpp2_pool_refill() (bsc#1098633). - net: mvpp2: remove unused mvpp2_bm_cookie_pool_set() function (bsc#1098633). - net: mvpp2: remove useless goto (bsc#1098633). - net: mvpp2: report the tx-usec coalescing information to ethtool (bsc#1098633). - net: mvpp2: set maximum packet size for 10G ports (bsc#1098633). - net: mvpp2: set the Rx FIFO size depending on the port speeds for PPv2.2 (bsc#1098633). - net: mvpp2: simplify maintaining enabled ports' list (bsc#1098633). - net: mvpp2: simplify the Tx desc set DMA logic (bsc#1098633). - net: mvpp2: simplify the link_event function (bsc#1098633). - net: mvpp2: software tso support (bsc#1098633). - net: mvpp2: split the max ring size from the default one (bsc#1098633). - net: mvpp2: take advantage of the is_rgmii helper (bsc#1098633). - net: mvpp2: unify register definitions coding style (bsc#1098633). - net: mvpp2: unify the txq size define use (bsc#1098633). - net: mvpp2: update the BM buffer free/destroy logic (bsc#1098633). - net: mvpp2: use a data size of 10kB for Tx FIFO on port 0 (bsc#1098633). - net: mvpp2: use correct index on array mvpp2_pools (bsc#1098633). - net: mvpp2: use device_*/fwnode_* APIs instead of of_* (bsc#1098633). - net: mvpp2: use the GoP interrupt for link status changes (bsc#1098633). - net: mvpp2: use the aggr txq size define everywhere (bsc#1098633). - net: mvpp2: use the same buffer pool for all ports (bsc#1098633). - net: phy: add XAUI and 10GBASE-KR PHY connection types (bsc#1098633). - net: phy: broadcom: Fix auxiliary control register reads (networking-stable-18_06_08). - net: phy: broadcom: Fix bcm_write_exp() (networking-stable-18_06_08). - net: phy: dp83822: use BMCR_ANENABLE instead of BMSR_ANEGCAPABLE for DP83620 (networking-stable-18_06_20). - net: qed: use correct strncpy() size (bsc#1086314 bsc#1086313 bsc#1086301). - net: qed: use correct strncpy() size (bsc#1086314 bsc#1086313 bsc#1086301). - net: sched: red: avoid hashing NULL child (bsc#1056787). - net: usb: cdc_mbim: add flag FLAG_SEND_ZLP (networking-stable-18_06_08). - netdev-FAQ: clarify DaveM's position for stable backports (networking-stable-18_06_08). - nfc: nfcmrvl_uart: fix device-node leak during probe (bsc#1051510). - nfc: pn533: Fix wrong GFP flag usage (bsc#1051510). - nfit, address-range-scrub: add module option to skip initial ars (bsc#1094119). - nfit, address-range-scrub: determine one platform max_ars value (bsc#1094119). - nfit, address-range-scrub: fix scrub in-progress reporting (bsc#1051510). - nfit, address-range-scrub: introduce nfit_spa->ars_state (bsc#1094119). - nfit, address-range-scrub: rework and simplify ARS state machine (bsc#1094119). - nfit: fix region registration vs block-data-window ranges (bsc#1051510). - nfit: fix unchecked dereference in acpi_nfit_ctl (bsc#1051510). - nvme-loop: add support for multiple ports (bsc#1054245). - nvme.h: add AEN configuration symbols (bsc#1054245). - nvme.h: add ANA definitions (bsc#1054245). - nvme.h: add support for the log specific field (bsc#1054245). - nvme.h: add the changed namespace list log (bsc#1054245). - nvme.h: untangle AEN notice definitions (bsc#1054245). - nvme/multipath: Disable runtime writable enabling parameter (bsc#1054245). - nvme: Fix sync controller reset return (bsc#1077989). - nvme: add ANA support (bsc#1054245). - nvme: add bio remapping tracepoint (bsc#1054245). - nvme: centralize ctrl removal prints (bsc#1054245). - nvme: cleanup double shift issue (bsc#1054245). - nvme: do not enable AEN if not supported (bsc#1077989). - nvme: do not hold nvmf_transports_rwsem for more than transport lookups (bsc#1054245). - nvme: do not rely on the changed namespace list log (bsc#1054245). - nvme: enforce 64bit offset for nvme_get_log_ext fn (bsc#1054245). - nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD (,). - nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD (). - nvme: fix use-after-free in nvme_free_ns_head (bsc#1054245). - nvme: guard additional fields in nvme command structures (bsc#1054245). - nvme: host: core: fix precedence of ternary operator (bsc#1054245). - nvme: if_ready checks to fail io to deleting controller (bsc#1077989). - nvme: implement log page low/high offset and dwords (bsc#1054245). - nvme: kABI fix for ANA support in nvme_ctrl (bsc#1054245). - nvme: kABI fixes for nvmet_ctrl (bsc#1054245). - nvme: kabi fixes for nvme_ctrl (bsc#1054245). - nvme: make nvme_get_log_ext non-static (bsc#1054245). - nvme: mark nvme_queue_scan static (bsc#1054245). - nvme: partially revert 'nvme: remove nvme_req_needs_failover' (bsc#1054245). - nvme: reintruduce nvme_get_log_ext() (bsc#1054245). - nvme: remove nvme_req_needs_failover (bsc#1054245). - nvme: revert 'nvme: mark nvme_queue_scan static' (bsc#1054245). - nvme: simplify the API for getting log pages (bsc#1054245). - nvme: submit AEN event configuration on startup (bsc#1054245). - nvme: use the changed namespaces list log to clear ns data changed AENs (bsc#1054245). - nvmet-fc: fix target sgl list on large transfers (). - nvmet-fc: fix target sgl list on large transfers (,). - nvmet: add AEN configuration support (bsc#1054245). - nvmet: add a new nvmet_zero_sgl helper (bsc#1054245). - nvmet: add minimal ANA support (bsc#1054245). - nvmet: constify struct nvmet_fabrics_ops (bsc#1054245). - nvmet: filter newlines from user input (bsc#1054245). - nvmet: fixup crash on NULL device path (bsc#1054245). - nvmet: implement the changed namespaces log (bsc#1054245). - nvmet: kABI fixes for ANA support (bsc#1054245). - nvmet: keep a port pointer in nvmet_ctrl (bsc#1054245). - nvmet: mask pending AENs (bsc#1054245). - nvmet: reset keep alive timer in controller enable (bsc#1054245). - nvmet: return all zeroed buffer when we can't find an active namespace (bsc#1054245). - nvmet: revert 'nvmet: constify struct nvmet_fabrics_ops' (bsc#1054245). - nvmet: split log page implementation (bsc#1054245). - nvmet: support configuring ANA groups (bsc#1054245). - nvmet: track and limit the number of namespaces per subsystem (1054245). - nvmet: use Retain Async Event bit to clear AEN (bsc#1054245). - of/pci: Fix theoretical NULL dereference (bsc#1051510). - of: Make of_fwnode_handle() safer (bsc#1098633). - of: fix DMA mask generation (bsc#1051510). - of: restrict DMA configuration (bsc#1051510). - pci: Account for all bridges on bus when distributing bus numbers (bsc#1100132). - pci: altera: Fix bool initialization in tlp_read_packet() (bsc#1051510). - pci: dwc: Fix enumeration end when reaching root subordinate (bsc#1100132). - pci: endpoint: Fix kernel panic after put_device() (bsc#1051510). - pci: endpoint: Populate func_no before calling pci_epc_add_epf() (bsc#1051510). - pci: exynos: Fix a potential init_clk_resources NULL pointer dereference (bsc#1051510). - pci: faraday: Fix of_irq_get() error check (bsc#1051510). - pci: ibmphp: Fix use-before-set in get_max_bus_speed() (bsc#1051510). - pci: shpchp: Fix AMD POGO identification (bsc#1051510). - perf intel-pt: Always set no branch for dummy event (bsc#1087217). - perf intel-pt: Set no_aux_samples for the tracking event (bsc#1087217). - perf/x86/intel/uncore: Add event constraint for BDX PCU (bsc#1087202). - perf/x86/intel/uncore: Fix SKX CHA event extra regs (bsc#1087233). - perf/x86/intel/uncore: Fix Skylake UPI pmU event masks (bsc#1087233). - perf/x86/intel/uncore: Fix Skylake server CHA LLC_LOOKUP event umask (bsc#1087233). - perf/x86/intel/uncore: Fix Skylake server PCU pmU event format (bsc#1087233). - perf/x86/intel/uncore: Fix missing marker for skx_uncore_cha_extra_regs (bsc#1087233). - perf/x86/intel/uncore: Remove invalid Skylake server CHA filter field (bsc#1087233). - perf/x86: Fix data source decoding for Skylake (). - perf/x86: Fix data source decoding for Skylake (). - phy: add sgmii and 10gkr modes to the phy_mode enum (bsc#1098633). - pinctrl: bcm2835: Avoid warning from __irq_do_set_handler (bsc#1051510). - pinctrl: imx: fix debug message for SHARE_MUX_CONF_REG case (bsc#1051510). - pinctrl: intel: Initialize GPIO properly when used through irqchip (bsc#1087092). - pinctrl: intel: Read back TX buffer state (bsc#1051510). - pinctrl: meson-gxbb: remove non-existing pin GPIOX_22 (bsc#1051510). - pinctrl: meson-gxl: Fix typo in AO I2S pins (bsc#1051510). - pinctrl: meson-gxl: Fix typo in AO SPDIF pins (bsc#1051510). - pinctrl: mvebu: use correct MPP sel value for dev pins (bsc#1051510). - pinctrl: nand: meson-gxbb: fix missing data pins (bsc#1051510). - pinctrl: nsp: Fix potential NULL dereference (bsc#1051510). - pinctrl: nsp: off by ones in nsp_pinmux_enable() (bsc#1100132). - pinctrl: pinctrl-single: Fix pcs_request_gpio() when bits_per_mux != 0 (bsc#1051510). - pinctrl: sh-pfc: r8a7790: Add missing TX_ER pin to avb_mii group (bsc#1051510). - pinctrl: sh-pfc: r8a7795: Fix MOD_SEL register pin assignment for SSI pins group (bsc#1051510). - pinctrl: sh-pfc: r8a7795: Fix to delete A20..A25 pins function definitions (bsc#1051510). - pinctrl: sh-pfc: r8a7796: Fix IPSR and MOD_SEL register pin assignment for NDFC pins group (bsc#1051510). - pinctrl: sh-pfc: r8a7796: Fix to delete A20..A25 pins function definitions (bsc#1051510). - pinctrl: sh-pfc: r8a7796: Fix to delete FSCLKST pin and IPSR7 bit[15:12] register definitions (bsc#1051510). - pinctrl: sunxi: fix V3s pinctrl driver IRQ bank base (bsc#1051510). - pinctrl: sunxi: fix wrong irq_banks number for H5 pinctrl (bsc#1051510). - pinctrl: uniphier: fix members of rmii group for Pro4 (bsc#1051510). - pinctrl: uniphier: fix pin_config_get() for input-enable (bsc#1051510). - pm/core: Fix supplier device runtime pm usage counter imbalance (bsc#1051510). - pm/hibernate: Fix oops at snapshot_write() (bsc#1051510). - pm/hibernate: Use CONFIG_HAVE_SET_MEMORY for include condition (bsc#1051510). - pm/wakeup: Only update last time for active wakeup sources (bsc#1051510). - power: gemini-poweroff: Avoid spurious poweroff (bsc#1051510). - power: supply: act8945a_charger: fix of_irq_get() error check (bsc#1051510). - power: supply: cpcap-charger: add OMAP_usb2 dependency (bsc#1051510). - powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently (bnc#1012382). - powerpc/64s: Clear PCR on boot (bnc#1012382). - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/eeh: Fix enabling bridge MMIO windows (bnc#1012382). - powerpc/fadump: Unregister fadump on kexec down path (bnc#1012382). - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch (bnc#1012382). - powerpc/mpic: Check if cpu_possible() in mpic_physmask() (bnc#1012382). - powerpc/powernv: Fix NVRAM sleep in invalid context when crashing (bnc#1012382). - powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops (bnc#1012382). - powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() (bnc#1012382). - powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops (bnc#1012382). - powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG (bnc#1012382). - powerpc: Add missing prototype for arch_irq_work_raise() (bnc#1012382). - pwm: meson: Fix allocation of PWM channel array (bsc#1051510). - pwm: meson: Improve PWM calculation precision (bsc#1051510). - pwm: stm32: Enforce dependency on CONFIG_MFD_STM32_TIMERS (bsc#1051510). - pwm: stm32: Remove unused struct device (bsc#1051510). - pwm: tiehrpwm: Fix runtime pm imbalance at unbind (bsc#1051510). - pwm: tiehrpwm: fix clock imbalance in probe error path (bsc#1051510). - qed* : Add new TLV to request PF to update MAC in bulletin board (bsc#1086314 bsc#1086313 bsc#1086301). - qed* : use trust mode to allow VF to override forced MAC (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Add new TLV to request PF to update MAC in bulletin board (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Advance drivers' version to 8.33.0.20 (bsc#1086314). - qed*: Advance drivers' version to 8.33.0.20 (bsc#1086314). - qed*: HSI renaming for different types of HW (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: HSI renaming for different types of HW (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Refactor mf_mode to consist of bits (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Refactor mf_mode to consist of bits (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Refactoring and rearranging FW API with no functional impact (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Refactoring and rearranging FW API with no functional impact (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Support drop action classification (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Support drop action classification (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Support other classification modes (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Support other classification modes (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Utilize FW 8.33.1.0 (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Utilize FW 8.33.1.0 (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Utilize FW 8.33.11.0 (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Utilize FW 8.33.11.0 (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: use trust mode to allow VF to override forced MAC (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Adapter flash update support (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Adapter flash update support (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add APIs for flash access (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add APIs for flash access (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add MFW interfaces for TLV request support (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add MFW interfaces for TLV request support (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add configuration information to register dump and debug data (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add configuration information to register dump and debug data (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add driver infrastucture for handling mfw requests (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add driver infrastucture for handling mfw requests (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add sanity check for SIMD fastpath handler (bsc#1050536). - qed: Add sanity check for SIMD fastpath handler (bsc#1050536). - qed: Add support for Unified Fabric Port (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add support for Unified Fabric Port (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add support for multi function mode with 802.1ad tagging (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add support for multi function mode with 802.1ad tagging (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add support for processing fcoe tlv request (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add support for processing fcoe tlv request (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add support for processing iscsi tlv request (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add support for processing iscsi tlv request (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add support for tlv request processing (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add support for tlv request processing (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Correct Multicast API to reflect existence of 256 approximate buckets (bsc#1050536). - qed: Correct Multicast API to reflect existence of 256 approximate buckets (bsc#1050536). - qed: Delete unused parameter p_ptt from mcp APIs (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Delete unused parameter p_ptt from mcp APIs (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Do not advertise DCBX_LLD_MANAGED capability (bsc#1050536). - qed: Do not advertise DCBX_LLD_MANAGED capability (bsc#1050536). - qed: Fix LL2 race during connection terminate (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix LL2 race during connection terminate (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix PTT entry leak in the selftest error flow (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix PTT entry leak in the selftest error flow (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix copying 2 strings (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix copying 2 strings (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix link flap issue due to mismatching EEE capabilities (bsc#1050536). - qed: Fix link flap issue due to mismatching EEE capabilities (bsc#1050536). - qed: Fix mask for physical address in ILT entry (networking-stable-18_06_08). - qed: Fix possibility of list corruption during rmmod flows (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix possibility of list corruption during rmmod flows (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix possible memory leak in Rx error path handling (bsc#1050536). - qed: Fix possible memory leak in Rx error path handling (bsc#1050536). - qed: Fix possible race for the link state value (bsc#1050536). - qed: Fix possible race for the link state value (bsc#1050536). - qed: Fix potential use-after-free in qed_spq_post() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix potential use-after-free in qed_spq_post() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix reading stale configuration information (bsc#1086314). - qed: Fix reading stale configuration information (bsc#1086314). - qed: Fix setting of incorrect eswitch mode (bsc#1050536). - qed: Fix setting of incorrect eswitch mode (bsc#1050536). - qed: Fix shared memory inconsistency between driver and the MFW (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix shared memory inconsistency between driver and the MFW (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix use of incorrect shmem address (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix use of incorrect shmem address (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix use of incorrect size in memcpy call (bsc#1050536). - qed: Fix use of incorrect size in memcpy call (bsc#1050536). - qed: Free reserved MR tid (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Free reserved MR tid (bsc#1086314 bsc#1086313 bsc#1086301). - qed: LL2 flush isles when connection is closed (bsc#1086314 bsc#1086313 bsc#1086301). - qed: LL2 flush isles when connection is closed (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Limit msix vectors in kdump kernel to the minimum required count (bsc#1050536). - qed: Limit msix vectors in kdump kernel to the minimum required count (bsc#1050536). - qed: Populate nvm image attribute shadow (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Populate nvm image attribute shadow (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Remove reserveration of dpi for kernel (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Remove reserveration of dpi for kernel (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Remove unused data member 'is_mf_default' (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Remove unused data member 'is_mf_default' (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Use true and false for boolean values (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Use true and false for boolean values (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Use zeroing memory allocator than allocator/memset (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Use zeroing memory allocator than allocator/memset (bsc#1086314 bsc#1086313 bsc#1086301). - qed: code indent should use tabs where possible (bsc#1086314 bsc#1086313 bsc#1086301). - qed: code indent should use tabs where possible (bsc#1086314 bsc#1086313 bsc#1086301). - qed: fix spelling mistake: 'checksumed' -> 'checksummed' (bsc#1086314 bsc#1086313 bsc#1086301). - qed: fix spelling mistake: 'checksumed' -> 'checksummed' (bsc#1086314 bsc#1086313 bsc#1086301). - qed: fix spelling mistake: 'offloded' -> 'offloaded' (bsc#1086314 bsc#1086313 bsc#1086301). - qed: fix spelling mistake: 'offloded' -> 'offloaded' (bsc#1086314 bsc#1086313 bsc#1086301). - qed: fix spelling mistake: 'taskelt' -> 'tasklet' (bsc#1086314 bsc#1086313 bsc#1086301). - qed: fix spelling mistake: 'taskelt' -> 'tasklet' (bsc#1086314 bsc#1086313 bsc#1086301). - qed: off by one in qed_parse_mcp_trace_buf() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: off by one in qed_parse_mcp_trace_buf() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: use kzalloc instead of kmalloc and memset (bsc#1086314 bsc#1086313 bsc#1086301). - qed: use kzalloc instead of kmalloc and memset (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Add build_skb() support (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Add build_skb() support (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Add support for populating ethernet TLVs (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Add support for populating ethernet TLVs (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Adverstise software timestamp caps when PHC is not available (bsc#1050538). - qede: Adverstise software timestamp caps when PHC is not available (bsc#1050538). - qede: Do not drop rx-checksum invalidated packets (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Do not drop rx-checksum invalidated packets (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Ethtool flash update support (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Ethtool flash update support (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Fix barrier usage after tx doorbell write (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Fix barrier usage after tx doorbell write (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Fix ref-cnt usage count (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Fix ref-cnt usage count (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Refactor ethtool rx classification flow (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Refactor ethtool rx classification flow (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Support flow classification to the VFs (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Support flow classification to the VFs (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Use NETIF_F_GRO_HW (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Use NETIF_F_GRO_HW (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Validate unsupported configurations (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Validate unsupported configurations (bsc#1086314 bsc#1086313 bsc#1086301). - qede: fix spelling mistake: 'registeration' -> 'registration' (bsc#1086314 bsc#1086313 bsc#1086301). - qede: fix spelling mistake: 'registeration' -> 'registration' (bsc#1086314 bsc#1086313 bsc#1086301). - qedr: Fix spelling mistake: 'hanlde' -> 'handle' (bsc#1086314 bsc#1086313 bsc#1086301). - qedr: Fix spelling mistake: 'hanlde' -> 'handle' (bsc#1086314 bsc#1086313 bsc#1086301). - qlogic/qed: Constify *pkt_type_str (bsc#1086314 bsc#1086313 bsc#1086301). - qlogic/qed: Constify *pkt_type_str (bsc#1086314 bsc#1086313 bsc#1086301). - qlogic: check kstrtoul() for errors (bsc#1050540). - qlogic: check kstrtoul() for errors (bsc#1050540). - qmi_wwan: add support for Quectel EG91 (bsc#1051510). - qmi_wwan: add support for the Dell Wireless 5821e module (bsc#1051510). - qmi_wwan: fix interface number for DW5821e production firmware (bsc#1051510). - qmi_wwan: set FLAG_SEND_ZLP to avoid network initiated disconnect (bsc#1051510). - r8152: fix tx packets accounting (bsc#1051510). - r8152: napi hangup fix after disconnect (bsc#1051510). - r8169: Be drop monitor friendly (bsc#1051510). - rbd: flush rbd_dev->watch_dwork after watch is unregistered (bsc#1103216). - rdma/cma: Do not query GID during QP state transition to RTR (bsc#1046306). - rdma/cma: Do not query GID during QP state transition to RTR (bsc#1046306). - rdma/cma: Fix use after destroy access to net namespace for IPoib (bsc#1046306). - rdma/cma: Fix use after destroy access to net namespace for IPoib (bsc#1046306). - rdma/cxgb4: Use structs to describe the uABI instead of opencoding (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - rdma/cxgb4: release hw resources on device removal (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - rdma/i40iw: Avoid panic when objects are being created and destroyed (bsc#1058659). - rdma/i40iw: Avoid panic when objects are being created and destroyed (bsc#1058659). - rdma/i40iw: Avoid reference leaks when processing the AEQ (bsc#1058659). - rdma/i40iw: Avoid reference leaks when processing the AEQ (bsc#1058659). - rdma/ipoib: Update paths on CLIENT_REREG/SM_CHANGE events (bsc#1046307). - rdma/ipoib: Update paths on CLIENT_REREG/SM_CHANGE events (bsc#1046307). - rdma/iwpm: fix memory leak on map_info (bsc#1046306). - rdma/iwpm: fix memory leak on map_info (bsc#1046306). - rdma/mlx4: Discard unknown SQP work requests (bsc#1046302). - rdma/mlx4: Discard unknown SQP work requests (bsc#1046302). - rdma/mlx5: Do not assume that medium blueFlame register exists (bsc#1046305). - rdma/mlx5: Do not assume that medium blueFlame register exists (bsc#1046305). - rdma/mlx5: Fix NULL dereference while accessing XRC_TGT QPs (bsc#1046305). - rdma/mlx5: Fix NULL dereference while accessing XRC_TGT QPs (bsc#1046305). - rdma/mlx5: Fix memory leak in mlx5_ib_create_srq() error path (bsc#1046305). - rdma/mlx5: Fix memory leak in mlx5_ib_create_srq() error path (bsc#1046305). - rdma/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow (bsc#1046305). - rdma/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow (bsc#1046305). - rdma/mlx5: Protect from shift operand overflow (bsc#1046305). - rdma/mlx5: Protect from shift operand overflow (bsc#1046305). - rdma/mlx5: Use proper spec flow label type (bsc#1046305). - rdma/mlx5: Use proper spec flow label type (bsc#1046305). - rdma/qedr: Annotate iomem pointers correctly (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Annotate iomem pointers correctly (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Declare local functions static (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Declare local functions static (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix doorbell bar mapping for dpi > 1 (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix doorbell bar mapping for dpi > 1 (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix endian problems around imm_data (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix endian problems around imm_data (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix iWARP connect with port mapper (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix iWARP connect with port mapper (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix iWARP write and send with immediate (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix iWARP write and send with immediate (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix ipv6 destination address resolution (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix ipv6 destination address resolution (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix kernel panic when running fio over NFSordma (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix kernel panic when running fio over NFSordma (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix wmb usage in qedr (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix wmb usage in qedr (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Remove set-but-not-used variables (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Remove set-but-not-used variables (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Use NULL instead of 0 to represent a pointer (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Use NULL instead of 0 to represent a pointer (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Use zeroing memory allocator than allocator/memset (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Use zeroing memory allocator than allocator/memset (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Zero stack memory before copying to user space (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Zero stack memory before copying to user space (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: eliminate duplicate barriers on weakly-ordered archs (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: eliminate duplicate barriers on weakly-ordered archs (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: lower print level of flushed CQEs (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: lower print level of flushed CQEs (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/ucma: Do not allow setting rdma_OPTION_ib_PATH without an rdma device (bsc#1046306). - rdma/ucma: Do not allow setting rdma_OPTION_ib_PATH without an rdma device (bsc#1046306). - rdma/ucma: ucma_context reference leak in error path (bsc#1046306). - rdma/ucma: ucma_context reference leak in error path (bsc#1046306). - rdma/uverbs: Protect from attempts to create flows on unsupported QP (bsc#1046306). - rdma/uverbs: Protect from attempts to create flows on unsupported QP (bsc#1046306). - rdma/uverbs: Use an unambiguous errno for method not supported (bsc#1046306). - rdma/uverbs: Use an unambiguous errno for method not supported (bsc#1046306). - regulator: max8998: Fix platform data retrieval (bsc#1051510). - regulator: qcom_spmi: Include offset when translating voltages (bsc#1051510). - regulator: tps65218: Fix strobe assignment (bsc#1051510). - rpm/kernel-source.spec.in: Add more stuff to Recommends ... and move bc to Recommends as well. All these packages are needed for building a kernel manually from scratch with kernel-source files. - rpm/kernel-source.spec.in: require bc for kernel-source This is needed for building include/generated/timeconst.h from kernel/time/timeconst.bc. - rtc: ac100: Fix ac100 determine rate bug (bsc#1051510). - rtc: pxa: fix probe function (bsc#1051510). - rtlwifi: Fix kernel Oops 'Fw download fail!!' (bsc#1051510). - rtlwifi: rtl8821ae: fix firmware is not ready to run (bsc#1051510). - rtnetlink: validate attributes in do_setlink() (networking-stable-18_06_08). - s390/crc32-vx: use expoline for indirect branches (git-fixes f19fbd5ed6). - s390/ftrace: use expoline for indirect branches (git-fixes f19fbd5ed6). - s390/gs: add compat regset for the guarded storage broadcast control block (git-fixes e525f8a6e696). - s390/kernel: use expoline for indirect branches (git-fixes f19fbd5ed6). - s390/lib: use expoline for indirect branches (git-fixes f19fbd5ed6). - s390/qdio: do not retry EQBS after CCQ 96 (bsc#1102088, LTC#169699). - s390/qeth: fix error handling in adapter command callbacks (bsc#1102088, LTC#169699). - s390/qeth: fix race when setting MAC address (bnc#1093148, LTC#167307). - s390: Correct register corruption in critical section cleanup (git-fixes 6dd85fbb87). - s390: add assembler macros for CPU alternatives (git-fixes f19fbd5ed6). - s390: correct module section names for expoline code revert (git-fixes f19fbd5ed6). - s390: extend expoline to BC instructions (git-fixes, bsc#1103421). - s390: move expoline assembler macros to a header (git-fixes f19fbd5ed6). - s390: move spectre sysfs attribute code (bsc#1090098). - s390: optimize memset implementation (git-fixes f19fbd5ed6). - s390: remove indirect branch from do_softirq_own_stack (git-fixes f19fbd5ed6). - s390: use expoline thunks in the BPF JIT (git-fixes, bsc#1103421). - sched/core: Optimize ttwu_stat() (bnc#1101669 optimise numa balancing for fast migrate). - sched/core: Optimize update_stats_*() (bnc#1101669 optimise numa balancing for fast migrate). - scripts/dtc: fix '%zx' warning (bsc#1051510). - scripts/gdb/linux/tasks.py: fix get_thread_info (bsc#1051510). - scripts/git_sort/git_sort.py: Add 'nvme-4.18' to the list of repositories - scripts/git_sort/git_sort.py: add modules-next tree - scripts/kernel-doc: Do not fail with status != 0 if error encountered with -none (bsc#1051510). - scsi: aacraid: Correct hba_send to include iu_type (bsc#1077989). - scsi: core: clean up generated file scsi_devinfo_tbl.c (bsc#1077989). - scsi: cxgb4i: silence overflow warning in t4_uld_rx_handler() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - scsi: megaraid_sas: Do not log an error if FW successfully initializes (bsc#1077989). - scsi: qla2xxx: Fix inconsistent DMA mem alloc/free (bsc#1077989). - scsi: qla2xxx: Fix kernel crash due to late workqueue allocation (bsc#1077338). - scsi: zfcp: fix infinite iteration on ERP ready list (bsc#1102088, LTC#169699). - scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed (bsc#1102088, LTC#169699). - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED (bsc#1102088, LTC#169699). - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread (bsc#1102088, LTC#169699). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return (bsc#1102088, LTC#169699). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED (bsc#1102088, LTC#169699). - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler (bsc#1102088, LTC#169699). - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF (bsc#1102088, LTC#169699). - sctp: not allow transport timeout value less than HZ/5 for hb_timer (networking-stable-18_06_08). - serial: earlycon: Only try fdt when specify 'earlycon' exactly (bsc#1051510). - serial: imx: drop if that always evaluates to true (bsc#1051510). - serial: pxa: Fix out-of-bounds access through serial port index (bsc#1051510). - serial: sh-sci: Update warning message in sci_request_dma_chan() (bsc#1051510). - serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version (bsc#1051510). - serial: sirf: Fix out-of-bounds access through DT alias (bsc#1051510). - sfc: stop the TX queue before pushing new buffers (bsc#1058169). - sfc: stop the TX queue before pushing new buffers (bsc#1058169). - smsc75xx: Add workaround for gigabit link up hardware errata (bsc#1051510). - smsc75xx: fix smsc75xx_set_features() (bsc#1051510). - smsc95xx: Configure pause time to 0xffff when tx flow control enabled (bsc#1051510). - socket: close race condition between sock_close() and sockfs_setattr() (networking-stable-18_06_20). - spi: bcm-qspi: fIX some error handling paths (bsc#1051510). - spi: core: Fix devm_spi_register_master() function name in kerneldoc (bsc#1051510). - spi: pxa2xx: Do not touch CS pin until we have a transfer pending (bsc#1051510). - spi: sh-msiof: Fix bit field overflow writes to TSCR/RSCR (bsc#1051510). - staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write() (bsc#1051510). - staging: fbtft: array underflow in fbtft_request_gpios_match() (bsc#1051510). - staging: iio: ade7759: fix signed extension bug on shift of a u8 (bsc#1051510). - staging: rtl8723bs: Prevent an underflow in rtw_check_beacon_data() (bsc#1051510). - staging: rtl8723bs: add missing range check on id (bsc#1051510). - staging: rtl8723bs: fix u8 less than zero check (bsc#1051510). - staging: rts5208: Fix 'seg_no' calculation in reset_ms_card() (bsc#1051510). - staging: sm750fb: Fix parameter mistake in poke32 (bsc#1051510). - staging:iio:ade7854: Fix error handling on read/write (bsc#1051510). - staging:iio:ade7854: Fix the wrong number of bits to read (bsc#1051510). - tcp: verify the checksum of the first data segment in a new connection (networking-stable-18_06_20). - team: use netdev_features_t instead of u32 (networking-stable-18_06_08). - thermal/drivers/hisi: Fix kernel panic on alarm interrupt (bsc#1051510). - thermal/drivers/hisi: Fix missing interrupt enablement (bsc#1051510). - thermal/drivers/hisi: Fix multiple alarm interrupts firing (bsc#1051510). - thermal/drivers/hisi: Simplify the temperature/step computation (bsc#1051510). - thermal: bcm2835: fix an error code in probe() (bsc#1051510). - thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies (bsc#1051510). - time: Make sure jiffies_to_msecs() preserves non-zero time periods (bsc#1051510). - timekeeping: Use proper timekeeper for debug code (bsc#1051510). - tools lib traceevent: Fix get_field_str() for dynamic strings (bsc#1051510). - tools lib traceevent: Simplify pointer print logic and fix %pF (bsc#1051510). - tools/lib/lockdep: Define the ARRAY_SIZE() macro (bsc#1051510). - tools/lib/lockdep: Fix undefined symbol prandom_u32 (bsc#1051510). - tools/libbpf: handle issues with bpf ELF objects containing .eh_frames (bsc#1051510). - tools/power turbostat: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1051510). - tools/thermal: tmon: fix for segfault (bsc#1051510). - tools/usbip: fixes build with musl libc toolchain (bsc#1051510). - ubi: fastmap: Correctly handle interrupted erasures in EBA (bsc#1051510). - ubifs: Fix data node size for truncating uncompressed nodes (bsc#1051510). - ubifs: Fix potential integer overflow in allocation (bsc#1051510). - ubifs: Fix uninitialized variable in search_dh_cookie() (bsc#1051510). - ubifs: Fix unlink code wrt. double hash lookups (bsc#1051510). - udp: fix rx queue len reported by diag and proc interface (networking-stable-18_06_20). - usb-storage: Add compatibility quirk flags for G-Technologies G-Drive (bsc#1051510). - usb-storage: Add support for FL_ALWAYS_SYNC flag in the UAS driver (bsc#1051510). - usb/gadget: Fix 'high bandwidth' check in usb_gadget_ep_match_desc() (bsc#1051510). - usb: Increment wakeup count on remote wakeup (bsc#1051510). - usb: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM (bsc#1087092). - usb: audio-v2: Correct the comment for struct uac_clock_selector_descriptor (bsc#1051510). - usb: cdc_acm: Add quirk for Castles VEGA3000 (bsc#1051510). - usb: cdc_acm: Add quirk for Uniden UBC125 scanner (bsc#1051510). - usb: cdc_acm: prevent race at write to acm while system resumes (bsc#1087092). - usb: core: handle hub C_PORT_OVER_CURRENT condition (bsc#1051510). - usb: do not reset if a low-speed or full-speed device timed out (bsc#1051510). - usb: dwc2: Fix DMA alignment to start at allocated boundary (bsc#1051510). - usb: dwc2: Fix dwc2_hsotg_core_init_disconnected() (bsc#1051510). - usb: dwc2: Improve gadget state disconnection handling (bsc#1085539). - usb: dwc2: debugfs: Do not touch RX FIFO during register dump (bsc#1051510). - usb: dwc2: fix the incorrect bitmaps for the ports of multi_tt hub (bsc#1051510). - usb: dwc2: hcd: Fix host channel halt flow (bsc#1051510). - usb: dwc2: host: Fix transaction errors in host mode (bsc#1051510). - usb: dwc3: Add SoftReset PHY synchonization delay (bsc#1051510). - usb: dwc3: Fix GDBGFIFOSPACE_TYPE values (bsc#1051510). - usb: dwc3: Makefile: fix link error on randconfig (bsc#1051510). - usb: dwc3: Undo PHY init if soft reset fails (bsc#1051510). - usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields (bsc#1051510). - usb: dwc3: ep0: Reset TRB counter for ep0 IN (bsc#1051510). - usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue (bsc#1051510). - usb: dwc3: gadget: Set maxpacket size for ep0 IN (bsc#1051510). - usb: dwc3: of-simple: fix use-after-free on remove (bsc#1051510). - usb: dwc3: omap: do not miss events during suspend/resume (bsc#1051510). - usb: dwc3: pci: Properly cleanup resource (bsc#1051510). - usb: dwc3: prevent setting PRTCAP to OTG from debugfs (bsc#1051510). - usb: gadget: bdc: 64-bit pointer capability check (bsc#1051510). - usb: gadget: composite: fix incorrect handling of OS desc requests (bsc#1051510). - usb: gadget: core: Fix use-after-free of usb_request (bsc#1051510). - usb: gadget: dummy: fix nonsensical comparisons (bsc#1051510). - usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb() (bsc#1051510). - usb: gadget: f_fs: Only return delayed status when len is 0 (bsc#1051510). - usb: gadget: f_fs: Process all descriptors during bind (bsc#1051510). - usb: gadget: f_fs: Use config_ep_by_speed() (bsc#1051510). - usb: gadget: f_mass_storage: Fix the logic to iterate all common->luns (bsc#1051510). - usb: gadget: f_midi: fixing a possible double-free in f_midi (bsc#1051510). - usb: gadget: f_uac2: fix bFirstInterface in composite gadget (bsc#1051510). - usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' (bsc#1051510). - usb: gadget: f_uac2: fix error handling in afunc_bind (again) (bsc#1051510). - usb: gadget: ffs: Execute copy_to_user() with USER_DS set (bsc#1051510). - usb: gadget: ffs: Let setup() return usb_GADGET_DELAYED_STATUS (bsc#1051510). - usb: gadget: fsl_udc_core: fix ep valid checks (bsc#1051510). - usb: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe() (bsc#1051510). - usb: gadget: udc: change comparison to bitshift when dealing with a mask (bsc#1051510). - usb: gadget: udc: core: update usb_ep_queue() documentation (bsc#1051510). - usb: gadget: udc: renesas_usb3: disable the controller's irqs for reconnecting (bsc#1051510). - usb: host: ehci: use correct device pointer for dma ops (bsc#1087092). - usb: host: xhci-plat: revert 'usb: host: xhci-plat: enable clk in resume timing' (bsc#1051510). - usb: ldusb: add PIDs for new CASSY devices supported by this driver (bsc#1051510). - usb: musb: Fix external abort in musb_remove on omap2430 (bsc#1051510). - usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers (bsc#1051510). - usb: musb: fix enumeration after resume (bsc#1051510). - usb: musb: fix remote wakeup racing with suspend (bsc#1051510). - usb: musb: gadget: misplaced out of bounds check (bsc#1051510). - usb: musb: host: fix potential NULL pointer dereference (bsc#1051510). - usb: musb: trace: fix NULL pointer dereference in musb_g_tx() (bsc#1051510). - usb: option: Add support for FS040U modem (bsc#1087092). - usb: quirks: add delay quirks for Corsair Strafe (bsc#1051510). - usb: serial: ch341: fix type promotion bug in ch341_control_in() (bsc#1051510). - usb: serial: cp210x: add CESINEL device ids (bsc#1051510). - usb: serial: cp210x: add ELDAT Easywave RX09 id (bsc#1051510). - usb: serial: cp210x: add ID for NI usb serial console (bsc#1051510). - usb: serial: cp210x: add Silicon Labs IDs for Windows Update (bsc#1051510). - usb: serial: cp210x: add another usb ID for Qivicon ZigBee stick (bsc#1051510). - usb: serial: ftdi_sio: add RT Systems VX-8 cable (bsc#1051510). - usb: serial: ftdi_sio: add support for Harman FirmwareHubEmulator (bsc#1051510). - usb: serial: ftdi_sio: use jtag quirk for Arrow usb Blaster (bsc#1051510). - usb: serial: keyspan_pda: fix modem-status error handling (bsc#1100132). - usb: serial: mos7840: fix status-register error handling (bsc#1051510). - usb: serial: option: Add support for Quectel EP06 (bsc#1051510). - usb: serial: option: adding support for ublox R410M (bsc#1051510). - usb: serial: option: reimplement interface masking (bsc#1051510). - usb: serial: simple: add libtransistor console (bsc#1051510). - usb: serial: visor: handle potential invalid device configuration (bsc#1051510). - usb: yurex: fix out-of-bounds uaccess in read handler (bsc#1100132). - usbip: Correct maximum value of CONFIG_usbIP_VHCI_HC_PORTS (bsc#1051510). - usbip: usbip_event: fix to not print kernel pointer address (bsc#1051510). - usbip: usbip_host: refine probe and disconnect debug msgs to be useful (bsc#1051510). - usbip: vhci_hcd: Fix usb device and sockfd leaks (bsc#1051510). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1051510). - vfio/pci: Fix potential Spectre v1 (bsc#1051510). - vfio/spapr: Use IOMMU pageshift rather than pagesize (bsc#1077761, git-fixes). - vhost: synchronize IOTLB message with dev cleanup (networking-stable-18_06_08). - video/omap: add module license tags (bsc#1090888). - video: remove unused kconfig SH_LCD_MIPI_DSI (bsc#1087092). - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS (bsc#1051510). - virtio-net: correctly transmit XDP buff after linearizing (networking-stable-18_06_08). - virtio-net: fix leaking page for gso packet during mergeable XDP (networking-stable-18_06_08). - virtio-net: fix module unloading (bsc#1051510). - virtio_net: Disable interrupts if napi_complete_done rescheduled napi (bsc#1051510). - virtio_net: fix XDP code path in receive_small() (bsc#1051510). - vmcore: add API to collect hardware dump in second kernel (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - vrf: check the original netdevice for generating redirect (networking-stable-18_06_08). - wlcore: add missing nvs file name info for wilink8 (bsc#1051510). - x.509: unpack RSA signatureValue field from BIT STRING (bsc#1051510). - x86/efi: Access EFI MMIO data as unencrypted when SEV is active (bsc#1099193). - xen/grant-table: log the lack of grants (bnc#1085042). - xhci: Fix kernel oops in trace_xhci_free_virt_device (bsc#1100132). - xhci: Fix usb3 NULL pointer dereference at logical disconnect (bsc#1090888). - xhci: Fix use-after-free in xhci_free_virt_device (bsc#1100132). - xhci: revert 'xhci: plat: Register shutdown for xhci_plat' (bsc#1090888). - xhci: xhci-mem: off by one in xhci_stream_id_to_ring() (bsc#1100132). ----------------------------------------- Patch: SUSE-2018-1509 Released: Tue Aug 7 09:39:07 2018 Summary: Security update for clamav Severity: moderate References: 1101410,1101412,1101654,1103040,CVE-2018-0360,CVE-2018-0361 Description: This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) - Buffer over-read in unRAR code due to missing max value checks in table initialization - Libmspack heap buffer over-read in CHM parser (bsc#1103040) - PDF parser bugs The following other changes were made: - Disable YARA support for licensing reasons (bsc#1101654). - Add HTTPS support for clamsubmit - Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only ----------------------------------------- Patch: SUSE-2018-1536 Released: Fri Aug 10 11:35:56 2018 Summary: Security update for MozillaFirefox Severity: important References: 1092548,1096449,1098998,CVE-2018-12359,CVE-2018-12360,CVE-2018-12362,CVE-2018-12363,CVE-2018-12364,CVE-2018-12365,CVE-2018-12366,CVE-2018-12368,CVE-2018-5150,CVE-2018-5154,CVE-2018-5155,CVE-2018-5156,CVE-2018-5157,CVE-2018-5158,CVE-2018-5159,CVE-2018-5168,CVE-2018-5178,CVE-2018-5183,CVE-2018-5188,CVE-2018-6126 Description: This update for MozillaFirefox to the 52.9 ESR release fixes the following issues: These security issues were fixed: - Firefox ESR 52.9: - CVE-2018-5188 Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9 (bsc#1098998). - CVE-2018-12368 No warning when opening executable SettingContent-ms files (bsc#1098998). - CVE-2018-12366 Invalid data handling during QCMS transformations (bsc#1098998). - CVE-2018-12365 Compromised IPC child process can list local filenames (bsc#1098998). - CVE-2018-12364 CSRF attacks through 307 redirects and NPAPI plugins (bsc#1098998). - CVE-2018-12363 Use-after-free when appending DOM nodes (bsc#1098998). - CVE-2018-12362 Integer overflow in SSSE3 scaler (bsc#1098998). - CVE-2018-12360 Use-after-free when using focus() (bsc#1098998). - CVE-2018-5156 Media recorder segmentation fault when track type is changed during capture (bsc#1098998). - CVE-2018-12359 Buffer overflow using computed size of canvas element (bsc#1098998). - Firefox ESR 52.8: - CVE-2018-6126: Prevent heap buffer overflow in rasterizing paths in SVG with Skia (bsc#1096449). - CVE-2018-5183: Backport critical security fixes in Skia (bsc#1092548). - CVE-2018-5154: Use-after-free with SVG animations and clip paths (bsc#1092548). - CVE-2018-5155: Use-after-free with SVG animations and text paths (bsc#1092548). - CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files (bsc#1092548). - CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer (bsc#1092548). - CVE-2018-5159: Integer overflow and out-of-bounds write in Skia (bsc#1092548). - CVE-2018-5168: Lightweight themes can be installed without user interaction (bsc#1092548). - CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension (bsc#1092548). - CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 (bsc#1092548). These non-security issues were fixed: - Various stability and regression fixes - Performance improvements to the Safe Browsing service to avoid slowdowns while updating site classification data ----------------------------------------- Patch: SUSE-2018-1539 Released: Fri Aug 10 11:39:36 2018 Summary: Security update for wireshark Severity: moderate References: 1101776,1101777,1101786,1101788,1101791,1101794,1101800,1101802,1101804,1101810,CVE-2018-14339,CVE-2018-14340,CVE-2018-14341,CVE-2018-14342,CVE-2018-14343,CVE-2018-14344,CVE-2018-14367,CVE-2018-14368,CVE-2018-14369,CVE-2018-14370 Description: This update for wireshark fixes the following issues: Security issues fixed: - CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, bsc#1101777) - CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, bsc#1101788) - CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, bsc#1101804) - CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, bsc#1101786) - CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, bsc#1101810) - CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, bsc#1101776) - CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, bsc#1101794) - CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, bsc#1101800) - CVE-2018-14367: CoAP dissector crash (wnpa-sec-2018-42, bsc#1101791) - CVE-2018-14370: IEEE 802.11 dissector crash (wnpa-sec-2018-43, bsc#1101802) Bug fixes: - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.8.html ----------------------------------------- Patch: SUSE-2018-1555 Released: Tue Aug 14 11:53:06 2018 Summary: Security update for samba Severity: important References: 1095048,1095056,1095057,1103411,1103414,CVE-2018-10858,CVE-2018-10918,CVE-2018-10919,CVE-2018-1139,CVE-2018-1140 Description: This update for samba fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-1139: Disable NTLMv1 auth if smb.conf doesn't allow it; (bsc#1095048) - CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes; (bsc#1095056) - CVE-2018-10919: Confidential attribute disclosure via substring search; (bsc#1095057) - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow; (bsc#1103411) - CVE-2018-10918: Fix NULL ptr dereference in DsCrackNames on a user without a SPN; (bsc#1103414) ----------------------------------------- Patch: SUSE-2018-1580 Released: Wed Aug 15 17:31:46 2018 Summary: Security update to ucode-intel Severity: important References: 1087082,1087083,1089343,1104134,CVE-2018-3639,CVE-2018-3640,CVE-2018-3646 Description: ucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5 ----------------------------------------- Patch: SUSE-2018-1614 Released: Thu Aug 16 14:29:52 2018 Summary: Security update for the Linux Kernel Severity: important References: 1051510,1051979,1066110,1077761,1086274,1086314,1087081,1089343,1099811,1099813,1099844,1099845,1099846,1099849,1099858,1099863,1099864,1100132,1101116,1101331,1101669,1101828,1101832,1101833,1101837,1101839,1101841,1101843,1101844,1101845,1101847,1101852,1101853,1101867,1101872,1101874,1101875,1101882,1101883,1101885,1101887,1101890,1101891,1101893,1101895,1101896,1101900,1101902,1101903,1102633,1102658,1103097,1103356,1103421,1103517,1103723,1103724,1103725,1103726,1103727,1103728,1103729,1103730,1103917,1103920,1103948,1103949,1104066,1104111,1104174,1104211,1104319,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-3620,CVE-2018-3646,CVE-2018-5391 Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-5391 aka 'FragmentSmack': A flaw in the IP packet reassembly could be used by remote attackers to consume lots of CPU time (bnc#1103097). - CVE-2018-10876: A flaw was found in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. (bnc#1099811) - CVE-2018-10877: The ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. (bnc#1099846) - CVE-2018-10878: A flaw was found in the ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. (bnc#1099813) - CVE-2018-10879: A flaw was found in the ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. (bnc#1099844) - CVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service. (bnc#1099845) - CVE-2018-10881: A flaw was found in the ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099864) - CVE-2018-10882: A flaw was found in the ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image. (bnc#1099849) - CVE-2018-10883: A flaw was found in the ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099863) The following non-security bugs were fixed: - acpi / lpss: Only call pwm_add_table() for Bay Trail PWM if PMIC HRV is 2 (bsc#1051510). - af_key: Always verify length of provided sadb_key (bsc#1051510). - af_key: fix buffer overread in parse_exthdrs() (bsc#1051510). - af_key: fix buffer overread in verify_address_len() (bsc#1051510). - afs: Fix directory permissions check (bsc#1101828). - agp: uninorth: make two functions static (bsc#1051510). - alsa: emu10k1: add error handling for snd_ctl_add (bsc#1051510). - alsa: emu10k1: Rate-limit error messages about page errors (bsc#1051510). - alsa: fm801: add error handling for snd_ctl_add (bsc#1051510). - alsa: usb-audio: Apply rate limit to warning messages in URB complete callback (bsc#1051510). - arm64: Correct type for PUD macros (bsc#1103723). - arm64: Disable unhandled signal log messages by default (bsc#1103724). - arm64: kvm: fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1103725). - arm64: mm: Fix set_memory_valid() declaration (bsc#1103726). - arm64: perf: correct PMUVer probing (bsc#1103727). - arm64: ptrace: Avoid setting compat FPR to garbage if get_user fails (bsc#1103728). - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics (bsc#1103729). - arm64: vdso: fix clock_getres for 4GiB-aligned res (bsc#1103730). - arm: 8715/1: add a private asm/unaligned.h (bsc#1051510). - arm: 8720/1: ensure dump_instr() checks addr_limit (bsc#1051510). - arm: 8721/1: mm: dump: check hardware RO bit for LPAE (bsc#1051510). - arm: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE (bsc#1051510). - arm: 8731/1: Fix csum_partial_copy_from_user() stack mismatch (bsc#1051510). - arm: 8743/1: bL_switcher: add MODULE_LICENSE tag (bsc#1051510). - arm: 8746/1: vfp: Go back to clearing vfp_current_hw_state[] (bsc#1051510). - arm: 8748/1: mm: Define vdso_start, vdso_end as array (bsc#1051510). - arm: 8753/1: decompressor: add a missing parameter to the addruart macro (bsc#1051510). - arm: 8758/1: decompressor: restore r1 and r2 just before jumping to the kernel (bsc#1051510). - arm: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size (bsc#1051510). - arm: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed (bsc#1051510). - arm: 8770/1: kprobes: Prohibit probing on optimized_callback (bsc#1051510). - arm: 8771/1: kprobes: Prohibit kprobes on do_undefinstr (bsc#1051510). - arm: 8772/1: kprobes: Prohibit kprobes on get_user functions (bsc#1051510). - arm: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function (bsc#1051510). - arm: amba: Fix race condition with driver_override (bsc#1051510). - arm: amba: Fix wrong indentation in driver_override_store() (bsc#1051510). - arm: amba: Make driver_override output consistent with other buses (bsc#1051510). - arm: at91: do not select CONFIG_ARM_CPU_SUSPEND for old platforms (bsc#1051510). - arm: avoid faulting on qemu (bsc#1051510). - arm: BUG if jumping to usermode address in kernel mode (bsc#1051510). - arm-ccn: perf: Prevent module unload while PMU is in use (bsc#1051510). - arm: davinci: Add dma_mask to dm365's eDMA device (bsc#1051510). - arm: davinci: board-da830-evm: fix GPIO lookup for MMC/SD (bsc#1051510). - arm: davinci: board-da850-evm: fix GPIO lookup for MMC/SD (bsc#1051510). - arm: davinci: board-da850-evm: fix WP pin polarity for MMC/SD (bsc#1051510). - arm: davinci: board-dm355-evm: fix broken networking (bsc#1051510). - arm: davinci: board-dm646x-evm: pass correct I2C adapter id for VPIF (bsc#1051510). - arm: davinci: board-dm646x-evm: set VPIF capture card name (bsc#1051510). - arm: davinci: board-omapl138-hawk: fix GPIO numbers for MMC/SD lookup (bsc#1051510). - arm: davinci: dm646x: fix timer interrupt generation (bsc#1051510). - arm: davinci: fix mmc entries in dm365's dma_slave_map (bsc#1051510). - arm: davinci: fix the GPIO lookup for omapl138-hawk (bsc#1051510). - arm: davinci: Use platform_device_register_full() to create pdev for dm365's eDMA (bsc#1051510). - arm: DRA722: remove redundant definition of 1.0 device (bsc#1051510). - arm: fix return value of parse_cpu_capacity (bsc#1051510). - arm: kexec: fix failure to boot crash kernel (bsc#1051510). - arm: kexec: fix kdump register saving on panic() (bsc#1051510). - arm: keystone: fix platform_domain_notifier array overrun (bsc#1051510). - arm: kvm: fix building with gcc-8 (bsc#1051510). - arm: multi_v7_defconfig: Replace DRM_RCAR_HDMI by generic bridge options (bsc#1051510). - arm: multi_v7_defconfig: Replace SND_SOC_RSRC_CARD by SND_SIMPLE_SCU_CARD (bsc#1051510). - arm: mvebu: Fix broken PL310_ERRATA_753970 selects (bsc#1051510). - arm: OMAP1: clock: Fix debugfs_create_*() usage (bsc#1051510). - arm: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context (bsc#1051510). - arm: omap2: hide omap3_save_secure_ram on non-OMAP3 builds (bsc#1051510). - arm: OMAP2+: omap_device: drop broken RPM status update from suspend_noirq (bsc#1051510). - arm: OMAP2+: powerdomain: use raw_smp_processor_id() for trace (bsc#1051510). - arm: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt (bsc#1051510). - arm: OMAP3: Fix prm wake interrupt for resume (bsc#1051510). - arm: OMAP3: hwmod_data: add missing module_offs for MMC3 (bsc#1051510). - arm: OMAP3+: PRM: fix of_irq_get() result check (bsc#1051510). - arm: OMAP4+: PRM: fix of_irq_get() result checks (bsc#1051510). - arm: OMAP: Fix dmtimer init for omap1 (bsc#1051510). - arm: OMAP: Fix SRAM W+X mapping (bsc#1051510). - arm: orion5x: Revert commit 4904dbda41c8 (bsc#1051510). - arm: orion: fix orion_ge00_switch_board_info initialization (bsc#1051510). - arm: pxa: select both FB and FB_W100 for eseries (bsc#1051510). - arm: pxa/tosa-bt: add MODULE_LICENSE tag (bsc#1051510). - arm: remove wrong CONFIG_PROC_SYSCTL ifdef (bsc#1051510). - arm: s3c24xx: Fix NAND ECC mode for mini2440 board (bsc#1051510). - arm: shmobile: defconfig: Enable missing PCIE_RCAR dependency (bsc#1051510). - arm: shmobile: defconfig: Replace DRM_RCAR_HDMI by generic bridge options (bsc#1051510). - arm: shmobile: defconfig: Replace SND_SOC_RSRC_CARD by SND_SIMPLE_SCU_CARD (bsc#1051510). - arm: shmobile: defconfig: Replace USB_XHCI_RCAR by USB_XHCI_PLATFORM (bsc#1051510). - arm: shmobile: rcar-gen2: Fix deadlock in regulator quirk (bsc#1051510). - arm: socfpga_defconfig: Remove QSPI Sector 4K size force (bsc#1051510). - arm: spear13xx: Fix dmas cells (bsc#1051510). - arm: sunxi_defconfig: Enable CMA (bsc#1051510). - arm: sunxi: fix the core number of V3s in sunxi README (bsc#1051510). - asoc: dpcm: fix BE dai not hw_free and shutdown (bsc#1051510). - asoc: topology: Add missing clock gating parameter when parsing hw_configs (bsc#1051510). - asoc: topology: Fix bclk and fsync inversion in set_link_hw_format() (bsc#1051510). - ata: do not schedule hot plug if it is a sas host (). - ath: Add regulatory mapping for APL13_WORLD (bsc#1051510). - ath: Add regulatory mapping for APL2_FCCA (bsc#1051510). - ath: Add regulatory mapping for Bahamas (bsc#1051510). - ath: Add regulatory mapping for Bermuda (bsc#1051510). - ath: Add regulatory mapping for ETSI8_WORLD (bsc#1051510). - ath: Add regulatory mapping for FCC3_ETSIC (bsc#1051510). - ath: Add regulatory mapping for Serbia (bsc#1051510). - ath: Add regulatory mapping for Tanzania (bsc#1051510). - ath: Add regulatory mapping for Uganda (bsc#1051510). - audit: fix potential null dereference 'context->module.name' (bsc#1051510). - backlight: pwm_bl: Do not use GPIOF_* with gpiod_get_direction (bsc#1051510). - bdi: Move cgroup bdi_writeback to a dedicated low concurrency workqueue (bsc#1101867). - befs_lookup(): use d_splice_alias() (bsc#1101844). - block: Fix transfer when chunk sectors exceeds max (bsc#1101874). - bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011 (bsc#1051510). - bluetooth: btusb: add ID for LiteOn 04ca:301a (bsc#1051510). - bluetooth: hci_qca: Fix 'Sleep inside atomic section' warning (bsc#1051510). - branch-check: fix long->int truncation when profiling branches (bsc#1101116,). - brcmfmac: Add support for bcm43364 wireless chipset (bsc#1051510). - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag (bsc#1099858). - cachefiles: Fix refcounting bug in backing-file read monitoring (bsc#1099858). - cachefiles: Wait rather than BUG'ing on 'Unexpected object collision' (bsc#1099858). - can: dev: increase bus-off message severity (bsc#1051510). - can: ems_usb: Fix memory leak on ems_usb_disconnect() (bsc#1051510). - can: m_can: change comparison to bitshift when dealing with a mask (bsc#1051510). - cdrom: do not call check_disk_change() inside cdrom_open() (bsc#1101872). - clk: at91: fix clk-generated compilation (bsc#1051510). - clk: renesas: cpg-mssr: Stop using printk format %pCr (bsc#1051510). - coccinelle: fix parallel build with CHECK=scripts/coccicheck (bsc#1051510). - compiler.h: enable builtin overflow checkers and add fallback code (bsc#1101116,). - cpufreq: intel_pstate: Limit the scope of HWP dynamic boost platforms (bsc#1066110). - cpu/hotplug: Make bringup/teardown of smp threads symmetric (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - crypto: authenc - do not leak pointers to authenc keys (bsc#1051510). - crypto: authencesn - do not leak pointers to authenc keys (bsc#1051510). - crypto: padlock-aes - Fix Nano workaround data corruption (bsc#1051510). - delayacct: fix crash in delayacct_blkio_end() after delayacct init failure (bsc#1104066). - dm: add writecache target (bsc#1101116,). - dm: prevent DAX mounts if not supported (bsc#1103917). - dm writecache: support optional offset for start of device (bsc#1101116,). - dm writecache: use 2-factor allocator arguments (bsc#1101116,). - doc: Add vendor prefix for Kieback & Peter GmbH (bsc#1051510). - drivers: soc: sunxi: fix error processing on base address when claiming (bsc#1051510). - drm: Add DP PSR2 sink enable bit (bsc#1051510). - drm/amdgpu: Remove VRAM from shared bo domains (bsc#1051510). - drm/atomic: Check old_plane_state->crtc in drm_atomic_helper_async_check() (bsc#1051510). - drm/atomic: Handling the case when setting old crtc for plane (bsc#1051510). - drm/atomic-helper: Drop plane->fb references only for drm_atomic_helper_shutdown() (bsc#1051510). - drm/atomic: Initialize variables in drm_atomic_helper_async_check() to make gcc happy (bsc#1051510). - drm/atomic: Make async plane update checks work as intended, v2 (bsc#1051510). - drm/atomic: Make atomic helper track newly assigned planes correctly, v2 (bsc#1051510). - drm/atomic: Make atomic iterators less surprising (bsc#1051510). - drm/dp/mst: Fix off-by-one typo when dump payload table (bsc#1051510). - drm/gma500: fix psb_intel_lvds_mode_valid()'s return type (bsc#1051510). - drm/nouveau/fifo/gk104-: poll for runlist update completion (bsc#1051510). - drm/radeon: fix mode_valid's return type (bsc#1051510). - drm: re-enable error handling (bsc#1051510). - drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats (bsc#1051510). - Enable / support pinctrl-lewisburg () - ext2: fix a block leak (bsc#1101875). - ext4: add more mount time checks of the superblock (bsc#1101900). - ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget() (bsc#1101896). - ext4: check superblock mapped prior to committing (bsc#1101902). - ext4: do not update s_last_mounted of a frozen fs (bsc#1101841). - ext4: factor out helper ext4_sample_last_mounted() (bsc#1101841). - ext4: fix check to prevent initializing reserved inodes (bsc#1104319). - ext4: fix fencepost error in check for inode count overflow during resize (bsc#1101853). - ext4: include the illegal physical block in the bad map ext4_error msg (bsc#1101903). - ext4: report delalloc reserve as non-free in statfs for project quota (bsc#1101843). - ext4: update mtime in ext4_punch_hole even if no blocks are released (bsc#1101895). - f2fs: call unlock_new_inode() before d_instantiate() (bsc#1101837). - fix io_destroy()/aio_complete() race (bsc#1101852). - Force log to disk before reading the AGF during a fstrim (bsc#1101893). - fs: allow per-device dax status checking for filesystems (bsc#1103917). - fscache: Allow cancelled operations to be enqueued (bsc#1099858). - fscache: Fix hanging wait on page discarded by writeback (bsc#1101885). - fscache: Fix reference overput in fscache_attach_object() error handling (bsc#1099858). - fs: clear writeback errors in inode_init_always (bsc#1101882). - fs: do not scan the inode cache before SB_BORN is set (bsc#1101883). - genirq: Check __free_irq() return value for NULL (bsc#1103517). - hid: hid-plantronics: Re-resend Update to map button for PTT products (bsc#1051510). - hid: i2c-hid: check if device is there before really probing (bsc#1051510). - hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close (bsc#1051510). - hv_netvsc: Ensure correct teardown message sequence order (). - hv/netvsc: fix handling of fallback to single queue mode (). - hv_netvsc: Fix net device attach on older Windows hosts (). - hv_netvsc: set master device (bsc#1051979). - hv_netvsc: Split netvsc_revoke_buf() and netvsc_teardown_gpadl() (). - hv_netvsc: split sub-channel setup into async and sync (). - hv_netvsc: Use Windows version instead of NVSP version on GPAD teardown (). - ibmasm: do not write out of bounds in read handler (bsc#1051510). - ibmvnic: Remove code to request error information (bsc#1104174). - ibmvnic: Revise RX/TX queue error messages (bsc#1101331). - ibmvnic: Update firmware error reporting with cause string (bsc#1104174). - input: elan_i2c - add ACPI ID for lenovo ideapad 330 (bsc#1051510). - input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST (bsc#1051510). - input: i8042 - add Lenovo LaVie Z to the i8042 reset list (bsc#1051510). - irqchip: brcmstb-l2: Define an irq_pm_shutdown function (bsc#1051510). - irqchip/gic: Take lock when updating irq type (bsc#1051510). - irqchip/gic-v3: Change pr_debug message to pr_devel (bsc#1051510). - irqchip/gic-v3: Fix the driver probe() fail due to disabled GICC entry (bsc#1051510). - irqchip/gic-v3: Ignore disabled ITS nodes (bsc#1051510). - irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq() (bsc#1051510). - irqchip/qcom: Fix check for spurious interrupts (bsc#1051510). - irqchip/qcom: Fix u32 comparison with value less than zero (bsc#1051510). - isofs: fix potential memory leak in mount option parsing (bsc#1101887). - iwlwifi: add more card IDs for 9000 series (bsc#1051510). - iwlwifi: pcie: fix race in Rx buffer allocator (bsc#1051510). - jump_label: Fix concurrent static_key_enable/disable() (bsc#1089343). - jump_label: Provide hotplug context variants (bsc#1089343). - jump_label: Reorder hotplug lock and jump_label_lock (bsc#1089343). - kabi protect bdev_dax_supported (bsc#1103917). - kabi protect struct ccw_device_private (bsc#1103421). - kabi/severities: do not complain on hisi_sas internal changes (). - kabi/severities: ignore x86_kvm_ops; lttng-modules would have to be adjusted in case they depend on this particular change - kbuild: add '-fno-stack-check' to kernel build options (bsc#1051510). - kbuild: Handle builtin dtb file names containing hyphens (bsc#1051510). - kbuild: pkg: use --transform option to prefix paths in tar (bsc#1051510). - kconfig: display recursive dependency resolution hint just once (bsc#1051510). - kmemleak: add scheduling point to kmemleak_scan() (bsc#1051510). - kvm: SVM: Add pause filter threshold (). - kvm: SVM: Implement pause loop exit logic in SVM (). - kvm: VMX: Bring the common code to header file (). - kvm: VMX: Fix the module parameters for vmx (). - kvm: VMX: Remove ple_window_actual_max (). - libata: add refcounting to ata_host (git-fixes). - libata: ensure host is free'd on error exit paths (git-fixes). - libnvdimm, dimm: fix dpa reservation vs uninitialized label area (git-fixes). - linvdimm, pmem: Preserve read-only setting for pmem devices (git-fixes). - media: media-device: fix ioctl function types (bsc#1051510). - media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open() (bsc#1051510). - media: saa7164: Fix driver name in debug output (bsc#1051510). - media: si470x: fix __be16 annotations (bsc#1051510). - media: siano: get rid of __le32/__le16 cast warnings (bsc#1051510). - media: tw686x: Fix incorrect vb2_mem_ops GFP flags (bsc#1051510). - mfd: cros_ec: Fail early if we cannot identify the EC (bsc#1051510). - mfd: fsl-imx25: Clean up irq settings during removal (bsc#1051510). - mfd: mxs-lradc: Fix error handling in mxs_lradc_probe() (bsc#1051510). - misc: pci_endpoint_test: Avoid triggering a BUG() (bsc#1051510). - mmc: dw_mmc: update actual clock for mmc debugfs (bsc#1051510). - mmc: pwrseq: Use kmalloc_array instead of stack VLA (bsc#1051510). - mm: fix __gup_device_huge vs unmap (bsc#1101839). - mm/kmemleak.c: make cond_resched() rate-limiting more efficient (bsc#1051510). - mwifiex: correct histogram data with appropriate index (bsc#1051510). - mwifiex: handle race during mwifiex_usb_disconnect (bsc#1051510). - nohz: Fix local_timer_softirq_pending() (bsc#1051510). - nvme: ensure forward progress during Admin passthru (git-fixes). - nvme-fabrics: Ignore nr_io_queues option for discovery controllers (bsc#1102633). - nvme: fixup crash on failed discovery (bsc#1103920). - nvme.h: fixup ANA group descriptor format (bsc#1104111). - nvme: use hw qid in trace events (bsc#1102633). - orangefs: report attributes_mask and attributes for statx (bsc#1101832). - orangefs: set i_size on new symlink (bsc#1101845). - overflow.h: Add allocation size calculation helpers (bsc#1101116,). - pci: pciehp: Assume NoCompl+ for Thunderbolt ports (bsc#1051510). - pci: pciehp: Request control of native hotplug only if supported (bsc#1051510). - pci: Prevent sysfs disable of device while driver is attached (bsc#1051510). - pinctrl: at91-pio4: add missing of_node_put (bsc#1051510). - pinctrl: intel: Add Intel Lewisburg GPIO support (). - pinctrl: nand: meson-gxl: fix missing data pins (bsc#1051510). - pmem: only set QUEUE_FLAG_DAX for fsdax mode (bsc#1103917). - qed*: Add link change count value to ethtool statistics display (bsc#1086314). - qed: Add qed APIs for PHY module query (bsc#1086314 ). - qed: Add srq core support for RoCE and iWARP (bsc#1086314 ). - qede: Add driver callbacks for eeprom module query (bsc#1086314 ). - qed: fix spelling mistake 'successffuly' -> 'successfully' (bsc#1086314). - qed: Make some functions static (bsc#1086314). - qed: remove redundant functions qed_get_cm_pq_idx_rl (bsc#1086314). - qed: remove redundant functions qed_set_gft_event_id_cm_hdr (bsc#1086314). - qed: remove redundant pointer 'name' (bsc#1086314). - qed: use dma_zalloc_coherent instead of allocator/memset (bsc#1086314). - qed*: Utilize FW 8.37.2.0 (bsc#1086314). - RDMA/qedr: Fix NULL pointer dereference when running over iWARP without RDMA-CM (bsc#1086314). - RDMA/qedr: fix spelling mistake: 'adrresses' -> 'addresses' (bsc#1086314). - RDMA/qedr: fix spelling mistake: 'failes' -> 'fails' (bsc#1086314). - regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops (bsc#1051510). - reiserfs: fix buffer overflow with long warning messages (bsc#1101847). - Revert 'drm/nouveau/drm/therm/fan: add a fallback if no fan control is specified in the vbios' (bsc#1103356). - s390/cio: clear timer when terminating driver I/O (bsc#1103421). - s390/cio: fix return code after missing interrupt (bsc#1103421). - s390/dasd: fix handling of internal requests (bsc#1103421). - s390/dasd: fix wrongly assigned configuration data (bsc#1103421). - s390/dasd: prevent prefix I/O error (bsc#1103421). - s390/eadm: fix CONFIG_BLOCK include dependency (bsc#1103421). - s390/ipl: ensure loadparm valid flag is set (bsc#1103421). - s390/pci: do not require AIS facility (bsc#1103421). - s390/qdio: do not release memory in qdio_setup_irq() (bsc#1103421). - sc16is7xx: Check for an error when the clock is enabled (bsc#1051510). - sched/fair: Consider RT/IRQ pressure in capacity_spare_wake() (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Fix find_idlest_group() when local group is not allowed (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Fix usage of find_idlest_group() when no groups are allowed (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Fix usage of find_idlest_group() when the local group is idlest (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Move select_task_rq_fair() slow-path into its own function (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Remove impossible condition from find_idlest_group_cpu() (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Remove unnecessary comparison with -1 (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Spare idle load balancing on nohz_full CPUs (bnc#1101669 optimise numa balancing for fast migrate). - sched/fair: Use 'unsigned long' for utilization, consistently (bnc#1101669 optimise numa balancing for fast migrate). - sched/smt: Update sched_smt_present at runtime (bsc#1089343). - scsi: ata: enhance the definition of SET MAX feature field value (). - scsi: hisi_sas: add an mechanism to do reset work synchronously (). - scsi: hisi_sas: add check of device in hisi_sas_task_exec() (). - scsi: hisi_sas: add internal abort dev in some places (). - scsi: hisi_sas: Add LED feature for v3 hw (). - scsi: hisi_sas: add RAS feature for v3 hw (). - scsi: hisi_sas: add readl poll timeout helper wrappers (). - scsi: hisi_sas: Add some checks to avoid free'ing a sas_task twice (). - scsi: hisi_sas: add some print to enhance debugging (). - scsi: hisi_sas: Add v2 hw force PHY function for internal ATA command (). - scsi: hisi_sas: add v2 hw port AXI error handling support (). - scsi: hisi_sas: add v3 hw MODULE_DEVICE_TABLE() (). - scsi: hisi_sas: add v3 hw suspend and resume (). - scsi: hisi_sas: allocate slot buffer earlier (). - scsi: hisi_sas: Change common allocation mode of device id (). - scsi: hisi_sas: Change frame type for SET MAX commands (). - scsi: hisi_sas: change ncq process for v3 hw (). - scsi: hisi_sas: change slot index allocation mode (). - scsi: hisi_sas: check host frozen before calling 'done' function (). - scsi: hisi_sas: check IPTT is valid before using it for v3 hw (). - scsi: hisi_sas: check sas_dev gone earlier in hisi_sas_abort_task() (). - scsi: hisi_sas: Code cleanup and minor bug fixes (). - scsi: hisi_sas: config ATA de-reset as an constrained command for v3 hw (). - scsi: hisi_sas: consolidate command check in hisi_sas_get_ata_protocol() (). - scsi: hisi_sas: Create a scsi_host_template per HW module (). - scsi: hisi_sas: delete timer when removing hisi_sas driver (). - scsi: hisi_sas: do link reset for some CHL_INT2 ints (). - scsi: hisi_sas: Do not lock DQ for complete task sending (). - scsi: hisi_sas: dt-bindings: add an property of signal attenuation (). - scsi: hisi_sas: fix a bug in hisi_sas_dev_gone() (). - scsi: hisi_sas: fix a typo in hisi_sas_task_prep() (). - scsi: hisi_sas: fix dma_unmap_sg() parameter (). - scsi: hisi_sas: fix PI memory size (). - scsi: hisi_sas: fix return value of hisi_sas_task_prep() (). - scsi: hisi_sas: Fix return value when get_free_slot() failed (). - scsi: hisi_sas: fix SAS_QUEUE_FULL problem while running IO (). - scsi: hisi_sas: fix the issue of link rate inconsistency (). - scsi: hisi_sas: fix the issue of setting linkrate register (). - scsi: hisi_sas: improve int_chnl_int_v2_hw() consistency with v3 hw (). - scsi: hisi_sas: Include TMF elements in struct hisi_sas_slot (). - scsi: hisi_sas: increase timer expire of internal abort task (). - scsi: hisi_sas: Init disks after controller reset (). - scsi: hisi_sas: initialize dq spinlock before use (). - scsi: hisi_sas: Introduce hisi_sas_phy_set_linkrate() (). - scsi: hisi_sas: judge result of internal abort (). - scsi: hisi_sas: make local symbol host_attrs static (). - scsi: hisi_sas: make return type of prep functions void (). - scsi: hisi_sas: make SAS address of SATA disks unique (). - scsi: hisi_sas: Mark PHY as in reset for nexus reset (). - scsi: hisi_sas: modify hisi_sas_dev_gone() for reset (). - scsi: hisi_sas: modify some register config for hip08 (). - scsi: hisi_sas: optimise port id refresh function (). - scsi: hisi_sas: optimise the usage of DQ locking (). - scsi: hisi_sas: print device id for errors (). - scsi: hisi_sas: re-add the lldd_port_deformed() (). - scsi: hisi_sas: relocate clearing ITCT and freeing device (). - scsi: hisi_sas: relocate smp sg map (). - scsi: hisi_sas: Remove depends on HAS_DMA in case of platform dependency (). - scsi: hisi_sas: remove redundant handling to event95 for v3 (). - scsi: hisi_sas: remove some unneeded structure members (). - scsi: hisi_sas: remove unused variable hisi_sas_devices.running_req (). - scsi: hisi_sas: Reset disks when discovered (). - scsi: hisi_sas: some optimizations of host controller reset (). - scsi: hisi_sas: stop controller timer for reset (). - scsi: hisi_sas: support the property of signal attenuation for v2 hw (). - scsi: hisi_sas: Terminate STP reject quickly for v2 hw (). - scsi: hisi_sas: Try wait commands before before controller reset (). - scsi: hisi_sas: update PHY linkrate after a controller reset (). - scsi: hisi_sas: update RAS feature for later revision of v3 HW (). - scsi: hisi_sas: use an general way to delay PHY work (). - scsi: hisi_sas: Use device lock to protect slot alloc/free (). - scsi: hisi_sas: use dma_zalloc_coherent() (). - scsi: hisi_sas: workaround a v3 hw hilink bug (). - scsi: libsas: defer ata device eh commands to libata (). - scsi: lpfc: Add Buffer overflow check, when nvme_info larger than PAGE_SIZE (bsc#1102658). - scsi: lpfc: Correct LCB ACCept payload (bsc#1102658). - scsi: lpfc: devloss timeout race condition caused null pointer reference (bsc#1102658). - scsi: lpfc: Fix abort error path for NVMET (bsc#1102658). - scsi: lpfc: Fix driver crash when re-registering NVME rports (bsc#1102658). - scsi: lpfc: Fix driver not setting dpp bits correctly in doorbell word (bsc#1102658). - scsi: lpfc: Fix ELS abort on SLI-3 adapters (bsc#1102658). - scsi: lpfc: Fix list corruption on the completion queue (bsc#1102658). - scsi: lpfc: Fix NVME Target crash in defer rcv logic (bsc#1102658). - scsi: lpfc: Fix panic if driver unloaded when port is offline (bsc#1102658). - scsi: lpfc: Fix sysfs Speed value on CNA ports (bsc#1102658). - scsi: lpfc: Limit tracking of tgt queue depth in fast path (bsc#1102658). - scsi: lpfc: Make PBDE optimizations configurable (bsc#1102658). - scsi: lpfc: Remove lpfc_enable_pbde as module parameter (bsc#1102658). - scsi: lpfc: Revise copyright for new company language (bsc#1102658). - scsi: lpfc: Support duration field in Link Cable Beacon V1 command (bsc#1102658). - scsi: lpfc: update driver version to 12.0.0.5 (bsc#1102658). - scsi: lpfc: update driver version to 12.0.0.6 (bsc#1102658). - scsi: qla2xxx: Avoid double completion of abort command (git-fixes). - scsi: qla2xxx: Fix driver unload by shutting down chip (git-fixes). - scsi: qla2xxx: Fix NPIV deletion by calling wait_for_sess_deletion (git-fixes). - scsi: qla2xxx: Fix NULL pointer dereference for fcport search (git-fixes). - scsi: qla2xxx: Fix unintialized List head crash (git-fixes). - scsi: qla2xxx: Return error when TMF returns (git-fixes). - scsi: smartpqi: add in new supported controllers (bsc#1086274). - scsi: smartpqi: add inspur advantech ids (bsc#1086274). - scsi: smartpqi: bump driver version to 1.1.4-130 (bsc#1086274). - scsi: smartpqi: fix critical ARM issue reading PQI index registers (bsc#1086274). - scsi: smartpqi: improve error checking for sync requests (bsc#1086274). - scsi: smartpqi: improve handling for sync requests (bsc#1086274). - scsi: smartpqi: update driver version (bsc#1086274). - scsi: smartpqi: workaround fw bug for oq deletion (bsc#1086274). - sctp: fix the issue that pathmtu may be set lower than MINSEGMENT (git-fixes). - sctp: introduce sctp_dst_mtu (git-fixes). - soc: bcm2835: Make !RASPBERRYPI_FIRMWARE dummies return failure (bsc#1051510). - soc: bcm: raspberrypi-power: Fix use of __packed (bsc#1051510). - soc: imx: gpc: de-register power domains only if initialized (bsc#1051510). - soc: imx: gpc: restrict register range for regmap access (bsc#1051510). - soc: imx: gpcv2: correct PGC offset (bsc#1051510). - soc: imx: gpcv2: Do not pass static memory as platform data (bsc#1051510). - soc: imx: gpcv2: fix regulator deferred probe (bsc#1051510). - soc: mediatek: pwrap: fix compiler errors (bsc#1051510). - soc: qcom: wcnss_ctrl: Fix increment in NV upload (bsc#1051510). - soc: rockchip: power-domain: Fix wrong value when power up pd with writemask (bsc#1051510). - soc/tegra: Fix bad of_node_put() in powergate init (bsc#1051510). - soc/tegra: flowctrl: Fix error handling (bsc#1051510). - soc: ti: ti_sci_pm_domains: Populate name for genpd (bsc#1051510). - soc: zte: Restrict SOC_ZTE to ARCH_ZX or COMPILE_TEST (bsc#1051510). - spi: bcm2835aux: ensure interrupts are enabled for shared handler (bsc#1051510). - spi/bcm63xx-hspi: Enable the clock before calling clk_get_rate() (bsc#1051510). - spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL (bsc#1051510). - spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master (bsc#1051510). - spi: cadence: Add usleep_range() for cdns_spi_fill_tx_fifo() (bsc#1051510). - spi: pxa2xx: Allow 64-bit DMA (bsc#1051510). - spi: pxa2xx: check clk_prepare_enable() return value (bsc#1051510). - sr: pass down correctly sized SCSI sense buffer (git-fixes). - staging: ks7010: Use constants from ieee80211_eid instead of literal ints (bsc#1051510). - staging: speakup: fix wraparound in uaccess length check (bsc#1051510). - supported.conf: add drivers/md/dm-writecache - sysrq : fix Show Regs call trace on ARM (bsc#1051510). - thermal: exynos: fix setting rising_threshold for Exynos5433 (bsc#1051510). - tty: Fix data race in tty_insert_flip_string_fixed_flag (bsc#1051510). - typec: tcpm: Fix a msecs vs jiffies bug (bsc#1100132). - udf: Detect incorrect directory size (bsc#1101891). - udf: Provide saner default for invalid uid / gid (bsc#1101890). - Update config files to add CONFIG_DM_WRITECACHE=m - Update patches.arch/KVM-PPC-Check-if-IOMMU-page-is-contained-in-the-pinn.patch (bsc#1077761, git-fixes, bsc#1103948, bsc#1103949). - usb: hub: Do not wait for connect state at resume for powered-off ports (bsc#1051510). - usbip: usbip_detach: Fix memory, udev context and udev leak (bsc#1051510). - vfs: add the sb_start_intwrite_trylock() helper (bsc#1101841). - virtio_balloon: fix another race between migration and ballooning (bsc#1051510). - wlcore: sdio: check for valid platform device data before suspend (bsc#1051510). - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/KVM/VMX: Add module argument for L1TF mitigation. - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 (binutils_2.31). - xfs: catch inode allocation state mismatch corruption (bsc#1104211). - xfs: prevent creating negative-sized file via INSERT_RANGE (bsc#1101833). ----------------------------------------- Patch: SUSE-2018-1615 Released: Thu Aug 16 14:38:51 2018 Summary: Recommended update for postfix Severity: moderate References: 1087471,1094965 Description: This update for postfix fixes the following issues: - Postfix version update to 3.3.1 (bsc#1094965) * Postfix did not support running as a PID=1 process, which complicated Postfix deployment in containers. The 'postfix start-fg' command will now run the Postfix master daemon as a PID=1 process if possible. Thanks for inputs from Andreas Schulze, Eray Aslan, and Viktor Dukhovni. * Segfault in the postconf(1) command after it could not open a Postfix database configuration file due to a file permission error (dereferencing a null pointer). Reported by Andreas Hasenack, fixed by Viktor Dukhovni. * The luser_relay feature became a black hole, when the luser_relay parameter was set to a non-existent local address (i.e. mail disappeared silently). Reported by J?rgen Thomsen. * Missing error propagation in the tlsproxy(8) daemon could result in a segfault after TLS handshake error (dereferencing a 0xffff...ffff pointer). This daemon handles the TLS protocol when a non-whitelisted client sends a STARTTLS command to postscreen(8). ----------------------------------------- Patch: SUSE-2018-1616 Released: Thu Aug 16 14:47:38 2018 Summary: Recommended update for libyui-ncurses-pkg Severity: moderate References: 991090 Description: This update for libyui-ncurses-pkg fixes the following issues: - Fix 'out of disk space' error at start when such a large disk is present in the system. (bsc#991090) - Fix displaying negative disk sizes in the disk usage dialog. (bsc#991090) - Added new 'Services' filter, displayed only when at least one repository service is present (FATE#321043) ----------------------------------------- Patch: SUSE-2018-1685 Released: Fri Aug 17 18:20:58 2018 Summary: Security update for curl Severity: moderate References: 1099793,CVE-2018-0500 Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2018-0500: Fix a SMTP send heap buffer overflow (bsc#1099793). ----------------------------------------- Patch: SUSE-2018-1705 Released: Mon Aug 20 16:31:22 2018 Summary: Recommended update for quota Severity: important References: 1104898 Description: This update for quota fixes the following issues: - Fix issue with high cpu load if RQUOTAD_PORT is set in /etc/sysconfig/nfs. (bsc#1104898) ----------------------------------------- Patch: SUSE-2018-1751 Released: Fri Aug 24 11:03:00 2018 Summary: Recommended update for polkit-default-privs Severity: moderate References: 1100328 Description: This update for polkit-default-privs fixes the following issues: - Contains whitelisting for new libvirt polkit action (bsc#1100328) ----------------------------------------- Patch: SUSE-2018-1754 Released: Fri Aug 24 16:40:21 2018 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1104780 Description: This update for ca-certificates-mozilla fixes the following issues: Updated to the 2.26 state of the Mozilla NSS Certificate store. (bsc#1104780) - removed server auth rights from following CAs: - Certplus Root CA G1 - Certplus Root CA G2 - OpenTrust Root CA G1 - OpenTrust Root CA G2 - OpenTrust Root CA G3 - removed CA - ComSign CA - new CA added: - GlobalSign ----------------------------------------- Patch: SUSE-2018-1760 Released: Fri Aug 24 17:14:53 2018 Summary: Recommended update for libtirpc Severity: moderate References: 1072183 Description: This update for libtirpc fixes the following issues: - rpcinfo: send RPC getport call as specified via parameter (bsc#1072183) ----------------------------------------- Patch: SUSE-2018-1761 Released: Fri Aug 24 17:15:21 2018 Summary: Recommended update for dracut Severity: moderate References: 1048551,1065058,1091099,1094603 Description: This update for dracut fixes the following issues: - Fix an issue with static network setups (bsc#1091099) - Fix cat: write error: Broken pipe error (bsc#1094603) - Pickup multipath files in /etc/multipath/conf.d (bsc#1048551) - Load all keymaps for a given locale (bsc#1065058) ----------------------------------------- Patch: SUSE-2018-1775 Released: Tue Aug 28 12:40:50 2018 Summary: Recommended update for xfsprogs Severity: important References: 1089777,1105396 Description: This update for xfsprogs fixes the following issues: - avoid divide-by-zero when hardware reports optimal i/o size as 0 (bsc#1089777) - repair: shift inode back into place if corrupted by bad log replay (bsc#1105396). ----------------------------------------- Patch: SUSE-2018-1776 Released: Tue Aug 28 13:01:40 2018 Summary: Security update for the Linux Kernel Severity: important References: 1046305,1046306,1046307,1051510,1065600,1081917,1083647,1086288,1086315,1086317,1086327,1086331,1086906,1087092,1090888,1097104,1097577,1097583,1097584,1097585,1097586,1097587,1097588,1097808,1100132,1101480,1101669,1101822,1102517,1102715,1103269,1103277,1103363,1103445,1103886,1104353,1104365,1104427,1104482,1104494,1104495,1104683,1104708,1104777,1104890,1104897,1105292,1105296,1105322,1105355,1105378,1105396,1105467,1105731,802154,971975,CVE-2018-10853,CVE-2018-10902,CVE-2018-15572,CVE-2018-9363 Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-15572: The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517 bnc#1105296). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation (bnc#1105322). - CVE-2018-9363: A buffer overflow in bluetooth HID report processing could be used by malicious bluetooth devices to crash the kernel or potentially execute code (bnc#1105292). - CVE-2018-10853: A KVM guest userspace to guest kernel write was fixed, which could be used by guest users to crash the guest kernel (bnc#1097104). The following non-security bugs were fixed: - acpi / apei: Remove ghes_ioremap_area (bsc#1051510). - acpi / pci: Bail early in acpi_pci_add_bus() if there is no ACPI handle (bsc#1051510). - acpi / pm: save NVS memory for ASUS 1025C laptop (bsc#1051510). - affs_lookup(): close a race with affs_remove_link() (bsc#1105355). - alsa: cs5535audio: Fix invalid endian conversion (bsc#1051510). - alsa: hda: Correct Asrock B85M-ITX power_save blacklist entry (bsc#1051510). - alsa: hda - Sleep for 10ms after entering D3 on Conexant codecs (bsc#1051510). - alsa: hda - Turn CX8200 into D3 as well upon reboot (bsc#1051510). - alsa: memalloc: Do not exceed over the requested size (bsc#1051510). - alsa: snd-aoa: add of_node_put() in error path (bsc#1051510). - alsa: virmidi: Fix too long output trigger loop (bsc#1051510). - alsa: vx222: Fix invalid endian conversions (bsc#1051510). - alsa: vxpocket: Fix invalid endian conversions (bsc#1051510). - arm64: enable thunderx gpio driver - arm/asm/tlb.h: Fix build error implicit func declaration (bnc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - asoc: dpcm: do not merge format from invalid codec dai (bsc#1051510). - asoc: es7134: remove 64kHz rate from the supported rates (bsc#1051510). - asoc: Intel: cht_bsw_max98090: remove useless code, align with ChromeOS driver (bsc#1051510). - asoc: Intel: cht_bsw_max98090_ti: Fix jack initialization (bsc#1051510). - asoc: msm8916-wcd-digital: fix RX2 MIX1 and RX3 MIX1 (bsc#1051510). - asoc: rsnd: cmd: Add missing newline to debug message (bsc#1051510). - asoc: sirf: Fix potential NULL pointer dereference (bsc#1051510). - asoc: zte: Fix incorrect PCM format bit usages (bsc#1051510). - ata: Fix ZBC_OUT all bit handling (bsc#1051510). - ata: Fix ZBC_OUT command block check (bsc#1051510). - ath10k: prevent active scans on potential unusable channels (bsc#1051510). - atm: horizon: Fix irq release error (bsc#1105355). - atm: Preserve value of skb->truesize when accounting to vcc (networking-stable-18_07_19). - atm: zatm: fix memcmp casting (bsc#1105355). - atm: zatm: Fix potential Spectre v1 (networking-stable-18_07_19). - audit: allow not equal op for audit by executable (bsc#1051510). - audit: Fix extended comparison of GID/EGID (bsc#1051510). - be2net: gather debug info and reset adapter (only for Lancer) on a tx-timeout (bsc#1086288). - be2net: Update the driver version to 12.0.0.0 (bsc#1086288 ). - binfmt_elf: Respect error return from `regset->active' (bsc#1051510). - bluetooth: avoid killing an already killed socket (bsc#1051510). - bluetooth: hidp: buffer overflow in hidp_process_report (bsc#1051510). - bpf, ppc64: fix unexpected r0=0 exit path inside bpf_xadd (bsc#1083647). - brcmsmac: fix wrap around in conversion from constant to s16 (bsc#1051510). - clk: core: Potentially free connection id (bsc#1051510). - clk: imx6ul: fix missing of_node_put() (bsc#1051510). - clk: meson: gxbb: remove HHI_GEN_CLK_CTNL duplicate definition (bsc#1051510). - clk: mvebu: armada-38x: add support for 1866MHz variants (bsc#1105355). - clk: mvebu: armada-38x: add support for missing clocks (bsc#1105355). - clk: rockchip: fix clk_i2sout parent selection bits on rk3399 (bsc#1051510). - coresight: tpiu: Fix disabling timeouts (bsc#1051510). - cpufreq: CPPC: Do not set transition_latency (bsc#1101480). - cpufreq / CPPC: Set platform specific transition_delay_us (bsc#1101480). - cpufreq: CPPC: Use transition_delay_us depending transition_latency (bsc#1101480). - cpufreq: remove setting of policy->cpu in policy->cpus during init (bsc#1101480). - crypto: ablkcipher - fix crash flushing dcache in error path (bsc#1051510). - crypto: blkcipher - fix crash flushing dcache in error path (bsc#1051510). - crypto: ccp - Check for NULL PSP pointer at module unload (bsc#1051510). - crypto: ccp - Fix command completion detection race (bsc#1051510). - crypto: skcipher - fix aligning block size in skcipher_copy_iv() (bsc#1051510). - crypto: skcipher - fix crash flushing dcache in error path (bsc#1051510). - crypto: vmac - require a block cipher with 128-bit block size (bsc#1051510). - crypto: vmac - separate tfm and request context (bsc#1051510). - crypto: x86/sha256-mb - fix digest copy in sha256_mb_mgr_get_comp_job_avx2() (bsc#1051510). - cxgb4: Fix the condition to check if the card is T5 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - devicectree: bindings: fix location of leds common file (bsc#1051510). - dma-buf: remove redundant initialization of sg_table (bsc#1051510). - dmaengine: hsu: Support dmaengine_terminate_sync() (bsc#1051510). - dmaengine: idma64: Support dmaengine_terminate_sync() (bsc#1051510). - dmaengine: mv_xor_v2: kill the tasklets upon exit (bsc#1051510). - docs: zh_CN: fix location of oops-tracing.txt (bsc#1051510). - documentation: ip-sysctl.txt: document addr_gen_mode (bsc#1051510). - driver core: add __printf verification to __ata_ehi_pushv_desc (bsc#1051510). - drivers: hv: vmbus: do not mark HV_PCIE as perf_device (bsc#1051510). - drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer() (bsc#1051510). - drm/cirrus: Use drm_framebuffer_put to avoid kernel oops in clean-up (bsc#1101822). - drm/fb-helper: Fix typo on kerneldoc (bsc#1051510). - drm/i915/aml: Introducing Amber Lake platform (). - drm/i915/cfl: Add a new CFL PCI ID (). - drm/i915/gvt: Off by one in intel_vgpu_write_fence() (bsc#1051510). - drm/i915: Nuke the LVDS lid notifier (bsc#1051510). - drm/i915: Only show debug for state changes when banning (bsc#1051510). - drm/i915: Restore user forcewake domains across suspend (bsc#1100132). - drm/i915: Unmask user interrupts writes into HWSP on snb/ivb/vlv/hsw (bsc#1051510). - drm/i915/whl: Introducing Whiskey Lake platform (). - drm/panel: type promotion bug in s6e8aa0_read_mtp_id() (bsc#1051510). - drm/rockchip: lvds: add missing of_node_put (bsc#1051510). - edac: Add missing MEM_LRDDR4 entry in edac_mem_types[] (bsc#1103886). - edac, altera: Fix ARM64 build warning (bsc#1051510). - edac: Drop duplicated array of strings for memory type names (bsc#1103886). - edac: Fix memleak in module init error path (bsc#1051510). - edac, i7core: Fix memleaks and use-after-free on probe and remove (bsc#1051510). - edac, mv64x60: Fix an error handling path (bsc#1051510). - edac, octeon: Fix an uninitialized variable warning (bsc#1051510). - edac, sb_edac: Fix missing break in switch (bsc#1051510). - ext4: check for allocation block validity with block group locked (bsc#1104495). - ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445). - ext4: fix inline data updates with checksums enabled (bsc#1104494). - extcon: Release locking when sending the notification of connector state (bsc#1051510). - Fix kABI breakage with libertas dev field addition (bsc#1051510). - Fix kABI breakage with removing field addition to power_supply (bsc#1051510). - geneve: update skb dst pmtu on tx path (bsc#1051510). - genirq: Add handle_fasteoi_{level,edge}_irq flow handlers (bsc#1105378). - genirq: Export more irq_chip_*_parent() functions (bsc#1105378). - genirq: Fix editing error in a comment (bsc#1051510). - genirq: Make force irq threading setup more robust (bsc#1051510). - gen_stats: Fix netlink stats dumping in the presence of padding (netfilter-stable-18_07_23). - gpio: Add gpio driver support for ThunderX and OCTEON-TX (bsc#1105378). - gpio: Fix wrong rounding in gpio-menz127 (bsc#1051510). - gpio: thunderx: fix error return code in thunderx_gpio_probe() (bsc#1105378). - gpio: thunderx: remove unused .map() hook from irq_domain_ops (bsc#1105378). - gtp: Initialize 64-bit per-cpu stats correctly (bsc#1051510). - hns3: fix unused function warning (bsc#1104353). - hns3pf: do not check handle during mqprio offload (bsc#1104353 ). - hns3pf: fix hns3_del_tunnel_port() (bsc#1104353). - hns3pf: Fix some harmless copy and paste bugs (bsc#1104353 ). - hotplug/cpu: Add operation queuing function (). - hotplug/cpu: Conditionally acquire/release DRC index (). - hotplug/cpu: Provide CPU readd operation (). - hv_netvsc: Fix napi reschedule while receive completion is busy (). - hwmon: (asus_atk0110) Replace deprecated device register call (bsc#1103363). - i2c: imx: Fix reinit_completion() use (bsc#1051510). - ib/hns: Annotate iomem pointers correctly (bsc#1104427 ). - ib/hns: Avoid compile test under non 64bit environments (bsc#1104427). - ib/hns: Declare local functions 'static' (bsc#1104427 ). - ib/hns: fix boolreturn.cocci warnings (bsc#1104427). - ib/hns: Fix for checkpatch.pl comment style warnings (bsc#1104427). - ib/hns: fix memory leak on ah on error return path (bsc#1104427 ). - ib/hns: fix returnvar.cocci warnings (bsc#1104427). - ib/hns: fix semicolon.cocci warnings (bsc#1104427). - ib/hns: Fix the bug of polling cq failed for loopback Qps (bsc#1104427). - ib/hns: Fix the bug with modifying the MAC address without removing the driver (bsc#1104427). - ib/hns: Fix the bug with rdma operation (bsc#1104427 ). - ib/hns: Fix the bug with wild pointer when destroy rc qp (bsc#1104427). - ib/hns: include linux/interrupt.h (bsc#1104427). - ib/hns: Support compile test for hns RoCE driver (bsc#1104427 ). - ib/hns: Use zeroing memory allocator instead of allocator/memset (bsc#1104427). - ib/IPoIB: Set ah valid flag in multicast send flow (bsc#1046307 ). - ib/mlx5: fix uaccess beyond 'count' in debugfs read/write handlers (bsc#1046305). - ieee802154: ca8210: fix uninitialised data read (bsc#1051510). - ieee802154: fix gcc-4.9 warnings (bsc#1051510). - ieee802154: mrf24j40: fix incorrect mask in mrf24j40_stop (bsc#1051510). - iio: 104-quad-8: Fix off-by-one error in register selection (bsc#1051510). - iio: ad9523: Fix displayed phase (bsc#1051510). - iio: ad9523: Fix return value for ad952x_store() (bsc#1051510). - iio: adc: ina2xx: avoid kthread_stop() with stale task_struct (bsc#1051510). - iio: adc: sun4i-gpadc: select REGMAP_IRQ (bsc#1051510). - iio: sca3000: Fix an error handling path in 'sca3000_probe()' (bsc#1051510). - iio: sca3000: Fix missing return in switch (bsc#1051510). - ima: based on policy verify firmware signatures (pre-allocated buffer) (bsc#1051510). - include/rdma/opa_addr.h: Fix an endianness issue (bsc#1046306 ). - init: rename and re-order boot_cpu_state_init() (bsc#1104365). - ip: hash fragments consistently (netfilter-stable-18_07_27). - ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull (netfilter-stable-18_07_27). - ipv4: Return EINVAL when ping_group_range sysctl does not map to user ns (netfilter-stable-18_07_23). - ipv6: fix useless rol32 call on hash (netfilter-stable-18_07_23). - ipv6: ila: select CONFIG_DST_CACHE (netfilter-stable-18_07_23). - ipv6: make DAD fail with enhanced DAD when nonce length differs (netfilter-stable-18_07_23). - ipv6: sr: fix passing wrong flags to crypto_alloc_shash() (networking-stable-18_07_19). - ipvlan: fix IFLA_MTU ignored on NEWLINK (networking-stable-18_07_19). - irqdomain: Add irq_domain_{push,pop}_irq() functions (bsc#1105378). - irqdomain: Check for NULL function pointer in irq_domain_free_irqs_hierarchy() (bsc#1105378). - irqdomain: Factor out code to add and remove items to and from the revmap (bsc#1105378). - irqdomain: Prevent potential NULL pointer dereference in irq_domain_push_irq() (bsc#1105378). - irqdomain: Update the comments of fwnode field of irq_domain structure (bsc#1051510). - isdn: Disable IIOCDBGVAR (bsc#1051510). - iwlwifi: pcie: do not access periphery registers when not available (bsc#1051510). - kABI: protect eswitch.h include (kabi). - kABI: protect struct nf_conn (kabi). - kABI: reexport tcp_send_ack (kabi). - kabi/severities: add qeth inter-module symbols to ignore list. - kabi/severities: Allow kABI changes for kvm/x86 (except for kvm_x86_ops) - kabi/severities: ignore qla2xxx as all symbols are internal - kthread, tracing: Do not expose half-written comm when creating kthreads (bsc#1104897). - leds: max8997: use mode when calling max8997_led_set_mode (bsc#1051510). - libata: Fix command retry decision (bsc#1051510). - libata: Fix compile warning with ATA_DEBUG enabled (bsc#1051510). - libertas: fix suspend and resume for SDIO connected cards (bsc#1051510). - libnvdimm: fix ars_status output length calculation (bsc#1104890). - lib/rhashtable: consider param->min_size when setting initial table size (bsc#1051510). - lib/vsprintf: Remove atomic-unsafe support for %pCr (bsc#1051510). - mailbox: xgene-slimpro: Fix potential NULL pointer dereference (bsc#1051510). - MAINTAINERS: fix location of ina2xx.txt device tree file (bsc#1051510). - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() (bsc#1051510). - media: mem2mem: Remove excessive try_run call (bsc#1051510). - media: omap3isp: fix unbalanced dma_iommu_mapping (bsc#1051510). - media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data (bsc#1051510). - media: rc: oops in ir_timer_keyup after device unplug (bsc#1090888). - media: rtl28xxu: be sure that it won't go past the array size (bsc#1051510). - media: tw686x: Fix oops on buffer alloc failure (bsc#1051510). - media: v4l2-mem2mem: Fix missing v4l2_m2m_try_run call (bsc#1051510). - media: videobuf2-core: do not call memop 'finish' when queueing (bsc#1051510). - mfd: arizona: Do not use regmap_read_poll_timeout (bsc#1051510). - mfd: sm501: Set coherent_dma_mask when creating subdevices (bsc#1051510). - mmc: tegra: prevent HS200 on Tegra 3 (bsc#1051510). - mm, page_alloc: double zone's batchsize (bnc#971975 VM performance -- page allocator). - Move the previous hv netvsc fix to the sorted section (bsc#1104708) Patch tags update, too - net: bcmgenet: correct bad merge (bsc#1051510). - net: bcmgenet: enable loopback during UniMAC sw_reset (bsc#1051510). - net: bcmgenet: Fix sparse warnings in bcmgenet_put_tx_csum() (bsc#1051510). - net: bcmgenet: Fix unmapping of fragments in bcmgenet_xmit() (bsc#1051510). - net: bcmgenet: prevent duplicate calls of bcmgenet_dma_teardown (bsc#1051510). - net: dccp: avoid crash in ccid3_hc_rx_send_feedback() (networking-stable-18_07_19). - net: dccp: switch rx_tstamp_last_feedback to monotonic clock (networking-stable-18_07_19). - net: diag: Do not double-free TCP_NEW_SYN_RECV sockets in tcp_abort (netfilter-stable-18_07_23). - netfilter: do not set F_IFACE on ipv6 fib lookups (netfilter-stable-18_06_25). - netfilter: ip6t_rpfilter: provide input interface for route lookup (netfilter-stable-18_06_25). - netfilter: nat: Revert 'netfilter: nat: convert nat bysrc hash to rhashtable' (netfilter-stable-17_11_16). - netfilter: nf_tables: add missing netlink attrs to policies (netfilter-stable-18_06_27). - netfilter: nf_tables: do not assume chain stats are set when jumplabel is set (netfilter-stable-18_06_27). - netfilter: nf_tables: fix memory leak on error exit return (netfilter-stable-18_06_27). - netfilter: nf_tables: nft_compat: fix refcount leak on xt module (netfilter-stable-18_06_27). - netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain() (netfilter-stable-18_06_25). - netfilter: nft_compat: fix handling of large matchinfo size (netfilter-stable-18_06_27). - netfilter: nft_compat: prepare for indirect info storage (netfilter-stable-18_06_27). - netfilter: nft_meta: fix wrong value dereference in nft_meta_set_eval (netfilter-stable-18_06_27). - net: fix use-after-free in GRO with ESP (networking-stable-18_07_19). - net: hns3: Add a check for client instance init state (bsc#1104353). - net: hns3: add a mask initialization for mac_vlan table (bsc#1104353). - net: hns3: Add *Asserting Reset* mailbox message & handling in VF (bsc#1104353). - net: hns3: add Asym Pause support to phy default features (bsc#1104353). - net: hns3: Add dcb netlink interface for the support of DCB feature (bsc#1104353). - net: hns3: Add DCB support when interacting with network stack (bsc#1104353). - net: hns3: Add ethtool interface for vlan filter (bsc#1104353 ). - net: hns3: add ethtool_ops.get_channels support for VF (bsc#1104353). - net: hns3: add ethtool_ops.get_coalesce support to PF (bsc#1104353). - net: hns3: add ethtool_ops.set_coalesce support to PF (bsc#1104353). - net: hns3: add ethtool -p support for fiber port (bsc#1104353 ). - net: hns3: add ethtool related offload command (bsc#1104353 ). - net: hns3: Add Ethtool support to HNS3 driver (bsc#1104353 ). - net: hns3: add existence checking before adding unicast mac address (bsc#1104353). - net: hns3: add existence check when remove old uc mac address (bsc#1104353). - net: hns3: add feature check when feature changed (bsc#1104353 ). - net: hns3: add get_link support to VF (bsc#1104353). - net: hns3: add get/set_coalesce support to VF (bsc#1104353 ). - net: hns3: add handling vlan tag offload in bd (bsc#1104353 ). - net: hns3: Add hclge_dcb module for the support of DCB feature (bsc#1104353). - net: hns3: Add HNS3 Acceleration Engine & Compatibility Layer Support (bsc#1104353). - net: hns3: Add HNS3 driver to kernel build framework & MAINTAINERS (bsc#1104353). - net: hns3: Add hns3_get_handle macro in hns3 driver (bsc#1104353 ). - net: hns3: Add HNS3 IMP(Integrated Mgmt Proc) Cmd Interface Support (bsc#1104353). - net: hns3: Add HNS3 VF driver to kernel build framework (bsc#1104353). - net: hns3: Add HNS3 VF HCL(Hardware Compatibility Layer) Support (bsc#1104353). - net: hns3: Add HNS3 VF IMP(Integrated Management Proc) cmd interface (bsc#1104353). - net: hns3: add int_gl_idx setup for TX and RX queues (bsc#1104353). - net: hns3: add int_gl_idx setup for VF (bsc#1104353 ). - net: hns3: Add mac loopback selftest support in hns3 driver (bsc#1104353). - net: hns3: Add mailbox interrupt handling to PF driver (bsc#1104353). - net: hns3: Add mailbox support to PF driver (bsc#1104353 ). - net: hns3: Add mailbox support to VF driver (bsc#1104353 ). - net: hns3: add manager table initialization for hardware (bsc#1104353). - net: hns3: Add MDIO support to HNS3 Ethernet driver for hip08 SoC (bsc#1104353). - net: hns3: Add missing break in misc_irq_handle (bsc#1104353 ). - net: hns3: Add more packet size statisctics (bsc#1104353 ). - net: hns3: add MTU initialization for hardware (bsc#1104353 ). - net: hns3: add net status led support for fiber port (bsc#1104353). - net: hns3: add nic_client check when initialize roce base information (bsc#1104353). - net: hns3: add querying speed and duplex support to VF (bsc#1104353). - net: hns3: Add repeat address checking for setting mac address (bsc#1104353). - net: hns3: Add reset interface implementation in client (bsc#1104353). - net: hns3: Add reset process in hclge_main (bsc#1104353 ). - net: hns3: Add reset service task for handling reset requests (bsc#1104353). - net: hns3: add result checking for VF when modify unicast mac address (bsc#1104353). - net: hns3: Add some interface for the support of DCB feature (bsc#1104353). - net: hns3: Adds support for led locate command for copper port (bsc#1104353). - net: hns3: Add STRP_TAGP field support for hardware revision 0x21 (bsc#1104353). - net: hns3: Add support for dynamically buffer reallocation (bsc#1104353). - net: hns3: add support for ETHTOOL_GRXFH (bsc#1104353 ). - net: hns3: add support for get_regs (bsc#1104353). - net: hns3: Add support for IFF_ALLMULTI flag (bsc#1104353 ). - net: hns3: Add support for misc interrupt (bsc#1104353 ). - net: hns3: add support for nway_reset (bsc#1104353). - net: hns3: Add support for PFC setting in TM module (bsc#1104353 ). - net: hns3: Add support for port shaper setting in TM module (bsc#1104353). - net: hns3: add support for querying advertised pause frame by ethtool ethx (bsc#1104353). - net: hns3: add support for querying pfc puase packets statistic (bsc#1104353). - net: hns3: add support for set_link_ksettings (bsc#1104353 ). - net: hns3: add support for set_pauseparam (bsc#1104353 ). - net: hns3: add support for set_ringparam (bsc#1104353 ). - net: hns3: add support for set_rxnfc (bsc#1104353). - net: hns3: Add support for tx_accept_tag2 and tx_accept_untag2 config (bsc#1104353). - net: hns3: add support for VF driver inner interface hclgevf_ops.get_tqps_and_rss_info (bsc#1104353). - net: hns3: Add support of hardware rx-vlan-offload to HNS3 VF driver (bsc#1104353). - net: hns3: Add support of HNS3 Ethernet Driver for hip08 SoC (bsc#1104353). - net: hns3: Add support of .sriov_configure in HNS3 driver (bsc#1104353). - net: hns3: Add support of the HNAE3 framework (bsc#1104353 ). - net: hns3: Add support of TX Scheduler & Shaper to HNS3 driver (bsc#1104353). - net: hns3: Add support to change MTU in HNS3 hardware (bsc#1104353). - net: hns3: Add support to enable TX/RX promisc mode for H/W rev(0x21) (bsc#1104353). - net: hns3: add support to modify tqps number (bsc#1104353 ). - net: hns3: add support to query tqps number (bsc#1104353 ). - net: hns3: Add support to re-initialize the hclge device (bsc#1104353). - net: hns3: Add support to request VF Reset to PF (bsc#1104353 ). - net: hns3: Add support to reset the enet/ring mgmt layer (bsc#1104353). - net: hns3: add support to update flow control settings after autoneg (bsc#1104353). - net: hns3: Add tc-based TM support for sriov enabled port (bsc#1104353). - net: hns3: Add timeout process in hns3_enet (bsc#1104353 ). - net: hns3: add unlikely for error check (bsc#1104353 ). - net: hns3: Add VF Reset device state and its handling (bsc#1104353). - net: hns3: Add VF Reset Service Task to support event handling (bsc#1104353). - net: hns3: add vlan offload config command (bsc#1104353 ). - net: hns3: change GL update rate (bsc#1104353). - net: hns3: Change PF to add ring-vect binding & resetQ to mailbox (bsc#1104353). - net: hns3: Change return type of hnae3_register_ae_algo (bsc#1104353). - net: hns3: Change return type of hnae3_register_ae_dev (bsc#1104353). - net: hns3: Change return value in hnae3_register_client (bsc#1104353). - net: hns3: Changes required in PF mailbox to support VF reset (bsc#1104353). - net: hns3: Changes to make enet watchdog timeout func common for PF/VF (bsc#1104353). - net: hns3: Changes to support ARQ(Asynchronous Receive Queue) (bsc#1104353). - net: hns3: change the returned tqp number by ethtool -x (bsc#1104353). - net: hns3: change the time interval of int_gl calculating (bsc#1104353). - net: hns3: change the unit of GL value macro (bsc#1104353 ). - net: hns3: change TM sched mode to TC-based mode when SRIOV enabled (bsc#1104353). - net: hns3: check for NULL function pointer in hns3_nic_set_features (bsc#1104353). - net: hns3: Cleanup for endian issue in hns3 driver (bsc#1104353 ). - net: hns3: Cleanup for non-static function in hns3 driver (bsc#1104353). - net: hns3: Cleanup for ROCE capability flag in ae_dev (bsc#1104353). - net: hns3: Cleanup for shifting true in hns3 driver (bsc#1104353 ). - net: hns3: Cleanup for struct that used to send cmd to firmware (bsc#1104353). - net: hns3: Cleanup indentation for Kconfig in the the hisilicon folder (bsc#1104353). - net: hns3: cleanup mac auto-negotiation state query (bsc#1104353 ). - net: hns3: cleanup mac auto-negotiation state query in hclge_update_speed_duplex (bsc#1104353). - net: hns3: cleanup of return values in hclge_init_client_instance() (bsc#1104353). - net: hns3: Clear TX/RX rings when stopping port & un-initializing client (bsc#1104353). - net: hns3: Consistently using GENMASK in hns3 driver (bsc#1104353). - net: hns3: converting spaces into tabs to avoid checkpatch.pl warning (bsc#1104353). - net: hns3: Disable VFs change rxvlan offload status (bsc#1104353 ). - net: hns3: Disable vf vlan filter when vf vlan table is full (bsc#1104353). - net: hns3: ensure media_type is unitialized (bsc#1104353 ). - net: hns3: export pci table of hclge and hclgevf to userspace (bsc#1104353). - net: hns3: fix a bug about hns3_clean_tx_ring (bsc#1104353 ). - net: hns3: fix a bug for phy supported feature initialization (bsc#1104353). - net: hns3: fix a bug in hclge_uninit_client_instance (bsc#1104353). - net: hns3: fix a bug in hns3_driv_to_eth_caps (bsc#1104353 ). - net: hns3: fix a bug when alloc new buffer (bsc#1104353 ). - net: hns3: fix a bug when getting phy address from NCL_config file (bsc#1104353). - net: hns3: fix a dead loop in hclge_cmd_csq_clean (bsc#1104353 ). - net: hns3: fix a handful of spelling mistakes (bsc#1104353 ). - net: hns3: Fix a loop index error of tqp statistics query (bsc#1104353). - net: hns3: Fix a misuse to devm_free_irq (bsc#1104353 ). - net: hns3: Fix an error handling path in 'hclge_rss_init_hw()' (bsc#1104353). - net: hns3: Fix an error macro definition of HNS3_TQP_STAT (bsc#1104353). - net: hns3: Fix an error of total drop packet statistics (bsc#1104353). - net: hns3: Fix a response data read error of tqp statistics query (bsc#1104353). - net: hns3: Fix comments for hclge_get_ring_chain_from_mbx (bsc#1104353). - net: hns3: Fix desc num set to default when setting channel (bsc#1104353). - net: hns3: fix endian issue when PF get mbx message flag (bsc#1104353). - net: hns3: fix error type definition of return value (bsc#1104353). - net: hns3: Fixes API to fetch ethernet header length with kernel default (bsc#1104353). - net: hns3: Fixes error reported by Kbuild and internal review (bsc#1104353). - net: hns3: Fixes initalization of RoCE handle and makes it conditional (bsc#1104353). - net: hns3: Fixes initialization of phy address from firmware (bsc#1104353). - net: hns3: Fixes kernel panic issue during rmmod hns3 driver (bsc#1104353). - net: hns3: Fixes ring-to-vector map-and-unmap command (bsc#1104353). - net: hns3: Fixes the back pressure setting when sriov is enabled (bsc#1104353). - net: hns3: Fixes the command used to unmap ring from vector (bsc#1104353). - net: hns3: Fixes the default VLAN-id of PF (bsc#1104353 ). - net: hns3: Fixes the error legs in hclge_init_ae_dev function (bsc#1104353). - net: hns3: Fixes the ether address copy with appropriate API (bsc#1104353). - net: hns3: Fixes the initialization of MAC address in hardware (bsc#1104353). - net: hns3: Fixes the init of the VALID BD info in the descriptor (bsc#1104353). - net: hns3: Fixes the missing PCI iounmap for various legs (bsc#1104353). - net: hns3: Fixes the missing u64_stats_fetch_begin_irq in 64-bit stats fetch (bsc#1104353). - net: hns3: Fixes the out of bounds access in hclge_map_tqp (bsc#1104353). - net: hns3: Fixes the premature exit of loop when matching clients (bsc#1104353). - net: hns3: fixes the ring index in hns3_fini_ring (bsc#1104353 ). - net: hns3: Fixes the state to indicate client-type initialization (bsc#1104353). - net: hns3: Fixes the static checker error warning in hns3_get_link_ksettings() (bsc#1104353). - net: hns3: Fixes the static check warning due to missing unsupp L3 proto check (bsc#1104353). - net: hns3: Fixes the wrong IS_ERR check on the returned phydev value (bsc#1104353). - net: hns3: fix for buffer overflow smatch warning (bsc#1104353 ). - net: hns3: fix for changing MTU (bsc#1104353). - net: hns3: fix for cleaning ring problem (bsc#1104353 ). - net: hns3: Fix for CMDQ and Misc. interrupt init order problem (bsc#1104353). - net: hns3: fix for coal configuation lost when setting the channel (bsc#1104353). - net: hns3: fix for coalesce configuration lost during reset (bsc#1104353). - net: hns3: Fix for command format parsing error in hclge_is_all_function_id_zero (bsc#1104353). - net: hns3: Fix for deadlock problem occurring when unregistering ae_algo (bsc#1104353). - net: hns3: Fix for DEFAULT_DV when dev does not support DCB (bsc#1104353). - net: hns3: Fix for fiber link up problem (bsc#1104353 ). - net: hns3: fix for getting advertised_caps in hns3_get_link_ksettings (bsc#1104353). - net: hns3: fix for getting autoneg in hns3_get_link_ksettings (bsc#1104353). - net: hns3: fix for getting auto-negotiation state in hclge_get_autoneg (bsc#1104353). - net: hns3: fix for getting wrong link mode problem (bsc#1104353 ). - net: hns3: Fix for hclge_reset running repeatly problem (bsc#1104353). - net: hns3: Fix for hns3 module is loaded multiple times problem (bsc#1104353). - net: hns3: Fix for information of phydev lost problem when down/up (bsc#1104353). - net: hns3: fix for ipv6 address loss problem after setting channels (bsc#1104353). - net: hns3: Fix for l4 checksum offload bug (bsc#1104353 ). - net: hns3: fix for loopback failure when vlan filter is enable (bsc#1104353). - net: hns3: Fix for mac pause not disable in pfc mode (bsc#1104353). - net: hns3: Fix for mailbox message truncated problem (bsc#1104353). - net: hns3: fix for netdev not running problem after calling net_stop and net_open (bsc#1104353). - net: hns3: Fix for netdev not running problem after calling net_stop and net_open (bsc#1104353). - net: hns3: fix for not initializing VF rss_hash_key problem (bsc#1104353). - net: hns3: fix for not returning problem in get_link_ksettings when phy exists (bsc#1104353). - net: hns3: fix for not setting pause parameters (bsc#1104353 ). - net: hns3: Fix for not setting rx private buffer size to zero (bsc#1104353). - net: hns3: Fix for packet loss due wrong filter config in VLAN tbls (bsc#1104353). - net: hns3: fix for pause configuration lost during reset (bsc#1104353). - net: hns3: Fix for PF mailbox receving unknown message (bsc#1104353). - net: hns3: fix for phy_addr error in hclge_mac_mdio_config (bsc#1104353). - net: hns3: Fix for phy link issue when using marvell phy driver (bsc#1104353). - net: hns3: Fix for phy not link up problem after resetting (bsc#1104353). - net: hns3: Fix for pri to tc mapping in TM (bsc#1104353 ). - net: hns3: Fix for reset_level default assignment probelm (bsc#1104353). - net: hns3: fix for returning wrong value problem in hns3_get_rss_indir_size (bsc#1104353). - net: hns3: fix for returning wrong value problem in hns3_get_rss_key_size (bsc#1104353). - net: hns3: fix for RSS configuration loss problem during reset (bsc#1104353). - net: hns3: Fix for rx priv buf allocation when DCB is not supported (bsc#1104353). - net: hns3: Fix for rx_priv_buf_alloc not setting rx shared buffer (bsc#1104353). - net: hns3: Fix for service_task not running problem after resetting (bsc#1104353). - net: hns3: Fix for setting mac address when resetting (bsc#1104353). - net: hns3: fix for setting MTU (bsc#1104353). - net: hns3: Fix for setting rss_size incorrectly (bsc#1104353 ). - net: hns3: Fix for the null pointer problem occurring when initializing ae_dev failed (bsc#1104353). - net: hns3: fix for the wrong shift problem in hns3_set_txbd_baseinfo (bsc#1104353). - net: hns3: fix for updating fc_mode_last_time (bsc#1104353 ). - net: hns3: fix for use-after-free when setting ring parameter (bsc#1104353). - net: hns3: Fix for using wrong mask and shift in hclge_get_ring_chain_from_mbx (bsc#1104353). - net: hns3: Fix for VF mailbox cannot receiving PF response (bsc#1104353). - net: hns3: Fix for VF mailbox receiving unknown message (bsc#1104353). - net: hns3: fix for vlan table lost problem when resetting (bsc#1104353). - net: hns3: Fix for vxlan tx checksum bug (bsc#1104353 ). - net: hns3: Fix get_vector ops in hclgevf_main module (bsc#1104353). - net: hns3: Fix initialization when cmd is not supported (bsc#1104353). - net: hns3: fix length overflow when CONFIG_ARM64_64K_PAGES (bsc#1104353). - net: hns3: Fix MSIX allocation issue for VF (bsc#1104353 ). - net: hns3: fix null pointer dereference before null check (bsc#1104353). - net: hns3: Fix return value error in hns3_reset_notify_down_enet (bsc#1104353). - net: hns3: fix return value error of hclge_get_mac_vlan_cmd_status() (bsc#1104353). - net: hns3: fix return value error while hclge_cmd_csq_clean failed (bsc#1104353). - net: hns3: fix rx path skb->truesize reporting bug (bsc#1104353 ). - net: hns3: Fix setting mac address error (bsc#1104353 ). - net: hns3: Fix spelling errors (bsc#1104353). - net: hns3: fix spelling mistake: 'capabilty' -> 'capability' (bsc#1104353). - net: hns3: fix the bug of hns3_set_txbd_baseinfo (bsc#1104353 ). - net: hns3: fix the bug when map buffer fail (bsc#1104353 ). - net: hns3: fix the bug when reuse command description in hclge_add_mac_vlan_tbl (bsc#1104353). - net: hns3: Fix the missing client list node initialization (bsc#1104353). - net: hns3: fix the ops check in hns3_get_rxnfc (bsc#1104353 ). - net: hns3: fix the queue id for tqp enable&&reset (bsc#1104353 ). - net: hns3: fix the ring count for ETHTOOL_GRXRINGS (bsc#1104353 ). - net: hns3: fix the TX/RX ring.queue_index in hns3_ring_get_cfg (bsc#1104353). - net: hns3: fix the VF queue reset flow error (bsc#1104353 ). - net: hns3: fix to correctly fetch l4 protocol outer header (bsc#1104353). - net: hns3: Fix to support autoneg only for port attached with phy (bsc#1104353). - net: hns3: Fix typo error for feild in hclge_tm (bsc#1104353 ). - net: hns3: Fix warning bug when doing lp selftest (bsc#1104353 ). - net: hns3: free the ring_data structrue when change tqps (bsc#1104353). - net: hns3: get rss_size_max from configuration but not hardcode (bsc#1104353). - net: hns3: get vf count by pci_sriov_get_totalvfs (bsc#1104353 ). - net: hns3: hclge_inform_reset_assert_to_vf() can be static (bsc#1104353). - net: hns3: hns3:fix a bug about statistic counter in reset process (bsc#1104353). - net: hns3: hns3_get_channels() can be static (bsc#1104353 ). - net: hns3: Increase the default depth of bucket for TM shaper (bsc#1104353). - net: hns3: increase the max time for IMP handle command (bsc#1104353). - net: hns3: make local functions static (bsc#1104353 ). - net: hns3: Mask the packet statistics query when NIC is down (bsc#1104353). - net: hns3: modify hnae_ to hnae3_ (bsc#1104353). - net: hns3: Modify the update period of packet statistics (bsc#1104353). - net: hns3: never send command queue message to IMP when reset (bsc#1104353). - net: hns3: Optimize PF CMDQ interrupt switching process (bsc#1104353). - net: hns3: Optimize the PF's process of updating multicast MAC (bsc#1104353). - net: hns3: Optimize the VF's process of updating multicast MAC (bsc#1104353). - net: hns3: Prevent sending command during global or core reset (bsc#1104353). - net: hns3: reallocate tx/rx buffer after changing mtu (bsc#1104353). - net: hns3: refactor GL update function (bsc#1104353 ). - net: hns3: refactor interrupt coalescing init function (bsc#1104353). - net: hns3: Refactor mac_init function (bsc#1104353). - net: hns3: Refactor of the reset interrupt handling logic (bsc#1104353). - net: hns3: Refactors the requested reset & pending reset handling code (bsc#1104353). - net: hns3: refactor the coalesce related struct (bsc#1104353 ). - net: hns3: refactor the get/put_vector function (bsc#1104353 ). - net: hns3: refactor the hclge_get/set_rss function (bsc#1104353 ). - net: hns3: refactor the hclge_get/set_rss_tuple function (bsc#1104353). - net: hns3: Refactor the initialization of command queue (bsc#1104353). - net: hns3: refactor the loopback related function (bsc#1104353 ). - net: hns3: Refactor the mapping of tqp to vport (bsc#1104353 ). - net: hns3: Refactor the skb receiving and transmitting function (bsc#1104353). - net: hns3: remove a couple of redundant assignments (bsc#1104353 ). - net: hns3: remove add/del_tunnel_udp in hns3_enet module (bsc#1104353). - net: hns3: Remove a useless member of struct hns3_stats (bsc#1104353). - net: hns3: Remove error log when getting pfc stats fails (bsc#1104353). - net: hns3: Remove packet statistics in the range of 8192~12287 (bsc#1104353). - net: hns3: remove redundant memset when alloc buffer (bsc#1104353). - net: hns3: remove redundant semicolon (bsc#1104353). - net: hns3: Remove repeat statistic of rx_errors (bsc#1104353 ). - net: hns3: remove some redundant assignments (bsc#1104353 ). - net: hns3: Removes unnecessary check when clearing TX/RX rings (bsc#1104353). - net: hns3: remove TSO config command from VF driver (bsc#1104353 ). - net: hns3: remove unnecessary pci_set_drvdata() and devm_kfree() (bsc#1104353). - net: hns3: remove unnecessary ring configuration operation while resetting (bsc#1104353). - net: hns3: remove unused GL setup function (bsc#1104353 ). - net: hns3: remove unused hclgevf_cfg_func_mta_filter (bsc#1104353). - net: hns3: Remove unused led control code (bsc#1104353 ). - net: hns3: report the function type the same line with hns3_nic_get_stats64 (bsc#1104353). - net: hns3: set the cmdq out_vld bit to 0 after used (bsc#1104353 ). - net: hns3: set the max ring num when alloc netdev (bsc#1104353 ). - net: hns3: Setting for fc_mode and dcb enable flag in TM module (bsc#1104353). - net: hns3: simplify hclge_cmd_csq_clean (bsc#1104353 ). - net: hns3: Standardize the handle of return value (bsc#1104353 ). - net: hns3: Support for dynamically assigning tx buffer to TC (bsc#1104353). - net: hns3: Unified HNS3 {VF|PF} Ethernet Driver for hip08 SoC (bsc#1104353). - net: hns3: unify the pause params setup function (bsc#1104353 ). - net: hns3: Unify the strings display of packet statistics (bsc#1104353). - net: hns3: Updates MSI/MSI-X alloc/free APIs(depricated) to new APIs (bsc#1104353). - net: hns3: Updates RX packet info fetch in case of multi BD (bsc#1104353). - net: hns3: Use enums instead of magic number in hclge_is_special_opcode (bsc#1104353). - net: hns3: VF should get the real rss_size instead of rss_size_max (bsc#1104353). - net/ipv4: Set oif in fib_compute_spec_dst (netfilter-stable-18_07_23). - net: lan78xx: Fix race in tx pending skb size calculation (bsc#1100132). - net: lan78xx: fix rx handling before first packet is send (bsc#1100132). - net/mlx5e: Avoid dealing with vport representors if not being e-switch manager (networking-stable-18_07_19). - net/mlx5: E-Switch, Avoid setup attempt if not being e-switch manager (networking-stable-18_07_19). - net: mvneta: fix the Rx desc DMA address in the Rx path (networking-stable-18_07_19). - net/packet: fix use-after-free (networking-stable-18_07_19). - net: phy: consider PHY_IGNORE_INTERRUPT in phy_start_aneg_priv (netfilter-stable-18_07_27). - net: phy: fix flag masking in __set_phy_supported (netfilter-stable-18_07_23). - net: qmi_wwan: add BroadMobi BM806U 2020:2033 (bsc#1087092). - net: qmi_wwan: Add Netgear Aircard 779S (bsc#1090888). - net_sched: blackhole: tell upper qdisc about dropped packets (networking-stable-18_07_19). - net: skb_segment() should not return NULL (netfilter-stable-18_07_27). - net: sungem: fix rx checksum support (networking-stable-18_07_19). - net: systemport: Fix CRC forwarding check for SYSTEMPORT Lite (netfilter-stable-18_07_23). - net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 (bsc#1087092). - net: usb: asix: replace mii_nway_restart in resume path (bsc#1100132). - partitions/aix: append null character to print data from disk (bsc#1051510). - partitions/aix: fix usage of uninitialized lv_info and lvname structures (bsc#1051510). - PCI: Add pci_resize_resource() for resizing BARs (bsc#1105355). - PCI: Add PCI resource type mask #define (bsc#1105355). - PCI: Add resizable BAR infrastructure (bsc#1105355). - PCI: Allow release of resources that were never assigned (bsc#1105355). - PCI: Cleanup PCI_REBAR_CTRL_BAR_SHIFT handling (bsc#1105355). - PCI: pciehp: Fix unprotected list iteration in IRQ handler (bsc#1051510). - PCI: Restore resized BAR state on resume (bsc#1105355). - PCI: Skip MPS logic for Virtual Functions (VFs) (bsc#1051510). - pinctrl: cannonlake: Fix community ordering for H variant (bsc#1051510). - pinctrl: core: Return selector to the pinctrl driver (bsc#1051510). - pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show() (bsc#1051510). - pinctrl: imx: off by one in imx_pinconf_group_dbg_show() (bsc#1051510). - pinctrl: pinmux: Return selector to the pinctrl driver (bsc#1051510). - pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant (bsc#1051510). - pinctrl: single: Fix group and function selector use (bsc#1051510). - platform/x86: thinkpad_acpi: Proper model/release matching (bsc#1051510). - PM / devfreq: rk3399_dmc: Fix duplicated opp table on reload (bsc#1051510). - PM / sleep: wakeup: Fix build error caused by missing SRCU support (bsc#1051510). - power: gemini-poweroff: Avoid more spurious poweroffs (bsc#1051510). - power: generic-adc-battery: check for duplicate properties copied from iio channels (bsc#1051510). - power: generic-adc-battery: fix out-of-bounds write when copying channel properties (bsc#1051510). - powerpc/64: Add GENERIC_CPU support for little endian (). - powerpc/fadump: handle crash memory ranges array index overflow (bsc#1103269). - powerpc/fadump: merge adjacent memory ranges to reduce PT_LOAD segements (bsc#1103269). - powerpc/pkeys: Deny read/write/execute by default (bsc#1097577). - powerpc/pkeys: Fix calculation of total pkeys (bsc#1097577). - powerpc/pkeys: Give all threads control of their key permissions (bsc#1097577). - powerpc/pkeys: key allocation/deallocation must not change pkey registers (bsc#1097577). - powerpc/pkeys: make protection key 0 less special (bsc#1097577). - powerpc/pkeys: Preallocate execute-only key (bsc#1097577). - powerpc/pkeys: Save the pkey registers before fork (bsc#1097577). - powerpc/topology: Get topology for shared processors at boot (bsc#1104683). - Refresh patches.arch/mobility-numa-Ensure-numa-update-does-not-overlap.patch. - power: remove possible deadlock when unregistering power_supply (bsc#1051510). - power: supply: axp288_charger: Fix initial constant_charge_current value (bsc#1051510). - power: supply: max77693_charger: fix unintentional fall-through (bsc#1051510). - power: vexpress: fix corruption in notifier registration (bsc#1051510). - ppp: Destroy the mutex when cleanup (bsc#1051510). - ppp: fix __percpu annotation (bsc#1051510). - ptp: fix missing break in switch (bsc#1105355). - ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE (bsc#1105355). - ptr_ring: fix up after recent ptr_ring changes (bsc#1105355). - ptr_ring: prevent integer overflow when calculating size (bsc#1105355). - qedf: Add get_generic_tlv_data handler (bsc#1086317). - qedf: Add support for populating ethernet TLVs (bsc#1086317). - qedi: Add get_generic_tlv_data handler (bsc#1086315). - qedi: Add support for populating ethernet TLVs (bsc#1086315). - random: add new ioctl RNDRESEEDCRNG (bsc#1051510). - random: fix possible sleeping allocation from irq context (bsc#1051510). - random: mix rdrand with entropy sent in from userspace (bsc#1051510). - random: set up the NUMA crng instances after the CRNG is fully initialized (bsc#1051510). - rdma/hns: Add 64KB page size support for hip08 (bsc#1104427 ). - rdma/hns: Add command queue support for hip08 RoCE driver (bsc#1104427). - rdma/hns: Add CQ operations support for hip08 RoCE driver (bsc#1104427). - rdma/hns: Add detailed comments for mb() call (bsc#1104427 ). - rdma/hns: Add eq support of hip08 (bsc#1104427). - rdma/hns: Add gsi qp support for modifying qp in hip08 (bsc#1104427). - rdma/hns: Add mailbox's implementation for hip08 RoCE driver (bsc#1104427). - rdma/hns: Add modify CQ support for hip08 (bsc#1104427 ). - rdma/hns: Add names to function arguments in function pointers (bsc#1104427). - rdma/hns: Add profile support for hip08 driver (bsc#1104427 ). - rdma/hns: Add QP operations support for hip08 SoC (bsc#1104427 ). - rdma/hns: Add releasing resource operation in error branch (bsc#1104427). - rdma/hns: Add rereg mr support for hip08 (bsc#1104427 ). - rdma/hns: Add reset process for RoCE in hip08 (bsc#1104427 ). - rdma/hns: Add return operation when configured global param fail (bsc#1104427). - rdma/hns: Add rq inline data support for hip08 RoCE (bsc#1104427 ). - rdma/hns: Add rq inline flags judgement (bsc#1104427 ). - rdma/hns: Add sq_invld_flg field in QP context (bsc#1104427 ). - rdma/hns: Add support for processing send wr and receive wr (bsc#1104427). - rdma/hns: Add the interfaces to support multi hop addressing for the contexts in hip08 (bsc#1104427). - rdma/hns: Adjust the order of cleanup hem table (bsc#1104427 ). - rdma/hns: Assign dest_qp when deregistering mr (bsc#1104427 ). - rdma/hns: Assign the correct value for tx_cqn (bsc#1104427 ). - rdma/hns: Assign zero for pkey_index of wc in hip08 (bsc#1104427 ). - rdma/hns: Avoid NULL pointer exception (bsc#1104427 ). - rdma/hns: Bugfix for cq record db for kernel (bsc#1104427 ). - rdma/hns: Bugfix for init hem table (bsc#1104427). - rdma/hns: Bugfix for rq record db for kernel (bsc#1104427 ). - rdma/hns: Check return value of kzalloc (bsc#1104427 ). - rdma/hns: Configure BT BA and BT attribute for the contexts in hip08 (bsc#1104427). - rdma/hns: Configure fence attribute in hip08 RoCE (bsc#1104427 ). - rdma/hns: Configure mac&gid and user access region for hip08 RoCE driver (bsc#1104427). - rdma/hns: Configure sgid type for hip08 RoCE (bsc#1104427 ). - rdma/hns: Configure the MTPT in hip08 (bsc#1104427). - rdma/hns: Configure TRRL field in hip08 RoCE device (bsc#1104427 ). - rdma/hns: Create gsi qp in hip08 (bsc#1104427). - rdma/hns: Delete the unnecessary initializing enum to zero (bsc#1104427). - rdma/hns: Do not unregister a callback we didn't register (bsc#1104427). - rdma/hns: Drop local zgid in favor of core defined variable (bsc#1104427). - rdma/hns: Enable inner_pa_vld filed of mpt (bsc#1104427 ). - rdma/hns: Enable the cqe field of sqwqe of RC (bsc#1104427 ). - rdma/hns: ensure for-loop actually iterates and free's buffers (bsc#1104427). - rdma/hns: Fill sq wqe context of ud type in hip08 (bsc#1104427 ). - rdma/hns: Filter for zero length of sge in hip08 kernel mode (bsc#1104427). - rdma/hns: Fix a bug with modifying mac address (bsc#1104427 ). - rdma/hns: Fix a couple misspellings (bsc#1104427). - rdma/hns: Fix calltrace for sleeping in atomic (bsc#1104427 ). - rdma/hns: Fix cqn type and init resp (bsc#1104427). - rdma/hns: Fix cq record doorbell enable in kernel (bsc#1104427 ). - rdma/hns: Fix endian problems around imm_data and rkey (bsc#1104427). - rdma/hns: Fix inconsistent warning (bsc#1104427). - rdma/hns: Fix init resp when alloc ucontext (bsc#1104427 ). - rdma/hns: Fix misplaced call to hns_roce_cleanup_hem_table (bsc#1104427). - rdma/hns: Fix QP state judgement before receiving work requests (bsc#1104427). - rdma/hns: Fix QP state judgement before sending work requests (bsc#1104427). - rdma/hns: fix spelling mistake: 'Reseved' -> 'Reserved' (bsc#1104427). - rdma/hns: Fix the bug with NULL pointer (bsc#1104427 ). - rdma/hns: Fix the bug with rq sge (bsc#1104427). - rdma/hns: Fix the endian problem for hns (bsc#1104427 ). - rdma/hns: Fix the illegal memory operation when cross page (bsc#1104427). - rdma/hns: Fix the issue of IOVA not page continuous in hip08 (bsc#1104427). - rdma/hns: Fix the qp context state diagram (bsc#1104427 ). - rdma/hns: Generate gid type of RoCEv2 (bsc#1104427). - rdma/hns: Get rid of page operation after dma_alloc_coherent (bsc#1104427). - rdma/hns: Get rid of virt_to_page and vmap calls after dma_alloc_coherent (bsc#1104427). - rdma/hns: Implement the disassociate_ucontext API (bsc#1104427 ). - rdma/hns: Increase checking CMQ status timeout value (bsc#1104427). - rdma/hns: Initialize the PCI device for hip08 RoCE (bsc#1104427 ). - rdma/hns: Intercept illegal RDMA operation when use inline data (bsc#1104427). - rdma/hns: Load the RoCE dirver automatically (bsc#1104427 ). - rdma/hns: make various function static, fixes warnings (bsc#1104427). - rdma/hns: Modify assignment device variable to support both PCI device and platform device (bsc#1104427). - rdma/hns: Modify the usage of cmd_sn in hip08 (bsc#1104427 ). - rdma/hns: Modify the value with rd&dest_rd of qp_attr (bsc#1104427). - rdma/hns: Modify uar allocation algorithm to avoid bitmap exhaust (bsc#1104427). - rdma/hns: Move priv in order to add multiple hns_roce support (bsc#1104427). - rdma/hns: Move the location for initializing tmp_len (bsc#1104427). - rdma/hns: Not support qp transition from reset to reset for hip06 (bsc#1104427). - rdma/hns: Only assign dest_qp if ib_QP_DEST_QPN bit is set (bsc#1104427). - rdma/hns: Only assign dqpn if ib_QP_PATH_DEST_QPN bit is set (bsc#1104427). - rdma/hns: Only assign mtu if ib_QP_PATH_MTU bit is set (bsc#1104427). - rdma/hns: Refactor code for readability (bsc#1104427 ). - rdma/hns: Refactor eq code for hip06 (bsc#1104427). - rdma/hns: remove redundant assignment to variable j (bsc#1104427 ). - rdma/hns: Remove some unnecessary attr_mask judgement (bsc#1104427). - rdma/hns: Remove unnecessary operator (bsc#1104427). - rdma/hns: Remove unnecessary platform_get_resource() error check (bsc#1104427). - rdma/hns: Rename the idx field of db (bsc#1104427). - rdma/hns: Replace condition statement using hardware version information (bsc#1104427). - rdma/hns: Replace __raw_write*(cpu_to_le*()) with LE write*() (bsc#1104427). - rdma/hns: return 0 rather than return a garbage status value (bsc#1104427). - rdma/hns_roce: Do not check return value of zap_vma_ptes() (bsc#1104427). - rdma/hns: Set access flags of hip08 RoCE (bsc#1104427 ). - rdma/hns: Set desc_dma_addr for zero when free cmq desc (bsc#1104427). - rdma/hns: Set NULL for __internal_mr (bsc#1104427). - rdma/hns: Set rdma_ah_attr type for querying qp (bsc#1104427 ). - rdma/hns: Set se attribute of sqwqe in hip08 (bsc#1104427 ). - rdma/hns: Set sq_cur_sge_blk_addr field in QPC in hip08 (bsc#1104427). - rdma/hns: Set the guid for hip08 RoCE device (bsc#1104427 ). - rdma/hns: Set the owner field of SQWQE in hip08 RoCE (bsc#1104427). - rdma/hns: Split CQE from MTT in hip08 (bsc#1104427). - rdma/hns: Split hw v1 driver from hns roce driver (bsc#1104427 ). - rdma/hns: Submit bad wr (bsc#1104427). - rdma/hns: Support cq record doorbell for kernel space (bsc#1104427). - rdma/hns: Support cq record doorbell for the user space (bsc#1104427). - rdma/hns: Support multi hop addressing for PBL in hip08 (bsc#1104427). - rdma/hns: Support rq record doorbell for kernel space (bsc#1104427). - rdma/hns: Support rq record doorbell for the user space (bsc#1104427). - rdma/hns: Support WQE/CQE/PBL page size configurable feature in hip08 (bsc#1104427). - rdma/hns: Unify the calculation for hem index in hip08 (bsc#1104427). - rdma/hns: Update assignment method for owner field of send wqe (bsc#1104427). - rdma/hns: Update calculation of irrl_ba field for hip08 (bsc#1104427). - rdma/hns: Update convert function of endian format (bsc#1104427 ). - rdma/hns: Update the interfaces for MTT/CQE multi hop addressing in hip08 (bsc#1104427). - rdma/hns: Update the IRRL table chunk size in hip08 (bsc#1104427 ). - rdma/hns: Update the PD&CQE&MTT specification in hip08 (bsc#1104427). - rdma/hns: Update the usage of ack timeout in hip08 (bsc#1104427 ). - rdma/hns: Update the usage of sr_max and rr_max field (bsc#1104427). - rdma/hns: Update the verbs of polling for completion (bsc#1104427). - rdma/hns: Use free_pages function instead of free_page (bsc#1104427). - rdma/hns: Use structs to describe the uABI instead of opencoding (bsc#1104427). - rdma/uverbs: Expand primary and alt AV port checks (bsc#1046306 ). - readahead: stricter check for bdi io_pages (VM Functionality, git fixes). - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() (bsc#1051510). - rtc: ensure rtc_set_alarm fails when alarms are not supported (bsc#1051510). - rtnetlink: add rtnl_link_state check in rtnl_configure_link (netfilter-stable-18_07_27). - s390/dasd: configurable IFCC handling (bsc#1097808). - s390: Prevent hotplug rwsem recursion (bsc#1105731). - s390/qeth: consistently re-enable device features (bsc#1104482, LTC#170340). - s390/qeth: do not clobber buffer on async TX completion (bsc#1104482, LTC#170340). - s390/qeth: rely on kernel for feature recovery (bsc#1104482, LTC#170340). - sched/debug: Reverse the order of printing faults (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Evaluate move once per node (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Modify migrate_swap() to accept additional parameters (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Move task_numa_placement() closer to numa_migrate_preferred() (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove redundant field (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove redundant field -kabi (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove unused task_capacity from 'struct numa_stats' (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Set preferred_node based on best_cpu (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Simplify load_too_imbalanced() (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Skip nodes that are at 'hoplimit' (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Update the scan period without holding the numa_group lock (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Use group_weights to identify if migration degrades locality (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Use task faults only if numa_group is not yet set up (bnc#1101669 optimise numa balancing for fast migrate). - scripts/git_sort/git_sort.py: add libnvdimm-for-next branch - scsi: cxlflash: Abstract hardware dependent assignments (). - scsi: cxlflash: Acquire semaphore before invoking ioctl services (). - scsi: cxlflash: Adapter context init can return error (). - scsi: cxlflash: Adapter context support for OCXL (). - scsi: cxlflash: Add argument identifier names (). - scsi: cxlflash: Add include guards to backend.h (). - scsi: cxlflash: Avoid clobbering context control register value (). - scsi: cxlflash: Enable OCXL operations (). - scsi: cxlflash: Explicitly cache number of interrupts per context (). - scsi: cxlflash: Handle spurious interrupts (). - scsi: cxlflash: Hardware AFU for OCXL (). - scsi: cxlflash: Introduce object handle fop (). - scsi: cxlflash: Introduce OCXL backend (). - scsi: cxlflash: Introduce OCXL context state machine (). - scsi: cxlflash: Isolate external module dependencies (). - scsi: cxlflash: Limit the debug logs in the IO path (). - scsi: cxlflash: MMIO map the AFU (). - scsi: cxlflash: Preserve number of interrupts for master contexts (). - scsi: cxlflash: Read host AFU configuration (). - scsi: cxlflash: Read host function configuration (). - scsi: cxlflash: Register for translation errors (). - scsi: cxlflash: Remove commmands from pending list on timeout (). - scsi: cxlflash: Remove embedded CXL work structures (). - scsi: cxlflash: Setup AFU acTag range (). - scsi: cxlflash: Setup AFU PASID (). - scsi: cxlflash: Setup function acTag range (). - scsi: cxlflash: Setup function OCXL link (). - scsi: cxlflash: Setup LISNs for master contexts (). - scsi: cxlflash: Setup LISNs for user contexts (). - scsi: cxlflash: Setup OCXL transaction layer (). - scsi: cxlflash: Staging to support future accelerators (). - scsi: cxlflash: Support adapter context discovery (). - scsi: cxlflash: Support adapter context mmap and release (). - scsi: cxlflash: Support adapter context polling (). - scsi: cxlflash: Support adapter context reading (). - scsi: cxlflash: Support adapter file descriptors for OCXL (). - scsi: cxlflash: Support AFU interrupt management (). - scsi: cxlflash: Support AFU interrupt mapping and registration (). - scsi: cxlflash: Support AFU reset (). - scsi: cxlflash: Support AFU state toggling (). - scsi: cxlflash: Support file descriptor mapping (). - scsi: cxlflash: Support image reload policy modification (). - scsi: cxlflash: Support process element lifecycle (). - scsi: cxlflash: Support process specific mappings (). - scsi: cxlflash: Support reading adapter VPD data (). - scsi: cxlflash: Support starting an adapter context (). - scsi: cxlflash: Support starting user contexts (). - scsi: cxlflash: Synchronize reset and remove ops (). - scsi: cxlflash: Use IDR to manage adapter contexts (). - scsi: cxlflash: Use local mutex for AFU serialization (). - scsi: cxlflash: Yield to active send threads (). - scsi: mpt3sas: Add an I/O barrier (bsc#1086906,). - scsi: mpt3sas: Added support for SAS Device Discovery Error Event (bsc#1086906,). - scsi: mpt3sas: Add PCI device ID for Andromeda (bsc#1086906,). - scsi: mpt3sas: Allow processing of events during driver unload (bsc#1086906,). - scsi: mpt3sas: As per MPI-spec, use combined reply queue for SAS3.5 controllers when HBA supports more than 16 MSI-x vectors (bsc#1086906,). - scsi: mpt3sas: Bug fix for big endian systems (bsc#1086906,). - scsi: mpt3sas: Cache enclosure pages during enclosure add (bsc#1086906,). - scsi: mpt3sas: clarify mmio pointer types (bsc#1086906,). - scsi: mpt3sas: Configure reply post queue depth, DMA and sgl tablesize (bsc#1086906,). - scsi: mpt3sas: Do not abort I/Os issued to NVMe drives while processing Async Broadcast primitive event (bsc#1086906,). - scsi: mpt3sas: Do not access the structure after decrementing it's instance reference count (bsc#1086906,). - scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM (bsc#1086906,). - scsi: mpt3sas: Enhanced handling of Sense Buffer (bsc#1086906,). - scsi: mpt3sas: Fix, False timeout prints for ioctl and other internal commands during controller reset (bsc#1086906,). - scsi: mpt3sas: fix possible memory leak (bsc#1086906,). - scsi: mpt3sas: fix spelling mistake: 'disbale' -> 'disable' (bsc#1086906,). - scsi: mpt3sas: For NVME device, issue a protocol level reset (bsc#1086906,). - scsi: mpt3sas: Incorrect command status was set/marked as not used (bsc#1086906,). - scsi: mpt3sas: Increase event log buffer to support 24 port HBA's (bsc#1086906,). - scsi: mpt3sas: Introduce API to get BAR0 mapped buffer address (bsc#1086906,). - scsi: mpt3sas: Introduce Base function for cloning (bsc#1086906,). - scsi: mpt3sas: Introduce function to clone mpi reply (bsc#1086906,). - scsi: mpt3sas: Introduce function to clone mpi request (bsc#1086906,). - scsi: mpt3sas: Lockless access for chain buffers (bsc#1086906,). - scsi: mpt3sas: Optimize I/O memory consumption in driver (bsc#1086906,). - scsi: mpt3sas: Pre-allocate RDPQ Array at driver boot time (bsc#1086906,). - scsi: mpt3sas: Replace PCI pool old API (bsc#1081917). - Refresh patches.drivers/scsi-mpt3sas-SGL-to-PRP-Translation-for-I-Os-to-NVMe.patch. - scsi: mpt3sas: Report Firmware Package Version from HBA Driver (bsc#1086906,). - scsi: mpt3sas: Update driver version '25.100.00.00' (bsc#1086906,). - scsi: mpt3sas: Update driver version '26.100.00.00' (bsc#1086906,). - scsi: mpt3sas: Update MPI Headers (bsc#1086906,). - scsi: qedf: Add additional checks when restarting an rport due to ABTS timeout (bsc#1086317). - scsi: qedf: Add check for offload before flushing I/Os for target (bsc#1086317). - scsi: qedf: Add dcbx_not_wait module parameter so we won't wait for DCBX convergence to start discovery (bsc#1086317). - scsi: qedf: Add missing skb frees in error path (bsc#1086317). - scsi: qedf: Add more defensive checks for concurrent error conditions (bsc#1086317). - scsi: qedf: Add task id to kref_get_unless_zero() debug messages when flushing requests (bsc#1086317). - scsi: qedf: Check if link is already up when receiving a link up event from qed (bsc#1086317). - scsi: qedf: fix LTO-enabled build (bsc#1086317). - scsi: qedf: Fix VLAN display when printing sent FIP frames (bsc#1086317). - scsi: qedf: Honor default_prio module parameter even if DCBX does not converge (bsc#1086317). - scsi: qedf: Honor priority from DCBX FCoE App tag (bsc#1086317). - scsi: qedf: If qed fails to enable MSI-X fail PCI probe (bsc#1086317). - scsi: qedf: Improve firmware debug dump handling (bsc#1086317). - scsi: qedf: Increase the number of default FIP VLAN request retries to 60 (bsc#1086317). - scsi: qedf: Release RRQ reference correctly when RRQ command times out (bsc#1086317). - scsi: qedf: remove redundant initialization of 'fcport' (bsc#1086317). - scsi: qedf: Remove setting DCBX pending during soft context reset (bsc#1086317). - scsi: qedf: Return request as DID_NO_CONNECT if MSI-X is not enabled (bsc#1086317). - scsi: qedf: Sanity check FCoE/FIP priority value to make sure it's between 0 and 7 (bsc#1086317). - scsi: qedf: Send the driver state to MFW (bsc#1086317). - scsi: qedf: Set the UNLOADING flag when removing a vport (bsc#1086317). - scsi: qedf: Synchronize rport restarts when multiple ELS commands time out (bsc#1086317). - scsi: qedf: Update copyright for 2018 (bsc#1086317). - scsi: qedf: Update version number to 8.33.16.20 (bsc#1086317). - scsi: qedf: use correct strncpy() size (bsc#1086317). - scsi: qedi: fix building with LTO (bsc#1086315). - scsi: qedi: fix build regression (bsc#1086315). - scsi: qedi: Fix kernel crash during port toggle (bsc#1086315). - scsi: qedi: Send driver state to MFW (bsc#1086315). - scsi: qla2xxx: Add longer window for chip reset (bsc#1086327,). - scsi: qla2xxx: Cleanup for N2N code (bsc#1086327,). - scsi: qla2xxx: correctly shift host byte (bsc#1086327,). - scsi: qla2xxx: Correct setting of SAM_STAT_CHECK_CONDITION (bsc#1086327,). - scsi: qla2xxx: Fix crash on qla2x00_mailbox_command (bsc#1086327,). - scsi: qla2xxx: Fix Inquiry command being dropped in Target mode (bsc#1086327,). - scsi: qla2xxx: Fix ISP recovery on unload (bsc#1086327,). - scsi: qla2xxx: Fix issue reported by static checker for qla2x00_els_dcmd2_sp_done() (bsc#1086327,). - scsi: qla2xxx: Fix login retry count (bsc#1086327,). - scsi: qla2xxx: Fix Management Server NPort handle reservation logic (bsc#1086327,). - scsi: qla2xxx: Fix N2N link re-connect (bsc#1086327,). - scsi: qla2xxx: Fix race between switch cmd completion and timeout (bsc#1086327,). - scsi: qla2xxx: Fix race condition between iocb timeout and initialisation (bsc#1086327,). - scsi: qla2xxx: Fix redundant fc_rport registration (bsc#1086327,). - scsi: qla2xxx: Fix Rport and session state getting out of sync (bsc#1086327,). - scsi: qla2xxx: Fix sending ADISC command for login (bsc#1086327,). - scsi: qla2xxx: Fix session state stuck in Get Port DB (bsc#1086327,). - scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails (bsc#1086327,). - scsi: qla2xxx: Fix stalled relogin (bsc#1086327,). - scsi: qla2xxx: Fix TMF and Multi-Queue config (bsc#1086327,). - scsi: qla2xxx: Fix unintended Logout (bsc#1086327,). - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1086327,). - scsi: qla2xxx: Migrate NVME N2N handling into state machine (bsc#1086327,). - scsi: qla2xxx: Move GPSC and GFPNID out of session management (bsc#1086327,). - scsi: qla2xxx: Prevent relogin loop by removing stale code (bsc#1086327,). - scsi: qla2xxx: Prevent sysfs access when chip is down (bsc#1086327,). - scsi: qla2xxx: Reduce redundant ADISC command for RSCNs (bsc#1086327,). - scsi: qla2xxx: remove irq save in qla2x00_poll() (bsc#1086327,). - scsi: qla2xxx: Remove stale debug value for login_retry flag (bsc#1086327,). - scsi: qla2xxx: Save frame payload size from ICB (bsc#1086327,). - scsi: qla2xxx: Silent erroneous message (bsc#1086327,). - scsi: qla2xxx: Spinlock recursion in qla_target (bsc#1086327,). - scsi: qla2xxx: Update driver version to 10.00.00.07-k (bsc#1086327,). - scsi: qla2xxx: Update driver version to 10.00.00.08-k (bsc#1086327,). - scsi: qla2xxx: Use predefined get_datalen_for_atio() inline function (bsc#1086327,). - scsi: qla4xxx: Move an array from a .h into a .c file (bsc#1086331). - scsi: qla4xxx: Remove unused symbols (bsc#1086331). - scsi: qla4xxx: skip error recovery in case of register disconnect (bsc#1086331). - scsi: qla4xxx: Use dma_pool_zalloc() (bsc#1086331). - scsi: qla4xxx: Use zeroing allocator rather than allocator/memset (bsc#1086331). - security: check for kstrdup() failure in lsm_append() (bsc#1051510). - selftests/powerpc: Fix core-pkey for default execute permission change (bsc#1097577). - selftests/powerpc: Fix ptrace-pkey for default execute permission change (bsc#1097577). - serial: 8250: Do not service RX FIFO if interrupts are disabled (bsc#1051510). - serial: 8250_dw: Add ACPI support for uart on Broadcom SoC (bsc#1051510). - serial: 8250_dw: always set baud rate in dw8250_set_termios (bsc#1051510). - serial: core: mark port as initialized after successful IRQ change (bsc#1051510). - serial: pxa: Fix an error handling path in 'serial_pxa_probe()' (bsc#1051510). - serial: sh-sci: Stop RX FIFO timer during port shutdown (bsc#1051510). - serial: xuartps: fix typo in cdns_uart_startup (bsc#1051510). - spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe (bsc#1051510). - staging: bcm2835-camera: fix timeout handling in wait_for_completion_timeout (bsc#1051510). - staging: bcm2835-camera: handle wait_for_completion_timeout return properly (bsc#1051510). - staging: rts5208: fix missing error check on call to rtsx_write_register (bsc#1051510). - stmmac: fix DMA channel hang in half-duplex mode (networking-stable-18_07_19). - strparser: Remove early eaten to fix full tcp receive buffer stall (networking-stable-18_07_19). - supported.conf - supported.conf: added hns3 modules - supported.conf: added hns-roce-hw-v1 and hns-roce-hw-v2 - supported.conf: Enable HiSi v3 SAS adapter () - TCM_RBD depends on BLK_DEV_RBD (). - tcp: do not cancel delay-AcK on DCTCP special ACK (netfilter-stable-18_07_27). - tcp: do not delay ACK in DCTCP upon CE status change (netfilter-stable-18_07_27). - tcp: fix dctcp delayed ACK schedule (netfilter-stable-18_07_27). - tcp: fix Fast Open key endianness (networking-stable-18_07_19). - tcp: helpers to send special DCTCP ack (netfilter-stable-18_07_27). - tcp: prevent bogus FRTO undos with non-SACK flows (networking-stable-18_07_19). - tg3: Add higher cpu clock for 5762 (netfilter-stable-18_07_23). - tty: fix termios input-speed encoding (bsc#1051510). - tty: fix termios input-speed encoding when using BOTHER (bsc#1051510). - tty: serial: 8250: Revert NXP SC16C2552 workaround (bsc#1051510). - typec: tcpm: fusb302: Resolve out of order messaging events (bsc#1087092). - uio: potential double frees if __uio_register_device() fails (bsc#1051510). - uprobes: Use synchronize_rcu() not synchronize_sched() (bsc#1051510). - uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn() (bsc#1051510). - usb: cdc-wdm: do not enable interrupts in USB-giveback (bsc#1051510). - usb: dwc3: change stream event enable bit back to 13 (bsc#1051510). - usb: option: add support for DW5821e (bsc#1051510). - usb: serial: kobil_sct: fix modem-status error handling (bsc#1051510). - usb: serial: pl2303: add a new device id for ATEN (bsc#1051510). - usb: serial: sierra: fix potential deadlock at close (bsc#1051510). - vhost_net: validate sock before trying to put its fd (networking-stable-18_07_19). - vmci: type promotion bug in qp_host_get_user_memory() (bsc#1105355). - vmw_balloon: do not use 2MB without batching (bsc#1051510). - vmw_balloon: fix inflation of 64-bit GFNs (bsc#1051510). - vmw_balloon: fix VMCI use when balloon built into kernel (bsc#1051510). - vmw_balloon: remove inflation rate limiting (bsc#1051510). - vmw_balloon: VMCI_DOORBELL_SET does not check status (bsc#1051510). - vsock: fix loopback on big-endian systems (networking-stable-18_07_19). - vxlan: add new fdb alloc and create helpers (netfilter-stable-18_07_27). - vxlan: fix default fdb entry netlink notify ordering during netdev create (netfilter-stable-18_07_27). - vxlan: make netlink notify in vxlan_fdb_destroy optional (netfilter-stable-18_07_27). - wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of qe_muram_alloc (bsc#1051510). - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715). - x86/mm/tlb: Always use lazy TLB mode (bnc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/mm/tlb: Leave lazy TLB mode at page table free time (bnc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/mm/tlb: Make lazy TLB mode lazier (bnc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/mm/tlb: Only send page table free TLB flush to lazy TLB CPUs (bnc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/mm/tlb: Restructure switch_mm_irqs_off() (bnc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/mm/tlb: Skip atomic operations for 'init_mm' in switch_mm_irqs_off() (bnc#1105467 Reduce IPIs and atomic ops with improved lazy TLB). - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (bnc#1065600). - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths (bnc#1065600). - x86/xen: init %gs very early to avoid page faults with stack protector (bnc#1104777). - xen-netback: fix input validation in xenvif_set_hash_mapping() (bnc#1103277). - xen/netfront: do not cache skb_shinfo() (bnc#1065600). - xfs: Remove dead code from inode recover function (bsc#1105396). - xfs: repair malformed inode items during log recovery (bsc#1105396). - xhci: Fix perceived dead host due to runtime suspend race with event handler (bsc#1051510). - zram: fix null dereference of handle (bsc#1105355). ----------------------------------------- Patch: SUSE-2018-1782 Released: Tue Aug 28 18:20:02 2018 Summary: Recommended update for SAPHanaSR Severity: moderate References: 1062267,1091074 Description: This update for SAPHanaSR provides the following fixes: - Remove show_SAPHanaSR_attributes. The user is advised to use SAPHanaSR-showAttr instead. (bsc#1091074) - Adjust HAWK2 Wizards to run on both Python 2 and 3. (fate#323526) - SAPHanaSR wizard sets IPAddr2 agent's NIC to eth0. (bsc#1062267) ----------------------------------------- Patch: SUSE-2018-1837 Released: Wed Sep 5 11:22:39 2018 Summary: Recommended update for perl-Bootloader Severity: moderate References: 1033776,1050349 Description: This update for perl-Bootloader fixes the following issues: - Add --get-option to pbl. (bsc#1033776, bsc#1050349) ----------------------------------------- Patch: SUSE-2018-1839 Released: Wed Sep 5 14:08:22 2018 Summary: Recommended update for permissions Severity: moderate References: 1101420 Description: This update for permissions fixes the following issues: - add whitelisting for the spice-gtk setuid binary (bsc#1101420) for improved usability. ----------------------------------------- Patch: SUSE-2018-1846 Released: Thu Sep 6 10:01:08 2018 Summary: Recommended update for libvirt Severity: moderate References: 1094325,1094480,1094725,1095556,959329 Description: This update for libvirt fixes the following issues: - Enable virsh blockresize for XEN guests (fate#325467, bsc#1094325, bsc#1094725) - Add SUSE path to OVMF and AAVMF images (bsc#1095556) - Fix leaking of logfile file descriptors (bsc#1094480) - Fixes an issue where the state of a virtual machine was incorrect (bsc#959329) ----------------------------------------- Patch: SUSE-2018-1855 Released: Fri Sep 7 12:08:06 2018 Summary: Recommended update for resource-agents Severity: moderate References: 1092384,1096744 Description: This update for resource-agents provides the following fixes: - Implements the reload operation on the SAPInstance RA. (bsc#1096744) - Include the enq_server and enq_replicator on the default service list to be monitored for the new S/4 HANA Enq. Services 2. (bsc#1092384) - Improved SAPInstance START profile detection, avoiding the need of setting the START_PROFILE parameter. (bsc#1096744) ----------------------------------------- Patch: SUSE-2018-1861 Released: Mon Sep 10 11:38:53 2018 Summary: Recommended update for firewalld and susefirewall2-to-firewalld Severity: moderate References: 1096542,1098986,1099698,1105157,1105170 Description: This update for firewalld and susefirewall2-to-firewalld fixes the following issues: firewalld: - Drop global read permissions from the log file (bsc#1098986) - Add missing ipv6-icmp protocol to UI drop-down list (bsc#1099698) - Fix some untranslated strings in the creation of rich rules and firewall-config. (bsc#1096542) - fw: If failure occurs during startup set state to FAILED. - fw_direct: Avoid log for untracked passthrough queries. - Rich Rule Masquerade inverted source-destination in Forward Chain. - Don't forward interface to zone requests to NM for generated interfaces. - firewall-cmd, firewall-offline-cmd: Add --check-config option. - ipset: Check type when parsing ipset definition. - firewall-config: Add ipv6-icmp to the protocol dropdown box. - core/logger: Remove world-readable bit from logfile. - IPv6 rpfilter: Explicitly allow neighbor solicitation. susefirewall2-to-firewalld: - Do not try to handle unknown iptables chains. - Handle source whitelisting. (bsc#1105157) ----------------------------------------- Patch: SUSE-2018-1880 Released: Tue Sep 11 15:00:02 2018 Summary: Security update for zsh Severity: important References: 1107294,1107296,CVE-2018-0502,CVE-2018-13259 Description: This update for zsh to version 5.6 fixes the following security issues: - CVE-2018-0502: The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line (bsc#1107296). - CVE-2018-13259: Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one (bsc#1107294). ----------------------------------------- Patch: SUSE-2018-1882 Released: Tue Sep 11 15:21:27 2018 Summary: Recommended update for tigervnc Severity: moderate References: 1095664,1103552 Description: This update for tigervnc fixes the following issues: - Fix a bug where scrolling was not possible. (bsc#1095664) - Fix xvnc-novnc.service's dependency. (bsc#1103552) ----------------------------------------- Patch: SUSE-2018-1883 Released: Tue Sep 11 15:50:31 2018 Summary: Security update for libzypp, zypper Severity: important References: 1036304,1041178,1043166,1045735,1058515,1066215,1070770,1070851,1082318,1084525,1088037,1088705,1091624,1092413,1093103,1096217,1096617,1096803,1099847,1100028,1100095,1100427,1101349,1102019,1102429,408814,428822,907538,CVE-2017-9269,CVE-2018-7685 Description: This update for libzypp, zypper, libsolv provides the following fixes: Security fixes in libzypp: - CVE-2018-7685: PackageProvider: Validate RPMs before caching (bsc#1091624, bsc#1088705) - CVE-2017-9269: Be sure bad packages do not stay in the cache (bsc#1045735) Changes in libzypp: - Update to version 17.6.4 - Automatically fetch repository signing key from gpgkey url (bsc#1088037) - lsof: use '-K i' if lsof supports it (bsc#1099847,bsc#1036304) - Check for not imported keys after multi key import from rpmdb (bsc#1096217) - Flags: make it std=c++14 ready - Ignore /var, /tmp and /proc in zypper ps. (bsc#1096617) - Show GPGME version in log - Adapt to changes in libgpgme11-11.1.0 breaking the signature verification (bsc#1100427) - RepoInfo::provideKey: add report telling where we look for missing keys. - Support listing gpgkey URLs in repo files (bsc#1088037) - Add new report to request user approval for importing a package key - Handle http error 502 Bad Gateway in curl backend (bsc#1070851) - Add filesize check for downloads with known size (bsc#408814) - Removed superfluous space in translation (bsc#1102019) - Prevent the system from sleeping during a commit - RepoManager: Explicitly request repo2solv to generate application pseudo packages. - libzypp-devel should not require cmake (bsc#1101349) - Avoid zombies from ExternalProgram - Update ApiConfig - HardLocksFile: Prevent against empty commit without Target having been been loaded (bsc#1096803) - lsof: use '-K i' if lsof supports it (bsc#1099847) - Add filesize check for downloads with known size (bsc#408814) - Fix detection of metalink downloads and prevent aborting if a metalink file is larger than the expected data file. - Require libsolv-devel >= 0.6.35 during build (fixing bsc#1100095) - Make use of %license macro (bsc#1082318) Security fix in zypper: - CVE-2017-9269: Improve signature check callback messages (bsc#1045735) Changes in zypper: - Always set error status if any nr of unknown repositories are passed to lr and ref (bsc#1093103) - Notify user about unsupported rpm V3 keys in an old rpm database (bsc#1096217) - Detect read only filesystem on system modifying operations (fixes #199) - Use %license (bsc#1082318) - Handle repo aliases containing multiple ':' in the PackageArgs parser (bsc #1041178) - Fix broken display of detailed query results. - Fix broken search for items with a dash. (bsc#907538, bsc#1043166, bsc#1070770) - Disable repository operations when searching installed packages. (bsc#1084525) - Prevent nested calls to exit() if aborted by a signal. (bsc#1092413) - ansi.h: Prevent ESC sequence strings from going out of scope. (bsc#1092413) - Fix some translation errors. - Support listing gpgkey URLs in repo files (bsc#1088037) - Check for root privileges in zypper verify and si (bsc#1058515) - XML attribute `packages-to-change` added (bsc#1102429) - Add expert (allow-*) options to all installer commands (bsc#428822) - Sort search results by multiple columns (bsc#1066215) - man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf (bsc#1100028) - Set error status if repositories passed to lr and ref are not known (bsc#1093103) - Do not override table style in search - Fix out of bound read in MbsIterator - Add --supplements switch to search and info - Add setter functions for zypp cache related config values to ZConfig Changes in libsolv: - convert repo2solv.sh script into a binary tool - Make use of %license macro (bsc#1082318) ----------------------------------------- Patch: SUSE-2018-1892 Released: Thu Sep 13 09:51:42 2018 Summary: Recommended update for patterns-base Severity: moderate References: 1095916 Description: This update for patterns-base fixes the following issues: - Moved xfsprogs from the enhanced base pattern to the minimal base pattern and recommends instead of suggests it. (bsc#1095916) ----------------------------------------- Patch: SUSE-2018-1904 Released: Fri Sep 14 12:46:39 2018 Summary: Security update for curl Severity: moderate References: 1086367,1106019,CVE-2018-14618 Description: This update for curl fixes the following issues: This security issue was fixed: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019) This non-security issue was fixed: - Use OPENSSL_config instead of CONF_modules_load_file() to avoid crashes due to openssl engines conflicts (bsc#1086367) ----------------------------------------- Patch: SUSE-2018-1919 Released: Tue Sep 18 13:16:40 2018 Summary: Recommended update for crash Severity: moderate References: 1092101 Description: This update for crash fixes the following issues: - Reimplement IDR facility to use radix trees in Kernel 4.11. (bsc#1092101) ----------------------------------------- Patch: SUSE-2018-1931 Released: Thu Sep 20 08:06:12 2018 Summary: Security update for pango Severity: moderate References: 1103877,CVE-2018-15120 Description: This update for pango fixes the following issues: Security issue fixed: - CVE-2018-15120: Fixed a denial of service when parsing emoji (bsc#1103877) ----------------------------------------- Patch: SUSE-2018-1949 Released: Fri Sep 21 11:31:54 2018 Summary: Recommended update for yast2-installation Severity: moderate References: 1071745,1097661,1099505,1101879 Description: This update for yast2-installation fixes the following issues: - Turn off systemd console output at the second stage of an installation (bsc#1099505). - Do not print errors if plymouth is not installed (bsc#1101879) - Do not crash if /etc/os-release is a directory (bsc#1097661) - Delete unneeded content of /mnt/run after installation/update. (bsc#1071745) ----------------------------------------- Patch: SUSE-2018-1962 Released: Fri Sep 21 13:48:37 2018 Summary: Recommended update for icewm Severity: important References: 1096917 Description: This update for icewm fixes the following issues: - Renamed icewm-session.desktop to icewm.desktop to fix a upgrade issue (bsc#1096917). ----------------------------------------- Patch: SUSE-2018-1993 Released: Mon Sep 24 12:55:44 2018 Summary: Security update for shadow Severity: moderate References: 1106914 Description: This update for shadow fixes the following security issue: - Prevent useradd from creating intermediate directories with mode 0777 (bsc#1106914) ----------------------------------------- Patch: SUSE-2018-1997 Released: Tue Sep 25 08:18:55 2018 Summary: Recommended update for ucode-intel Severity: moderate References: 1104479 Description: This update for ucode-intel 2018007a fixes the following issues: No change except clarify the licensing and redistributable state. (bsc#1104479) ----------------------------------------- Patch: SUSE-2018-1999 Released: Tue Sep 25 08:20:35 2018 Summary: Recommended update for zlib Severity: moderate References: 1071321 Description: This update for zlib provides the following fixes: - Speedup zlib on power8. (fate#325307) - Add safeguard against negative values in uInt. (bsc#1071321) ----------------------------------------- Patch: SUSE-2018-2020 Released: Tue Sep 25 21:35:23 2018 Summary: Recommended update for yast2-update Severity: moderate References: 1079034 Description: This update for yast2-update provides the following fix: - Do not show wrong fstype 'Windows Data Partition' for partition which are suggested for upgrade. (bsc#1079034) ----------------------------------------- Patch: SUSE-2018-2047 Released: Thu Sep 27 07:51:20 2018 Summary: Security update for gd Severity: moderate References: 1105434,CVE-2018-1000222 Description: This update for gd fixes the following issues: Security issue fixed: - CVE-2018-1000222: Fixed a double free vulnerability in gdImageBmpPtr() that could result in remote code execution. This could have been exploited via a specially crafted JPEG image files. (bsc#1105434) ----------------------------------------- Patch: SUSE-2018-2049 Released: Thu Sep 27 09:30:04 2018 Summary: Recommended update for autoyast2 Severity: moderate References: 1095113,1098794,1104655,1105711 Description: This update for autoyast2 provides the following fixes: - AutoInstallRules: Fix a crash while merging profiles. (bsc#1105711) - AutoInstallRules: Increase the default maxdepth for not crashing with a big software package list. (bsc#1104655) - Installation/Update: Do not call registration if module yast2-registration is not available in inst-sys. (bsc#1098794) - Autoyast configuration module: Report XML errors while reading an Autoyast configuration file. (bsc#1098794) - Added additional search keys to desktop file. (fate#321043) - Show AutoYaST configuration file errors just once. (bsc#1095113) ----------------------------------------- Patch: SUSE-2018-2050 Released: Thu Sep 27 09:37:56 2018 Summary: Recommended update for mozjs52 Severity: moderate References: 1082720,1093033 Description: This update for mozjs52 provides the following fixes: - Fix building failing on PowerPC due to memory constraints. - Fix build errors on ppc64 (BE). (bsc#1093033) - Fix armv6 build by fixing armv6 detection. - Use system zlib instead of the bundled one to avoid potential problems when trying to use system zlib while mozjs52-devel is installed. (bsc#1082720) - Drop unused dependency on zip. ----------------------------------------- Patch: SUSE-2018-2052 Released: Thu Sep 27 12:03:08 2018 Summary: Security update for wireshark Severity: moderate References: 1106514,CVE-2018-16056,CVE-2018-16057,CVE-2018-16058 Description: This update for wireshark to version 2.4.9 fixes the following issues: Security issues fixed (bsc#1106514): - CVE-2018-16058: Bluetooth AVDTP dissector crash (wnpa-sec-2018-44) - CVE-2018-16056: Bluetooth Attribute Protocol dissector crash (wnpa-sec-2018-45) - CVE-2018-16057: Radiotap dissector crash (wnpa-sec-2018-46) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.9.html ----------------------------------------- Patch: SUSE-2018-2053 Released: Thu Sep 27 12:04:10 2018 Summary: Security update for MozillaFirefox Severity: important References: 1107343,CVE-2017-16541,CVE-2018-12376,CVE-2018-12377,CVE-2018-12378,CVE-2018-12379,CVE-2018-12381 Description: This update for MozillaFirefox to ESR 60.2 fixes several issues. These general changes are part of the version 60 release. - New browser engine with speed improvements - Redesigned graphical user interface elements - Unified address and search bar for new installations - New tab page listing top visited, recently visited and recommended pages - Support for configuration policies in enterprise deployments via JSON files - Support for Web Authentication, allowing the use of USB tokens for authentication to web sites The following changes affect compatibility: - Now exclusively supports extensions built using the WebExtension API. - Unsupported legacy extensions will no longer work in Firefox 60 ESR - TLS certificates issued by Symantec before June 1st, 2016 are no longer trusted The 'security.pki.distrust_ca_policy' preference can be set to 0 to reinstate trust in those certificates The following issues affect performance: - new format for storing private keys, certificates and certificate trust If the user home or data directory is on a network file system, it is recommended that users set the following environment variable to avoid slowdowns: NSS_SDB_USE_CACHE=yes This setting is not recommended for local, fast file systems. These security issues were fixed: - CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation (bsc#1107343). - CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1107343). - CVE-2018-12376: Various memory safety bugs (bsc#1107343). - CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343). - CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343). - CVE-2018-12379: Out-of-bounds write with malicious MAR file (bsc#1107343). ----------------------------------------- Patch: SUSE-2018-2055 Released: Thu Sep 27 14:30:14 2018 Summary: Recommended update for openldap2 Severity: moderate References: 1089640 Description: This update for openldap2 provides the following fix: - Fix slapd segfaults in mdb_env_reader_dest. (bsc#1089640) ----------------------------------------- Patch: SUSE-2018-2065 Released: Thu Sep 27 20:28:31 2018 Summary: Recommended update for grub2 Severity: moderate References: 1063443,1084508,1088830,1102515,1105163,1106381 Description: This update for grub2 provides the following fixes: - Fix overflow in sector count calculation. (bsc#1105163) - Fix config_directory on btrfs to follow path scheme. (bsc#1063443) - Fix setparams doesn't work as expected in boot-last-label. (bsc#1088830) - Suggest instead of libburnia-tools to not pull in tcl/tk and half of the x11 stack automatically. (bsc#1102515) - Fix broken network interface with random address and same name. (bsc#1084508) - Fix outputting invalid btrfs subvolume path on non btrfs filesystem due to bogus return code handling. (bsc#1106381) ----------------------------------------- Patch: SUSE-2018-2068 Released: Fri Sep 28 06:55:59 2018 Summary: Recommended update for multiple yast2 packages Severity: moderate References: 1087957,1099691 Description: This update addresses issues in several yast2 packages: Feature added to all packages: - Added additional searchkeys to desktop file (fate#321043, bsc#1099691) ----------------------------------------- Patch: SUSE-2018-2070 Released: Fri Sep 28 08:02:02 2018 Summary: Security update for gnutls Severity: moderate References: 1047002,1105437,1105459,1105460,CVE-2017-10790,CVE-2018-10844,CVE-2018-10845,CVE-2018-10846 Description: This update for gnutls fixes the following security issues: - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (bsc#1105460) - CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (bsc#1105459) - CVE-2018-10844: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (bsc#1105437) - CVE-2017-10790: The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (bsc#1047002) ----------------------------------------- Patch: SUSE-2018-2078 Released: Fri Sep 28 14:54:53 2018 Summary: Recommended update for sapconf Severity: moderate References: 1093843,1093844,1096498,1099101 Description: This update for sapconf provides the following fixes: - Sapconf should not change the system settings for kernel.sem, so remove the variables SEM* from it. (bsc#1099101) - Correct the SAP Note references in the man pages and in the sysconfig file of the sapconf package. (bsc#1096498) - Avoid stopping or disabling uuidd.socket in sapconf as it is mandatory for every SAP application running. (bsc#1093843) - Remove hardcoded default value for VSZ_TMPFS_PERCENT. This allows an admin to exclude VSZ_TMPFS settings from the sysconfig file, so the current system value will remain untouched. This value only got used in the previous version, if the variable VSZ_TMPFS_PERCENT was removed from the sapconf configuration file /etc/sysconfig/sapconf. If the value of the variable was only changed (increased or decreased) in the sapconf configuration file everything works fine. (bsc#1093844) - Remove the no longer needed sysconfig file. - Remove the pagecache references from the sysconfig file. ----------------------------------------- Patch: SUSE-2018-2082 Released: Sun Sep 30 14:06:27 2018 Summary: Security update for libX11 Severity: moderate References: 1102062,1102068,1102073,CVE-2018-14598,CVE-2018-14599,CVE-2018-14600 Description: This update for libX11 fixes the following security issues: - CVE-2018-14599: The function XListExtensions was vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact (bsc#1102062) - CVE-2018-14600: The function XListExtensions interpreted a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution (bsc#1102068) - CVE-2018-14598: A malicious server could have sent a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault) (bsc#1102073) ----------------------------------------- Patch: SUSE-2018-2083 Released: Sun Sep 30 14:06:33 2018 Summary: Security update for openssl-1_1 Severity: moderate References: 1097158,1101470,CVE-2018-0732 Description: This update for openssl-1_1 to 1.1.0i fixes the following issues: These security issues were fixed: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Make problematic ECDSA sign addition length-invariant - Add blinding to ECDSA and DSA signatures to protect against side channel attacks These non-security issues were fixed: - When unlocking a pass phrase protected PEM file or PKCS#8 container, we now allow empty (zero character) pass phrases. - Certificate time validation (X509_cmp_time) enforces stricter compliance with RFC 5280. Fractional seconds and timezone offsets are no longer allowed. - Fixed a text canonicalisation bug in CMS - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) ----------------------------------------- Patch: SUSE-2018-2095 Released: Mon Oct 1 16:02:00 2018 Summary: Security update for openssl-1_0_0 Severity: moderate References: 1089039,1097158,1101470,1104789,1106197,CVE-2018-0732,CVE-2018-0737 Description: This update for openssl-1_0_0 to 1.0.2p fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789) - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Make problematic ECDSA sign addition length-invariant - Add blinding to ECDSA and DSA signatures to protect against side channel attacks This non-security issue was fixed: - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) ----------------------------------------- Patch: SUSE-2018-2120 Released: Tue Oct 2 16:32:16 2018 Summary: Security update for the Linux Kernel Severity: important References: 1012382,1043912,1044189,1046302,1046306,1046307,1046543,1050244,1051510,1054914,1055014,1055117,1058659,1060463,1064232,1065600,1065729,1068032,1069138,1071995,1077761,1077989,1078720,1080157,1082555,1083647,1083663,1084332,1085042,1085262,1086282,1089663,1090528,1092903,1093389,1094244,1095344,1096748,1097105,1098459,1098822,1099922,1099999,1100000,1100001,1100132,1101557,1101669,1102346,1102870,1102875,1102877,1102879,1102882,1102896,1103363,1103387,1103421,1103948,1103949,1103961,1104172,1104353,1104824,1105247,1105524,1105536,1105597,1105603,1105672,1105907,1106007,1106016,1106105,1106121,1106170,1106178,1106191,1106229,1106230,1106231,1106233,1106235,1106236,1106237,1106238,1106240,1106291,1106297,1106333,1106369,1106426,1106427,1106464,1106509,1106511,1106594,1106636,1106688,1106697,1106743,1106779,1106800,1106890,1106891,1106892,1106893,1106894,1106896,1106897,1106898,1106899,1106900,1106901,1106902,1106903,1106905,1106906,1106948,1106995,1107008,1107060,1107061,1107065,1107073,1107074,1107078,1107265,1107319,1107320,1107522,1107535,1107689,1107735,1107756,1107870,1107924,1107945,1107966,1108010,1108093,1108243,1108520,1108870,1109269,1109511,920344,CVE-2018-10938,CVE-2018-10940,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-14613,CVE-2018-14617,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555 Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870) - CVE-2018-14613: Prevent invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, caused by a lack of block group item validation in check_leaf_item (bsc#1102896). - CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) - CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001) - CVE-2018-13094: Prevent OOPS that may have occured for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000) - CVE-2018-13095: Prevent denial of service (memory corruption and BUG) that could have occurred for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999) - CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol (bnc#1096748) - CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service (bnc#1096748) - CVE-2018-10938: A crafted network packet sent remotely by an attacker forced the kernel to enter an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service (bnc#1106016) The following non-security bugs were fixed: - /dev/mem: Add bounce buffer for copy-out (git-fixes). - /dev/mem: Avoid overwriting 'err' in read_mem() (git-fixes). - 9p/net: Fix zero-copy path in the 9p virtio transport (bsc#1051510). - 9p/virtio: fix off-by-one error in sg list bounds check (bsc#1051510). - 9p: fix multiple NULL-pointer-dereferences (bsc#1051510). - ACPI / EC: Add another entry for Thinkpad X1 Carbon 6th (bsc#1051510). - ACPI / EC: Add parameter to force disable the GPE on suspend (bsc#1051510). - ACPI / EC: Use ec_no_wakeup on ThinkPad X1 Yoga 3rd (bsc#1051510). - ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th (bsc#1051510). - ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems (bsc#1051510). - ACPI / PCI: pci_link: Allow the absence of _PRS and change log level (bsc#1104172). - ACPI / bus: Only call dmi_check_system on X86 (bsc#1105597, bsc#1106178). - ACPI / scan: Initialize status to ACPI_STA_DEFAULT (bsc#1051510). - ACPI/IORT: Remove temporary iort_get_id_mapping_index() ACPICA guard (bsc#1103387). - ACPI/PCI: pci_link: reduce verbosity when IRQ is enabled (bsc#1104172). - ACPICA: iasl: Add SMMUv3 device ID mapping index support (bsc#1103387). - ALSA: cs46xx: Deliver indirect-PCM transfer error. - ALSA: emu10k1: Deliver indirect-PCM transfer error. - ALSA: fireface: fix memory leak in ff400_switch_fetching_mode() (bsc#1051510). - ALSA: firewire-digi00x: fix memory leak of private data (bsc#1051510). - ALSA: firewire-tascam: fix memory leak of private data (bsc#1051510). - ALSA: hda - Fix cancel_work_sync() stall from jackpoll work (bsc#1051510). - ALSA: mips: Deliver indirect-PCM transfer error. - ALSA: oxfw: fix memory leak for model-dependent data at error path (bsc#1051510). - ALSA: oxfw: fix memory leak of discovered stream formats at error path (bsc#1051510). - ALSA: oxfw: fix memory leak of private data (bsc#1051510). - ALSA: pcm: Call ack() whenever appl_ptr is updated. - ALSA: pcm: Fix negative appl_ptr handling in pcm-indirect helpers. - ALSA: pcm: Fix possible inconsistent appl_ptr update via mmap. - ALSA: pcm: Simplify forward/rewind codes. - ALSA: pcm: Skip ack callback without actual appl_ptr update. - ALSA: pcm: Use a common helper for PCM state check and hwsync. - ALSA: pcm: Workaround for weird PulseAudio behavior on rewind error. - ALSA: rme32: Deliver indirect-PCM transfer error. - ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot (bsc#1051510). - ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores (bsc#1051510). - ARM: hisi: fix error handling and missing of_node_put (bsc#1051510). - ARM: hisi: handle of_iomap and fix missing of_node_put (bsc#1051510). - ARM: imx: flag failure of of_iomap (bsc#1051510). - ARM: imx_v4_v5_defconfig: Select ULPI support (bsc#1051510). - ARM: imx_v6_v7_defconfig: Select ULPI support (bsc#1051510). - ARM: pxa: irq: fix handling of ICMR registers in suspend/resume (bsc#1051510). - ASoC: rsnd: fixup not to call clk_get/set under non-atomic (bsc#1051510). - ASoC: rsnd: move rsnd_ssi_config_init() execute condition into it (bsc#1051510). - ASoC: rsnd: update pointer more accurate (bsc#1051510). - ASoC: wm8994: Fix missing break in switch (bsc#1051510). - Apply e666d4e9ceec crypto: vmx - Use skcipher for ctr fallback to SLE12-SP4 (bsc#1106464). - Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV (bsc#1051510). - Bluetooth: hidp: Fix handling of strncpy for hid->name information (bsc#1051510). - Prevent errors at reboot (bsc#1093389) - Documentation: add some docs for errseq_t (bsc#1107008). - Fix buggy backport of patches.drivers/libnvdimm-btt-fix-an-incompatibility-in-the-log-layout.patch (bsc#1103961). - Fix kABI breakage due to enum addition for ath10k (bsc#1051510). - HID: add quirk for another PIXART OEM mouse used by HP (bsc#1051510). - HID: i2c-hid: Add no-irq-after-reset quirk for 0911:5288 device. - IB/core: type promotion bug in rdma_rw_init_one_mr() (bsc#1046306). - IB/hfi1: Invalid NUMA node information can cause a divide by zero (bsc#1060463). - IB/hfi1: Remove incorrect call to do_interrupt callback (bsc#1060463). - IB/hfi1: Set in_use_ctxts bits for user ctxts only (bsc#1060463 ). - IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler (bsc#1046307). - IB/ipoib: Fix error return code in ipoib_dev_init() (bsc#1046307 ). - IB/mlx4: Test port number before querying type (bsc#1046302 ). - IB/mlx4: Use 4K pages for kernel QP's WQE buffer (bsc#1046302 ). - Input: atmel_mxt_ts - only use first T9 instance (bsc#1051510). - Input: edt-ft5x06 - fix error handling for factory mode on non-M06 (bsc#1051510). - Input: edt-ft5x06 - implement support for the EDT-M12 series (bsc#1051510). - Input: edt-ft5x06 - make distinction between m06/m09/generic more clear (bsc#1051510). - Input: synaptics-rmi4 - fix axis-swap behavior (bsc#1051510). - KABI: tpm: change relinquish_locality return value back to void (bsc#1082555). - KABI: tpm: do keep the cmd_ready and go_idle as pm ops (bsc#1082555). - KVM/x86: remove WARN_ON() for when vm_munmap() fails (bsc#1106240). - KVM: Enforce error in ioctl for compat tasks when !KVM_COMPAT (bsc#1106240). - KVM: PPC: Book3S: Fix guest DMA when guest partially backed by THP pages (bsc#1077761, git-fixes, bsc#1103948, bsc#1103949). - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - KVM: nVMX: Do not flush TLB when vmcs12 uses VPID (bsc#1106240). - KVM: nVMX: Fix injection to L2 when L1 do not intercept external-interrupts (bsc#1106240). - KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2 (bsc#1106240). - KVM: nVMX: Re-evaluate L1 pending events when running L2 and L1 got posted-interrupt (bsc#1106240). - KVM: s390: add etoken support for guests (bsc#1106948, LTC#171029). - KVM: s390: force bp isolation for VSIE (bsc#1103421). - KVM: s390: implement CPU model only facilities (bsc#1106948, LTC#171029). - KVM: x86: Change __kvm_apic_update_irr() to also return if max IRR updated (bsc#1106240). - KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled (git-fixes 1f50ddb4f418). - KVM: x86: fix APIC page invalidation (bsc#1106240). - NET: stmmac: align DMA stuff to largest cache line length (netfilter-stable-18_08_01). - NFSv4 client live hangs after live data migration recovery (git-fixes). - NFSv4: Fix a sleep in atomic context in nfs4_callback_sequence() (git-fixes). - NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message (git-fixes). - Netperf performance issue due to AppArmor net mediation (bsc#1108520) - PCI: Match Root Port's MPS to endpoint's MPSS as necessary (bsc#1109269). - PCI: OF: Fix I/O space page leak (git-fixes). - PCI: aardvark: Fix I/O space page leak (git-fixes). - PCI: hotplug: Do not leak pci_slot on registration failure (bsc#1051510). - PCI: hv: Make sure the bus domain is really unique (git-fixes). - PCI: mvebu: Fix I/O space end address calculation (bsc#1051510). - PCI: pciehp: Fix use-after-free on unplug (bsc#1051510). - PM / Domains: Fix error path during attach in genpd (bsc#1051510). - PM / clk: signedness bug in of_pm_clk_add_clks() (bsc#1051510). - PM / runtime: Drop usage count for suppliers at device link removal (bsc#1100132). - RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c (bsc#1050244). - RDMA/bnxt_re: Fix a couple off by one bugs (bsc#1050244 ). - RDMA/i40w: Hold read semaphore while looking after VMA (bsc#1058659). - Refresh with the upstream patches for lan78xx fixes (bsc#1085262) - Replace magic for trusting the secondary keyring with #define (bsc#1051510). - Revert 'PCI: Add ACS quirk for Intel 300 series' (bsc#1051510). - Revert 'UBIFS: Fix potential integer overflow in allocation' (bsc#1051510). - Revert 'mm: page_alloc: skip over regions of invalid pfns where possible' (bnc#1107078). - Revert 'vhost: cache used event for better performance' (bsc#1090528). - Revert 'vmalloc: back off when the current task is killed' (bnc#1107073). - Staging: vc04_services: remove unused variables. - Tools: hv: vss: fix loop device detection. - USB: net2280: Fix erroneous synchronization change (bsc#1051510). - USB: serial: io_ti: fix array underflow in completion handler (bsc#1051510). - USB: serial: ti_usb_3410_5052: fix array underflow in completion handler (bsc#1051510). - Update patches.drivers/0016-arm64-vgic-v2-Fix-proxying-of-cpuif-access.patch (bsc#1106901, bsc#1107265). - Update patches.fixes/4.4.139-043-powerpc-mm-hash-Add-missing-isync-prior-to-ke.patch (bnc#1012382, bsc#1094244). - Update config files, make CRYPTO_CRCT10DIF_PCLMUL built-in (bsc#1105603). - Update patch tag of dmi fix (bsc#1105597) Also moved to the sorted section. - Update patch tags of recent security fixes (bsc#1106426) - Update references (bsc#1064232) - Workaround kABI breakage by __must_check drop of strscpy() (bsc#1051510). - ahci: Add Intel Ice Lake LP PCI ID (bsc#1051510). - apparmor: Fix regression in profile conflict logic (bsc#1106427) - apparmor: ensure that undecidable profile attachments fail (bsc#1106427). - apparmor: fix an error code in __aa_create_ns() (bsc#1106427). - apparmor: remove no-op permission check in policy_unpack (bsc#1106427). - arm64/acpi: Create arch specific cpu to acpi id helper (bsc#1106903). - arm64/kasan: do not allocate extra shadow memory (bsc#1106897). - arm64/mm/kasan: do not use vmemmap_populate() to initialize shadow (bsc#1106898). - arm64: Enforce BBM for huge IO/VMAP mappings (bsc#1106890). - arm64: Ignore hardware dirty bit updates in ptep_set_wrprotect() (bsc#1108010). - arm64: Make sure permission updates happen for pmd/pud (bsc#1106891). - arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag (bsc#1106902). - arm64: export memblock_reserve()d regions via /proc/iomem (bsc#1106892). - arm64: fix unwind_frame() for filtered out fn for function graph tracing (bsc#1106900). - arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups (bsc#1106896). - arm64: fpsimd: Avoid FPSIMD context leakage for the init task (bsc#1106894). - arm64: kasan: avoid pfn_to_nid() before page array is initialized (bsc#1106899). - arm64: mm: Ensure writes to swapper are ordered wrt subsequent cache maintenance (bsc#1106906). - arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() (bsc#1106893). - arm64: numa: rework ACPI NUMA initialization (bsc#1106905). - arm64: vgic-v2: Fix proxying of cpuif access (bsc#1106901). - ata: libahci: Allow reconfigure of DEVSLP register (bsc#1051510). - ata: libahci: Correct setting of DEVSLP register (bsc#1051510). - ath10k: disable bundle mgmt tx completion event support (bsc#1051510). - ath10k: update the phymode along with bandwidth change request (bsc#1051510). - ath9k: add MSI support. - ath9k: report tx status on EOSP (bsc#1051510). - ath9k_hw: fix channel maximum power level test (bsc#1051510). - b43/leds: Ensure NUL-termination of LED name string (bsc#1051510). - b43legacy/leds: Ensure NUL-termination of LED name string (bsc#1051510). - bcache: avoid unncessary cache prefetch bch_btree_node_get(). - bcache: calculate the number of incremental GC nodes according to the total of btree nodes. - bcache: display rate debug parameters to 0 when writeback is not running. - bcache: do not check return value of debugfs_create_dir(). - bcache: finish incremental GC. - bcache: fix I/O significant decline while backend devices registering. - bcache: fix error setting writeback_rate through sysfs interface. - bcache: free heap cache_set->flush_btree in bch_journal_free. - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section. - bcache: release dc->writeback_lock properly in bch_writeback_thread(). - bcache: set max writeback rate when I/O request is idle. - bcache: simplify the calculation of the total amount of flash dirty data. - Add a blacklist entry for the reverted patch (bsc#1106743) - blk-mq: avoid to synchronize rcu inside blk_cleanup_queue() (bsc#1077989). - blkdev: __blkdev_direct_IO_simple: fix leak in error case (bsc#1083663). - block, bfq: return nbytes and not zero from struct cftype .write() method (bsc#1106238). - block: bio_iov_iter_get_pages: fix size of last iovec (bsc#1083663). - block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs (bsc#1083663). - block: do not print a message when the device went away (bsc#1098459). - block: do not warn for flush on read-only device (bsc#1107756). - bnxt_en: Clean up unused functions (bsc#1086282). - bnxt_en: Do not adjust max_cp_rings by the ones used by RDMA (bsc#1086282). - bnxt_en: Fix VF mac address regression (bsc#1086282 ). - bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1050244). - bonding: avoid lockdep confusion in bond_get_stats() (netfilter-stable-18_08_04). - bpf, s390: fix potential memleak when later bpf_jit_prog fails (bsc#1083647). - bpf: fix references to free_bpf_prog_info() in comments (bsc#1083647). - bpf: fix uninitialized variable in bpf tools (bsc#1083647). - bpf: hash map: decrement counter on error (bsc#1083647). - bpf: powerpc64: pad function address loads with NOPs (bsc#1083647). - bpf: use GFP_ATOMIC instead of GFP_KERNEL in bpf_parse_prog() (bsc#1083647). - brcmfmac: stop watchdog before detach and free everything (bsc#1051510). - btrfs: Add checker for EXTENT_CSUM (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Add sanity check for EXTENT_DATA when reading out leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Check if item pointer overlaps with the item itself (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Check that each block group has corresponding chunk at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device (bsc#1097105). - btrfs: Handle error from btrfs_uuid_tree_rem call in _btrfs_ioctl_set_received_subvol (bsc#1097105). - btrfs: Introduce mount time chunk <-> dev extent mapping check (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Manually implement device_total_bytes getter/setter (bsc#1043912). - btrfs: Move leaf and node validation checker to tree-checker.c (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Round down values which are written for total_bytes_size (bsc#1043912). - btrfs: Verify that every chunk has corresponding block group at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: fix error handling in btrfs_dev_replace_start (bsc#1107535). - btrfs: round down size diff when shrinking/growing device (bsc#1097105). - btrfs: tree-checker: Add checker for dir item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Detect invalid and empty essential trees (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance btrfs_check_node output (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_extent_data_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for btrfs_check_leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_csum_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Fix false panic for sanity test (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Replace root parameter with fs_info (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Verify block_group_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (bsc#1051510). - ceph: fix incorrect use of strncpy (bsc#1107319). - ceph: return errors from posix_acl_equiv_mode() correctly (bsc#1107320). - cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE (bsc#1051510). - cgroup: avoid copying strings longer than the buffers (bsc#1051510). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510). - cifs: check kmalloc before use (bsc#1051510). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510). - cls_matchall: fix tcf_unbind_filter missing (networking-stable-18_08_21). - crypto: caam/jr - fix descriptor DMA unmapping (bsc#1051510). - crypto: caam/qi - fix error path in xts setkey (bsc#1051510). - crypto: vmx - Fix sleep-in-atomic bugs (bsc#1051510). - cxl: Configure PSL to not use APC virtual machines (bsc#1055014, git-fixes). - cxl: Fix wrong comparison in cxl_adapter_context_get() (bsc#1055014, git-fixes). - dax: remove VM_MIXEDMAP for fsdax and device dax (bsc#1106007). - dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() (netfilter-stable-18_08_17). - drm/amd/pp/Polaris12: Fix a chunk of registers missed to program (bsc#1051510). - drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode (bsc#1051510). - drm/amdgpu: fix swapped emit_ib_size in vce3 (bsc#1051510). - drm/amdgpu: update tmr mc address (bsc#1100132). - drm/amdgpu:add new firmware id for VCN (bsc#1051510). - drm/amdgpu:add tmr mc address into amdgpu_firmware_info (bsc#1051510). - drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format (bsc#1051510). - drm/armada: fix colorkey mode property (bsc#1051510). - drm/armada: fix irq handling (bsc#1051510). - drm/bridge/sii8620: Fix display of packed pixel modes (bsc#1051510). - drm/bridge/sii8620: fix display of packed pixel modes in MHL2 (bsc#1051510). - drm/bridge/sii8620: fix loops in EDID fetch logic (bsc#1051510). - drm/bridge: adv7511: Reset registers on hotplug (bsc#1051510). - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 (bsc#1051510). - drm/exynos: decon5433: Fix WINCONx reset value (bsc#1051510). - drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes (bsc#1051510). - drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes (bsc#1051510). - drm/i915/audio: Fix audio enumeration issue on BXT. - drm/i915/gvt: Fix the incorrect length of child_device_config issue (bsc#1051510). - drm/i915/gvt: clear ggtt entries when destroy vgpu (bsc#1051510). - drm/i915/gvt: request srcu_read_lock before checking if one gfn is valid (bsc#1051510). - drm/i915/kvmgt: Fix potential Spectre v1 (bsc#1051510). - drm/i915/lpe: Mark LPE audio runtime pm as 'no callbacks' (bsc#1051510). - drm/i915/overlay: Allocate physical registers from stolen (bsc#1051510). - drm/i915: Increase LSPCON timeout (bsc#1051510). - drm/i915: set DP Main Stream Attribute for color range on DDI platforms (bsc#1051510). - drm/imx: imx-ldb: check if channel is enabled before printing warning (bsc#1051510). - drm/imx: imx-ldb: disable LDB on driver bind (bsc#1051510). - drm/modes: Introduce drm_mode_match(). - drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement (bsc#1051510). - drm/tegra: Check for malformed offsets and sizes in the 'submit' IOCTL (bsc#1106170). - drm/tegra: Fix comparison operator for buffer size (bsc#1100132). - drm/vc4: Fix the 'no scaling' case on multi-planar YUV formats (bsc#1051510). - drm: Add DRM client cap for aspect-ratio. - drm: Add and handle new aspect ratios in DRM layer. - drm: Add aspect ratio parsing in DRM layer. - drm: Expose modes with aspect ratio, only if requested. - drm: Handle aspect ratio info in legacy modeset path. - drm: mali-dp: Enable Global SE interrupts mask for DP500 (bsc#1051510). - dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation (bsc#1051510). - errseq: Add to documentation tree (bsc#1107008). - errseq: Always report a writeback error once (bsc#1107008). - ext4: sysfs: print ext4_super_block fields as little-endian (bsc#1106229). - f2fs: remove unneeded memory footprint accounting (bsc#1106233). - f2fs: remove unneeded memory footprint accounting (bsc#1106297). - f2fs: validate before set/clear free nat bitmap (bsc#1106231). - f2fs: validate before set/clear free nat bitmap (bsc#1106297). - fat: fix memory allocation failure handling of match_strdup() (bsc#1051510). - fb: fix lost console when the user unplugs a USB adapter (bsc#1051510). - fbdev: omapfb: off by one in omapfb_register_client() (bsc#1051510). - fix __legitimize_mnt()/mntput() race (bsc#1106297). - fix a page leak in vhost_scsi_iov_to_sgl() error recovery (bsc#1051510). - fix mntput/mntput race (bsc#1106297). - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed (bsc#1051510). - fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table (bsc#1106297). - fuse: Add missed unlock_page() to fuse_readpages_fill() (bsc#1106291). - fuse: Fix oops at process_init_reply() (bsc#1106291). - fuse: fix double request_end() (bsc#1106291). - fuse: fix initial parallel dirops (bsc#1106291). - fuse: fix unlocked access to processing queue (bsc#1106291). - fuse: umount should wait for all requests (bsc#1106291). - getxattr: use correct xattr length (bsc#1106235). - getxattr: use correct xattr length (bsc#1106297). - gpio: ml-ioh: Fix buffer underwrite on probe error path (bsc#1051510). - gpio: tegra: Move driver registration to subsys_init level (bsc#1051510). - gpiolib-acpi: make sure we trigger edge events at least once on boot (bsc#1051510). - gpiolib: acpi: Switch to cansleep version of GPIO library call (bsc#1051510). - gpu: host1x: Check whether size of unpin isn't 0 (bsc#1051510). - gpu: ipu-v3: default to id 0 on missing OF alias (bsc#1051510). - i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes (bsc#1051510). - i2c: davinci: Avoid zero value of CLKH (bsc#1051510). - i2c: i801: Add missing documentation entries for Braswell and Kaby Lake (bsc#1051510). - i2c: i801: Add support for Intel Cedar Fork (bsc#1051510). - i2c: i801: Add support for Intel Ice Lake (bsc#1051510). - i2c: i801: Consolidate chipset names in documentation and Kconfig (bsc#1051510). - i2c: i801: fix DNV's SMBCTRL register offset (bsc#1051510). - i2c: imx: Fix race condition in dma read (bsc#1051510). - i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP (bsc#1051510). - i2c: uniphier: issue STOP only for last message or I2C_M_STOP (bsc#1051510). - i2c: xiic: Make the start and the byte count write atomic (bsc#1051510). - i2c: xlp9xx: Fix case where SSIF read transaction completes early (bsc#1105907). - i2c: xlp9xx: Fix issue seen when updating receive length (bsc#1105907). - i2c: xlp9xx: Make sure the transfer size is not more than I2C_SMBUS_BLOCK_SIZE (bsc#1105907). - i40e: fix condition of WARN_ONCE for stat strings (bsc#1107522). - ib_srpt: Fix a use-after-free in srpt_close_ch() (bsc#1046306 ). - ibmvnic: Include missing return code checks in reset function (bnc#1107966). - iommu/amd: Add support for IOMMU XT mode. - iommu/amd: Add support for higher 64-bit IOMMU Control Register. - iommu/amd: Finish TLB flush in amd_iommu_unmap() (bsc#1106105). - iommu/amd: make sure TLB to be flushed before IOVA freed (bsc#1106105). - iommu/arm-smmu-v3: Do not free page table ops twice (bsc#1106237). - iommu/vt-d: Fix a potential memory leak (bsc#1106105). - iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105). - ipmi/powernv: Fix error return code in ipmi_powernv_probe() (git-fixes). - ipmi: Fix some counter issues (bsc#1105907). - ipmi: Move BT capabilities detection to the detect call (bsc#1106779). - ipmi: Remove ACPI SPMI probing from the SSIF (I2C) driver (bsc#1105907). - ipmi:bt: Set the timeout before doing a capabilities check (bsc#1051510). - ipv4: remove BUG_ON() from fib_compute_spec_dst (netfilter-stable-18_08_01). - irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP (bsc#1051510). - iw_cxgb4: remove duplicate memcpy() in c4iw_create_listen() (bsc#1046543). - ixgbe: Refactor queue disable logic to take completion time into account (bsc#1101557). - ixgbe: Reorder Tx/Rx shutdown to reduce time needed to stop device (bsc#1101557). - kabi fix for check_disk_size_change() (bsc#1098459). - kabi protect hnae_ae_ops (bsc#1107924). - kabi protect struct kvm_sync_regs (bsc#1106948). - kabi/severities: Whitelist libceph, rbd, and ceph (bsc#1096748). - kabi: move s390 mm_context_t lock to mm_struct and ignore the change (bsc#1103421). - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kvm: arm64: Convert kvm_set_s2pte_readonly() from inline asm to cmpxchg() (bsc#1108010). - kvm: nVMX: Fix fault vector for VMX operation at CPL > 0 (bsc#1106105). - kvm: nVMX: Use nested_run_pending rather than from_vmentry (bsc#1106240). - kvm: x86: vmx: fix vpid leak (bsc#1106240). - l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache (netfilter-stable-18_08_17). - lan78xx: Lan7801 Support for Fixed PHY (bsc#1085262). - lan78xx: Set ASD in MAC_CR when EEE is enabled (bsc#1085262). - lan78xx: remove redundant initialization of pointer 'phydev' (bsc#1085262). - lib/test_hexdump.c: fix failure on big endian cpu (bsc#1051510). - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() (bsc#1051510). - libbpf: Makefile set specified permission mode (bsc#1083647). - libceph: check authorizer reply/challenge length before reading (bsc#1096748). - libceph: factor out __ceph_x_decrypt() (bsc#1096748). - libceph: factor out __prepare_write_connect() (bsc#1096748). - libceph: factor out encrypt_authorizer() (bsc#1096748). - libceph: store ceph_auth_handshake pointer in ceph_connection (bsc#1096748). - libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() (bsc#1096748). - libnvdimm, btt: fix uninitialized err_lock (bsc#1103961). - libnvdimm, nfit: enable support for volatile ranges (bsc#1103961). - libnvdimm, nfit: move the check on nd_reserved2 to the endpoint (bsc#1103961). - libnvdimm: Use max contiguous area for namespace size (git-fixes). - libnvdimm: rename nd_sector_size_{show,store} to nd_size_select_{show,store} (bsc#1103961). - livepatch: Remove reliable stacktrace check in klp_try_switch_task() (bsc#1071995). - livepatch: Validate module/old func name length (bsc#1071995). - llc: use refcount_inc_not_zero() for llc_sap_find() (netfilter-stable-18_08_17). - mac80211: add stations tied to AP_VLANs during hw reconfig (bsc#1051510). - mac80211: always account for A-MSDU header changes (bsc#1051510). - mac80211: avoid kernel panic when building AMSDU from non-linear SKB (bsc#1051510). - mac80211: fix an off-by-one issue in A-MSDU max_subframe computation (bsc#1051510). - macros.kernel-source: pass -b properly in kernel module package (bsc#1107870). - md-cluster: clear another node's suspend_area after the copy is finished (bsc#1106333). - md-cluster: do not send msg if array is closing (bsc#1106333). - md-cluster: release RESYNC lock after the last resync message (bsc#1106688). - md-cluster: show array's status more accurate (bsc#1106333). - media: Revert '[media] tvp5150: fix pad format frame height' (bsc#1051510). - mei: do not update offset in write (bsc#1051510). - mei: me: enable asynchronous probing. - memcg, thp: do not invoke oom killer on thp charges (bnc#1089663). - memory: tegra: Apply interrupts mask per SoC (bsc#1051510). - memory: tegra: Do not handle spurious interrupts (bsc#1051510). - mfd: intel-lpss: Add Ice Lake PCI IDs (bsc#1051510). - mfd: lpc_ich: Do not touch SPI-NOR write protection bit on Apollo Lake (bsc#1051510). - mlxsw: core_acl_flex_actions: Return error for conflicting actions (netfilter-stable-18_08_17). - mm/huge_memory.c: fix data loss when splitting a file pmd (bnc#1107074). - mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported (bnc#1106697). - mm/vmscan: wake up flushers for legacy cgroups too (bnc#1107061). - mm: fix devmem_is_allowed() for sub-page System RAM intersections (bsc#1106800). - mm: memcg: fix use after free in mem_cgroup_iter() (bnc#1107065). - mmc: omap_hsmmc: fix wakeirq handling on removal (bsc#1051510). - module: exclude SHN_UNDEF symbols from kallsyms api (bsc#1071995). - net/9p/client.c: version pointer uninitialized (bsc#1051510). - net/9p/trans_fd.c: fix race by holding the lock (bsc#1051510). - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() (bsc#1051510). - net/9p: Switch to wait_event_killable() (bsc#1051510). - net/9p: fix error path of p9_virtio_probe (bsc#1051510). - net: dsa: Do not suspend/resume closed slave_dev (netfilter-stable-18_08_04). - net: ena: Eliminate duplicate barriers on weakly-ordered archs (bsc#1108093). - net: ena: Fix use of uninitialized DMA address bits field (netfilter-stable-18_08_01). - net: ena: fix device destruction to gracefully free resources (bsc#1108093). - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108093). - net: ena: fix incorrect usage of memory barriers (bsc#1108093). - net: ena: fix missing calls to READ_ONCE (bsc#1108093). - net: ena: fix missing lock during device destruction (bsc#1108093). - net: ena: fix potential double ena_destroy_device() (bsc#1108093). - net: ena: fix surprise unplug NULL dereference kernel crash (bsc#1108093). - net: ethernet: mvneta: Fix napi structure mixup on armada 3700 (networking-stable-18_08_21). - net: fix amd-xgbe flow-control issue (netfilter-stable-18_08_01). - net: hns3: Fix for waterline not setting correctly (bsc#1104353 ). - net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES (bsc#1104353). - net: hns: add netif_carrier_off before change speed and duplex (bsc#1107924). - net: hns: add the code for cleaning pkt in chip (bsc#1107924). - net: mdio-mux: bcm-iproc: fix wrong getter and setter pair (netfilter-stable-18_08_01). - net: mvneta: fix mvneta_config_rss on armada 3700 (networking-stable-18_08_21). - net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags (git-fixes). - net: stmmac: Fix WoL for PCI-based setups (netfilter-stable-18_08_04). - net: stmmac: mark PM functions as __maybe_unused (git-fixes). - net_sched: Fix missing res info when create new tc_index filter (netfilter-stable-18_08_17). - netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses (git-fixes). - netlink: Do not shift on 64 for ngroups (git-fixes). - netlink: Do not shift with UB on nlk->ngroups (netfilter-stable-18_08_01). - netlink: Do not subscribe to non-existent groups (netfilter-stable-18_08_01). - netlink: Fix spectre v1 gadget in netlink_create() (netfilter-stable-18_08_04). - nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds (git-fixes). - nfs41: do not return ENOMEM on LAYOUTUNAVAILABLE (git-fixes). - nfsd: remove blocked locks on client teardown (git-fixes). - nl80211: Add a missing break in parse_station_flags (bsc#1051510). - nl80211: check nla_parse_nested() return values (bsc#1051510). - nvme: register ns_id attributes as default sysfs groups (bsc#1105247). - nvme_fc: add 'nvme_discovery' sysfs attribute to fc transport device (bsc#1044189). - pinctrl/amd: only handle irq if it is pending and unmasked (bsc#1051510). - pipe: actually allow root to exceed the pipe buffer limits (bsc#1106297). - platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 (bsc#1051510). - pnfs/blocklayout: off by one in bl_map_stripe() (git-fixes). - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032, git-fixes). - powerpc/64s: Fix DT CPU features Power9 DD2.1 logic (bsc#1055117). - powerpc/64s: Fix compiler store ordering to SLB shadow area (bsc#1094244). - powerpc/64s: move machine check SLB flushing to mm/slb.c (bsc#1094244). - powerpc/kprobes: Fix call trace due to incorrect preempt count (bsc#1065729). - powerpc/lib: Fix the feature fixup tests to actually work (bsc#1065729). - powerpc/mce: Fix SLB rebolting during MCE recovery path (bsc#1094244). - powerpc/perf: Fix IMC allocation routine (bsc#1054914). - powerpc/perf: Fix memory allocation for core-imc based on num_possible_cpus() (bsc#1054914). - powerpc/perf: Remove sched_task function defined for thread-imc (bsc#1054914). - powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX (bsc#1094244). - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler (bsc#1094244). - powerpc/pseries: fix EEH recovery of some IOV devices (bsc#1078720, git-fixes). - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157, git-fixes). - powerpc: Avoid code patching freed init sections (bnc#1107735). - powerpc: make feature-fixup tests fortify-safe (bsc#1065729). - pstore: Fix incorrect persistent ram buffer mapping (bsc#1051510). - pwm: tiehrpwm: Fix disabling of output of PWMs (bsc#1051510). - qlge: Fix netdev features configuration (bsc#1098822). - r8169: add support for NCube 8168 network card (bsc#1051510). - reiserfs: fix broken xattr handling (heap corruption, bad retval) (bsc#1106236). - rhashtable: add schedule points (bsc#1051510). - root dentries need RCU-delayed freeing (bsc#1106297). - rsi: Fix 'invalid vdd' warning in mmc (bsc#1051510). - rxrpc: Fix user call ID check in rxrpc_service_prealloc_one (netfilter-stable-18_08_04). - s390/entry.S: use assembler alternatives (bsc#1103421). - s390/lib: use expoline for all bcr instructions (git-fixes, bsc#1103421). - s390/mm: fix local TLB flushing vs. detach of an mm address space (bsc#1103421). - s390/mm: fix race on mm->context.flush_mm (bsc#1103421). - s390/runtime instrumentation: simplify task exit handling (bsc#1103421). - s390: always save and restore all registers on context switch (bsc#1103421). - s390: detect etoken facility (bsc#1103421). - s390: fix br_r1_trampoline for machines without exrl (git-fixes, bsc#1103421). - s390: fix compat system call table (bsc#1103421). - s390: fix handling of -1 in set{,fs}id16 syscalls (bsc#1103421). - s390: use expoline thunks for all branches generated by the BPF JIT (bsc#1103421). - samples/bpf: adjust rlimit RLIMIT_MEMLOCK for xdp1 (bsc#1083647). - sched/fair: Fix vruntime_normalized() for remote non-migration wakeup (git-fixes). - sched/numa: Do not move imbalanced load purely on the basis of an idle CPU (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Evaluate move once per node (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove numa_has_capacity() (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Remove unused task_capacity from 'struct numa_stats' (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Stop comparing tasks for NUMA placement after selecting an idle core (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: remove unused code from update_numa_stats() (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: remove unused nr_running field (bnc#1101669 optimise numa balancing for fast migrate). - scripts/git_sort/git_sort.py: Add fixes branch from mkp/scsi.git. - scripts/git_sort/git_sort.py: add mkp 4.20/scsi-queue - scripts/tar-up.sh: Do not package gitlog-excludes file Also fix the evaluation of gitlog-excludes file, too - scripts: modpost: check memory allocation results (bsc#1051510). - scsi: fcoe: hold disc_mutex when traversing rport lists (bsc#1077989). - scsi: hpsa: limit transfer length to 1MB, not 512kB (bsc#1102346). - scsi: libfc: Add lockdep annotations (bsc#1077989). - scsi: libfc: fixup 'sleeping function called from invalid context' (bsc#1077989). - scsi: libfc: fixup lockdep annotations (bsc#1077989). - scsi: libfc: hold disc_mutex in fc_disc_stop_rports() (bsc#1077989). - scsi: lpfc: Correct MDS diag and nvmet configuration (bsc#1106636). - scsi: mpt3sas: Fix calltrace observed while running IO and reset (bsc#1077989). - scsi: qla2xxx: Add appropriate debug info for invalid RX_ID (bsc#1108870). - scsi: qla2xxx: Add logic to detect ABTS hang and response completion (bsc#1108870). - scsi: qla2xxx: Add mode control for each physical port (bsc#1108870). - scsi: qla2xxx: Add support for ZIO6 interrupt threshold (bsc#1108870). - scsi: qla2xxx: Allow FC-NVMe underrun to be handled by transport (bsc#1108870). - scsi: qla2xxx: Check for Register disconnect (bsc#1108870). - scsi: qla2xxx: Decrement login retry count for only plogi (bsc#1108870). - scsi: qla2xxx: Defer chip reset until target mode is enabled (bsc#1108870). - scsi: qla2xxx: Fix Remote port registration (bsc#1108870). - scsi: qla2xxx: Fix deadlock between ATIO and HW lock (bsc#1108870). - scsi: qla2xxx: Fix double increment of switch scan retry count (bsc#1108870). - scsi: qla2xxx: Fix dropped srb resource (bsc#1108870). - scsi: qla2xxx: Fix duplicate switch's Nport ID entries (bsc#1108870). - scsi: qla2xxx: Fix early srb free on abort (bsc#1108870). - scsi: qla2xxx: Fix iIDMA error (bsc#1108870). - scsi: qla2xxx: Fix incorrect port speed being set for FC adapters (bsc#1108870). - scsi: qla2xxx: Fix out of order Termination and ABTS response (bsc#1108870). - scsi: qla2xxx: Fix port speed display on chip reset (bsc#1108870). - scsi: qla2xxx: Fix premature command free (bsc#1108870). - scsi: qla2xxx: Fix process response queue for ISP26XX and above (bsc#1108870). - scsi: qla2xxx: Fix race condition for resource cleanup (bsc#1108870). - scsi: qla2xxx: Fix stuck session in PLOGI state (bsc#1108870). - scsi: qla2xxx: Force fw cleanup on ADISC error (bsc#1108870). - scsi: qla2xxx: Increase abort timeout value (bsc#1108870). - scsi: qla2xxx: Move ABTS code behind qpair (bsc#1108870). - scsi: qla2xxx: Move rport registration out of internal work_list (bsc#1108870). - scsi: qla2xxx: Move {get|rel}_sp to base_qpair struct (bsc#1108870). - scsi: qla2xxx: Reduce holding sess_lock to prevent CPU lock-up (bsc#1108870). - scsi: qla2xxx: Reject bsg request if chip is down (bsc#1108870). - scsi: qla2xxx: Remove ASYNC GIDPN switch command (bsc#1108870). - scsi: qla2xxx: Remove all rports if fabric scan retry fails (bsc#1108870). - scsi: qla2xxx: Remove redundant check for fcport deletion (bsc#1108870). - scsi: qla2xxx: Remove stale ADISC_DONE event (bsc#1108870). - scsi: qla2xxx: Remove stale debug trace message from tcm_qla2xxx (bsc#1108870). - scsi: qla2xxx: Serialize mailbox request (bsc#1108870). - scsi: qla2xxx: Terminate Plogi/PRLI if WWN is 0 (bsc#1108870). - scsi: qla2xxx: Turn off IOCB timeout timer on IOCB completion (bsc#1108870). - scsi: qla2xxx: Update driver to version 10.00.00.09-k (bsc#1108870). - scsi: qla2xxx: Update driver version to 10.00.00.10-k (bsc#1108870). - scsi: qla2xxx: Update driver version to 10.00.00.11-k (bsc#1108870). - scsi: qla2xxx: Update rscn_rcvd field to more meaningful scan_needed (bsc#1108870). - scsi: qla2xxx: Use correct qpair for ABTS/CMD (bsc#1108870). - scsi: qla2xxx: shutdown chip if reset fail (bsc#1108870). - scsi_debug: call resp_XXX function after setting host_scribble (bsc#1069138). - scsi_debug: reset injection flags for every_nth > 0 (bsc#1069138). - selftests/bpf/test_maps: exit child process without error in ENOMEM case (bsc#1083647). - selftests/bpf: fix a typo in map in map test (bsc#1083647). - serial: enable spi in sc16is7xx driver References: bsc#1105672 - serial: make sc16is7xx driver supported References: bsc#1105672 - slab: __GFP_ZERO is incompatible with a constructor (bnc#1107060). - spi-nor: intel-spi: Fix number of protected range registers for BYT/LPT. - spi: cadence: Change usleep_range() to udelay(), for atomic context (bsc#1051510). - spi: davinci: fix a NULL pointer dereference (bsc#1051510). - spi: pxa2xx: Add support for Intel Ice Lake (bsc#1051510). - staging: bcm2835-audio: Check if workqueue allocation failed. - staging: bcm2835-audio: Deliver indirect-PCM transfer error. - staging: bcm2835-audio: Disconnect and free vchi_instance on module_exit(). - staging: bcm2835-audio: Do not leak workqueue if open fails. - staging: bcm2835-audio: constify snd_pcm_ops structures. - staging: bcm2835-audio: make snd_pcm_hardware const. - staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice (bsc#1051510). - staging: lustre: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1051510). - staging: lustre: disable preempt while sampling processor id (bsc#1051510). - staging: lustre: fix bug in osc_enter_cache_try (bsc#1051510). - staging: lustre: ldlm: free resource when ldlm_lock_create() fails (bsc#1051510). - staging: lustre: libcfs: Prevent harmless read underflow (bsc#1051510). - staging: lustre: libcfs: fix test for libcfs_ioctl_hdr minimum size (bsc#1051510). - staging: lustre: llite: correct removexattr detection (bsc#1051510). - staging: lustre: llite: initialize xattr->xe_namelen (bsc#1051510). - staging: lustre: lmv: correctly iput lmo_root (bsc#1051510). - staging: lustre: lov: use correct env in lov_io_data_version_end() (bsc#1051510). - staging: lustre: o2iblnd: Fix FastReg map/unmap for MLX5 (bsc#1051510). - staging: lustre: o2iblnd: Fix crash in kiblnd_handle_early_rxs() (bsc#1051510). - staging: lustre: o2iblnd: fix race at kiblnd_connect_peer (bsc#1051510). - staging: lustre: obd_mount: use correct niduuid suffix (bsc#1051510). - staging: lustre: obdclass: return -EFAULT if copy_from_user() fails (bsc#1051510). - staging: lustre: ptlrpc: kfree used instead of kvfree (bsc#1051510). - staging: lustre: remove invariant in cl_io_read_ahead() (bsc#1051510). - staging: lustre: statahead: remove incorrect test on agl_list_empty() (bsc#1051510). - staging: vc04_services: Fix platform_no_drv_owner.cocci warnings. - staging: vc04_services: bcm2835-audio Format multiline comment. - staging: vc04_services: bcm2835-audio: Add blank line after declaration. - staging: vc04_services: bcm2835-audio: Change to unsigned int *. - staging: vc04_services: bcm2835-audio: add SPDX identifiers. - staging: vc04_services: bcm2835-audio: remove redundant license text. - staging: vc04_services: please do not use multiple blank lines. - string: drop __must_check from strscpy() and restore strscpy() usages in cgroup (bsc#1051510). - sunxi-rsb: Include OF based modalias in device uevent (bsc#1051510). - sys: do not hold uts_sem while accessing userspace memory (bnc#1106995). - target_core_rbd: break up free_device callback (bsc#1105524). - target_core_rbd: use RCU in free_device (bsc#1105524). - tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode (netfilter-stable-18_08_01). - tcp: add one more quick ack after after ECN events (netfilter-stable-18_08_01). - tcp: do not aggressively quick ack after ECN events (netfilter-stable-18_08_01). - tcp: do not force quickack when receiving out-of-order packets (netfilter-stable-18_08_01). - tcp: refactor tcp_ecn_check_ce to remove sk type cast (netfilter-stable-18_08_01). - tcp_bbr: fix bw probing to raise in-flight data for very small BDPs (netfilter-stable-18_08_01). - thermal: thermal_hwmon: Convert to hwmon_device_register_with_info() (bsc#1103363). - thermal_hwmon: Pass the originating device down to hwmon_device_register_with_info (bsc#1103363). - thermal_hwmon: Sanitize attribute name passed to hwmon (bsc#1103363). - ti: ethernet: cpdma: Use correct format for genpool_* (bsc#1051510). - tools/power turbostat: Read extended processor family from CPUID (bsc#1051510). - tools/power turbostat: fix -S on UP systems (bsc#1051510). - tools: usb: ffs-test: Fix build on big endian systems (bsc#1051510). - tpm: Introduce flag TPM_TRANSMIT_RAW (bsc#1082555). - tpm: cmd_ready command can be issued only after granting locality (bsc#1082555). - tpm: fix race condition in tpm_common_write() (bsc#1082555). - tpm: fix use after free in tpm2_load_context() (bsc#1082555). - tpm: separate cmd_ready/go_idle from runtime_pm (bsc#1082555). - tpm: tpm_crb: relinquish locality on error path (bsc#1082555). - tpm: vtpm_proxy: Implement request_locality function (bsc#1082555). - tracepoint: Do not warn on ENOMEM (bsc#1051510). - uart: fix race between uart_put_char() and uart_shutdown() (bsc#1051510). - ubifs: Check data node size before truncate (bsc#1051510). - ubifs: Fix directory size calculation for symlinks (bsc#1106230). - ubifs: Fix memory leak in lprobs self-check (bsc#1051510). - ubifs: Fix synced_i_size calculation for xattr inodes (bsc#1051510). - ubifs: xattr: Do not operate on deleted inodes (bsc#1051510). - udl-kms: avoid division (bsc#1051510). - udl-kms: change down_interruptible to down (bsc#1051510). - udl-kms: fix crash due to uninitialized memory (bsc#1051510). - udl-kms: handle allocation failure (bsc#1051510). - udlfb: set optimal write delay (bsc#1051510). - usb/phy: fix PPC64 build errors in phy-fsl-usb.c (bsc#1051510). - usb: Do not die twice if PCI xhci host is not responding in resume (bsc#1051510). - usb: dwc2: fix isoc split in transfer with no data (bsc#1051510). - usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() (bsc#1051510). - usb: dwc3: pci: add support for Intel IceLake (bsc#1051510). - usb: gadget: composite: fix delayed_status race condition when set_interface (bsc#1051510). - usb: gadget: dwc2: fix memory leak in gadget_init() (bsc#1051510). - usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() (bsc#1051510). - usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() (bsc#1051510). - usb: gadget: udc: renesas_usb3: fix maxpacket size of ep0 (bsc#1051510). - usb: xhci: increase CRS timeout value (bsc#1051510). - userns: move user access out of the mutex (bsc#1051510). - vfio/pci: Virtualize Maximum Payload Size (bsc#1051510). - vfio/pci: Virtualize Maximum Read Request Size (bsc#1051510). - vfio/type1: Fix task tracking for QEMU vCPU hotplug (bsc#1051510). - vhost: correctly check the iova range when waking virtqueue (bsc#1051510). - vhost: do not try to access device IOTLB when not initialized (bsc#1051510). - vhost: reset metadata cache when initializing new IOTLB (netfilter-stable-18_08_17). - vhost: use mutex_lock_nested() in vhost_dev_lock_vqs() (bsc#1051510). - video: fbdev: pxafb: clear allocated memory for video modes (bsc#1051510). - vsock: split dwork to avoid reinitializations (netfilter-stable-18_08_17). - wlcore: Set rx_status boottime_ns field on rx (bsc#1051510). - x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available. - x86/CPU: Modify detect_extended_topology() to return result. - x86/events/intel/ds: Fix bts_interrupt_threshold alignment (git-fixes c1961a4631da). - x86/init: fix build with CONFIG_SWAP=n (bnc#1106121). - x86/kasan/64: Teach KASAN about the cpu_entry_area (kasan). - x86/kvm: fix LAPIC timer drift when guest uses periodic mode (bsc#1106240). - x86/mcelog: Get rid of RCU remnants (git-fixes 5de97c9f6d85). - x86/mm/kasan: Do not use vmemmap_populate() to initialize shadow (kasan). - x86/mm/memory_hotplug: determine block size based on the end of boot memory (bsc#1108243). - x86/platform/UV: Add adjustable set memory block size function (bsc#1108243). - x86/platform/UV: Add kernel parameter to set memory block size (bsc#1108243). - x86/platform/UV: Mark memblock related init code and data correctly (bsc#1108243). - x86/platform/UV: Use new set memory block size function (bsc#1108243). - x86/spectre: Add missing family 6 check to microcode check (git-fixes a5b296636453). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369). - x86/vdso: Fix vDSO build if a retpoline is emitted (git-fixes 76b043848fd2). - x86/xen/efi: Initialize only the EFI struct members used by Xen (bnc#1107945). - x86: irq_remapping: Move irq remapping mode enum. - xen-netfront-dont-bug-in-case-of-too-many-frags.patch: (bnc#1104824). - xen-netfront: fix queue name setting (bnc#1065600). - xen-netfront: fix warn message as irq device name has '/' (bnc#1065600). - xen/blkback: do not keep persistent grants too long (bsc#1085042). - xen/blkback: move persistent grants flags to bool (bsc#1085042). - xen/blkback: remove unused pers_gnts_lock from struct (bsc#1085042). - xen/blkfront: cleanup stale persistent grants (bsc#1085042). - xen/blkfront: reorder tests in xlblk_init() (bsc#1085042). - xen: avoid crash in disable_hotplug_cpu (bsc#1106594). - xen: xenbus_dev_frontend: Fix XS_TRANSACTION_END handling (bnc#1065600). - xen: xenbus_dev_frontend: Really return response string (bnc#1065600). - xenbus: track caller request id (bnc#1065600). - xfs: Fix per-inode DAX flag inheritance (Git-fixes bsc#1109511). - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344). - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344). - xfs: add a xfs_iext_update_extent helper (bsc#1095344). - xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space (bsc#1095344). - xfs: add comments documenting the rebalance algorithm (bsc#1095344). - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node (bsc#1095344). - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all (bsc#1095344). - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_collapse_extents (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_insert_extents (bsc#1095344). - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344). - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344). - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344). - xfs: fix type usage (bsc#1095344). - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344). - xfs: inline xfs_shift_file_space into callers (bsc#1095344). - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344). - xfs: iterate backwards in xfs_reflink_cancel_cow_blocks (bsc#1095344). - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344). - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344). - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real (bsc#1095344). - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344). - xfs: move pre/post-bmap tracing into xfs_iext_update_extent (bsc#1095344). - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344). - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344). - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344). - xfs: move xfs_iext_insert tracepoint to report useful information (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344). - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344). - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344). - xfs: preserve i_rdev when recycling a reclaimable inode (bsc#1095344). - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: refactor xfs_del_extent_real (bsc#1095344). - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344). - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344). - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: remove a superflous assignment in xfs_iext_remove_node (bsc#1095344). - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all (bsc#1095344). - xfs: remove if_rdev (bsc#1095344). - xfs: remove post-bmap tracing in xfs_bmap_local_to_extents (bsc#1095344). - xfs: remove support for inlining data/extents into the inode fork (bsc#1095344). - xfs: remove the never fully implemented UUID fork format (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344). - xfs: remove xfs_bmbt_get_state (bsc#1095344). - xfs: remove xfs_bmse_shift_one (bsc#1095344). - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344). - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344). - xfs: replace xfs_qm_get_rtblks with a direct call to xfs_bmap_count_leaves (bsc#1095344). - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344). - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent (bsc#1095344). - xfs: rewrite xfs_bmap_first_unused to make better use of xfs_iext_get_extent (bsc#1095344). - xfs: simplify the xfs_getbmap interface (bsc#1095344). - xfs: simplify xfs_reflink_convert_cow (bsc#1095344). - xfs: split xfs_bmap_shift_extents (bsc#1095344). - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344). - xfs: trivial indentation fixup for xfs_iext_remove_node (bsc#1095344). - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344). - xfs: use a b+tree for the in-core extent list (bsc#1095344). - xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay} (bsc#1095344). - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344). - xfs: use xfs_bmap_del_extent_delay for the data fork as well (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at (bsc#1095344). - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344). - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344). ----------------------------------------- Patch: SUSE-2018-2123 Released: Tue Oct 2 21:14:23 2018 Summary: Recommended update for multiple yast2 packages Severity: moderate References: 1099691 Description: This update addresses issues in several yast2 packages: Feature added to all packages: - Added additional searchkeys to desktop file (fate#321043, bsc#1099691) ----------------------------------------- Patch: SUSE-2018-2124 Released: Tue Oct 2 21:14:38 2018 Summary: Recommended update for yast2-users Severity: moderate References: 1095320 Description: This update for yast2-users fixes the following issues: - Fixed conflicting shortcuts in plugin module (bsc#1095320). ----------------------------------------- Patch: SUSE-2018-2136 Released: Thu Oct 4 14:17:44 2018 Summary: Security update for python Severity: moderate References: 1109663,CVE-2018-1000802 Description: This update for python fixes the following issue: - CVE-2018-1000802: Prevent command injection in shutil module (make_archive function) via passage of unfiltered user input (bsc#1109663) ----------------------------------------- Patch: SUSE-2018-2138 Released: Thu Oct 4 15:52:15 2018 Summary: Recommended update for sudo Severity: low References: 1097643 Description: This update for sudo fixes the following issues: - fix permissions for /var/lib/sudo and /var/lib/sudo/ts (bsc#1097643) ----------------------------------------- Patch: SUSE-2018-2142 Released: Thu Oct 4 16:06:44 2018 Summary: Recommended update for yast2-http-server Severity: moderate References: 1099106 Description: This update for yast2-http-server provides the following fixes: - Fixed PHP support (use PHP7 instead of dropped PHP5). (bsc#1099106) - Fixed also other renamed packages (for Python and apparmor). - Added additional search keys to desktop file. (fate#321043). ----------------------------------------- Patch: SUSE-2018-2143 Released: Thu Oct 4 16:07:44 2018 Summary: Recommended update for yast2-add-on Severity: low References: 1102705 Description: This update for yast2-add-on provides the following fixes: - Do not show the main dialog when it is immediately skipped. (bsc#1102705) - Added additional search keys to desktop file. (fate#321043) ----------------------------------------- Patch: SUSE-2018-2155 Released: Fri Oct 5 14:41:17 2018 Summary: Recommended update for ca-certificates Severity: moderate References: 1101470 Description: This update for ca-certificates fixes the following issues: - Changed 'openssl' requirement to 'openssl(cli)' (bsc#1101470) ----------------------------------------- Patch: SUSE-2018-2157 Released: Fri Oct 5 14:43:00 2018 Summary: Recommended update for yast2 and yast2-services-manager Severity: moderate References: 1080738,1093111,1096027,1098910,1104568 Description: This update for yast2 and yast2-services-manager provides the following fixes: Fixes in both packages: - Add support for systemd services that can only be started on-demand. (fate#319428, bsc#1104568) - Fix support to handle services during early 1st stage. (fate#319428) Fixes in yast2: - Improve systemd socket detection. (fate#319428) - Fix an exception in SystemService#find_many. - Add a method to detect whether a systemd service exists in the underlying system or not. (fate#319428) - Fix systemd socket detection. - Do not display 'download failed' error when using unsigned packages. (bsc#1096027) - Firewall state can now be correctly determined. (bsc#1093111) - Increases the timeout for systemctl command executions (bsc#1098910) - CWM: allow to define next handler for CWM#show and define default next handler in CWM::Dialog. This is needed for Expert Partitioner. (fate#318196) Fixes in yast2-services-manager: - Show systemd state and substate for each service, e.g. 'Active (Running)'. (bsc#1080738) - Added a new menu button to select the service start mode (on boot, on demand or manually). (fate#319427) - Added additional searchkeys to desktop file. (fate#321043) ----------------------------------------- Patch: SUSE-2018-2158 Released: Fri Oct 5 14:43:25 2018 Summary: Recommended update for libzypp, zypper Severity: moderate References: 1100095,1104415,1108999 Description: This update for libzypp, zypper fixes the following issues: - Drop type application due to poor metadata support (bsc#1100095, bsc#1104415) - Allow repo commands on transactional-server (bsc#1108999) ----------------------------------------- Patch: SUSE-2018-2170 Released: Mon Oct 8 10:31:14 2018 Summary: Recommended update for python3 Severity: moderate References: 1107030 Description: This update for python3 fixes the following issues: - Add -fwrapv to OPTS, which is default for python3 for bugs which are caused by avoiding it. (bsc#1107030) ----------------------------------------- Patch: SUSE-2018-2177 Released: Tue Oct 9 09:00:13 2018 Summary: Recommended update for bash Severity: moderate References: 1095661,1095670,1100488 Description: This update for bash provides the following fixes: - Bugfix: Parse settings in inputrc for all screen TERM variables starting with 'screen.' (bsc#1095661) - Make the generation of bash.html reproducible. (bsc#1100488) - Use initgroups(3) instead of setgroups(2) to fix the usage of suid programs. (bsc#1095670) - Fix a problem that could cause hash table bash uses to store exit statuses from asynchronous processes to develop loops in circumstances involving long-running scripts that create and reap many processes. - Fix a problem that could cause the shell to loop if a SIGINT is received inside of a SIGINT trap handler. - Fix cases where a failing readline command (e.g., delete-char at the end of a line) can cause a multi-character key sequence to 'back up' and attempt to re-read some of the characters in the sequence. - Fix a problem when sourcing a file from an interactive shell, that setting the SIGINT handler to the default and typing ^C would cause the shell to exit. ----------------------------------------- Patch: SUSE-2018-2182 Released: Tue Oct 9 11:08:36 2018 Summary: Security update for libxml2 Severity: moderate References: 1088279,1102046,1105166,CVE-2018-14404,CVE-2018-14567,CVE-2018-9251 Description: This update for libxml2 fixes the following security issues: - CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279) - CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166) - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) ----------------------------------------- Patch: SUSE-2018-2183 Released: Tue Oct 9 11:30:31 2018 Summary: Security update for java-1_8_0-ibm Severity: moderate References: 1104668,CVE-2016-0705,CVE-2017-3732,CVE-2017-3736,CVE-2018-12539,CVE-2018-1517,CVE-2018-1656,CVE-2018-2940,CVE-2018-2952,CVE-2018-2964,CVE-2018-2973 Description: This update for java-1_8_0-ibm to 8.0.5.20 fixes the following issues: - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1104668). - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1104668). - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1104668). - CVE-2018-2964: Vulnerability in subcomponent: Deployment. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. (bsc#1104668). - CVE-2016-0705: Prevent double free in the dsa_priv_decode function that allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key (bsc#1104668). - CVE-2017-3732: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668). - CVE-2017-3736: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668). - CVE-2018-12539: Users other than the process owner might have been able to use Java Attach API to connect to an IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code (bsc#1104668) - CVE-2018-1517: Unspecified vulnerability (bsc#1104668). - CVE-2018-1656: Unspecified vulnerability (bsc#1104668) ----------------------------------------- Patch: SUSE-2018-2191 Released: Wed Oct 10 09:12:38 2018 Summary: Recommended update for nfs-utils Severity: low References: 1098532 Description: This update for nfs-utils provides the following fix: - nfs.conf: Spell NFSV4LEASETIME correctly. (bsc#1098532) ----------------------------------------- Patch: SUSE-2018-2192 Released: Wed Oct 10 13:20:46 2018 Summary: Recommended update for yast2-support Severity: moderate References: 1093358,1099691 Description: This update for yast2-support provides the following fixes: - Make the 'Next' button to submit the gathered information visible in ncurses. (bsc#1093358) - Make the Contact Information screen fit in a 80x24 terminal. - Add additional search keys to the desktop file. (fate#321043, bsc#1099691) ----------------------------------------- Patch: SUSE-2018-2193 Released: Wed Oct 10 13:20:50 2018 Summary: Recommended update for dialog Severity: moderate References: 1094836 Description: This update for dialog fixes the following issues: - Fixes a bug where scrolling is not possible (bsc#1094836) ----------------------------------------- Patch: SUSE-2018-2206 Released: Fri Oct 12 11:04:24 2018 Summary: Recommended update for tigervnc Severity: moderate References: 1101470 Description: This update for tigervnc fixes the following issues: - Changed 'openssl' requirement to 'openssl(cli)'. (bsc#1101470) ----------------------------------------- Patch: SUSE-2018-2209 Released: Fri Oct 12 11:06:02 2018 Summary: Recommended update for alsa Severity: moderate References: 1091678 Description: This update for alsa provides the following fixes: - Fix UCM profile parsing with longname. (bsc#1091678) - Add Dell WD15 dock UCM profile. (bsc#1091678) ----------------------------------------- Patch: SUSE-2018-2241 Released: Tue Oct 16 11:07:49 2018 Summary: Security update for the Linux Kernel Severity: important References: 1012382,1031392,1051510,1055120,1061840,1065729,1082519,1085030,1090078,1094244,1098782,1101669,1102495,1103269,1103405,1103587,1103636,1104888,1105190,1105795,1106105,1106240,1106948,1107783,1107829,1107928,1107947,1108096,1108170,1108281,1108323,1108399,1108823,1109244,1109333,1109336,1109337,1109603,1109806,1109859,1109979,1109992,1110006,1110301,1110363,1110639,1110642,1110643,1110644,1110645,1110646,1110647,1110649,1110650,CVE-2018-14633,CVE-2018-17182 Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable (bnc#1107829). The following non-security bugs were fixed: - alsa: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path (bsc#1051510). - alsa: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping (bsc#1051510). - alsa: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO (bsc#1051510). - alsa: fireworks: fix memory leak of response buffer at error path (bsc#1051510). - alsa: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge (bsc#1051510). - alsa: msnd: Fix the default sample sizes (bsc#1051510). - alsa: pcm: Fix snd_interval_refine first/last with open min/max (bsc#1051510). - alsa: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro (bsc#1051510). - ASoC: cs4265: fix MMTLR Data switch control (bsc#1051510). - ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs (bsc#1051510). - ASoC: rt5514: Add the I2S ASRC support (bsc#1051510). - ASoC: rt5514: Add the missing register in the readable table (bsc#1051510). - ASoC: rt5514: Eliminate the noise in the ASRC case (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied (bsc#1051510). - ax88179_178a: Check for supported Wake-on-LAN modes (bsc#1051510). - block, dax: remove dead code in blkdev_writepages() (bsc#1104888). - block: fix warning when I/O elevator is changed as request_queue is being removed (bsc#1109979). - block: Invalidate cache on discard v2 (bsc#1109992). - block: pass inclusive 'lend' parameter to truncate_inode_pages_range (bsc#1109992). - block: properly protect the 'queue' kobj in blk_unregister_queue (bsc#1109979). - bluetooth: Add a new Realtek 8723DE ID 0bda:b009 (bsc#1051510). - bluetooth: btsdio: Do not bind to non-removable BCM43430 (bsc#1103587). - bluetooth: Use lock_sock_nested in bt_accept_enqueue (bsc#1051510). - btrfs: add a comp_refs() helper (dependency for bsc#1031392). - btrfs: add tracepoints for outstanding extents mods (dependency for bsc#1031392). - btrfs: check-integrity: Fix NULL pointer dereference for degraded mount (bsc#1107947). - btrfs: cleanup extent locking sequence (dependency for bsc#1031392). - btrfs: delayed-inode: Remove wrong qgroup meta reservation calls (bsc#1031392). - btrfs: delayed-inode: Use new qgroup meta rsv for delayed inode and item (bsc#1031392). - btrfs: fix data corruption when deduplicating between different files (bsc#1110647). - btrfs: fix duplicate extents after fsync of file with prealloc extents (bsc#1110644). - btrfs: fix fsync after hole punching when using no-holes feature (bsc#1110642). - btrfs: fix loss of prealloc extents past i_size after fsync log replay (bsc#1110643). - btrfs: fix return value on rename exchange failure (bsc#1110645). - btrfs: fix send failure when root has deleted files still open (bsc#1110650). - btrfs: Fix wrong btrfs_delalloc_release_extents parameter (bsc#1031392). - btrfs: log csums for all modified extents (bsc#1110639). - btrfs: make the delalloc block rsv per inode (dependency for bsc#1031392). - btrfs: qgroup: Add quick exit for non-fs extents (dependency for bsc#1031392). - btrfs: qgroup: Cleanup btrfs_qgroup_prepare_account_extents function (dependency for bsc#1031392). - btrfs: qgroup: Cleanup the remaining old reservation counters (bsc#1031392). - btrfs: qgroup: Commit transaction in advance to reduce early EDQUOT (bsc#1031392). - btrfs: qgroup: Do not use root->qgroup_meta_rsv for qgroup (bsc#1031392). - btrfs: qgroup: Fix qgroup reserved space underflow by only freeing reserved ranges (dependency for bsc#1031392). - btrfs: qgroup: Fix qgroup reserved space underflow caused by buffered write and quotas being enabled (dependency for bsc#1031392). - btrfs: qgroup: Fix wrong qgroup reservation update for relationship modification (bsc#1031392). - btrfs: qgroup: Introduce extent changeset for qgroup reserve functions (dependency for bsc#1031392). - btrfs: qgroup: Introduce function to convert META_PREALLOC into META_PERTRANS (bsc#1031392). - btrfs: qgroup: Introduce helpers to update and access new qgroup rsv (bsc#1031392). - btrfs: qgroup: Make qgroup_reserve and its callers to use separate reservation type (bsc#1031392). - btrfs: qgroup: Return actually freed bytes for qgroup release or free data (dependency for bsc#1031392). - btrfs: qgroup: Skeleton to support separate qgroup reservation type (bsc#1031392). - btrfs: qgroup: Split meta rsv type into meta_prealloc and meta_pertrans (bsc#1031392). - btrfs: qgroup: Update trace events for metadata reservation (bsc#1031392). - btrfs: qgroup: Update trace events to use new separate rsv types (bsc#1031392). - btrfs: qgroup: Use independent and accurate per inode qgroup rsv (bsc#1031392). - btrfs: qgroup: Use root::qgroup_meta_rsv_* to record qgroup meta reserved space (bsc#1031392). - btrfs: qgroup: Use separate meta reservation type for delalloc (bsc#1031392). - btrfs: remove type argument from comp_tree_refs (dependency for bsc#1031392). - btrfs: Remove unused parameters from various functions (bsc#1110649). - btrfs: rework outstanding_extents (dependency for bsc#1031392). - btrfs: scrub: Do not use inode page cache in scrub_handle_errored_block() (follow up for bsc#1108096). - btrfs: scrub: Do not use inode pages for device replace (follow up for bsc#1108096). - btrfs: switch args for comp_*_refs (dependency for bsc#1031392). - btrfs: sync log after logging new name (bsc#1110646). - btrfs: tests/qgroup: Fix wrong tree backref level (bsc#1107928). - cfg80211: reg: Init wiphy_idx in regulatory_hint_core() (bsc#1051510). - coresight: Handle errors in finding input/output ports (bsc#1051510). - crypto: clarify licensing of OpenSSL asm code (). - crypto: sharah - Unregister correct algorithms for SAHARA 3 (bsc#1051510). - crypto: skcipher - Fix -Wstringop-truncation warnings (bsc#1051510). - dax: Introduce a ->copy_to_iter dax operation (bsc#1098782). - dax: Make extension of dax_operations transparent (bsc#1098782). - dax: remove default copy_from_iter fallback (bsc#1098782). patches.drivers/dax-remove-the-pmem_dax_ops-flush-abstraction.patch: Refresh - dax: Report bytes remaining in dax_iomap_actor() (bsc#1098782). - dax: require 'struct page' by default for filesystem dax (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch: Refresh - dax: store pfns in the radix (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch: Refresh - device-dax: Add missing address_space_operations (bsc#1107783). - device-dax: Enable page_mapping() (bsc#1107783). - device-dax: Set page->index (bsc#1107783). - doc/README.SUSE: Remove mentions of cloneconfig (bsc#1103636). - ext2: auto disable dax instead of failing mount (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch: Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - ext2, dax: introduce ext2_dax_aops (bsc#1104888). - ext4: auto disable dax instead of failing mount (bsc#1104888 ). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch: Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - ext4, dax: add ext4_bmap to ext4_dax_aops (bsc#1104888). - ext4, dax: introduce ext4_dax_aops (bsc#1104888). - ext4, dax: set ext4_dax_aops for dax files (bsc#1104888). - fbdev: Distinguish between interlaced and progressive modes (bsc#1051510). - fbdev/via: fix defined but not used warning (bsc#1051510). - filesystem-dax: Introduce dax_lock_mapping_entry() (bsc#1107783). patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - filesystem-dax: Set page->index (bsc#1107783). - Fix buggy backport in patches.fixes/dax-check-for-queue_flag_dax-in-bdev_dax_supported.patch (bsc#1109859) - Fix kexec forbidding kernels signed with keys in the secondary keyring to boot (bsc#1110006). - Fix sorted section Merge commits 862a718e83 and 8aa4d41564 had conflicts with (apparently) bad resolution which introduced disorder in the sorted section. - fs, dax: prepare for dax-specific address_space_operations (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch: Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - fs, dax: use page->mapping to warn if truncate collides with a busy page (bsc#1104888). - gpiolib: Mark gpio_suffixes array with __maybe_unused (bsc#1051510). - gpio: pxa: Fix potential NULL dereference (bsc#1051510). - gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes (bsc#1051510). - HID: hid-ntrig: add error handling for sysfs_create_group (bsc#1051510). - i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus (bsc#1051510). - Input: elantech - enable middle button of touchpad on ThinkPad P72 (bsc#1051510). - input: rohm_bu21023: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - intel_th: Fix device removal logic (bsc#1051510). - iommu/amd: Return devid as alias for ACPI HID devices (bsc#1106105). - ioremap: Update pgtable free interfaces with addr (bsc#1110006). - ipc/shm: fix shmat() nil address after round-down when remapping (bsc#1090078). - KABI: move the new handler to end of machdep_calls and hide it from genksyms (bsc#1094244). - kprobes/x86: Release insn_slot in failure path (bsc#1110006). - KVM: PPC: Book3S HV: Use correct pagesize in kvm_unmap_radix() (bsc#1061840, git-fixes). - KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr (bsc#1106240). - KVM: x86: Default to not allowing emulation retry in kvm_mmu_page_fault (bsc#1106240). - KVM: x86: Do not re-{try,execute} after failed emulation in L2 (bsc#1106240). - KVM: x86: Invert emulation re-execute behavior to make it opt-in (bsc#1106240). - KVM: x86: Merge EMULTYPE_RETRY and EMULTYPE_ALLOW_REEXECUTE (bsc#1106240). - lan78xx: Check for supported Wake-on-LAN modes (bsc#1051510). - lib/iov_iter: Fix pipe handling in _copy_to_iter_mcsafe() (bsc#1098782). - libnvdimm, pmem: Fix memcpy_mcsafe() return code handling in nsio_rw_bytes() (bsc#1098782). - libnvdimm, pmem: Restore page attributes when clearing errors (bsc#1107783). - Limit kernel-source build to architectures for which we build binaries (bsc#1108281). - mac80211: fix pending queue hang due to TX_DROP (bsc#1051510). - mac80211: restrict delayed tailroom needed decrement (bsc#1051510). - mei: bus: type promotion bug in mei_nfc_if_version() (bsc#1051510). - mei: ignore not found client in the enumeration (bsc#1051510). - mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - mfd: ti_am335x_tscadc: Fix struct clk memory leak (bsc#1051510). - mmc: sdhci: do not try to use 3.3V signaling if not supported (bsc#1051510). - mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips (bsc#1051510). - mm, dax: introduce pfn_t_special() (bsc#1104888). - mm, madvise_inject_error: Disable MADV_SOFT_OFFLINE for ZONE_DEVICE pages (bsc#1107783). - mm, madvise_inject_error: Let memory_failure() optionally take a page reference (bsc#1107783). - mm, memory_failure: Collect mapping size in collect_procs() (bsc#1107783). - mm, memory_failure: Teach memory_failure() about dev_pagemap pages (bsc#1107783). - mm, numa: Migrate pages to local nodes quicker early in the lifetime of a task (bnc#1101669 optimise numa balancing for fast migrate). - mm, numa: Remove rate-limiting of automatic numa balancing migration (bnc#1101669 optimise numa balancing for fast migrate). - mm, numa: Remove rate-limiting of automatic numa balancing migration kabi (bnc#1101669 optimise numa balancing for fast migrate). - mm/vmalloc: add interfaces to free unmapped page table (bsc#1110006). - NFC: Fix possible memory corruption when handling SHDLC I-Frame commands (bsc#1051510). - nfs/filelayout: fix oops when freeing filelayout segment (bsc#1105190). - NFS/filelayout: Fix racy setting of fl->dsaddr in filelayout_check_deviceid() (bsc#1105190). - NFS: Use an appropriate work queue for direct-write completion (bsc#1082519). - parport: sunbpp: fix error return code (bsc#1051510). - PCI: aardvark: Size bridges before resources allocation (bsc#1109806). - PCI: designware: Fix I/O space page leak (bsc#1109806). - PCI: faraday: Add missing of_node_put() (bsc#1109806). - PCI: faraday: Fix I/O space page leak (bsc#1109806). - PCI/portdrv: Compute MSI/MSI-X IRQ vectors after final allocation (bsc#1109806). - PCI/portdrv: Factor out Interrupt Message Number lookup (bsc#1109806). - PCI: versatile: Fix I/O space page leak (bsc#1109806). - PCI: xgene: Fix I/O space page leak (bsc#1109806). - PCI: xilinx: Add missing of_node_put() (bsc#1109806). - PCI: xilinx-nwl: Add missing of_node_put() (bsc#1109806). - pinctrl: cannonlake: Fix HOSTSW_OWN register offset of H variant (bsc#1051510). - platform/x86: alienware-wmi: Correct a memory leak (bsc#1051510). - platform/x86: toshiba_acpi: Fix defined but not used build warnings (bsc#1051510). - pmem: Switch to copy_to_iter_mcsafe() (bsc#1098782). - powernv/pseries: consolidate code for mce early handling (bsc#1094244). - powerpc/fadump: cleanup crash memory ranges support (bsc#1103269). - powerpc/fadump: re-register firmware-assisted dump if already registered (bsc#1108170, bsc#1108823). - powerpc: Fix size calculation using resource_size() (bnc#1012382). - powerpc: KABI add aux_ptr to hole in paca_struct to extend it with additional members (bsc#1094244). - powerpc: KABI: move mce_data_buf into paca_aux (bsc#1094244). - powerpc/numa: Use associativity if VPHN hcall is successful (bsc#1110363). - powerpc/pkeys: Fix reading of ibm, processor-storage-keys property (bsc#1109244). - powerpc/powernv/npu: Do a PID GPU TLB flush when invalidating a large address range (bsc#1055120). - powerpc/pseries: Defer the logging of rtas error to irq work queue (bsc#1094244). - powerpc/pseries: Define MCE error event section (bsc#1094244). - powerpc/pseries: Disable CPU hotplug across migrations (bsc#1065729). - powerpc/pseries: Display machine check error details (bsc#1094244). - powerpc/pseries: Dump the SLB contents on SLB MCE errors (bsc#1094244). - Refresh patches.kabi/KABI-move-mce_data_buf-into-paca_aux.patch - powerpc/pseries: Flush SLB contents on SLB MCE errors (bsc#1094244). - powerpc/pseries: Remove prrn_work workqueue (bsc#1102495, bsc#1109337). - powerpc/pseries: Remove unneeded uses of dlpar work queue (bsc#1102495, bsc#1109337). - powerpc/tm: Avoid possible userspace r1 corruption on reclaim (bsc#1109333). - powerpc/tm: Fix userspace r13 corruption (bsc#1109333). - powerpc/xive: Fix trying to 'push' an already active pool VP (bsc#1085030, git-fixes). - r8152: Check for supported Wake-on-LAN Modes (bsc#1051510). - README.BRANCH: SLE15-SP1 branch maintainer changes Add ptesarik as co-maintainer, keep tiwai as the primary maintainer - regulator: fix crash caused by null driver data (bsc#1051510). - rename/renumber hv patches to simplify upcoming upstream merges No code changes. - Revert 'btrfs: qgroups: Retry after commit on getting EDQUOT' (bsc#1031392). - Revert 'ipc/shm: Fix shmat mmap nil-page protection' (bsc#1090078). - rpm/mkspec: build dtbs for architectures marked -!needs_updating - rpm/mkspec: fix ppc64 kernel-source build. - s390/crypto: Fix return code checking in cbc_paes_crypt() (bnc#1108323, LTC#171709). - s390/pci: fix out of bounds access during irq setup (bnc#1108323, LTC#171068). - s390/qdio: reset old sbal_state flags (LTC#171525, bsc#1106948). - s390/qeth: use vzalloc for QUERY OAT buffer (LTC#171527, bsc#1106948). - sched/fair: Fix bandwidth timer clock drift condition (Git-fixes). - sched/numa: Avoid task migration for small NUMA improvement (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Pass destination CPU as a parameter to migrate_task_rq (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Pass destination CPU as a parameter to migrate_task_rq kabi (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Reset scan rate whenever task moves across nodes (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Stop multiple tasks from moving to the CPU at the same time (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Stop multiple tasks from moving to the CPU at the same time kabi (bnc#1101669 optimise numa balancing for fast migrate). - scsi: hisi_sas: Add a flag to filter PHY events during reset (). - scsi: hisi_sas: add memory barrier in task delivery function (). - scsi: hisi_sas: Add missing PHY spinlock init (). - scsi: hisi_sas: Add SATA FIS check for v3 hw (). - scsi: hisi_sas: Adjust task reject period during host reset (). - scsi: hisi_sas: Drop hisi_sas_slot_abort() (). - scsi: hisi_sas: Fix the conflict between dev gone and host reset (). - scsi: hisi_sas: Fix the failure of recovering PHY from STP link timeout (). - scsi: hisi_sas: Implement handlers of PCIe FLR for v3 hw (). - scsi: hisi_sas: Only process broadcast change in phy_bcast_v3_hw() (). - scsi: hisi_sas: Pre-allocate slot DMA buffers (). - scsi: hisi_sas: Release all remaining resources in clear nexus ha (). - scsi: hisi_sas: relocate some common code for v3 hw (). - scsi: hisi_sas: tidy channel interrupt handler for v3 hw (). - scsi: hisi_sas: Tidy hisi_sas_task_prep() (). - scsi: hisi_sas: tidy host controller reset function a bit (). - scsi: hisi_sas: Update a couple of register settings for v3 hw (). - scsi: hisi_sas: Use dmam_alloc_coherent() (). - scsi: ipr: System hung while dlpar adding primary ipr adapter back (bsc#1109336). - smsc75xx: Check for Wake-on-LAN modes (bsc#1051510). - smsc95xx: Check for Wake-on-LAN modes (bsc#1051510). - sort series.conf I didn't want to, but he made me do it. - sr9800: Check for supported Wake-on-LAN modes (bsc#1051510). - sr: get/drop reference to device in revalidate and check_events (bsc#1109979). - supported.conf: add test_syctl to new kselftests-kmp package As per we will require new FATE requests per each new selftest driver. We do not want to support these module on production runs but we do want to support them for QA / testing uses. The compromise is to package them into its own package, this will be the kselftests-kmp package. Selftests can also be used as proof of concept vehicle for issues by customers or ourselves. Vanilla kernels do not get test_sysctl given that driver was using built-in defaults, this also means we cannot run sefltests on config/s390x/zfcpdump which does not enable modules. Likeweise, since we had to *change* the kernel for test_syctl, it it also means we can't test test_syctl with vanilla kernels. It should be possible with other selftests drivers if they are present in vanilla kernels though. - uio, lib: Fix CONFIG_ARCH_HAS_UACCESS_MCSAFE compilation (bsc#1098782). - VFS: do not test owner for NFS in set_posix_acl() (bsc#1103405). - video: goldfishfb: fix memory leak on driver remove (bsc#1051510). - watchdog: Mark watchdog touch functions as notrace (git-fixes). - wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() (bsc#1051510). - x86/apic: Fix restoring boot IRQ mode in reboot and kexec/kdump (bsc#1110006). - x86/apic: Split disable_IO_APIC() into two functions to fix CONFIG_KEXEC_JUMP=y (bsc#1110006). - x86/apic: Split out restore_boot_irq_mode() from disable_IO_APIC() (bsc#1110006). - x86/apic/vector: Fix off by one in error path (bsc#1110006). - x86/asm/memcpy_mcsafe: Add labels for __memcpy_mcsafe() write fault handling (bsc#1098782). - x86/asm/memcpy_mcsafe: Add write-protection-fault handling (bsc#1098782). - x86/asm/memcpy_mcsafe: Define copy_to_iter_mcsafe() (bsc#1098782). - x86/asm/memcpy_mcsafe: Fix copy_to_user_mcsafe() exception handling (bsc#1098782). - x86/asm/memcpy_mcsafe: Provide original memcpy_mcsafe_unrolled (bsc#1098782). - x86/asm/memcpy_mcsafe: Remove loop unrolling (bsc#1098782). - x86/asm/memcpy_mcsafe: Return bytes remaining (bsc#1098782). - x86/boot: Fix kexec booting failure in the SEV bit detection code (bsc#1110301). - x86/build/64: Force the linker to use 2MB page size (bsc#1109603). - x86/dumpstack: Save first regs set for the executive summary (bsc#1110006). - x86/dumpstack: Unify show_regs() (bsc#1110006). - x86/entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit() (bsc#1110006). - x86/espfix/64: Fix espfix double-fault handling on 5-level systems (bsc#1110006). - x86/idt: Load idt early in start_secondary (bsc#1110006). - x86/kexec: Avoid double free_page() upon do_kexec_load() failure (bsc#1110006). - x86/mce: Fix set_mce_nospec() to avoid #GP fault (bsc#1107783). - x86/mce: Improve error message when kernel cannot recover (bsc#1110006). - x86/mce: Improve error message when kernel cannot recover (bsc#1110301). - x86/memory_failure: Introduce {set, clear}_mce_nospec() (bsc#1107783). - x86-memory_failure-Introduce-set-clear-_mce_nospec.patch: Fixup compilation breakage on s390 and arm due to missing clear_mce_nospec(). - x86/mm: Add TLB purge to free pmd/pte page interfaces (bsc#1110006). - x86/mm: Disable ioremap free page handling on x86-PAE (bsc#1110006). - x86/mm: Drop TS_COMPAT on 64-bit exec() syscall (bsc#1110006). - x86/mm: Expand static page table for fixmap space (bsc#1110006). - x86/mm: Fix ELF_ET_DYN_BASE for 5-level paging (bsc#1110006). - x86/mm: implement free pmd/pte page interfaces (bsc#1110006). - x86/mm/pat: Prepare {reserve, free}_memtype() for 'decoy' addresses (bsc#1107783). - x86/mpx: Do not allow MPX if we have mappings above 47-bit (bsc#1110006). - x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110006). - x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110301). - x86/PCI: Make broadcom_postcore_init() check acpi_disabled (bsc#1110006). - x86/pkeys: Do not special case protection key 0 (bsc#1110006). - x86/pkeys: Override pkey when moving away from PROT_EXEC (bsc#1110006). - x86/process: Do not mix user/kernel regs in 64bit __show_regs() (bsc#1110006). - x86/process: Re-export start_thread() (bsc#1110006). - x86/vdso: Fix lsl operand order (bsc#1110006). - x86/vdso: Fix lsl operand order (bsc#1110301). - xen: issue warning message when out of grant maptrack entries (bsc#1105795). - xfs, dax: introduce xfs_dax_aops (bsc#1104888). - xhci: Fix use after free for URB cancellation on a reallocated endpoint (bsc#1051510). ----------------------------------------- Patch: SUSE-2018-2244 Released: Tue Oct 16 14:06:30 2018 Summary: Security update for libssh Severity: important References: 1108020,CVE-2018-10933 Description: This update for libssh fixes the following issues: - CVE-2018-10933: Fixed a server mode authentication bypass (bsc#1108020). ----------------------------------------- Patch: SUSE-2018-2247 Released: Tue Oct 16 14:24:46 2018 Summary: Recommended update for hwinfo Severity: moderate References: 1072450,1105003 Description: This update for hwinfo provides the following fixes: - Try a more aggressive way to catch all usb platform controllers. (bsc#1072450) - Detect ARM HISILICON SAS controller. (bsc#1072450) - Check for vmware only when running in a vm. (bsc#1105003) - Add support for RISC-V. ----------------------------------------- Patch: SUSE-2018-2265 Released: Tue Oct 16 15:35:42 2018 Summary: Security update for binutils Severity: moderate References: 1065643,1065689,1065693,1068640,1068643,1068887,1068888,1068950,1069176,1069202,1075418,1077745,1079103,1079741,1080556,1081527,1083528,1083532,1085784,1086608,1086784,1086786,1086788,1090997,1091015,1091365,1091368,CVE-2017-15938,CVE-2017-15939,CVE-2017-15996,CVE-2017-16826,CVE-2017-16827,CVE-2017-16828,CVE-2017-16829,CVE-2017-16830,CVE-2017-16831,CVE-2017-16832,CVE-2018-10372,CVE-2018-10373,CVE-2018-10534,CVE-2018-10535,CVE-2018-6323,CVE-2018-6543,CVE-2018-6759,CVE-2018-6872,CVE-2018-7208,CVE-2018-7568,CVE-2018-7569,CVE-2018-7570,CVE-2018-7642,CVE-2018-7643,CVE-2018-8945 Description: This update for binutils to version 2.31 fixes the following issues: These security issues were fixed: - CVE-2017-15996: readelf allowed remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggered a buffer overflow on fuzzed archive header (bsc#1065643) - CVE-2017-15939: Binary File Descriptor (BFD) library (aka libbfd) mishandled NULL files in a .debug_line file table, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename (bsc#1065689) - CVE-2017-15938: the Binary File Descriptor (BFD) library (aka libbfd) miscalculated DW_FORM_ref_addr die refs in the case of a relocatable object file, which allowed remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash) (bsc#1065693) - CVE-2017-16826: The coff_slurp_line_table function the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068640) - CVE-2017-16832: The pe_bfd_read_buildid function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate size and offset values in the data dictionary, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068643) - CVE-2017-16831: Binary File Descriptor (BFD) library (aka libbfd) did not validate the symbol count, which allowed remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file (bsc#1068887) - CVE-2017-16830: The print_gnu_property_note function did not have integer-overflow protection on 32-bit platforms, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068888) - CVE-2017-16829: The _bfd_elf_parse_gnu_properties function in the Binary File Descriptor (BFD) library (aka libbfd) did not prevent negative pointers, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068950) - CVE-2017-16828: The display_debug_frames function allowed remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069176) - CVE-2017-16827: The aout_get_external_symbols function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069202) - CVE-2018-6323: The elf_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) had an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1077745) - CVE-2018-6543: Prevent integer overflow in the function load_specific_debug_section() which resulted in `malloc()` with 0 size. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1079103) - CVE-2018-6759: The bfd_get_debug_link_info_1 function in the Binary File Descriptor (BFD) library (aka libbfd) had an unchecked strnlen operation. Remote attackers could have leveraged this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file (bsc#1079741) - CVE-2018-6872: The elf_parse_notes function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment (bsc#1080556) - CVE-2018-7208: In the coff_pointerize_aux function in the Binary File Descriptor (BFD) library (aka libbfd) an index was not validated, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object (bsc#1081527) - CVE-2018-7570: The assign_file_positions_for_non_load_sections function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy (bsc#1083528) - CVE-2018-7569: The Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm (bsc#1083532) - CVE-2018-8945: The bfd_section_from_shdr function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (segmentation fault) via a large attribute section (bsc#1086608) - CVE-2018-7643: The display_debug_ranges function allowed remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump (bsc#1086784) - CVE-2018-7642: The swap_std_reloc_in function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy (bsc#1086786) - CVE-2018-7568: The parse_die function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm (bsc#1086788) - CVE-2018-10373: concat_filename in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new (bsc#1090997) - CVE-2018-10372: process_cu_tu_index allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf (bsc#1091015) - CVE-2018-10535: The ignore_section_sym function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate the output_section pointer in the case of a symtab entry with a 'SECTION' type that has a '0' value, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy (bsc#1091365) - CVE-2018-10534: The _bfd_XX_bfd_copy_private_bfd_data_common function in the Binary File Descriptor (BFD) library (aka libbfd) processesed a negative Data Directory size with an unbounded loop that increased the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeded its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c (bsc#1091368) These non-security issues were fixed: - The AArch64 port now supports showing disassembly notes which are emitted when inconsistencies are found with the instruction that may result in the instruction being invalid. These can be turned on with the option -M notes to objdump. - The AArch64 port now emits warnings when a combination of an instruction and a named register could be invalid. - Added O modifier to ar to display member offsets inside an archive - The ADR and ADRL pseudo-instructions supported by the ARM assembler now only set the bottom bit of the address of thumb function symbols if the -mthumb-interwork command line option is active. - Add --generate-missing-build-notes=[yes|no] option to create (or not) GNU Build Attribute notes if none are present in the input sources. Add a --enable-generate-build-notes=[yes|no] configure time option to set the default behaviour. Set the default if the configure option is not used to 'no'. - Remove -mold-gcc command-line option for x86 targets. - Add -O[2|s] command-line options to x86 assembler to enable alternate shorter instruction encoding. - Add support for .nops directive. It is currently supported only for x86 targets. - Speed up direct linking with DLLs for Cygwin and Mingw targets. - Add a configure option --enable-separate-code to decide whether -z separate-code should be enabled in ELF linker by default. Default to yes for Linux/x86 targets. Note that -z separate-code can increase disk and memory size. - RISC-V: Fix symbol address problem with versioned symbols - Restore riscv64-elf cross prefix via symlinks - Fix pacemaker libqb problem with section start/stop symbols - RISC-V: Don't enable relaxation in relocatable link - Prevent linking faiures on i386 with assertion (bsc#1085784) - Fix symbol size bug when relaxation deletes bytes - Add --debug-dump=links option to readelf and --dwarf=links option to objdump which displays the contents of any .gnu_debuglink or .gnu_debugaltlink sections. Add a --debug-dump=follow-links option to readelf and a --dwarf=follow-links option to objdump which causes indirect links into separate debug info files to be followed when dumping other DWARF sections. - Add support for loaction views in DWARF debug line information. - Add -z separate-code to generate separate code PT_LOAD segment. - Add '-z undefs' command line option as the inverse of the '-z defs' option. - Add -z globalaudit command line option to force audit libraries to be run for every dynamic object loaded by an executable - provided that the loader supports this functionality. - Tighten linker script grammar around file name specifiers to prevent the use of SORT_BY_ALIGNMENT and SORT_BY_INIT_PRIORITY on filenames. These would previously be accepted but had no effect. - The EXCLUDE_FILE directive can now be placed within any SORT_* directive within input section lists. - Fix linker relaxation with --wrap ----------------------------------------- Patch: SUSE-2018-2289 Released: Wed Oct 17 10:49:48 2018 Summary: Recommended update for yast2-network Severity: moderate References: 1052042,1086454,1095113,1095971,1098407,1099691,1103712 Description: This update for yast2-network fixes the following issues: - Added additional searchkeys to desktop file (fate#321043, bsc#1099691) - lan_test: stubbin Host.GetModified call (bsc#1052042). - Fixed flickering testcase which has been introduced by fixing (bsc#1052042) - Bugfix: Do not crash when trying to convert the /etc/hosts profile declaration from multiple line host entries for the same host to just one line (bsc#1095971) - Bugfix: Inform the user about empty host name entries (bsc#1095113) - Bugfix: Does no longer enforce particular mode for IPoIB devices by default (bsc#1086454) - Makes yast2-network independent of AutoYaST (bsc#1098407) - Fixes to the networking AY schema (bsc#1103712) ----------------------------------------- Patch: SUSE-2018-2293 Released: Wed Oct 17 10:52:51 2018 Summary: Recommended update for SUSEConnect Severity: moderate References: 1098220,1101470 Description: This update for SUSEConnect fixes the following issues: - Detect if system is in cloud provider AWS/Google/Azure. (fate#320935) - Fix doesn't fail when trying to parse an empty body. (bsc#1098220) - Don't install release packages if they are already present - Fix .spec file for running SUSEConnect on Fedora28 - Changed 'openssl' requirement to 'openssl(cli)'. (bsc#1101470) ----------------------------------------- Patch: SUSE-2018-2303 Released: Thu Oct 18 14:40:24 2018 Summary: Recommended update for firewalld Severity: moderate References: 1096542,1108420,1109074,1109153 Description: This update for firewalld fixes the following issues: - update to firewalld version 0.5.5 (bsc#1108420) * translation update * if direct rules fail to apply, it will add a 'Direct' label to error message * if startup fails on reload, it will reapply a non-permanent config that survives the reload - Add upstream patch to mark more strings as translatable (bsc#1096542) - Add upstream patches to fix NetworkManager integration (bsc#1109074) - Add upstream patch to fix ifcfg ZONE attribute on permanent firewall changes (bsc#1109153) ----------------------------------------- Patch: SUSE-2018-2307 Released: Thu Oct 18 14:42:54 2018 Summary: Recommended update for libxcb Severity: moderate References: 1101560 Description: This update for libxcb provides the following fix: - Fix some IO errors when using KWin in combination with the NVIDIA driver. (bsc#1101560) ----------------------------------------- Patch: SUSE-2018-2335 Released: Fri Oct 19 15:06:23 2018 Summary: Security update for clamav Severity: moderate References: 1103040,1104457,1110723,CVE-2018-14680,CVE-2018-14681,CVE-2018-14682,CVE-2018-15378 Description: This update for clamav fixes the following issues: clamav was updated to version 0.100.2. Following security issues were fixed: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723) - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040) Following non-security issues were addressed: - Make freshclam more robust against lagging signature mirrors. - On-Access 'Extra Scanning', an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457) ----------------------------------------- Patch: SUSE-2018-2338 Released: Fri Oct 19 15:14:46 2018 Summary: Recommended update for crmsh Severity: moderate References: 1093433,1096783,1103832,1103833,1103834,1106052,1109172 Description: This update for crmsh fixes the following issues: - Fix non interactive unicast cluster init and join (bsc#1109172) - Disable strict host key checking on all ssh invocations - Support ocfs2 log collecting - Process name change for pacemaker 2.0 (bsc#1106052) - Fix issue related to '-i' option doesn't work for binding network (bsc#1103833, bsc#1103834) - Fix incorrect bindnetaddr in corosync.conf (bsc#1103833, bsc#1103834) - Fix warning message at using '-q' - Support Pacemaker 2.0 daemon names - Locate pacemaker daemons more intelligently (bsc#1096783) - Fix TypeError in logparser.py (bsc#1093433) - Fix file conflicts between python3-parallax and python-parallax (bsc#1103832) ----------------------------------------- Patch: SUSE-2018-2340 Released: Fri Oct 19 16:05:53 2018 Summary: Security update for fuse Severity: moderate References: 1101797,CVE-2018-10906 Description: This update for fuse fixes the following issues: - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) ----------------------------------------- Patch: SUSE-2018-2344 Released: Mon Oct 22 09:37:36 2018 Summary: Recommended update for grub2 Severity: moderate References: 1093145 Description: This update for grub2 fixes the following issues: - Implement FCP methods for WWPN and LUNs (bsc#1093145) ----------------------------------------- Patch: SUSE-2018-2346 Released: Mon Oct 22 09:40:46 2018 Summary: Recommended update for logrotate Severity: moderate References: 1093617 Description: This update for logrotate provides the following fix: - Ensure the HOME environment variable is set to /root when logrotate is started via systemd. This allows mariadb to rotate its logs when the database has a root password defined. (bsc#1093617) ----------------------------------------- Patch: SUSE-2018-2347 Released: Mon Oct 22 09:41:15 2018 Summary: Recommended update for libzypp and zypper Severity: moderate References: 1099982,1109877,1109893,556664,939392 Description: This update for libzypp and zypper fixes the following issues: - Fix blocking wait for finished child process (bsc#1109877) - Fix conversion of string and glob to regex when compiling queries (bsc#1099982, bsc#939392, bsc#556664) - Always warn if no repos are defined, but don't return ZYPPER_EXIT_NO_REPOS(6) in install commands (bsc#1109893) - Switch global help format and fix bash-completion ----------------------------------------- Patch: SUSE-2018-2348 Released: Mon Oct 22 09:41:51 2018 Summary: Recommended update for resource-agents Severity: moderate References: 1090882,1097656,1101668,1102935,1104900 Description: This update for resource-agents provides the following fixes: - CTDB: Fix --logging/--logfile version string comparison. (bsc#1102935) - CTDB: Fix incorrect db corruption reports. (bsc#1101668) - CTDB: Fix OCF_RESKEY_ctdb_recovery_lock validation. (bsc#1097656) - pgsql: Avoid the change of /dev/null to postgres owner/group. (bsc#1090882) - LVM: Fix missing dash. (bsc#1104900) ----------------------------------------- Patch: SUSE-2018-2364 Released: Mon Oct 22 13:13:28 2018 Summary: Security update for wireshark Severity: important References: 1111647,CVE-2018-12086,CVE-2018-18227 Description: This update for wireshark fixes the following issues: Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed: - CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) - CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated protocol support that were done are listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html ----------------------------------------- Patch: SUSE-2018-2370 Released: Mon Oct 22 14:02:01 2018 Summary: Recommended update for aaa_base Severity: moderate References: 1102310,1104531 Description: This update for aaa_base provides the following fixes: - Let bash.bashrc work even for (m)ksh. (bsc#1104531) - Fix an error at login if java system directory is empty. (bsc#1102310) ----------------------------------------- Patch: SUSE-2018-2382 Released: Tue Oct 23 10:35:33 2018 Summary: Recommended update for plymouth Severity: moderate References: 1082318,804607,886148,888590,894051 Description: This update for plymouth provides the following fixes: - Drop a previous fix for window size and use of the smallest screen size deliberately. (bsc#804607, bsc#894051) - systemd-units: Add 'ConditionVirtualization=!container'. - main: Fix getting detailed logs from systemd. - main: Show details when ESC is pressed during splash_delay. - drm: Remove unnecessary reset_scan_out_buffer_if_needed() call from ply_renderer_head_map(). - main: Only activate renderers if the splash uses pixel-displays. - boot-server: Free the argument and triggers. - event-loop: Fix leak in error path. - script: Fix various memory leaks. - key-file: ply_key_file_get_value returns duplicated memory, fix memory leaks. - event-loop: Fix leak in error path. - boot-splash: Fix memory leak in error path. - populate-initrd: Drop unused local variable. - Ensure tty is closed on deactivate. - systemd-units: Add 'ConditionVirtualization=!container'. - README: Add link to Code of Conduct. - two-step: Add unhandled splash mode case to switch. - main: Fix build. - Fix miscellaneous compiler warnings. - configure: Pass -Wno-cast-function-type if available. - main: Fix getting detailed logs from systemd. - main: Show details when ESC is pressed during splash_delay. - drm: Remove unnecessary reset_scan_out_buffer_if_needed() call from ply_renderer_head_map(). - main: Only activate renderers if the splash uses pixel-displays. ----------------------------------------- Patch: SUSE-2018-2389 Released: Tue Oct 23 10:50:28 2018 Summary: Recommended update for yast2-storage-ng and libstorage-ng Severity: moderate References: 1055756,1085134,1089353,1090010,1099144,1099181,1099394,1099762,1103113,1104774,1105227,1106774,1107298,1108831 Description: This update for yast2-storage-ng and libstorage-ng fixes the following issues: yast2-storage-ng: - When trying to reuse a partition, AutoYaST will consider only those partitions from the right disk (bsc#1106774). - Show a warning when overwriting manually edited settings (bsc#1055756) - AutoYaST: Export volume group name (lvm_group) when an MD RAID device is used as a physical volume (bsc#1103113). - AutoYaST: Recognize Xen virtual partitions in the profile when importing and installing (bsc#1085134). - AutoYaST: Set the 'mount by' option when reusing partitions (bsc#1104774). - Fixed the warning about overwriting a manually edited partition layout. Now it works even after going back and forth in the installer steps (bsc#1055756). - Partitioner: Display Xen virtual partitions and allow to format and mount them (bsc#1085134). - RAID attributes: Include 'Active: Yes/No'. (bsc#1090010) - Fixed crash in the Kubic proposal when insufficient disk space. (bsc#1099762) - Allow to use whole disk as PV by indicating a partition with number 0 (bsc#1107298) - Add asterisk to mount points that is not active and to the description (fate#318196) - Does no longer crash if existing boot partition cannot be used without formatting it (bsc#1108831) libstorage-ng: - Fixed variable scope to fix temporary mounting. (bsc#1099144) - Avoid exceptions for inactive RAIDs. (bsc#1090010) - Adjust multipath parser to accept nvme related output. (bsc#1089353) - Detect correctly whether a file system is currently mounted. (bsc#1105227) - Do not crash when displaying summary for an encrypted but not mounted disk (bsc#1099181) - Improve handling of udev ids starting with dm-uuid for partitions on multipath (bsc#1099394) ----------------------------------------- Patch: SUSE-2018-2392 Released: Tue Oct 23 12:45:51 2018 Summary: Security update for tiff Severity: moderate References: 1092480,1106853,1108627,1108637,1110358,CVE-2018-10779,CVE-2018-16335,CVE-2018-17100,CVE-2018-17101,CVE-2018-17795 Description: This update for tiff fixes the following issues: Security issue fixed: - CVE-2018-10779: TIFFWriteScanline in tif_write.c had a heap-based buffer over-read, as demonstrated by bmp2tiff.(bsc#1092480) - CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108637) - CVE-2018-17101: There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108627) - CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. (bsc#1110358) - CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. (bsc#1106853) ----------------------------------------- Patch: SUSE-2018-2396 Released: Tue Oct 23 13:50:31 2018 Summary: Security update for net-snmp Severity: important References: 1027353,1081164,1102775,1111122,CVE-2018-18065 Description: This update for net-snmp fixes the following issues: Security issues fixed: - CVE-2018-18065: _set_key in agent/helpers/table_container.c had a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (bsc#1111122) Non-security issues fixed: - swintst_rpm: Protect against unspecified Group name (bsc#1102775) - Add tsm and tlstm MIBs and the USM security module. (bsc#1081164) - Fix agentx freezing on timeout (bsc#1027353) ----------------------------------------- Patch: SUSE-2018-2409 Released: Tue Oct 23 17:26:51 2018 Summary: Recommended update for yast2-core Severity: moderate References: 1103076 Description: This update for yast2-core fixes the following issues: - Reduced risk of race condition between getenv and setenv while logging (bsc#1103076) ----------------------------------------- Patch: SUSE-2018-2411 Released: Tue Oct 23 17:27:40 2018 Summary: Recommended update for libXaw Severity: moderate References: 1098411 Description: This update for libXaw provides the following fix: - Fix a crash when the required font is not installed. (bsc#1098411) ----------------------------------------- Patch: SUSE-2018-2412 Released: Tue Oct 23 17:28:04 2018 Summary: Recommended update for gettext-runtime Severity: moderate References: 1106843 Description: This update for gettext-runtime provides the following fix: - Reset the length of message string after a line has been removed to fix a crash in msgfmt when writing java source code and the .po file has a POT-Creation-Date header. (bsc#1106843) ----------------------------------------- Patch: SUSE-2018-2417 Released: Tue Oct 23 17:31:22 2018 Summary: Recommended update for yast2-isns Severity: moderate References: 1099691 Description: This update for yast2-isns implements the following feature: - Added additional searchkeys to desktop file (fate#321043, bsc#1099691) ----------------------------------------- Patch: SUSE-2018-2438 Released: Wed Oct 24 16:37:14 2018 Summary: Recommended update for yast2-registration Severity: moderate References: 1043125,1103412 Description: This update for yast2-registration provides the following fixes: - Fixes a bug where yast2-registration was crashing when acquiring a zypper lock failed. (bsc#1043125) - Fix online migration on PPC. (bsc#1103412) - Check the non-installed addon products, as some specific repositories do not provide any product. - Added more searchkeys to desktop file (fate#321043). - Added tags full_system_media_name and full_system_download_url in control.xml which describe the location for the 'all-packages' medium. This information will be shown if the registration has been scipped by the user. No hint will be shown if these tags have not been defined. (fate#325834) ----------------------------------------- Patch: SUSE-2018-2439 Released: Wed Oct 24 16:38:11 2018 Summary: Recommended update for python-kiwi Severity: moderate References: 1093518,1093917,1094788,1095267,1096937,1098535,1099569,1102868,1108508,1109882,1110869 Description: This update for python-kiwi provides the following fixes: - Avoid module loading in grub config template. (bsc#1096937) - Add true module to grub image list. (bsc#1093917) - Changed GUID format from signed to unsigned. (bsc#1095267) - Fix SC2164 complain of shellcheck. - Update shellcheck call from tox. Recent shellcheck versions are more strict and complain about backslashes used in literals, claiming it is preferred to use double backslashes. As is just a styling advise and backslashes are used in multiple commands, this can be ignored. - Omit the multipath module in live ISO initrd. The multipath module creates device maps which puts the device in a busy state and prevents the creation of a persistent write partition. As multipath seems never useful for the root of a live ISO image it is generally omitted. (bsc#1094788) - Simplify configfile loading. - Prevent building custom efi image. If the distribution provides a prebuilt efi image kiwi should use it instead of building its own image. - Fix using SCC repositories with kiwi. (bsc#1110869) - Fix URI handling with token query option. So far only the query format ?credentials=... was supported. In case of ?random_token_data the returned uri was truncated and also the format check on the query caused a python trace. - Fix broken link to ec2uploadimg tool. - Make sure changes to files in the overlay tree are in the file image. (bsc#1109882) - Create parent qgroup when snapper is present. This creates a new parent quota group (1/0) of level 1 when btrfs_quota_groups is enabled and snapper present into the image root tree. (bsc#1093518) - Make volume id customizable for installation ISOs. This makes the volid attribute also available for OEM images. The installation media makes use of the volid value. Only posix safe names are allowed, up to 32 characters. - Fix a problem that was causing custom kiwi initrds fail to build. (bsc#1108508) - Fix disk detection for live iso in loopback grub. - Snapper configuration for btrfs quota support refactored. This refactors the snapper configuration for btrfs quota support when btrfs_root_is_snapshot is enabled. The sysconfig file /etc/sysconfig/snapper is now taken into consideration. (bsc#1093518) - Fix overlay of intermediate config files. - Fix filesystem builder use of exclude list. kiwi defines a global Defaults.get_exclude_list_for_root_data_sync method but it was not used in the scope of the filesystem builder. Thus this builder was missing the exclusion of the .buildenv file. - Enhance /etc/snapper/configs/root file parser. - Fix the following aspects of quota groups management when snapper is present (bsc#1093518): * Fix the config file path if root is snapshot. * Uses the correct QGROUP='' syntax * Do not overwrite the config file if already present - Add support for system wide config file. If there is no user specific config file, kiwi also looks for a system wide /etc/kiwi.yml file. - Add support for pxe live boot via AOE. - Delete dmraid aka: softraid soft/fakeraid support. (fate#323743) - Do not replace version from the image name. (bsc#1102868) - Fix name of checksum file for pxe type. - Fix custom_args argument assignment in BootImage. - Fix GCE image file name. - Support label attribute in volumes. - Add '--add-container-label' flag. - Avoid double quoting of disturl in label (...=''obs://...''). - Fix a problem that was causing a live system to think partitions were in use when trying to format them. (bsc#1094788) - Add system cleanup methods. (bsc#1098535) - Fix building VMware images with pvscsi adapter. (bsc#1099569) ----------------------------------------- Patch: SUSE-2018-2463 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Severity: moderate References: 1104700,1112310 Description: This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------- Patch: SUSE-2018-2467 Released: Thu Oct 25 14:50:49 2018 Summary: Recommended update for yast2-bootloader and rubygem-cfa_grub2 Severity: moderate References: 1053559,1089829,1094031 Description: This update addresses some bugs for yast2-bootloader and rubygem-cfa_grub2: yast2-bootloader: - Fixed crash while reading grub settings from installed system (bsc#1094031) - Fix an internal error when GRUB_TERMINAL contains multiple values (bsc#1053559) - Added additional searchkeys to desktop file (fate#321043) - Does no longer crash when required package is not installed (bsc#1089829) rubygem-cfa_grub2: - cfa_grub2 can now handle multiple values for GRUB_TERMINAL. This is required by yast2-bootloader to work properly (bsc#1053559) ----------------------------------------- Patch: SUSE-2018-2477 Released: Thu Oct 25 17:07:55 2018 Summary: Recommended update for yast2-nfs-client Severity: moderate References: 1105674,1110093 Description: This update for yast2-nfs-client fixes the following issues: - do not crash when nfs version is written as 4.0 instead of 4. (bsc#1105674, bsc#1110093) - Added additional searchkeys to desktop file. (fate#321043) ----------------------------------------- Patch: SUSE-2018-2478 Released: Thu Oct 25 17:08:50 2018 Summary: Recommended update for tevent Severity: moderate References: 1109571 Description: This update for tevent fixes the following issues: - Update license to LGPL 3.0 or later. (bsc#1109571) ----------------------------------------- Patch: SUSE-2018-2479 Released: Thu Oct 25 17:09:17 2018 Summary: Recommended update for ldb Severity: moderate References: 1108164,1109571 Description: This update for ldb fixes the following issues: - Remove python-talloc-devel from %if %else block, since the py3 build should not remove py2 dependencies. (bsc#1108164) - Update license to LGPL 3.0 or later. (bsc#1109571) ----------------------------------------- Patch: SUSE-2018-2482 Released: Thu Oct 25 20:09:42 2018 Summary: Security update for MozillaFirefox Severity: important References: 1094767,1107343,1109363,1109465,1110506,1110507,CVE-2018-12383,CVE-2018-12385,CVE-2018-12386,CVE-2018-12387 Description: This update for MozillaFirefox to 60.2.2ESR fixes the following issues: Security issues fixed: MFSA 2018-24: - CVE-2018-12386: A Type confusion in JavaScript allowed remote code execution (bsc#1110506) - CVE-2018-12387: Array.prototype.push stack pointer vulnerability may have enabled exploits in the sandboxed content process (bsc#1110507) MFSA 2018-23: - CVE-2018-12385: Fixed a crash in TransportSecurityInfo due to cached data (bsc#1109363) - CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343) Non security issues fixed: - Avoid undefined behavior in IPC fd-passing code (bsc#1094767) - Fixed a startup crash affecting users migrating from older ESR releases - Clean up old NSS DB files after upgrading - Fixed an endianness problem in bindgen's handling of bitfields, which was causing Firefox to crash on startup on big-endian machines. Also, updates the cc crate, which was buggy in the version that was originally vendored in. (bsc#1109465) ----------------------------------------- Patch: SUSE-2018-2485 Released: Fri Oct 26 12:38:01 2018 Summary: Recommended update for kmod Severity: moderate References: 1112928 Description: This update for kmod provides the following fixes: - Allow 'modprobe -c' print the status of 'allow_unsupported_modules' option. (bsc#1112928) ----------------------------------------- Patch: SUSE-2018-2486 Released: Fri Oct 26 12:38:27 2018 Summary: Recommended update for xfsprogs Severity: moderate References: 1105068 Description: This update for xfsprogs fixes the following issues: - Explictly disable systemd unit files for scrub (bsc#1105068). ----------------------------------------- Patch: SUSE-2018-2487 Released: Fri Oct 26 12:39:07 2018 Summary: Recommended update for glibc Severity: moderate References: 1102526 Description: This update for glibc fixes the following issues: - Fix build on aarch64 with binutils newer than 2.30. - Fix year 2039 bug for localtime with 64-bit time_t (bsc#1102526) ----------------------------------------- Patch: SUSE-2018-2489 Released: Fri Oct 26 12:40:27 2018 Summary: Recommended update for tdb Severity: moderate References: 1109571 Description: This update for tdb fixes the following issues: - Update license to LGPL 3.0 or later. (bsc#1109571) ----------------------------------------- Patch: SUSE-2018-2494 Released: Fri Oct 26 14:19:07 2018 Summary: Recommended update for yast2-users Severity: moderate References: 1107456,1112119 Description: This update for yast2-users fixes the following issues: - Read ssh keys from root user only if the user exists (bsc#1112119, bsc#1107456) ----------------------------------------- Patch: SUSE-2018-2502 Released: Fri Oct 26 15:21:46 2018 Summary: Recommended update for SUSEConnect Severity: important References: 1104183,1112702 Description: This update for SUSEConnect fixes the following issues: - Fix s390 activation fails due to unavailable 'dmidecode'. (bsc#1112702) - Fix migration targets sorting. (bsc#1104183) ----------------------------------------- Patch: SUSE-2018-2504 Released: Fri Oct 26 16:12:22 2018 Summary: Security update for lcms2 Severity: moderate References: 1108813,CVE-2018-16435 Description: This update for lcms2 fixes the following issues: - CVE-2018-16435: A integer overflow was fixed in the AllocateDataSet function in cmscgats.c, that could lead to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. (bsc#1108813) ----------------------------------------- Patch: SUSE-2018-2513 Released: Mon Oct 29 11:11:23 2018 Summary: Recommended update for sysstat Severity: moderate References: 1089883 Description: This update for sysstat fixes the following issues: Sysstat was updated to 12.0.2, bringing new features and bugfixes (fate#326576, bsc#1089883) - It contains lots of improvements in SVG output. - New metric additions for hugepages. - New options Please look at http://sebastien.godard.pagesperso-orange.fr/ for a more detailed history of changes. ----------------------------------------- Patch: SUSE-2018-2526 Released: Tue Oct 30 11:00:24 2018 Summary: Recommended update for polkit-default-privs Severity: low References: 1106813 Description: This update for polkit-default-privs fixes the following issues: - Add renamed libvirt rules (bsc#1106813) ----------------------------------------- Patch: SUSE-2018-2536 Released: Tue Oct 30 16:16:10 2018 Summary: Recommended update for firewalld Severity: moderate References: 1112008 Description: This update for firewalld fixes the following issues: - Make --reload/--complete-reload always load the permanent configuration. (bsc#1112008) ----------------------------------------- Patch: SUSE-2018-2539 Released: Tue Oct 30 16:17:23 2018 Summary: Recommended update for rpm Severity: moderate References: 1113100 Description: This update for rpm fixes the following issues: - On PowerPC64 fix the superfluous TOC. dependency (bsc#1113100) ----------------------------------------- Patch: SUSE-2018-2540 Released: Tue Oct 30 16:17:48 2018 Summary: Recommended update for alsa Severity: moderate References: 1112292 Description: This update for alsa fixes the following issues: - Fix UCM profile to recognize audio device for Dell WD15 dock (bsc#1112292) ----------------------------------------- Patch: SUSE-2018-2547 Released: Wed Oct 31 14:44:22 2018 Summary: Security update for the Linux Kernel Severity: important References: 1046540,1050319,1050536,1050540,1051510,1055120,1065600,1066674,1067126,1067906,1076830,1079524,1083647,1084760,1084831,1086283,1086288,1094825,1095805,1099125,1100132,1102881,1103308,1103543,1104731,1105025,1105536,1106105,1106110,1106237,1106240,1106838,1107685,1108241,1108377,1108468,1108828,1108841,1108870,1109151,1109158,1109217,1109330,1109739,1109784,1109806,1109818,1109907,1109911,1109915,1109919,1109951,1110006,1110096,1110538,1110561,1110921,1111028,1111076,1111506,1111806,1111819,1111830,1111834,1111841,1111870,1111901,1111904,1111928,1111983,1112170,1112173,1112208,1112219,1112221,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113257,1113284,CVE-2017-16533,CVE-2017-18224,CVE-2018-18386,CVE-2018-18445 Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-18445: A faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-18224: fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). The following non-security bugs were fixed: - acpi / processor: Fix the return value of acpi_processor_ids_walk() (bsc#1051510). - acpica: Reference Counts: increase max to 0x4000 for large servers (bsc#1108241). - alsa: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 (bsc#1051510). - arm: 8799/1: mm: fix pci_ioremap_io() offset check (bsc#1051510). - arm: bcm2835: Add GET_THROTTLED firmware property (bsc#1108468). - arm: exynos: Clear global variable on init error path (bsc#1051510). - arm: hisi: check of_iomap and fix missing of_node_put (bsc#1051510). - arm: hwmod: RTC: Do not assume lock/unlock will be called with irq enabled (bsc#1051510). - arm: mvebu: declare asm symbols as character arrays in pmsu.c (bsc#1051510). - ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510). - ASoC: rsnd: adg: care clock-frequency size (bsc#1051510). - ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied again (bsc#1051510). - ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510). - ASoC: wm8804: Add ACPI support (bsc#1051510). - Btrfs: fix file data corruption after cloning a range and fsync (bsc#1111901). - Btrfs: fix mount failure after fsync due to hard link recreation (bsc#1103543). - Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting (bsc#1111904). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902). - Delete patches.drivers/IB-qedr-Remove-GID-add-del-dummy-routines.patch. (bsc#1110921) - Disable DRM patches that broke vbox video driver KMP (bsc#1111076) - EDAC, ghes: Add DDR4 and NVDIMM memory types (bsc#1099125). - EDAC, skx: Fix skx_edac build error when ACPI_NFIT=m (bsc#1099125). - EDAC, skx_edac: Detect non-volatile DIMMs (bsc#1099125). - EDAC: Add new memory type for non-volatile DIMMs (bsc#1099125). - HID: add support for Apple Magic Keyboards (bsc#1051510). - HID: hid-saitek: Add device ID for RAT 7 Contagion (bsc#1051510). - HID: hid-sensor-hub: Force logical minimum to 1 for power and report state (bsc#1051510). - HID: quirks: fix support for Apple Magic Keyboards (bsc#1051510). - HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report (bsc#1051510). - input: atakbd - fix Atari CapsLock behaviour (bsc#1051510). - input: atakbd - fix Atari keymap (bsc#1051510). - kvm/vmx: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the RDMSR path as unlikely() (bsc#1110006). - kvm: svm: Add MSR-based feature support for serializing LFENCE (bsc#1106240). - kvm: vmx: Tell the nested hypervisor to skip L1D flush on vmentry (bsc#1106240). - kvm: vmx: raise internal error for exception during invalid protected mode state (bsc#1110006). - kvm: vmx: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (bsc#1106240). - kvm: x86: Fix reserved bits check for MOV to CR3 (bsc#1110006). - kvm: x86: Introduce kvm_get_msr_feature() (bsc#1106240). - kvm: x86: fix incorrect reference of trace_kvm_pi_irte_update (bsc#1110006). - kvm: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use (bsc#1110006). - kvm: nvmx: Do not expose MPX VMX controls when guest MPX disabled (bsc#1106240). - kvm: nvmx: Do not halt vcpu when L1 is injecting events to L2 (bsc#1110006). - kvm: vmx: track host_state.loaded using a loaded_vmcs pointer (bsc#1110006). - kvm: vmx: use local variable for current_vmptr when emulating VMPTRST (bsc#1110006). - kvm: x86: Add a framework for supporting MSR-based features (bsc#1106240). - kvm: x86: Do not use kvm_x86_ops->mpx_supported() directly (bsc#1106240). - kvm: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed (bsc#1110006). - kvm: x86: define SVM/VMX specific kvm_arch_[alloc|free]_vm (bsc#1111506). - kvm: x86: fix #UD address of failed Hyper-V hypercalls (bsc#1110006). - kvm: x86: fix escape of guest dr6 to the host (bsc#1110006). - kvm: x86: remove APIC Timer periodic/oneshot spikes (bsc#1110006). - nfc: trf7970a: fix check of clock frequencies, use && instead of || (bsc#1051510). - nfs: Avoid quadratic search when freeing delegations (bsc#1084760). - pci: Reprogram bridge prefetch registers on resume (bsc#1051510). - pci: dwc: Fix scheduling while atomic issues (git-fixes). - pci: hv: Do not wait forever on a device that has disappeared (bsc#1109806). - pm / Domains: Fix genpd to deal with drivers returning 1 from ->prepare() (bsc#1051510). - pm / core: Clear the direct_complete flag on errors (bsc#1051510). - pm: cpuidle: Fix cpuidle_poll_state_init() prototype (bsc#1110006). - rdma/bnxt_re: Fix system crash during RDMA resource initialization (bsc#1086283). - Revert 'Limit kernel-source build to architectures for which we build binaries' This reverts commit d6435125446d740016904abe30a60611549ae812. - Revert 'cdc-acm: implement put_char() and flush_chars()' (bsc#1051510). - Revert 'drm/amdgpu: Add an ATPX quirk for hybrid laptop' (bsc#1051510). - Revert 'drm/i915/gvt: set max priority for gvt context' (bsc#1051510). - Revert 'gpio: set up initial state from .get_direction()' (bsc#1051510). - Revert 'iommu/io-pgtable: Avoid redundant TLB syncs' (bsc#1106237). - Revert 'mwifiex: fix incorrect ht capability problem' (bsc#1051510). - Revert 'mwifiex: handle race during mwifiex_usb_disconnect' (bsc#1051510). - Revert 'pinctrl: sunxi: Do not enforce bias disable (for now)' (bsc#1051510). - Revert 'slab: __GFP_ZERO is incompatible with a constructor' (bnc#1108828) This reverts commit de0a67303736262e306a3eb23aa38824b28c2764 because we still seem to have false possitives in the tree. - Revert 'ubifs: xattr: Do not operate on deleted inodes' (bsc#1051510). - Squashfs: Compute expected length from inode size rather than block length (bsc#1051510). - usb: Add quirk to support DJI CineSSD (bsc#1051510). - usb: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller (bsc#1051510). - usb: fix error handling in usb_driver_claim_interface() (bsc#1051510). - usb: handle NULL config in usb_find_alt_setting() (bsc#1051510). - usb: remove LPM management from usb_driver_claim_interface() (bsc#1051510). - usb: serial: simple: add Motorola Tetra MTP6550 id (bsc#1051510). - usb: yurex: Check for truncation in yurex_read() (bsc#1051510). - usb: yurex: Fix buffer over-read in yurex_write() (bsc#1051510). - Use upstream version of pci-hyperv patch (35a88a1) - acpi, nfit: Add function to look up nvdimm device and provide SMBIOS handle (bsc#1099125). - aio: fix io_destroy(2) vs. lookup_ioctx() race (git-fixes). - apparmor: Check buffer bounds when mapping permissions mask (git-fixes). - apparmor: Fix failure to audit context info in build_change_hat (bsc#1051510). - apparmor: Fully initialize aa_perms struct when answering userspace query (bsc#1051510). - apparmor: fix mediation of prlimit (bsc#1051510). - apparmor: fix memory leak when deduping profile load (bsc#1051510). - apparmor: fix ptrace read check (bsc#1051510). - asix: Check for supported Wake-on-LAN modes (bsc#1051510). - ath10k: fix kernel panic issue during pci probe (bsc#1051510). - ath10k: fix scan crash due to incorrect length calculation (bsc#1051510). - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bsc#1051510). - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock (bsc#1051510). - audit: fix use-after-free in audit_add_watch (bsc#1051510). - batman-adv: Avoid probe ELP information leak (bsc#1051510). - batman-adv: Fix multicast TT issues with bogus ROAM flags (bsc#1051510). - batman-adv: Fix segfault when writing to sysfs elp_interval (bsc#1051510). - batman-adv: Fix segfault when writing to throughput_override (bsc#1051510). - batman-adv: Prevent duplicated gateway_node entry (bsc#1051510). - batman-adv: Prevent duplicated global TT entry (bsc#1051510). - batman-adv: Prevent duplicated nc_node entry (bsc#1051510). - batman-adv: Prevent duplicated softif_vlan entry (bsc#1051510). - batman-adv: Prevent duplicated tvlv handler (bsc#1051510). - batman-adv: fix backbone_gw refcount on queue_work() failure (bsc#1051510). - batman-adv: fix hardif_neigh refcount on queue_work() failure (bsc#1051510). - bdi: Fix another oops in wb_workfn() (bsc#1112746). - bdi: Preserve kabi when adding cgwb_release_mutex (bsc#1112746). - be2net: Fix memory leak in be_cmd_get_profile_config() (bsc#1086288). - be2net: remove unused old AIC info (bsc#1086288). - be2net: remove unused old custom busy-poll fields (bsc#1086288 ). - blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713). - blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers (bsc#1111819). - block, bfq: fix wrong init of saved start time for weight raising (bsc#1112708). - block: bfq: swap puts in bfqg_and_blkg_put (bsc#1112712). - block: bvec_nr_vecs() returns value for wrong slab (bsc#1111834). - bnx2x: Fix invalid memory access in rss hash config path (bsc#1050319). - bnx2x: Fix receiving tx-timeout in error or recovery state (bsc#1050319). - bpf/verifier: disallow pointer subtraction (bsc#1083647). - bpf: make cavium thunder compatible w/ bpf_xdp_adjust_tail (bsc#1110096). - btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919). - btrfs: handle errors while updating refcounts in update_ref_for_cow (Git-fixes bsc#1109915). - cdc-acm: fix race between reset and control messaging (bsc#1051510). - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1111983). - cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() (bsc#1051510). - cifs: Fix use after free of a mid_q_entry (bsc#1112903). - cifs: fix memory leak in SMB2_open() (bsc#1112894). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510). - clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure (bsc#1051510). - clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 (bsc#1051510). - clk: tegra: bpmp: Do not crash when a clock fails to register (bsc#1051510). - clk: x86: Stop marking clocks as CLK_IS_CRITICAL (bsc#1051510). - clk: x86: add 'ether_clk' alias for Bay Trail / Cherry Trail (bsc#1051510). - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs (bsc#1051510). - clocksource/drivers/timer-atmel-pit: Properly handle error cases (bsc#1051510). - coda: fix 'kernel memory exposure attempt' in fsync (bsc#1051510). - cpu/hotplug: Fix SMT supported evaluation (bsc#1110006). - cpufreq, intel_pstate: Allow unspecified FADT profile to probe PPC (bnc#1108841). - crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic (bsc#1051510). - crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions (bsc#1051510). - crypto: ccp - add timeout support in the SEV command (bsc#1106838). - crypto: chelsio - Fix memory corruption in DMA Mapped buffers (bsc#1051510). - crypto: mxs-dcp - Fix wait logic on chan threads (bsc#1051510). - crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() (bsc#1051510). - cxgb4: fix abort_req_rss6 struct (bsc#1046540). - cxgb4: when disabling dcb set txq dcb priority to 0 (bsc#1046540 ). - dax: Fix deadlock in dax_lock_mapping_entry() (bsc#1109951). - debugobjects: Make stack check warning more informative (bsc#1051510). - declance: Fix continuation with the adapter identification message (bsc#1051510). - dmaengine: pl330: fix irq race with terminate_all (bsc#1051510). - drivers/base: stop new probing during shutdown (bsc#1051510). - drivers/tty: add error handling for pcmcia_loop_config (bsc#1051510). - drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode (bsc#1051510). - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bsc#1051510). - drm/amdgpu: Fix vce work queue was not cancelled when suspend (bsc#1106110) - drm/amdgpu: Pulling old prepare and submit for flip back (bsc#1051510). - drm/amdgpu: Update power state at the end of smu hw_init (bsc#1051510). - drm/amdgpu: add another ATPX quirk for TOPAZ (bsc#1051510). - drm/amdgpu: add new polaris pci id (bsc#1051510). - drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk (bsc#1106110) - drm/amdgpu: revert 'fix deadlock of reservation between cs and gpu reset v2' (bsc#1051510). - drm/amdkfd: Fix error codes in kfd_get_process (bsc#1051510). - drm/edid: VSDB yCBCr420 Deep Color mode bit definitions (bsc#1051510). - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (bsc#1051510). - drm/i915: Handle incomplete Z_FINISH for compressed error states (bsc#1100132) - drm/nouveau/TBDdevinit: do not fail when PMU/PRE_OS is missing from VBIOS (bsc#1051510). - drm/nouveau/debugfs: Wake up GPU before doing any reclocking (bsc#1051510). - drm/nouveau/disp: fix DP disable race (bsc#1051510). - drm/nouveau/drm/nouveau: Do not forget to cancel hpd_work on suspend/unload (bsc#1051510). - drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early (bsc#1051510). - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() (bsc#1051510). - drm/nouveau: Fix deadlocks in nouveau_connector_detect() (bsc#1051510). - drm/nouveau: Fix runtime PM leak in drm_open() (bsc#1051510). - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping (bsc#1051510). - drm/sun4i: Fix an ulong overflow in the dotclock driver (bsc#1106110) - drm/sun4i: Fix releasing node when enumerating enpoints (bsc#1051510). - drm: mali-dp: Call drm_crtc_vblank_reset on device init (bsc#1051510). - drm: udl: Destroy framebuffer only if it was initialized (bsc#1051510). - e1000: check on netif_running() before calling e1000_up() (bsc#1051510). - e1000: ensure to free old tx/rx rings in set_ringparam() (bsc#1051510). - eeprom: at24: change nvmem stride to 1 (bsc#1051510). - eeprom: at24: check at24_read/write arguments (bsc#1051510). - eeprom: at24: correctly set the size for at24mac402 (bsc#1051510). - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode (bsc#1110006). - enic: do not call enic_change_mtu in enic_probe (bsc#1051510). - enic: handle mtu change for vf properly (bsc#1051510). - enic: initialize enic->rfs_h.lock in enic_probe (bsc#1051510). - ethtool: Remove trailing semicolon for static inline (bsc#1051510). - ethtool: fix a privilege escalation bug (bsc#1076830). - evm: Do not deadlock if a crypto algorithm is unavailable (bsc#1051510). - ext2, dax: set ext2_dax_aops for dax files (bsc#1112554). - ext4: avoid arithemetic overflow that can trigger a BUG (bsc#1112736). - ext4: avoid divide by zero fault when deleting corrupted inline directories (bsc#1112735). - ext4: check for NUL characters in extended attribute's name (bsc#1112732). - ext4: check to make sure the rename(2)'s destination is not freed (bsc#1112734). - ext4: do not mark mmp buffer head dirty (bsc#1112743). - ext4: fix online resize's handling of a too-small final block group (bsc#1112739). - ext4: fix online resizing for bigalloc file systems with a 1k block size (bsc#1112740). - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bsc#1112733). - ext4: recalucate superblock checksum after updating free blocks/inodes (bsc#1112738). - ext4: reset error code in ext4_find_entry in fallback (bsc#1112731). - ext4: show test_dummy_encryption mount option in /proc/mounts (bsc#1112741). - fbdev/omapfb: fix omapfb_memory_read infoleak (bsc#1051510). - firmware, DMI: Add function to look up a handle and return DIMM size (bsc#1099125). - firmware: raspberrypi: Register hwmon driver (bsc#1108468). - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (bsc#1051510). - fs/quota: Fix spectre gadget in do_quotactl (bsc#1112745). - fuse: Do not access pipe->buffers without pipe_lock() (bsc#1051510). - gpio: Fix crash due to registration race (bsc#1051510). - gpio: adp5588: Fix sleep-in-atomic-context bug (bsc#1051510). - gpio: mb86s70: Revert 'Return error if requesting an already assigned gpio' (bsc#1051510). - gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall (bsc#1051510). - gpiolib: Free the last requested descriptor (bsc#1051510). - hfs: prevent crash on exit from failed search (bsc#1051510). - hfsplus: do not return 0 when fill_super() failed (bsc#1051510). - hfsplus: stop workqueue when fill_super() failed (bsc#1051510). - hv: avoid crash in vmbus sysfs files (bnc#1108377). - hv_netvsc: fix schedule in RCU context (). - hwmon: (adt7475) Make adt7475_read_word() return errors (bsc#1051510). - hwmon: (ina2xx) fix sysfs shunt resistor read access (bsc#1051510). - hwmon: (nct6775) Set weight source to zero correctly (bsc#1051510). - hwmon: Add support for RPi voltage sensor (bsc#1108468). - hwmon: rpi: add module alias to raspberrypi-hwmon (bsc#1108468). - hypfs_kill_super(): deal with failed allocations (bsc#1051510). - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bsc#1051510). - i2c: rcar: cleanup DMA for all kinds of failure (bsc#1051510). - intel_th: pci: Add Ice Lake PCH support (bsc#1051510). - iommu/amd: Clear memory encryption mask from physical address (bsc#1106105). - iommu/arm-smmu: Error out only if not enough context interrupts (bsc#1106237). - iommu/vt-d: Add definitions for PFSID (bsc#1106237). - iommu/vt-d: Fix dev iotlb pfsid use (bsc#1106237). - iommu/vt-d: Fix scatterlist offset handling (bsc#1106237). - ipmi:ssif: Add support for multi-part transmit messages > 2 parts (bsc#1103308). - ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() (git-fixes). - irq/core: Fix boot crash when the irqaffinity= boot parameter is passed on CPUMASK_OFFSTACK=y kernels(v1) (bsc#1051510). - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1051510). - iwlwifi: mvm: Allow TKIP for AP mode (bsc#1051510). - iwlwifi: mvm: check for n_profiles validity in EWRD ACPI (bsc#1051510). - iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface (bsc#1051510). - iwlwifi: mvm: open BA session only when sta is authorized (bsc#1051510). - iwlwifi: mvm: send BCAST management frames to the right station (bsc#1051510). - iwlwifi: pcie gen2: check iwl_pcie_gen2_set_tb() return value (bsc#1051510). - iwlwifi: pcie: gen2: build A-MSDU only for GSO (bsc#1051510). - jbd2: fix use after free in jbd2_log_do_checkpoint() (bsc#1113257). - kABI: Hide get_msr_feature() in kvm_x86_ops (bsc#1106240). - kabi protect enum mem_type (bsc#1099125). - kprobes/x86: Disable preemption in ftrace-based jprobes (bsc#1110006). - kprobes/x86: Fix %p uses in error messages (bsc#1110006). - kprobes/x86: Prohibit probing on exception masking instructions (bsc#1110006). - ksm: fix unlocked iteration over vmas in cmp_and_merge_page() (VM Functionality bsc#1111806). - kvm, mm: account shadow page tables to kmemcg (bsc#1110006). - kvm/x86: kABI fix for vm_alloc/vm_free changes (bsc#1111506). - kvm: Make VM ioctl do valloc for some archs (bsc#1111506). - kvm: x86: Set highest physical address bits in non-present/reserved SPTEs (bsc#1106240). - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl (bsc#1110006). - kvmclock: fix TSC calibration for nested guests (bsc#1110006). - lib/bug.c: exclude non-BUG/WARN exceptions from report_bug() (bsc#1110006). - lib/ubsan.c: s/missaligned/misaligned/ (bsc#1051510). - lib/ubsan: add type mismatch handler for new GCC/Clang (bsc#1051510). - libertas: call into generic suspend code before turning off power (bsc#1051510). - liquidio: fix hang when re-binding VF host drv after running DPDK VF driver (bsc#1067126). - liquidio: fix kernel panic in VF driver (bsc#1067126). - loop: add recursion validation to LOOP_CHANGE_FD (bsc#1112711). - loop: do not call into filesystem while holding lo_ctl_mutex (bsc#1112710). - loop: fix LOOP_GET_STATUS lock imbalance (bsc#1113284). - mac80211: Fix station bandwidth setting after channel switch (bsc#1051510). - mac80211: Run TXQ teardown code before de-registering interfaces (bsc#1051510). - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bsc#1051510). - mac80211: do not Tx a deauth frame if the AP forbade Tx (bsc#1051510). - mac80211: do not convert to A-MSDU if frag/subframe limited (bsc#1051510). - mac80211: fix a race between restart and CSA flows (bsc#1051510). - mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys (bsc#1051510). - mac80211: mesh: fix HWMP sequence numbering to follow standard (bsc#1051510). - mac80211: minstrel: fix using short preamble CCK rates on HT clients (bsc#1051510). - mac80211: shorten the IBSS debug messages (bsc#1051510). - mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bsc#1051510). - mac80211_hwsim: require at least one channel (bsc#1051510). - mach64: detect the dot clock divider correctly on sparc (bsc#1051510). - media: af9035: prevent buffer overflow on write (bsc#1051510). - media: davinci: vpif_display: Mix memory leak on probe error path (bsc#1051510). - media: fsl-viu: fix error handling in viu_of_probe() (bsc#1051510). - media: helene: fix xtal frequency setting at power on (bsc#1051510). - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power (bsc#1051510). - media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions (bsc#1051510). - media: soc_camera: ov772x: correct setting of banding filter (bsc#1051510). - media: tm6000: add error handling for dvb_register_adapter (bsc#1051510). - media: videobuf-dma-sg: Fix dma_{sync,unmap}_sg() calls (bsc#1051510). - media: videobuf2-core: check for q->error in vb2_core_qbuf() (bsc#1051510). - mm/migrate: Use spin_trylock() while resetting rate limit (). - mm: /proc/pid/pagemap: hide swap entries from unprivileged users (Git-fixes bsc#1109907). - mm: Preserve _PAGE_DEVMAP across mprotect() calls (bsc#1111028). - mm: fix BUG_ON() in vmf_insert_pfn_pud() from VM_MIXEDMAP removal (bsc#1111841). - mmc: block: avoid multiblock reads for the last sector in SPI mode (bsc#1051510). - mwifiex: handle race during mwifiex_usb_disconnect (bsc#1051510). - net: add support for Cavium PTP coprocessor (bsc#1110096). - net: cavium: fix NULL pointer dereference in cavium_ptp_put (bsc#1110096). - net: cavium: use module_pci_driver to simplify the code (bsc#1110096). - net: thunder: change q_len's type to handle max ring size (bsc#1110096). - net: thunderx: Set max queue count taking XDP_TX into account (bsc#1110096). - net: thunderx: add MAC address filter tracking for LMAC (bsc#1110096). - net: thunderx: add XCAST messages handlers for PF (bsc#1110096). - net: thunderx: add multicast filter management support (bsc#1110096). - net: thunderx: add ndo_set_rx_mode callback implementation for VF (bsc#1110096). - net: thunderx: add new messages for handle ndo_set_rx_mode callback (bsc#1110096). - net: thunderx: add timestamping support (bsc#1110096). - net: thunderx: add workqueue control structures for handle ndo_set_rx_mode request (bsc#1110096). - net: thunderx: check for failed allocation lmac->dmacs (bsc#1110096). - net: thunderx: fix double free error (bsc#1110096). - net: thunderx: move filter register related macro into proper place (bsc#1110096). - net: thunderx: prevent concurrent data re-writing by nicvf_set_rx_mode (bsc#1110096). - net: thunderx: remove a couple of redundant assignments (bsc#1110096). - net: thunderx: rework mac addresses list to u64 array (bsc#1110096). - nvme: call nvme_complete_rq when nvmf_check_ready fails for mpath I/O (bsc#1107685). - objtool, kprobes/x86: Sync the latest header with tools/objtool/arch/x86/include/asm/insn.h (bsc#1110006). - orangefs: fix deadlock; do not write i_size in read_iter (bsc#1051510). - orangefs: initialize op on loop restart in orangefs_devreq_read (bsc#1051510). - orangefs: use list_for_each_entry_safe in purge_waiting_ops (bsc#1051510). - orangefs_kill_sb(): deal with allocation failures (bsc#1051510). - ovl: Sync upper dirty data when syncing overlayfs (git-fixes). - ovl: fix format of setxattr debug (git-fixes). - perf/x86/amd/ibs: Do not access non-started event (bsc#1110006). - perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr (bsc#1110006). - perf/x86/intel/lbr: Fix incomplete LBR call stack (bsc#1110006). - perf/x86/intel/uncore: Correct fixed counter index check for NHM (bsc#1110006). - perf/x86/intel/uncore: Correct fixed counter index check in generic code (bsc#1110006). - perf/x86/intel/uncore: Fix Skylake UPI event format (bsc#1110006). - perf/x86/intel: Do not accidentally clear high bits in bdw_limit_period() (bsc#1110006). - perf/x86/intel: Fix event update for auto-reload (bsc#1110006). - perf/x86/intel: Fix large period handling on Broadwell CPUs (bsc#1110006). - perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs (bsc#1110006). - perf/x86/intel: Properly save/restore the PMU state in the NMI handler (bsc#1110006). - perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver (bsc#1110006). - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() (bsc#1110006). - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* (bsc#1110006). - powerpc/firmware: Add definitions for new drc-info firmware feature (bsc#1109158). - powerpc/numa: Skip onlining a offline node in kdump path (bsc#1109784). - powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1055120). - powerpc/pseries/mm: Introducing FW_FEATURE_BLOCK_REMOVE (bsc#1109158). - powerpc/pseries/mm: call H_BLOCK_REMOVE (bsc#1109158). - powerpc/pseries/mm: factorize PTE slot computation (bsc#1109158). - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes). - powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug (bsc#1079524, git-fixes). - powerpc/pseries: Fix duplicate firmware feature for DRC_INFO (bsc#1109158). - powerpc/rtas: Fix a potential race between CPU-Offline & Migration (bsc#1111870). - printk/tracing: Do not trace printk_nmi_enter() (bsc#1112208). - printk: drop in_nmi check from printk_safe_flush_on_panic() (bsc#1112170). - proc: restrict kernel stack dumps to root (git-fixes). blacklist.conf: - ptrace,x86: Make user_64bit_mode() available to 32-bit builds (bsc#1110006). - qed: Add missing device config for RoCE EDPM in UFP mode (bsc#1109217). - qed: Avoid sending mailbox commands when MFW is not responsive (bsc#1050536). - qed: Do not add VLAN 0 tag to untagged frames in multi-function mode (bsc#1050536). - qed: Fix populating the invalid stag value in multi function mode (bsc#1050536). - qed: Fix shmem structure inconsistency between driver and the mfw (bsc#1110561). - qed: Prevent a possible deadlock during driver load and unload (bsc#1050536). - qed: Wait for MCP halt and resume commands to take place (bsc#1050536). - qed: Wait for ready indication before rereading the shmem (bsc#1050536). - qlcnic: fix Tx descriptor corruption on 82xx devices (bsc#1050540). - qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface (bsc#1051510). - qmi_wwan: set DTR for modems in forced USB2 mode (bsc#1051510). - qrtr: add MODULE_ALIAS macro to smd (bsc#1051510). - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED (bsc#1051510). - rculist: Improve documentation for list_for_each_entry_from_rcu() (bsc#1084760). - rculist: add list_for_each_entry_from_rcu() (bsc#1084760). - reiserfs: add check to detect corrupted directory entry (bsc#1109818). - reiserfs: do not panic on bad directory entries (bsc#1109818). - rename a hv patch to reduce conflicts in -AZURE - reorder a qedi patch to allow further work in this branch - rpc_pipefs: fix double-dput() (bsc#1051510). - rtc: bq4802: add error handling for devm_ioremap (bsc#1051510). - sched/numa: Limit the conditions where scan period is reset (). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: ipr: Eliminate duplicate barriers (). - scsi: ipr: Use dma_pool_zalloc() (). - scsi: ipr: fix incorrect indentation of assignment statement (). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: qedi: Add the CRC size within iSCSI NVM image (bsc#1110538). - scsi: qedi: Initialize the stats mutex lock (bsc#1110538). - scsi: qla2xxx: Fix NVMe Target discovery (bsc#1108870). - scsi: qla2xxx: Fix NVMe session hang on unload (bsc#1108870). - scsi: qla2xxx: Fix driver hang when FC-NVMe LUNs are configured (bsc#1108870). - scsi: qla2xxx: Fix duplicate switch database entries (bsc#1108870). - scsi: qla2xxx: Fix for double free of SRB structure (bsc#1108870). - scsi: qla2xxx: Fix memory leak for allocating abort IOCB (bsc#1111830). - scsi: qla2xxx: Fix re-using LoopID when handle is in use (bsc#1108870). - scsi: qla2xxx: Fix recursive mailbox timeout (bsc#1108870). - scsi: qla2xxx: Move log messages before issuing command to firmware (bsc#1108870). - scsi: qla2xxx: Return switch command on a timeout (bsc#1108870). - scsi: qla2xxx: do not allow negative thresholds (bsc#1108870). - scsi: target: prefer dbroot of /etc/target over /var/target (bsc#1111928). - selftests/x86: Add tests for User-Mode Instruction Prevention (bsc#1110006). - selftests/x86: Add tests for the STR and SLDT instructions (bsc#1110006). - serial: 8250_exar: Read INT0 from slave device, too (bsc#1051510). - serial: cpm_uart: return immediately from console poll (bsc#1051510). - serial: imx: restore handshaking irq for imx1 (bsc#1051510). - series.conf: moved some Xen patches to the sorted region xen/blkfront: correct purging of persistent grants (bnc#1112514). - signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - soc: fsl: qe: Fix copy/paste bug in ucc_get_tdm_sync_shift() (bsc#1051510). - soc: mediatek: pwrap: fix cipher init setting error (bsc#1051510). - sock_diag: fix use-after-free read in __sk_free (bsc#1051510). - soreuseport: initialise timewait reuseport field (bsc#1051510). - sound: do not call skl_init_chip() to reset intel skl soc (bsc#1051510). - sound: enable interrupt after dma buffer initialization (bsc#1051510). - spi: rspi: Fix interrupted DMA transfers (bsc#1051510). - spi: rspi: Fix invalid SPI use during system suspend (bsc#1051510). - spi: sh-msiof: Fix handling of write value for SISTR register (bsc#1051510). - spi: sh-msiof: Fix invalid SPI use during system suspend (bsc#1051510). - spi: tegra20-slink: explicitly enable/disable clock (bsc#1051510). - squashfs metadata 2: electric boogaloo (bsc#1051510). - squashfs: be more careful about metadata corruption (bsc#1051510). - squashfs: more metadata hardening (bsc#1051510). - squashfs: more metadata hardening (bsc#1051510). - stm: Potential read overflow in stm_char_policy_set_ioctl() (bsc#1051510). - supported.conf: added cavium_ptp - supported.conf: mark raspberrypi-hwmon as supported - switchtec: Fix Spectre v1 vulnerability (bsc#1051510). - sysfs: Do not return POSIX ACL xattrs via listxattr (git-fixes). - target: log Data-Out timeouts as errors (bsc#1095805). - target: log NOP ping timeouts as errors (bsc#1095805). - target: split out helper for cxn timeout error stashing (bsc#1095805). - target: stash sess_err_stats on Data-Out timeout (bsc#1095805). - target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805). - team: Forbid enslaving team device to itself (bsc#1051510). - thermal: of-thermal: disable passive polling when thermal zone is disabled (bsc#1051510). - tools/vm/page-types.c: fix 'defined but not used' warning (bsc#1051510). - tools/vm/slabinfo.c: fix sign-compare warning (bsc#1051510). - tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} (bsc#1110006). - tracing: Add barrier to trace_printk() buffer nesting modification (bsc#1112219). - tsl2550: fix lux1_input error in low light (bsc#1051510). - tty: Drop tty->count on tty_reopen() failure (bsc#1051510). - tty: rocket: Fix possible buffer overwrite on register_PCI (bsc#1051510). - tty: serial: exar: Relocate sleep wake-up handling (bsc#1051510). - tty: serial: lpuart: avoid leaking struct tty_struct (bsc#1051510). - tty: vt_ioctl: fix potential Spectre v1 (bsc#1051510). - ubifs: Check for name being NULL while mounting (bsc#1051510). - udp: Unbreak modules that rely on external __skb_recv_udp() availability (bsc#1109151). - uprobes/x86: Prohibit probing on MOV SS instruction (bsc#1110006). - usb: Avoid use-after-free by flushing endpoints early in usb_set_interface() (bsc#1051510). - usb: cdc_acm: Do not leak URB buffers (bsc#1051510). - usb: dwc2: Turn on uframe_sched on 'amlogic' platforms (bsc#1102881). - usb: dwc2: Turn on uframe_sched on 'bcm' platforms (bsc#1102881). - usb: dwc2: Turn on uframe_sched on 'his' platforms (bsc#1102881). - usb: dwc2: Turn on uframe_sched on 'stm32f4x9_fsotg' platforms (bsc#1102881). - usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] (bsc#1051510). - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame() (bsc#1051510). - usb: misc: uss720: Fix two sleep-in-atomic-context bugs (bsc#1051510). - usb: musb: dsps: do not disable CPPI41 irq in driver teardown (bsc#1051510). - usb: uas: add support for more quirk flags (bsc#1051510). - usb: wusbcore: security: cast sizeof to int for comparison (bsc#1051510). - usb: xhci-mtk: resume USB3 roothub first (bsc#1051510). - userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (bsc#1109739). - uwb: hwa-rc: fix memory leak at probe (bsc#1051510). - vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page (bsc#1110006). - virtio: pci-legacy: Validate queue pfn (bsc#1051510). - vmbus: do not return values for uninitalized channels (bsc#1051510). - vti4: Do not count header length twice on tunnel setup (bsc#1051510). - vti6: fix PMTU caching and reporting on xmit (bsc#1051510). - vti6: remove !skb->ignore_df check from vti6_xmit() (bsc#1051510). - x86-64/realmode: Add instruction suffix (bsc#1110006). - x86-memory_failure-Introduce-set-clear-_mce_nospec.patch: One more fixup to avoid even warning about statement without effect. - x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present (bsc#1110006). - x86/CPU: Add a microcode loader callback (bsc#1110006). - x86/CPU: Check CPU feature bits after microcode upgrade (bsc#1110006). - x86/EISA: Do not probe EISA bus for Xen PV guests (bsc#1110006). - x86/KVM/VMX: Do not set l1tf_flush_l1d from vmx_handle_external_intr() (bsc#1110006). - x86/KVM/VMX: Do not set l1tf_flush_l1d to true from vmx_l1d_flush() (bsc#1110006). - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() (bsc#1110006). - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' (bsc#1110006). - x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount (bsc#1110006). - x86/LDT: Avoid warning in 32-bit builds with older gcc (bsc#1110006). - x86/MCE/AMD: Define a function to get SMCA bank type (bsc#1110006). - x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read() (bsc#1110006). - x86/MCE: Remove min interval polling limitation (bsc#1110006). - x86/MCE: Report only DRAM ECC as memory errors on AMD systems (bsc#1110006). - x86/MCE: Serialize sysfs changes (bsc#1110006). - x86/acpi: Prevent X2APIC id 0xffffffff from being accounted (bsc#1110006). - x86/alternatives: Fixup alternative_call_2 (bsc#1110006). - x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified (bsc#1110006). - x86/asm: Add _ASM_ARG* constants for argument registers to (bsc#1110006). - x86/asm: Allow again using asm.h when building for the 'bpf' clang target (bsc#1110006). - x86/asm: Do not use the confusing '.ifeq' directive (bsc#1110006). - x86/boot/64: Verify alignment of the LOAD segment (bsc#1110006). - x86/boot/compressed/64: Print error if 5-level paging is not supported (bsc#1110006). - x86/boot: Fix if_changed build flip/flop bug (bsc#1110006). - x86/boot: Move EISA setup to a separate file (bsc#1110006). - x86/boot: Relocate definition of the initial state of CR0 (bsc#1110006). - x86/build: Beautify build log of syscall headers (bsc#1110006). - x86/cpu/AMD: Apply the Erratum 688 fix when the BIOS does not (bsc#1110006). - x86/cpu/intel: Add missing TLB cpuid values (bsc#1110006). - x86/cpufeature: Add User-Mode Instruction Prevention definitions (bsc#1110006). - x86/cpufeatures: Add Intel PCONFIG cpufeature (bsc#1110006). - x86/cpufeatures: Add Intel Total Memory Encryption cpufeature (bsc#1110006). - x86/debug: Handle warnings before the notifier chain, to fix KGDB crash (bsc#1110006). - x86/decoder: Add new TEST instruction pattern (bsc#1110006). - x86/efi: Fix efi_call_phys_epilog() with CONFIG_X86_5LEVEL=y (bsc#1110006). - x86/eisa: Add missing include (bsc#1110006). - x86/entry/64: Add two more instruction suffixes (bsc#1110006). - x86/entry/64: Use 'xorl' for faster register clearing (bsc#1110006). - x86/entry: Reduce the code footprint of the 'idtentry' macro (bsc#1110006). - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() (bsc#1110006). - x86/fpu/debug: Remove unused 'x86_fpu_state' and 'x86_fpu_deactivate_state' tracepoints (bsc#1110006). - x86/fpu: Make XSAVE check the base CPUID features before enabling (bsc#1110006). - x86/fpu: Parse clearcpuid= as early XSAVE argument (bsc#1110006). - x86/fpu: Remove second definition of fpu in __fpu__restore_sig() (bsc#1110006). - x86/fpu: Remove the explicit clearing of XSAVE dependent features (bsc#1110006). - x86/hyperv: Check for required priviliges in hyperv_init() (bsc#1110006). - x86/intel_rdt: Enable CMT and MBM on new Skylake stepping (bsc#1110006). - x86/intel_rdt: Fix incorrect returned value when creating rdgroup sub-directory in resctrl file system (bsc#1110006). - x86/intel_rdt: Fix potential deadlock during resctrl mount (bsc#1110006). - x86/intel_rdt: Fix potential deadlock during resctrl unmount (bsc#1110006). - x86/irq: Remove an old outdated comment about context tracking races (bsc#1110006). - x86/kasan: Panic if there is not enough memory to boot (bsc#1110006). - x86/kexec: Make kexec (mostly) work in 5-level paging mode (bsc#1110006). - x86/kprobes: Fix kernel crash when probing .entry_trampoline code (bsc#1110006). - x86/kvm/vmx: Remove duplicate l1d flush definitions (bsc#1110006). - x86/mce/AMD: Get address from already initialized block (bsc#1110006). - x86/mce: Add notifier_block forward declaration (bsc#1110006). - x86/mce: Check for alternate indication of machine check recovery on Skylake (bsc#1110006). - x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out() (bsc#1110006). - x86/mce: Fix incorrect 'Machine check from unknown source' message (bsc#1110006). - x86/microcode/intel: Check microcode revision before updating sibling threads (bsc#1110006). - x86/microcode/intel: Fix memleak in save_microcode_patch() (bsc#1110006). - x86/microcode/intel: Look into the patch cache first (bsc#1110006). - x86/microcode/intel: Save microcode patch unconditionally (bsc#1110006). - x86/microcode/intel: Writeback and invalidate caches before updating microcode (bsc#1110006). - x86/microcode: Allow late microcode loading with SMT disabled (bsc#1110006). - x86/microcode: Attempt late loading only when new microcode is present (bsc#1110006). - x86/microcode: Do not exit early from __reload_late() (bsc#1110006). - x86/microcode: Do not upload microcode if CPUs are offline (bsc#1110006). - x86/microcode: Fix CPU synchronization routine (bsc#1110006). - x86/microcode: Get rid of struct apply_microcode_ctx (bsc#1110006). - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date (bsc#1110006). - x86/microcode: Make the late update update_lock a raw lock for RT (bsc#1110006). - x86/microcode: Propagate return value from updating functions (bsc#1110006). - x86/microcode: Request microcode on the BSP (bsc#1110006). - x86/microcode: Synchronize late microcode loading (bsc#1110006). - x86/microcode: Update the new microcode revision unconditionally (bsc#1110006). - x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() (bsc#1110006). - x86/mm/64: Rename the register_page_bootmem_memmap() 'size' parameter to 'nr_pages' (bsc#1110006). - x86/mm/kmmio: Fix mmiotrace for page unaligned addresses (bsc#1110006). - x86/mm/kmmio: Make the tracer robust against L1TF (bsc#1110006). - x86/mm/pat: Make set_memory_np() L1TF safe (bsc#1110006). - x86/mm/pti: Add an overflow check to pti_clone_pmds() (bsc#1110006). - x86/mm/pti: Fix PTI comment in entry_SYSCALL_64() (bsc#1110006). - x86/mm: Define _PAGE_TABLE using _KERNPG_TABLE (bsc#1110006). - x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init (bsc#1110006). - x86/mm: Fix bogus warning during EFI bootup, use boot_cpu_has() instead of this_cpu_has() in build_cr3_noflush() (bsc#1110006). - x86/mm: Relocate page fault error codes to traps.h (bsc#1110006). - x86/mm: Remove in_nmi() warning from vmalloc_fault() (bsc#1110006). - x86/nmi: Fix NMI uaccess race against CR3 switching (bsc#1110006). - x86/numa_emulation: Fix emulated-to-physical node mapping (bsc#1110006). - x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() (bsc#1110006). - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear (bsc#1110006). - x86/paravirt: Fix some warning messages (bnc#1065600). - x86/paravirt: Remove 'noreplace-paravirt' cmdline option (bsc#1110006). - x86/percpu: Fix this_cpu_read() (bsc#1110006). - x86/pgtable: Do not set huge PUD/PMD on non-leaf entries (bsc#1110006). - x86/power: Fix swsusp_arch_resume prototype (bsc#1110006). - x86/pti: Check the return value of pti_user_pagetable_walk_p4d() (bsc#1110006). - x86/pti: Check the return value of pti_user_pagetable_walk_pmd() (bsc#1110006). - x86/retpoline/checksum32: Convert assembler indirect jumps (bsc#1110006). - x86/retpoline/irq32: Convert assembler indirect jumps (bsc#1110006). - x86/smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread (bsc#1110006). - x86/smpboot: Do not use mwait_play_dead() on AMD systems (bsc#1110006). - x86/spectre: Fix spelling mistake: 'vunerable'-> 'vulnerable' (bsc#1110006). - x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32-bit kernels (bsc#1110006). - x86/speculation/l1tf: Exempt zeroed PTEs from inversion (bsc#1110006). - x86/speculation/l1tf: Extend 64bit swap file size limit (bsc#1110006). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bsc#1105536). - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bsc#1110006). - x86/speculation/l1tf: Invert all not present mappings (bsc#1110006). - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (bsc#1110006). - x86/speculation/l1tf: Protect PAE swap entries against L1TF (bsc#1110006). - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (bsc#1110006). - x86/time: Correct the attribute on jiffies' definition (bsc#1110006). - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations (bsc#1110006). - x86/tsc: Add missing header to tsc_msr.c (bsc#1110006). - x86/tsc: Allow TSC calibration without PIT (bsc#1110006). - x86/tsc: Prevent 32bit truncation in calc_hpet_ref() (bsc#1110006). - x86/vdso: Fix asm constraints on vDSO syscall fallbacks (bsc#1110006). - x86/vdso: Fix vDSO syscall fallback asm constraint regression (bsc#1110006). - x86/xen: Delay get_cpu_cap until stack canary is established (bsc#1110006). - x86/xen: Drop 5-level paging support code from the XEN_PV code (bsc#1110006). - x86/xen: Reset VCPU0 info pointer after shared_info remap (bsc#1110006). - x86/xen: do not write ptes directly in 32-bit PV guests (bsc#1110006). - x86: Add check for APIC access address for vmentry of L2 guests (bsc#1110006). - x86: Call fixup_exception() before notify_die() in math_error() (bsc#1110006). - x86: Delay skip of emulated hypercall instruction (bsc#1110006). - x86: PM: Make APM idle driver initialize polling state (bsc#1110006). - x86: i8259: Add missing include file (bsc#1110006). - x86: kvm: avoid unused variable warning (bsc#1110006). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1065600). - xen/PVH: Set up GS segment for stack canary (bsc#1110006). - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() (bnc#1065600). - xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code (bsc#1110006). - xen: Fix {set,clear}_foreign_p2m_mapping on autotranslating guests (bsc#1110006). - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1065600). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: do not fail when converting shortform attr to long form during ATTR_REPLACE (bsc#1105025). - xhci: Add missing CAS workaround for Intel Sunrise Point xHCI (bsc#1051510). - xhci: Do not print a warning when setting link state for disabled ports (bsc#1051510). ----------------------------------------- Patch: SUSE-2018-2550 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Severity: moderate References: 1113554 Description: This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------- Patch: SUSE-2018-2552 Released: Fri Nov 2 12:40:47 2018 Summary: Recommended update for open-iscsi Severity: moderate References: 1088389,1094797,1100349,1106685,1106694,1111608 Description: This update for open-iscsi provides the following fixes: - Fix a core dump which can occur if iscsiuio is started and then immediately stopped. (bsc#1094797) - Avoid netlink buffer corruption when more than one host tries to xmit packet at the same time. (bsc#1100349) - Use libkmod instead of running modprobe (bsc#1106685) - iscsiuio: limit retries of dhpcv6 (bsc#1106694) - Restore space to output of 'iscsiadm -m node'. (bsc#1111608) - Fix session info output if iscsid started up and found stale sessions and add ability to limit reconnect retries. (bsc#1088389) ----------------------------------------- Patch: SUSE-2018-2560 Released: Fri Nov 2 12:51:51 2018 Summary: Recommended update for gtk3 Severity: low References: 1099991 Description: This update for gtk3 provides the following fix: - Fix the usage of Libreoffice under KWin on Wayland. It would remove its own headers as per the manager's request but it would not inform KWin leaving it in a broken state. (bsc#1099991) ----------------------------------------- Patch: SUSE-2018-2569 Released: Fri Nov 2 19:00:18 2018 Summary: Recommended update for pam Severity: moderate References: 1110700 Description: This update for pam fixes the following issues: - Remove limits for nproc from /etc/security/limits.conf (bsc#1110700) ----------------------------------------- Patch: SUSE-2018-2571 Released: Mon Nov 5 11:07:07 2018 Summary: Recommended update for yast2-storage-ng Severity: moderate References: 1073544,1105350,1107298,1112545,1112546 Description: This update for yast2-storage-ng fixes the following issues: - Improve support to reuse a disk as a PV. (bsc#1107298) - Resize and then create new devices. (bsc#1112545) - Warn the user when trying to reuse a non-existent filesystem. - Fix support of old format to specify several software RAIDs. (bsc#1112546) - Proper support for Xen virtual partitions. (bsc#1105350) - Export enable_snapshots element properly. (bsc#1073544) - Allow to format a whole disk and use it as a filesystem. - Add support for partitioned software RAIDs. (fate#326573) - Allow to use a whole disk as a software RAID member. (fate#326573) ----------------------------------------- Patch: SUSE-2018-2573 Released: Mon Nov 5 11:08:24 2018 Summary: Recommended update for fence-agents Severity: moderate References: 1088358,1097803 Description: This update for fence-agents fixes the following issues: - Enable GCE fence agent for all targets. (fate#325539, bsc#1088358) - Enable fence_openstack agent (bsc#1097803) ----------------------------------------- Patch: SUSE-2018-2578 Released: Mon Nov 5 17:55:35 2018 Summary: Security update for curl Severity: moderate References: 1112758,1113660,CVE-2018-16839,CVE-2018-16840,CVE-2018-16842 Description: This update for curl fixes the following issues: - CVE-2018-16839: A SASL password overflow via integer overflow was fixed which could lead to crashes (bsc#1112758) - CVE-2018-16840: A use-after-free in SASL handle close was fixed which could lead to crashes (bsc#1112758) - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660) ----------------------------------------- Patch: SUSE-2018-2591 Released: Tue Nov 6 14:21:25 2018 Summary: Recommended update for cpupower Severity: moderate References: 1103294 Description: This update for cpupower fixes the following issues: - Fix static compilation and sysfs_read_file mess and read bug missing the final '\0' (bsc#1103294) ----------------------------------------- Patch: SUSE-2018-2595 Released: Wed Nov 7 11:14:42 2018 Summary: Security update for systemd Severity: important References: 1089761,1090944,1091677,1093753,1101040,1102908,1105031,1107640,1107941,1109197,1109252,1110445,1112024,1113083,1113632,1113665,1114135,991901,CVE-2018-15686,CVE-2018-15688 Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non security issues fixed: - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don't create Requires for workdir if 'missing ok' (bsc#1113083) - logind: use manager_get_user_by_pid() where appropriate - logind: rework manager_get_{user|session}_by_pid() a bit - login: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024) - core: be more defensive if we can't determine per-connection socket peer (#7329) - core: introduce systemd.early_core_pattern= kernel cmdline option - core: add missing 'continue' statement - core/mount: fstype may be NULL - journald: don't ship systemd-journald-audit.socket (bsc#1109252) - core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445) - mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076) - detect-virt: do not try to read all of /proc/cpuinfo (bsc#1109197) - emergency: make sure console password agents don't interfere with the emergency shell - man: document that 'nofail' also has an effect on ordering - journald: take leading spaces into account in syslog_parse_identifier - journal: do not remove multiple spaces after identifier in syslog message - syslog: fix segfault in syslog_parse_priority() - journal: fix syslog_parse_identifier() - install: drop left-over debug message (#6913) - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool. - Add udev.no-partlabel-links kernel command-line option. This option can be used to disable the generation of the by-partlabel symlinks regardless of the name used. (bsc#1089761) - man: SystemMaxUse= clarification in journald.conf(5). (bsc#1101040) - systemctl: load unit if needed in 'systemctl is-active' (bsc#1102908) - core: don't freeze OnCalendar= timer units when the clock goes back a lot (bsc#1090944) - Enable or disable machines.target according to the presets (bsc#1107941) - cryptsetup: add support for sector-size= option (fate#325697) - nspawn: always use permission mode 555 for /sys (bsc#1107640) - Bugfix for a race condition between daemon-reload and other commands (bsc#1105031) - Fixes an issue where login with root credentials was not possible in init level 5 (bsc#1091677) - Fix an issue where services of type 'notify' harmless DENIED log entries. (bsc#991901) - Does no longer adjust qgroups on existing subvolumes (bsc#1093753) - cryptsetup: add support for sector-size= option (#9936) (fate#325697 bsc#1114135) ----------------------------------------- Patch: SUSE-2018-2597 Released: Wed Nov 7 11:39:11 2018 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1104789,1106180,1112209 Description: This update for openssl-1_1 fixes the following issues: - Obsolete libopenssl-1_0_0-devel by libopenssl-1_1-devel to avoid conflicts when updating from older distributions (bsc#1106180) - Fix infinite loop in DSA generation with incorrect parameters (bsc#1112209) - Fix One&Done side-channel attack on RSA (bsc#1104789) ----------------------------------------- Patch: SUSE-2018-2604 Released: Wed Nov 7 14:14:11 2018 Summary: Recommended update for autoyast2 Severity: moderate References: 1108933 Description: This update for autoyast2 fixes the following issues: - AutoInstallRules: Do a cleanup of the profile being merged with (bsc#1108933). - AutoYaST configuration module: Enable edit action for firewall module (fate#324662). ----------------------------------------- Patch: SUSE-2018-2605 Released: Wed Nov 7 14:14:43 2018 Summary: Recommended update for dracut Severity: moderate References: 1098448,1104090,1104178,1110519 Description: This update for dracut fixes the following issues: - Fix fails booting from Intel DCPMEM by adding nfit module. (bsc#1110519) - Add kernel-syms to list of packages to remove with purge-kernels. (bsc#1104090) - Skip kernels that cannot be removed by purge-kernels due to dependencies and continue removing other kernels. (bsc#1104090) - Fix finding btrfs devices. (bsc#1104178) - Add fix to override ACPI tables via initrd, a kernel config variable changed name. (bsc#1098448) ----------------------------------------- Patch: SUSE-2018-2607 Released: Wed Nov 7 15:42:48 2018 Summary: Optional update for gcc8 Severity: low References: 1084812,1084842,1087550,1094222,1102564 Description: The GNU Compiler GCC 8 is being added to the Development Tools Module by this update. The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15. Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved. The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened: https://gcc.gnu.org/gcc-8/changes.html Also changes needed or common pitfalls when porting software are described on: https://gcc.gnu.org/gcc-8/porting_to.html ----------------------------------------- Patch: SUSE-2018-2609 Released: Wed Nov 7 16:20:10 2018 Summary: Security update for MozillaFirefox Severity: important References: 1112852,CVE-2018-12389,CVE-2018-12390,CVE-2018-12392,CVE-2018-12393,CVE-2018-12395,CVE-2018-12396,CVE-2018-12397 Description: This update for MozillaFirefox fixes the following issues: Security issues fixed: - Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852) - CVE-2018-12392: Crash with nested event loops. - CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript. - CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting. - CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts. - CVE-2018-12397: WebExtension local file access vulnerability. - CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3. - CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3. ----------------------------------------- Patch: SUSE-2018-2613 Released: Thu Nov 8 17:00:10 2018 Summary: Recommended update for shim Severity: low References: 1092000 Description: This update for shim fixes the following issues: - Show a countdown menu before reset. (bsc#1092000) ----------------------------------------- Patch: SUSE-2018-2619 Released: Thu Nov 8 17:56:45 2018 Summary: Security update for openssh Severity: moderate References: 1081947,1091396,1105010,1106163,964336,CVE-2018-15473,CVE-2018-15919 Description: This update for openssh fixes the following issues: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or 'oracle') as a vulnerability. (bsc#1106163) - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) The following non-security issues were fixed: - Stop leaking File descriptors (bsc#964336) - sftp-client.c returns wrong error code upon failure (bsc#1091396) - added pam_keyinit to pam configuration file (bsc#1081947) ----------------------------------------- Patch: SUSE-2018-2620 Released: Thu Nov 8 17:57:34 2018 Summary: Security update for libxkbcommon Severity: low References: 1105832,CVE-2018-15853,CVE-2018-15854,CVE-2018-15855,CVE-2018-15856,CVE-2018-15857,CVE-2018-15858,CVE-2018-15859,CVE-2018-15861,CVE-2018-15862,CVE-2018-15863,CVE-2018-15864 Description: This update for libxkbcommon to version 0.8.2 fixes the following issues: - Fix a few NULL-dereferences, out-of-bounds access and undefined behavior in the XKB text format parser. - CVE-2018-15853: Endless recursion could have been used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation (bsc#1105832). - CVE-2018-15854: Unchecked NULL pointer usage could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly (bsc#1105832). - CVE-2018-15855: Unchecked NULL pointer usage could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled (bsc#1105832). - CVE-2018-15856: An infinite loop when reaching EOL unexpectedly could be used by local attackers to cause a denial of service during parsing of crafted keymap files (bsc#1105832). - CVE-2018-15857: An invalid free in ExprAppendMultiKeysymList could have been used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file (bsc#1105832). - CVE-2018-15858: Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file (bsc#1105832). - CVE-2018-15859: Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled (bsc#1105832). - CVE-2018-15861: Unchecked NULL pointer usage in ExprResolveLhs could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure (bsc#1105832). - CVE-2018-15862: Unchecked NULL pointer usage in LookupModMask could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers (bsc#1105832). - CVE-2018-15863: Unchecked NULL pointer usage in ResolveStateAndPredicate could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression (bsc#1105832). - CVE-2018-15864: Unchecked NULL pointer usage in resolve_keysym could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created (bsc#1105832). ----------------------------------------- Patch: SUSE-2018-2622 Released: Mon Nov 12 08:37:02 2018 Summary: Recommended update for ethtool Severity: moderate References: 1092037 Description: This update for ethtool fixes the following issues: - Fix stack clash for PHY tunables (bsc#1092037) - Sync UAPI header copies with SLE15 kernel ----------------------------------------- Patch: SUSE-2018-2630 Released: Mon Nov 12 16:01:22 2018 Summary: Recommended update for saptune Severity: moderate References: 1053374,1100107 Description: This update for saptune fixes the following issues: - Prevent stopping or disabling uuidd.socket in saptune (bsc#1100107) - Fix a typo in package description. (bsc#1053374) ----------------------------------------- Patch: SUSE-2018-2633 Released: Mon Nov 12 20:36:20 2018 Summary: Recommended update for mlocate Severity: moderate References: 1089594 Description: This update for mlocate fixes the following issues: - Add apparmor profiles for locate and updatedb. (bsc#1089594) ----------------------------------------- Patch: SUSE-2018-2638 Released: Mon Nov 12 20:38:42 2018 Summary: Recommended update for samba Severity: moderate References: 1102230,1111374,1111528 Description: This update provides version 4.7.10 of samba and brings the following fixes and improvements: - Support the new v4 Performance Co-Pilot API. (bsc#1111374) - Deadlock with ctdb_mutex_ceph_rados_helper (bsc#1102230) - Quotas don't work with SMB2. - Build failure when quota support not detected. - vfs_fruit can leave lock records when testing for netatalk share mode locks - causing panic. - vfs_time_audit is failing FSCTL_SRV_REQUEST_RESUME_KEY requests. - g_lock conflict detection broken when processing stale entries. - NTLM authentications using default domain/workgroup stopped working. - vfs_ceph lies about flock support. - Using sendfile = yes with SMB2 can cause CPU spin. - Durable Handle reconnect fails in smbd_smb2_create_durable_lease_check(). - cli_splice() fallback code reads wrong amount on termination case. - LDB 1.4.0 breaks Samba < 4.9. - samba-tool trust: support discovery via netr_GetDcName. - samba-tool domain trust: Fix trust compatibility to Windows Server 1709 and FreeIPA. - conn->vuid is invalid after a SMB session reauth. - Durable Handles reconnect fails in a cluster when the cluster fs uses different device ids. - cli_splice() doesn't correctly return written bytes as it's uninitialized in libsmbclient code. - Threading support in talloc_tos() crashes when enabled. - Incorrect talloc_stackframe handling in python ACL test code (make_simple_acl). - Fail renaming file if that file has open streams. - vfs_fruit: Delete 0 byte size streams if AAPL is enabled. - Creating missing remote databases during recovery can fail. - CTDB_BROADCAST_VNNMAP should not be used. - Fix building Samba with gcc 8.1. - Uncaught exception at ldb_modules/password_hash.c:2241 during new domain provision. - 'net ads keytab add nfs' writes only one enctype with older kerberos libraries. - VFS modules that implement pread/pwrite must also implement pread_send/pwrite_send. - vfs_ceph is missing async fsync implementations. - net ads keytab list fails with (smb_krb5_kt_open failed (Key table name malformed). - s390 and s390 needs to run with 'use mmap = no' by default. ----------------------------------------- Patch: SUSE-2018-2641 Released: Mon Nov 12 20:39:30 2018 Summary: Recommended update for nfsidmap Severity: moderate References: 1098217 Description: This update for nfsidmap fixes the following issues: - Improve support for SAMBA with Active Directory. (bsc#1098217) ----------------------------------------- Patch: SUSE-2018-2653 Released: Tue Nov 13 19:03:01 2018 Summary: Recommended update for firewalld Severity: moderate References: 1106319 Description: This update for firewalld fixes the following issues: - Add upstream patch to fix a python stacktrace when getting the zone for a NetworkManager connection (bsc#1106319) ----------------------------------------- Patch: SUSE-2018-2658 Released: Wed Nov 14 11:43:48 2018 Summary: Recommended update for yast2-packager Severity: moderate References: 1099691,1105758,926841,991090 Description: This update for yast2-packager fixes the following issues: - Do not display a false 'not enough free space' warning popup if the free space is bigger than 8EiB (2^63) (bsc#991090) - Do not display the 'not enough free space' warning for partitions where nothing is going to be installed. (bsc#926841) - Added additional searchkeys to desktop file (fate#321043, bsc#1099691) - Added better license handling for addon products that are added via an automated installation (bsc#1105758) ----------------------------------------- Patch: SUSE-2018-2700 Released: Mon Nov 19 09:43:26 2018 Summary: Recommended update for yast2-network Severity: moderate References: 1095761,1105230,1108852,1111925,1113080 Description: This update for yast2-network fixes the following issues: - Fixes to the networking AutoYaST schema (bsc#1108852) * Added missed s390 device 'layer2' boolean element. - Does no longer crash with internal error when 0.0.0.0 netmask is used in the routing tab (bsc#1105230) - Activate s390 network devices before applying udev naming rules, avoiding 'Invalid key/value pair in /etc/udev/rules.d/70-persistent-net.rules' (bsc#1095761) - Propose wpa_supplicant when configuring wlan (bsc#1111925) - Fix detection of peap mode (bsc#1113080) - Propose most commonly used setup for WPA by default - wicked compatible parsing of NTP servers from dhcp leases (fate#323454) - Fixes to the networking AY schema by adding missed s390 device 'layer2' boolean element (bsc#1108852) - Fix crashing with internal error when 0.0.0.0 netmask is used in the routing tab (bsc#1105230) ----------------------------------------- Patch: SUSE-2018-2720 Released: Tue Nov 20 16:18:54 2018 Summary: Recommended update for openssh Severity: important References: 1115654,1116577,CVE-2018-15919 Description: This update for openssh fixes the following issues: - Revert fix for CVE-2018-15919 which could have caused login problems with GSSAPI authentication (bsc#1115654, bsc#1116577) ----------------------------------------- Patch: SUSE-2018-2728 Released: Thu Nov 22 13:25:55 2018 Summary: Recommended update for autoyast2 and yast2-security Severity: moderate References: 1094822,1112769 Description: This update for autoyast2 and yast2-security fixes the following issue: - Writing security settings in first AY installation stage, So other modules can rely on these settings now. (bsc#1112769) autoyast2 only: - Adapt schema to support the new way of defining a software RAID. (fate#326573) - Removed an old flag in script section that was no longer being used: network_needed (bsc#1094822) ----------------------------------------- Patch: SUSE-2018-2742 Released: Thu Nov 22 13:28:36 2018 Summary: Recommended update for rpcbind Severity: moderate References: 969953 Description: This update for rpcbind fixes the following issues: - Fix tool stack buffer overflow aborting (bsc#969953) ----------------------------------------- Patch: SUSE-2018-2744 Released: Thu Nov 22 14:30:38 2018 Summary: Recommended update for apparmor Severity: moderate References: 1111345 Description: This update for apparmor fixes the following issues: - allow dnsmasq to open logfiles (bsc#1111345) ----------------------------------------- Patch: SUSE-2018-2758 Released: Thu Nov 22 16:23:59 2018 Summary: Security update for openssl-1_1 Severity: moderate References: 1113651,1113652,CVE-2018-0734,CVE-2018-0735 Description: This update for openssl-1_1 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-0735: Fixed timing vulnerability in ECDSA signature generation (bsc#1113651). ----------------------------------------- Patch: SUSE-2018-2763 Released: Thu Nov 22 16:26:44 2018 Summary: Security update for java-1_8_0-ibm Severity: important References: 1116574,CVE-2018-13785,CVE-2018-3136,CVE-2018-3139,CVE-2018-3149,CVE-2018-3169,CVE-2018-3180,CVE-2018-3183,CVE-2018-3214 Description: java-1_8_0-ibm was updated to Java 8.0 Service Refresh 5 Fix Pack 25 (bsc#1116574) * Class Libraries: - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10930 CVE-2018-3183 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK’S CACERTS. - IJ10566 SUPPORT EBCDIC CODE PAGE IBM-274 – BELGIUM EBCDIC * Java Virtual Machine - IJ08730 APPLICATION SIGNAL HANDLER NOT INVOKED FOR SIGABRT - IJ10453 ASSERTION FAILURE AT CLASSPATHITEM.CPP - IJ09574 CLASSLOADER DEFINED THROUGH SYSTEM PROPERTY ‘JAVA.SYSTEM.CLASS.LOADE R’ IS NOT HONORED. - IJ10931 CVE-2018-3169 - IJ10618 GPU SORT: UNSPECIFIED LAUNCH FAILURE - IJ10619 INCORRECT ILLEGALARGUMENTEXCEPTION BECAUSE OBJECT IS NOT AN INSTANCE OF DECLARING CLASS ON REFLECTIVE INVOCATION - IJ10135 JVM HUNG IN GARBAGECOLLECTORMXBEAN.G ETLASTGCINFO() API - IJ10680 RECURRENT ABORTED SCAVENGE * ORB - IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION * Reliability and Serviceability - IJ09600 DTFJ AND JDMPVIEW FAIL TO PARSE WIDE REGISTER VALUES * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10310 ADD NULL CHECKING ON THE ENCRYPTION TYPES LIST TO CREDENTIALS.GETDEFAULTNA TIVECREDS() METHOD - IJ10491 AES/GCM CIPHER – AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER – INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL – INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ‘ARRAY INDEX OUT OF RANGE’ EXCEPTION - IJ08704 THE SECURITY PROPERTY ‘JDK.CERTPATH.DISABLEDAL GORITHMS’ IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS * z/OS Extentions - PH03889 ADD SUPPORT FOR TRY-WITH-RESOURCES TO COM.IBM.JZOS.ENQUEUE - PH03414 ROLLOVER FROM SYE TO SAE FOR ICSF REASON CODE 3059 - PH04008 ZERTJSSE – Z SYSTEMS ENCRYPTION READINESS TOOL (ZERT) NEW SUPPORT IN THE Z/OS JAVA SDK This includes the update to Java 8.0 Service Refresh 5 Fix Pack 22: * Java Virtual Machine - IJ09139 CUDA4J NOT AVAILABLE ON ALL PLATFORMS * JIT Compiler - IJ09089 CRASH DURING COMPILATION IN USEREGISTER ON X86-32 - IJ08655 FLOATING POINT ERROR (SIGFPE) IN ZJ9SYM1 OR ANY VM/JIT MODULE ON AN INSTRUCTION FOLLOWING A VECTOR INSTRUCTION - IJ08850 CRASH IN ARRAYLIST$ITR.NEXT() - IJ09601 JVM CRASHES ON A SIGBUS SIGNAL WHEN ACCESSING A DIRECTBYTEBUFFER * z/OS Extentions - PH02999 JZOS data management classes accept dataset names in code pages supported by z/OS system services - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID Also the update to Java 8.0 Service Refresh 5 Fix Pack 21 * Class Libraries - IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM - IJ08570 JAVA.LANG.UNSATISFIEDLIN KERROR WITH JAVA OPTION -DSUN.JAVA2D.CMM=SUN.JAV A2D.CMM.KCMS.KCMSSERVICE PROVIDER ON AIX PLATFORM * Java Virtual Machine - IJ08001 30% THROUGHPUT DROP FOR CERTAIN SYNCHRONIZATION WORKLOADS - IJ07997 TRACEASSERT IN GARBAGE COLLECTOR(MEMORYSUBSPACE) * JIT Compiler - IJ08503 ASSERTION IS HIT DUE TO UNEXPECTED STACK HEIGHT IN DEBUGGING MODE - IJ08375 CRASH DURING HARDWARE GENERATED GUARDED STORAGE EVENT WITHIN A TRANSACTIONAL EXECUTION REGION WHEN RUNNING WITH -XGC:CONCURRENTS - IJ08205 CRASH WHILE COMPILING - IJ09575 INCORRECT RESULT WHEN USING JAVA.LANG.MATH.MIN OR MAX ON 31-BIT JVM - IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE() ----------------------------------------- Patch: SUSE-2018-2780 Released: Mon Nov 26 17:46:10 2018 Summary: Security update for glib2 Severity: moderate References: 1107116,1107121,1111499,CVE-2018-16428,CVE-2018-16429 Description: This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16428: Do not do a NULL pointer dereference (crash). Avoid that, at the cost of introducing a new translatable error message (bsc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issue fixed: - various GVariant parsing issues have been resolved (bsc#1111499) ----------------------------------------- Patch: SUSE-2018-2792 Released: Tue Nov 27 10:52:31 2018 Summary: Recommended update for autofs Severity: moderate References: 1093436 Description: This update for autofs fixes the following issues: - Fix file descriptor leak (bsc#1093436) ----------------------------------------- Patch: SUSE-2018-2793 Released: Tue Nov 27 13:38:46 2018 Summary: Security update for tiff Severity: moderate References: 1099257,1113094,1113672,CVE-2018-12900,CVE-2018-18557,CVE-2018-18661 Description: This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257). - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672). - CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094). Non-security issues fixed: - asan_build: build ASAN included - debug_build: build more suitable for debugging ----------------------------------------- Patch: SUSE-2018-2797 Released: Tue Nov 27 15:54:44 2018 Summary: Security update for rubygem-loofah Severity: moderate References: 1113969,CVE-2018-16468 Description: This update for rubygem-loofah fixes the following issues: Security issue fixed: - CVE-2018-16468: Fixed XXS by removing the svg animate attribute `from` from the allowlist (bsc#1113969). ----------------------------------------- Patch: SUSE-2018-2801 Released: Wed Nov 28 07:49:05 2018 Summary: Recommended update for firewalld Severity: moderate References: 1108832 Description: This update for firewalld fixes the following issues: - Import SUSE translations (bsc#1108832) ----------------------------------------- Patch: SUSE-2018-2809 Released: Thu Nov 29 00:23:04 2018 Summary: Recommended update for release-notes-sles-for-sap Severity: moderate References: 1096932,1114501 Description: This update for release-notes-sles-for-sap fixes the following issues: - New notes: * Package insserv-compat has been added to SAP Application Server base pattern (fate#325727) * Kernel modules have been removed (fate#326411, bsc#1096932) ----------------------------------------- Patch: SUSE-2018-2825 Released: Mon Dec 3 15:35:02 2018 Summary: Security update for pam Severity: important References: 1115640,CVE-2018-17953 Description: This update for pam fixes the following issue: Security issue fixed: - CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640). ----------------------------------------- Patch: SUSE-2018-2837 Released: Wed Dec 5 09:30:31 2018 Summary: Recommended update for crmsh Severity: moderate References: 1052088,1106946,1109974,1109975,1110463,1111579,1112593 Description: This update for crmsh fixes the following issues: - cibconfig: Normalize - to _ in param names (bsc#1111579) - ra: Handle obsoletes attribute (bsc#1111579) - ui_cluster: restart cluster is added (bsc#1052088) - Auto-commit enabling/disabling maintenance mode for a whole cluster (bsc#1112593) - bootstrap: Skip netmask check on GCP (bsc#1106946) - utils: Detect local IP on GCP (bsc#1106946) - bootstrap: Correctly check rrp_mode flag (bsc#1110463) - bootstrap: Pick first match for multiple routes (bsc#1106946) - utils: Use cloud metadata service to discover IP (bsc#1106946) - bootstrap: change default ip address way for both mcast and unicat(bsc#1109975,bsc#1109974) ----------------------------------------- Patch: SUSE-2018-2838 Released: Wed Dec 5 09:31:01 2018 Summary: Recommended update for dracut Severity: moderate References: 1055834,1090884 Description: This update for dracut fixes the following issues: - 98dracut-systemd: Start systemd-vconsole-setup before dracut-cmdline-ask (bsc#1055834) - Mark the DASD udev rules host-only and handle backslashes in paths for hostonly files (bsc#1090884) ----------------------------------------- Patch: SUSE-2018-2852 Released: Wed Dec 5 17:22:30 2018 Summary: Recommended update for multipath-tools Severity: important References: 1075539,1093220,1098177,1098458,1099007,1099008,1099026,1099036,1099484,1108728,1108875,1110352,1110354,1110355,1110418,1110586 Description: This update for multipath-tools provides the following fixes: - multipath-tools/tests: Add tests for get_unaligned_beXX. (bsc#1099036) - multipath: Print sysfs state in fast list mode. (bsc#1110354) - multipathd: Use nanosleep for strict timing. (bsc#1110418) - multipathd: Try SCSI persistent reservations for SCSI only. (bsc#1108875) - multipathd: Release uxsocket and resource when cancel thread. (bsc#1110355) - multipathd: Register threads that use rcu calls. (bsc#1110418) - multipath: Don't start multipathd unnecessarily. (bsc#1098177) - multipathd: Minor upstream bug fixes. (bsc#1110418) - multipathd: Function return value tweaks. (bsc#1110418) - multipathd: Fix reservation_key check. (bsc#1099008) - multipathd: Fix memory leak on error in configure. (bsc#1110418) - multipathd: Decrease the log level of uevent messages. (bsc#1110586) - libmultipath: Set dm_conf_verbosity. (bsc#1110418) - libmultipath: Print correct default for delay_*_checks. (bsc#1110418, bsc#1099026) - libmultipath/get_uid: Don't quit prematurely without udev. (bsc#1108728) - libmultipath: get_uid: Check VPD pages for SCSI only. (bsc#1108728) - libmultipath: Fix sgio_get_vpd(). (bsc#1099484) - libmultipath: Fix null dereference int alloc_path_group. (bsc#1110418) - libmultipath: Fix memory leak in process_config_dir(). (bsc#1110352) - libmultipath: Fix log_pthread processing. (bsc#1110418) - libmultipath: Fix length issues in get_vpd_sgio. (bsc#1110418) - libmultipath: Fix gcc 8.1 'truncated output' warnings. (bsc#1099007) - libmultipath: Fix basenamecpy. (bsc#1110418) - libmultipath: Don't use malformed uevents. (bsc#1110418) - libmultipath: Avoid error messages from RDAC check. (bsc#1075539) - libmultipath: Allow sysfs_pathinfo to return SKIPPED. (bsc#1098458) - libmultipath: Add (get|put)_unaligned_be64. (bsc#1099036) - libmultipath: pathinfo: Skip hidden devices. (bsc#1110586) - libmpathpersist: Use O_RDONLY file descriptors. (bsc#1093220) - libmpathpersist: Remove duplicate test in readfullstatus. (bsc#1099007) - libmpathpersist: Fix typo in mpath_format_readfullstatus. (bsc#1099007) - libmpathpersist: Fix stack overflow in mpath_format_readfullstatus(). (bsc#1099007) - libmpathpersist: Fix byte swapping for big endian systems. (bsc#1099036) - libmpathpersist: Decrease log level of various messages. (bsc#1099007) - libmpathpersist: Fix an off-by-one error in PRIN length check. (bsc#1099007) - Introduce the ibmultipath/unaligned.h header file. (bsc#1099036) ----------------------------------------- Patch: SUSE-2018-2855 Released: Wed Dec 5 18:47:57 2018 Summary: Recommended update for Mesa Severity: low References: 1113211 Description: This update for Mesa fixes the following issues: - Disallow rgb10 configs for chromium with radeonsi to prevent broken colors in video. (bsc#1113211) ----------------------------------------- Patch: SUSE-2018-2857 Released: Thu Dec 6 09:40:03 2018 Summary: Security update for rubygem-activejob-5_1 Severity: low References: 1117632,CVE-2018-16476 Description: This update for rubygem-activejob-5_1 fixes the following issues: Security issue fixed: - CVE-2018-16476: Fixed broken access control vulnerability (bsc#1117632). ----------------------------------------- Patch: SUSE-2018-2860 Released: Thu Dec 6 14:06:58 2018 Summary: Recommended update for open-iscsi Severity: moderate References: 1102589,1107753 Description: This update for open-iscsi fixes the following issues: - iscsiuio: Do not flush tx queue on each uio interrupt. This makes ping to such NICs work better (bsc#1102589) - Not allow multiple sessions just because they were started in parallel (bsc#1107753) ----------------------------------------- Patch: SUSE-2018-2861 Released: Thu Dec 6 14:32:01 2018 Summary: Security update for ncurses Severity: important References: 1103320,1115929,CVE-2018-19211 Description: This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Non-security issue fixed: - Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320). ----------------------------------------- Patch: SUSE-2018-2862 Released: Thu Dec 6 14:33:19 2018 Summary: Security update for openssl-1_0_0 Severity: moderate References: 1100078,1112209,1113534,1113652,1113742,CVE-2018-0734,CVE-2018-5407 Description: This update for openssl-1_0_0 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Added elliptic curve scalar multiplication timing attack defenses that fixes 'PortSmash' (bsc#1113534). Non-security issues fixed: - Added missing timing side channel patch for DSA signature generation (bsc#1113742). - Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078). - Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209) ----------------------------------------- Patch: SUSE-2018-2864 Released: Fri Dec 7 10:21:20 2018 Summary: Security update for tiff Severity: moderate References: 1017693,1054594,1115717,990460,CVE-2016-10092,CVE-2016-10093,CVE-2016-10094,CVE-2016-6223,CVE-2017-12944,CVE-2018-19210 Description: This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-19210: Fixed NULL pointer dereference in the TIFFWriteDirectorySec function (bsc#1115717). - CVE-2017-12944: Fixed denial of service issue in the TIFFReadDirEntryArray function (bsc#1054594). - CVE-2016-10094: Fixed heap-based buffer overflow in the _tiffWriteProc function (bsc#1017693). - CVE-2016-10093: Fixed heap-based buffer overflow in the _TIFFmemcpy function (bsc#1017693). - CVE-2016-10092: Fixed heap-based buffer overflow in the TIFFReverseBits function (bsc#1017693). - CVE-2016-6223: Fixed out-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() (bsc#990460). ----------------------------------------- Patch: SUSE-2018-2882 Released: Mon Dec 10 08:07:44 2018 Summary: Security update for cups Severity: important References: 1115750,CVE-2018-4700 Description: This update for cups fixes the following issues: Security issue fixed: - CVE-2018-4700: Fixed extremely predictable cookie generation that is effectively breaking the CSRF protection of the CUPS web interface (bsc#1115750). ----------------------------------------- Patch: SUSE-2018-2888 Released: Mon Dec 10 15:57:46 2018 Summary: Security update for samba Severity: moderate References: 1068059,1087303,1087931,1101499,1102230,1116319,1116320,1116322,1116324,CVE-2018-14629,CVE-2018-16841,CVE-2018-16851,CVE-2018-16853 Description: This update for samba fixes the following issues: Update to samba version 4.7.11. Security issues fixed: - CVE-2018-14629: Fixed CNAME loops in Samba AD DC DNS server (bsc#1116319). - CVE-2018-16841: Fixed segfault on PKINIT when mis-matching principal (bsc#1116320). - CVE-2018-16851: Fixed NULL pointer de-reference in Samba AD DC LDAP server (bsc#1116322). - CVE-2018-16853: Mark MIT support for the AD DC experimental (bsc#1116324). Non-security issues fixed: - Fixed do not take over stderr when there is no log file (bsc#1101499). - Fixed ctdb_mutex_ceph_rados_helper deadlock; (bsc#1102230). - Fixed ntlm authentications with 'winbind use default domain = yes'; (bsc#1068059). - Fixed idmap_rid to have primary group other than 'Domain Users'; (bsc#1087931). - Fixed windows domain with one way trust that was not working (bsc#1087303). ----------------------------------------- Patch: SUSE-2018-2903 Released: Tue Dec 11 21:47:23 2018 Summary: Recommended update for yast2-installation Severity: moderate References: 1098571,1105758,1112769 Description: This update for yast2-installation provides the following fixes: - Writing security settings in first AY installation stage, So other modules can rely on these settings now. (bsc#1112769) - Updated document for add_on_products.xml: Added tag 'confirm_license' to handle Add-On-products licenses which will be added while installation. (bsc#1105758) - Dialog complex_welcome: Translate the help button if the language has been changed. (bsc#1098571) - Remember the selected role. (fate#325834) ----------------------------------------- Patch: SUSE-2018-2904 Released: Tue Dec 11 21:47:31 2018 Summary: Recommended update for yast2-packager Severity: moderate References: 1116226 Description: This update for yast2-packager fixes the following issues: - sw_single_wrapper: fixed invalid variable reset causing a possible command injection vulnerability via environment variable (bsc#1116226) ----------------------------------------- Patch: SUSE-2018-2921 Released: Wed Dec 12 19:09:37 2018 Summary: Recommended update for wicked Severity: moderate References: 1026807,1084527,1085786,1095818,1102871,1107579,1109147,972463 Description: This update for wicked fixes the following issues: - wickedd: fix netdev detection bootstrap race (bsc#1107579) - wireless: fix eap peap auth mapping for wpa-supplicant (bsc#1026807) - firewall: do not assign default zone, but pass as is (bsc#1109147) - nanny: fix memory leaks on fast create-delete calls (bsc#1095818) - extensions: do not use /etc/HOSTNAME artifact (bsc#972463) - ethtool: add missing pause support (bsc#1102871) - man: improved create-cid docs in wicked-config(5) (bsc#1084527) - ethtool: streamline options available on all devices (bsc#1085786) - and several other minor bug fixes - wickedd: fix netdev detection bootstrap race (bsc#1107579) - compat: fix ifcfg parsing crash if network/config is missed ----------------------------------------- Patch: SUSE-2018-2922 Released: Wed Dec 12 19:09:45 2018 Summary: Recommended update for suse-module-tools Severity: moderate References: 1036463,1105495,1111183,1111300 Description: This update for suse-module-tools fixes the following issues: - Use /etc/modules-load.d/sg.conf for sg driver autoloading (bsc#1036463) - modsign-verify: support for parsing PKCS#7 signatures (bsc#1111300, bsc#1105495) - Fix logic for unsupported modules by allowing only if kernel-default-extra from SLE-WE module is installed (bsc#1111183) - Add udev rule 81-sg.rules to make sure the sg module is always loaded (bsc#1036463) - Use path dependency that is not parsed by obs to ensure we are not pulling systemd everywhere - Grep os-release and not deprecated SuSE-release ----------------------------------------- Patch: SUSE-2018-2924 Released: Wed Dec 12 19:10:11 2018 Summary: Recommended update for plymouth Severity: moderate References: 1110199 Description: This update for plymouth provides the following fixes: - Make sure plymouthd stops throbber animation at the first opportunity after receiving quit command, instead of looping multiple times. (bsc#1110199) - drm: Use preferred mode for outputs. - drm: Refactor ply_renderer_connector_get_rotation. - drm: Reset LUT/gamma table before the first drmModeSetCrtc call. - libply: Move kernel command line parsing functions to libply/ply-utils. - throbber: Don't skip last frame when waiting for end. - systemd-units: Add 'ConditionVirtualization=!container' in systemd-ask-password-plymouth.path. ----------------------------------------- Patch: SUSE-2018-2926 Released: Thu Dec 13 11:24:58 2018 Summary: Recommended update for java-1_8_0-ibm Severity: important References: 1119213 Description: This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 5 Fix Pack 26 [bsc#1119213] * Fixes several crashes that could have caused problems with SUSE Manager installations ----------------------------------------- Patch: SUSE-2018-2938 Released: Fri Dec 14 13:59:41 2018 Summary: Recommended update for yast2-storage-ng Severity: moderate References: 1115508 Description: This update for yast2-storage-ng fixes the following issues: - SkipListValue.size_k returns the correct value. (bsc#1115508) ----------------------------------------- Patch: SUSE-2018-2945 Released: Fri Dec 14 16:43:57 2018 Summary: Security update for tcpdump Severity: moderate References: 1117267,CVE-2018-19519 Description: This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2018-19519: Fixed a stack-based buffer over-read in the print_prefix function (bsc#1117267) ----------------------------------------- Patch: SUSE-2018-2961 Released: Mon Dec 17 19:51:40 2018 Summary: Recommended update for psmisc Severity: moderate References: 1098697,1112780 Description: This update for psmisc provides the following fix: - Make the fuser option -m work even with mountinfo. (bsc#1098697) - Support also btrFS entries in mountinfo, that is use stat(2) to determine the device of the mounted subvolume (bsc#1098697, bsc#1112780) ----------------------------------------- Patch: SUSE-2018-2962 Released: Mon Dec 17 19:51:53 2018 Summary: Recommended update for dracut Severity: moderate References: 1053248,937555 Description: This update for dracut provides the following fix: - emergency mode: Bring shell and all vital information to all ttys specified as console devices. (fate#325386, bsc#1053248, bsc#937555) ----------------------------------------- Patch: SUSE-2018-2966 Released: Mon Dec 17 19:52:40 2018 Summary: Recommended update for libgcrypt Severity: moderate References: 1117355 Description: This update for libgcrypt fixes the following issues: - Fail selftests when checksum file is missing in FIPS mode only (bsc#1117355) ----------------------------------------- Patch: SUSE-2018-2972 Released: Mon Dec 17 19:54:05 2018 Summary: Recommended update for perl-Bootloader Severity: low References: 1079321,1108777,994322 Description: This update for perl-Bootloader fixes the following issues: - Create temporary files in /tmp (bsc#1108777) - Work without /etc/default/grub_installdevice (bsc#1079321, bsc#994322) ----------------------------------------- Patch: SUSE-2018-2978 Released: Tue Dec 18 16:33:23 2018 Summary: Recommended update for suse-module-tools Severity: important References: 1116665,1119371 Description: This update for suse-module-tools fixes the following issues: - Move 'weak-modules' script to -legacy subpackage to avoid dependency on binutils (bsc#1116665, bsc#1119371) - Require mkinitrd (provided also by dracut) directly instead of file requires. This is fixing image build failures ----------------------------------------- Patch: SUSE-2018-2984 Released: Wed Dec 19 11:32:39 2018 Summary: Security update for perl Severity: moderate References: 1114674,1114675,1114681,1114686,CVE-2018-18311,CVE-2018-18312,CVE-2018-18313,CVE-2018-18314 Description: This update for perl fixes the following issues: Secuirty issues fixed: - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). - CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun (bsc#1114675). - CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0 chars (bsc#1114681). - CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686). ----------------------------------------- Patch: SUSE-2018-2986 Released: Wed Dec 19 13:53:22 2018 Summary: Security update for libnettle Severity: moderate References: 1118086,CVE-2018-16869 Description: This update for libnettle fixes the following issues: Security issues fixed: - CVE-2018-16869: Fixed a leaky data conversion exposing a manager oracle (bsc#1118086) ----------------------------------------- Patch: SUSE-2018-3036 Released: Fri Dec 21 17:36:09 2018 Summary: Recommended update for polkit-default-privs Severity: moderate References: 1083066,1088648,1118117 Description: This update for polkit-default-privs fixes the following issues: - Backport relaxed polkit rules regarding blueman settings and locally logged-in users should be able to run blueman without any password entry (bsc#1083066) - Backport of tuned polkit rules extensions for SLE-15-SP1 (bsc#1088648, bsc#1118117) ----------------------------------------- Patch: SUSE-2018-3041 Released: Fri Dec 21 17:37:08 2018 Summary: Recommended update for grub2 Severity: moderate References: 1110073 Description: This update for grub2 fixes the following issues: - Support NVDIMM device names (bsc#1110073) ----------------------------------------- Patch: SUSE-2018-3044 Released: Fri Dec 21 18:47:21 2018 Summary: Security update for MozillaFirefox, mozilla-nspr and mozilla-nss Severity: important References: 1097410,1106873,1119069,1119105,CVE-2018-0495,CVE-2018-12384,CVE-2018-12404,CVE-2018-12405,CVE-2018-17466,CVE-2018-18492,CVE-2018-18493,CVE-2018-18494,CVE-2018-18498 Description: This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20 (bsc#1119105) ----------------------------------------- Patch: SUSE-2018-3058 Released: Fri Dec 28 17:47:09 2018 Summary: Recommended update for nfs-utils Severity: moderate References: 1109792,1116221 Description: This update for nfs-utils fixes the following issues: - Fixes for systemd integration between systemd and rpc-statd or any of its dependencies (bsc#1116221) - Allow rpc.statd to survive 'systemctl isolate ...' (bsc#1116221) - Remove README.NFSv4 as outdated and unhelpful (bsc#1109792) ----------------------------------------- Patch: SUSE-2018-3066 Released: Fri Dec 28 18:39:32 2018 Summary: Security update for wireshark Severity: moderate References: 1117740,CVE-2018-19622,CVE-2018-19623,CVE-2018-19624,CVE-2018-19625,CVE-2018-19626,CVE-2018-19627 Description: This update for wireshark fixes the following issues: Update to Wireshark 2.4.11 (bsc#1117740). Security issues fixed: - CVE-2018-19625: The Wireshark dissection engine could crash (wnpa-sec-2018-51) - CVE-2018-19626: The DCOM dissector could crash (wnpa-sec-2018-52) - CVE-2018-19623: The LBMPDM dissector could crash (wnpa-sec-2018-53) - CVE-2018-19622: The MMSE dissector could go into an infinite loop (wnpa-sec-2018-54) - CVE-2018-19627: The IxVeriWave file parser could crash (wnpa-sec-2018-55) - CVE-2018-19624: The PVFS dissector could crash (wnpa-sec-2018-56) Further bug fixes and updated protocol support as listed in: - https://www.wireshark.org/docs/relnotes/wireshark-2.4.11.html ----------------------------------------- Patch: SUSE-2019-6 Released: Wed Jan 2 20:25:25 2019 Summary: Recommended update for gcc7 Severity: moderate References: 1099119,1099192 Description: GCC 7 was updated to the GCC 7.4 release. - Fix AVR configuration to not use __cxa_atexit or libstdc++ headers. Point to /usr/avr/sys-root/include as system header include directory. - Includes fix for build with ISL 0.20. - Pulls fix for libcpp lexing bug on ppc64le manifesting during build with gcc8. [bsc#1099119] - Pulls fix for forcing compile-time tuning even when building with -march=z13 on s390x. [bsc#1099192] - Fixes support for 32bit ASAN with glibc 2.27+ ----------------------------------------- Patch: SUSE-2019-13 Released: Wed Jan 2 20:27:37 2019 Summary: Recommended update for yast2-network Severity: moderate References: 1039307 Description: This update for yast2-network fixes the following issues: - YaST can now obtain NTP-Servers through DHCP (fate#323454, bsc#1039307) ----------------------------------------- Patch: SUSE-2019-14 Released: Wed Jan 2 20:27:46 2019 Summary: Recommended update for yast2-registration Severity: moderate References: 1060151,1091825 Description: This update for yast2-registration fixes the following issues: - Fixes an issue when the base product registration code is being used for extensions (bsc#1091825) - Improved error messages (bsc#1060151) ----------------------------------------- Patch: SUSE-2019-15 Released: Thu Jan 3 11:28:11 2019 Summary: Security update for polkit Severity: moderate References: 1118277,CVE-2018-19788 Description: This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-19788: Fixed handling of UIDs over MAX_UINT (bsc#1118277) ----------------------------------------- Patch: SUSE-2019-23 Released: Mon Jan 7 16:30:33 2019 Summary: Security update for gpg2 Severity: moderate References: 1120346,CVE-2018-1000858 Description: This update for gpg2 fixes the following issue: Security issue fixed: - CVE-2018-1000858: Fixed a Cross Site Request Forgery(CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF (bsc#1120346). ----------------------------------------- Patch: SUSE-2019-44 Released: Tue Jan 8 13:07:32 2019 Summary: Recommended update for acl Severity: low References: 953659 Description: This update for acl fixes the following issues: - test: Add helper library to fake passwd/group files. - quote: Escape literal backslashes. (bsc#953659) ----------------------------------------- Patch: SUSE-2019-56 Released: Thu Jan 10 15:04:46 2019 Summary: Recommended update for apparmor Severity: moderate References: 1111345 Description: This update for apparmor fixes the following issues: - Update the last dnsmasq fix for logfiles when running under apparmor (bsc#1111345) ----------------------------------------- Patch: SUSE-2019-62 Released: Thu Jan 10 20:30:58 2019 Summary: Recommended update for xfsprogs Severity: moderate References: 1119063 Description: This update for xfsprogs fixes the following issues: - Fix root inode's parent when it's bogus for sf directory (xfs repair). (bsc#1119063) ----------------------------------------- Patch: SUSE-2019-66 Released: Thu Jan 10 20:31:57 2019 Summary: Recommended update for kernel-firmware Severity: moderate References: 1101818 Description: This update for kernel-firmware provides the following improvements: - Changes in version 20181026 (fate#326045, fate#325856, fate#326294): * qed: Add 8.37.7.0 firmware image. * amdgpu: Add raven dmcu firmware. * amdgpu: Update raven firmware to 18.40. * amdgpu: Update fiji firmware to 18.40. * amdgpu: Update tonga firmware to 18.40. * amdgpu: Update carrizo firmware to 18.40. * amdgpu: Update polaris10 firmware to 18.40. * amdgpu: Update vega10 firmware to 18.40. * linux-firmware: Add firmware for mt7650e. * linux-firmware: Add MC firmware for NXP DPAA2 SoCs. * linux-firmware: Liquidio: Fix GPL compliance issue. * linux-firmware: Update firmware file for Intel Bluetooth,8265. * linux-firmware: Update firmware patch for Intel Bluetooth 8260. * linux-firmware: Update firmware file for Intel Bluetooth,9260. * linux-firmware: Update firmware file for Intel Bluetooth,9560. * linux-firmware: Add firmware for mt7610e. * Update Intel OPA hfi1 firmware. * ath10k: QCA9984 hw1.0: Update board-2.bin. * ath10k: QCA9984 hw1.0: Update firmware-5.bin to 10.4-3.6.0.1-00003. * ath10k: QCA988X hw2.0: Update firmware-5.bin to 10.2.4-1.0-00041. * ath10k: QCA9888 hw2.0: Update board-2.bin. * ath10k: QCA9888 hw2.0: Update firmware-5.bin to 10.4-3.6-00140. * ath10k: QCA9887 hw1.0: Update firmware-5.bin to 10.2.4-1.0-00041. * ath10k: QCA9377 hw1.0: Add firmware-6.bin to WLAN.TF.2.1-00021-QCARMSWP-1. * ath10k: QCA6174 hw3.0: Update firmware-6.bin to RM.4.4.1.c2-00057-QCARMSWP-1. * ath10k: QCA4019 hw1.0: Update board-2.bin. * ath10k: QCA4019 hw1.0: Update firmware-5.bin to 10.4-3.6-00140. * nfp: Add Agilio BPF firmware rev 2.0.6.124. * rtw88: Add firmware file for driver rtw88. * nfp: Update Agilio SmartNIC flower firmware to rev AOTC-2.9.A.37. * iwlwifi: Add -41.ucode firmwares for 9000 series. * iwlwifi: Update firmwares for 9000 series. * iwlwifi: Update firmwares for 7000, 8000 and 9000 series. * nfp: Update Agilio SmartNIC firmware to rev 2.1.13. - Changes in version 20181001 (fate#326291,fate#326079): * ti-connectivity: Add firmware for CC2560(A) Bluetooth. * linux-firmware: mediatek: Add firmware for mt7668u Bluetooth. * nvidia: Add GV100 signed firmware. * firmware/icl/dmc: Add v1.07 of DMC for Icelake. * linux-firmware: Add Marvell SD8997 firmware image. * qca: Update BT firmware files for QCA ROME chip. - Changes in version 20180913: * brcm: Update firmware for bcm43362 sdio. * Mellanox: Add new mlxsw_spectrum firmware 13.1703.4. * rtl_bt: Add firmware and configuration files for the Bluetooth part of RTL8822CU. * nvidia: Switch GP10[2467] to newer scrubber/ACR firmware (from GP108). - Changes in version 20180825: * amdgpu: Sync up polaris10 firmware with 18.30 release. * amdgpu: Sync up vega10 firmware with 18.30 release. * amdgpu: Sync up raven firmware with 18.30 release. * amdgpu: Sync up polaris12 firmware with 18.30 release. * amdgpu: Sync up tonga firmware with 18.30 release. * amdgpu: Sync up polaris11 firmware with 18.30 release. * amdgpu: Sync up fiji firmware with 18.30 release. * linux-firmware: Add firmware for mhdp8546. * qed: Add firmware 8.37.7.0. - Changes in version 20180814: * linux-firmware: Update firmware patch for Intel Bluetooth 7265 (D1). * linux-firmware: Update firmware file for Intel Bluetooth,9560. * linux-firmware: Update firmware file for Intel Bluetooth,9260. * linux-firmware: Update firmware file for Intel Bluetooth,8265. * linux-firmware: Update firmware patch for Intel Bluetooth 8260. * linux-firmware: Add firmware for mt76x0. * qcom: Update venus firmware files for v5.2. * nfp: Update Agilio SmartNIC flower firmware to rev AOTC-2.9.A.31. - Changes in version 20180730: * linux-firmware: Add firmware for mt76x2u. * wl18xx: Update firmware file 8.9.0.0.79. * Mellanox: Add new mlxsw_spectrum firmware 13.1702.6. * WHENCE: Remove reference to amdgpu/vegam_me_2.bin. * linux-firmware: mediatek: Add MT7622 Bluetooth firmwares and license file. * brcm: Add 43430 based AP6212 and 1DX NVRAM. * linux-firmware: Update Marvell USB8801 B0 firmware image. - Changes in version 20180717: * amdgpu: Update copyright date. * amdgpu: Add initial VegaM firmware. * amdgpu: Sync up vega10 firmware with 18.20 release. * amdgpu: Sync up raven firmware with 18.20 release. * amdgpu: Sync up polaris12 firmware with 18.20 release. * amdgpu: Sync up polaris11 firmware with 18.20 release. * amdgpu: Sync up polaris10 firmware with 18.20 release. * amdgpu: Sync up verde firmware with 18.20 release. * amdgpu: Sync up pitcairn firmware with 18.20 release. * amdgpu: Sync up tahiti firmware with 18.20 release. * amdgpu: Sync up oland firmware with 18.20 release. * amdgpu: Sync up hainan firmware with 18.20 release. * amdgpu: Sync up kaveri firmware with 18.20 release. * amdgpu: Sync up mullins firmware with 18.20 release. * amdgpu: Sync up kabini firmware with 18.20 release. * amdgpu: Sync up hawaii firmware with 18.20 release. * amdgpu: Sync up bonaire firmware with 18.20 release. * WHENCE: Fix typo Version. * cxgb4: Update firmware to revision 1.20.8.0. - Changes in version 20180606: * brcm: Update firmware for bcm4356 pcie. * brcm: Update firmware for bcm4354 sdio. * brcm: Update firmware for bcm43362 sdio. * brcm: Update firmware for bcm43340 sdio. * brcm: Update firmware for bcm43430 sdio. * Update Cypress license termination clause. * amdgpu: Update vega10 VCE firmware to version 55.3. * linux-firmware: Update firmware patch for Intel Bluetooth 7265 (D0). * linux-firmware: Update firmware patch for Intel Bluetooth 7265 (D1). * qcom: Add venus firmware files for v5.2. * linux-firmware: liquidio: Update vswitch firmware to v1.7.2. - Remove unnecessary python dependency. (bsc#1101818) ----------------------------------------- Patch: SUSE-2019-75 Released: Fri Jan 11 13:29:22 2019 Summary: Recommended update for azure-li-services, python-Cerberus Severity: moderate References: 1103542,1119702 Description: This update for azure-li-services, python-Cerberus fixes the following issues: azure-li-services and its dependency python-Cerberus were added to the Public Cloud Module. (fate#326575 bsc#1103542) 'azure-li-services' is a package providing services to setup a system suitable to run SAP workloads on it. ----------------------------------------- Patch: SUSE-2019-82 Released: Fri Jan 11 17:16:48 2019 Summary: Recommended update for suse-build-key Severity: moderate References: 1044232 Description: This update for suse-build-key fixes the following issues: - Include the SUSE PTF GPG key in the key directory to avoid it being stripped via %doc stripping in CAASP. (bsc#1044232) ----------------------------------------- Patch: SUSE-2019-83 Released: Fri Jan 11 17:17:00 2019 Summary: Recommended update for yast2-storage-ng Severity: moderate References: 1059972 Description: This update for yast2-storage-ng provides the following fix: - partitioner: Do not allow to create BTRFS subvolumes with unsafe characters in the path. (bsc#1059972) ----------------------------------------- Patch: SUSE-2019-91 Released: Tue Jan 15 14:14:43 2019 Summary: Recommended update for mozilla-nss Severity: moderate References: 1090767,1121045,1121207 Description: This update for mozilla-nss fixes the following issues: - The hmac packages used in FIPS certification inadvertently removed in last update: re-added. (bsc#1121207) - Added 'Suggest:' for libfreebl3 and libsoftokn3 respective -hmac packages to avoid dependency issues during updates (bsc#1090767, bsc#1121045) ----------------------------------------- Patch: SUSE-2019-93 Released: Tue Jan 15 14:48:33 2019 Summary: Security update for wget Severity: important References: 1120382,CVE-2018-20483 Description: This update for wget fixes the following issues: Security issue fixed: - CVE-2018-20483: Fixed an information disclosure through file metadata (bsc#1120382) ----------------------------------------- Patch: SUSE-2019-94 Released: Tue Jan 15 14:49:04 2019 Summary: Security update for krb5 Severity: important References: 1120489,CVE-2018-20217 Description: This update for krb5 fixes the following issues: Security issue fixed: - CVE-2018-20217: Fixed an assertion issue with older encryption types (bsc#1120489) ----------------------------------------- Patch: SUSE-2019-98 Released: Tue Jan 15 18:01:49 2019 Summary: Recommended update for yast2-users Severity: moderate References: 1118617 Description: This update for yast2-users provides the following fixes: - Allow the root user to use a public key for authentication. (fate#324690) - Improve public key selector help. (fate#324690) - Add public keys handling support in an installed system. (fate#324690) - Improve the label for importing public SSH keys to clearly state it is about SSH. (bsc#1118617) ----------------------------------------- Patch: SUSE-2019-102 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Severity: moderate References: 1120402 Description: This update for timezone fixes the following issues: - Update 2018i: São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------- Patch: SUSE-2019-104 Released: Tue Jan 15 18:03:13 2019 Summary: Recommended update for chrony Severity: moderate References: 1117147 Description: This update for chrony fixes the following issues: - Generate chronyd sysconfig file. (bsc#1117147) ----------------------------------------- Patch: SUSE-2019-122 Released: Fri Jan 18 12:35:45 2019 Summary: Recommended update for libstorage-ng Severity: moderate References: 1059972 Description: This update for libstorage-ng provides the following fixes: - Avoid thread unsafe strerror function. - Create crypttab, lock and log with proper permissions. (bsc#1059972) - Add missing quoting. (bsc#1059972) - Fix some audit issues. - Use exceptions to handle errors. ----------------------------------------- Patch: SUSE-2019-123 Released: Fri Jan 18 12:35:57 2019 Summary: Recommended update for yast2-bootloader Severity: moderate References: 1111236 Description: This update for yast2-bootloader fixes the following issues: - Do not crash if an unknown device is found in a cloned configuration. (bsc#1111236) ----------------------------------------- Patch: SUSE-2019-126 Released: Fri Jan 18 14:19:47 2019 Summary: Security update for openssh Severity: important References: 1121571,1121816,1121818,1121821,CVE-2018-20685,CVE-2019-6109,CVE-2019-6110,CVE-2019-6111 Description: This update for openssh fixes the following issues: Security issues fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816) - CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818) - CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821) ----------------------------------------- Patch: SUSE-2019-130 Released: Fri Jan 18 16:30:56 2019 Summary: Security update for wireshark Severity: moderate References: 1121232,1121233,1121234,1121235,CVE-2019-5717,CVE-2019-5718,CVE-2019-5719,CVE-2019-5721 Description: This update for wireshark to version 2.4.12 fixes the following issues: Security issues fixed: - CVE-2019-5717: Fixed a denial of service in the P_MUL dissector (bsc#1121232) - CVE-2019-5718: Fixed a denial of service in the RTSE dissector and other dissectors (bsc#1121233) - CVE-2019-5719: Fixed a denial of service in the ISAKMP dissector (bsc#1121234) - CVE-2019-5721: Fixed a denial of service in the ISAKMP dissector (bsc#1121235) ----------------------------------------- Patch: SUSE-2019-137 Released: Mon Jan 21 15:52:45 2019 Summary: Security update for systemd Severity: important References: 1005023,1045723,1076696,1080919,1093753,1101591,1111498,1114933,1117063,1119971,1120323,CVE-2018-16864,CVE-2018-16865,CVE-2018-16866,CVE-2018-6954 Description: This update for systemd provides the following fixes: Security issues fixed: - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323) - CVE-2018-16866: Fixed an information leak in journald (bsc#1120323) - CVE-2018-6954: Fix mishandling of symlinks present in non-terminal path components (bsc#1080919) - Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971) Non-security issues fixed: - pam_systemd: Fix 'Cannot create session: Already running in a session' (bsc#1111498) - systemd-vconsole-setup: vconsole setup fails, fonts will not be copied to tty (bsc#1114933) - systemd-tmpfiles-setup: symlinked /tmp to /var/tmp breaking multiple units (bsc#1045723) - Fixed installation issue with /etc/machine-id during update (bsc#1117063) - btrfs: qgroups are assigned to parent qgroups after reboot (bsc#1093753) - logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591) - udev: Downgrade message when settting inotify watch up fails. (bsc#1005023) - udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696) ----------------------------------------- Patch: SUSE-2019-141 Released: Tue Jan 22 08:29:12 2019 Summary: Recommended update for polkit-default-privs Severity: moderate References: 1119394,984817 Description: This update for polkit-default-privs fixes the following issues: - Backport of additional flatpak rule (bsc#1119394, bsc#984817) ----------------------------------------- Patch: SUSE-2019-147 Released: Wed Jan 23 17:57:31 2019 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1121446 Description: This update for ca-certificates-mozilla fixes the following issues: The package was updated to the 2.30 version of the Mozilla NSS Certificate store. (bsc#1121446) Removed Root CAs: - AC Raiz Certicamara S.A. - Certplus Root CA G1 - Certplus Root CA G2 - OpenTrust Root CA G1 - OpenTrust Root CA G2 - OpenTrust Root CA G3 - Visa eCommerce Root Added Root CAs: - Certigna Root CA (email and server auth) - GTS Root R1 (server auth) - GTS Root R2 (server auth) - GTS Root R3 (server auth) - GTS Root R4 (server auth) - OISTE WISeKey Global Root GC CA (email and server auth) - UCA Extended Validation Root (server auth) - UCA Global G2 Root (email and server auth) ----------------------------------------- Patch: SUSE-2019-151 Released: Wed Jan 23 17:58:59 2019 Summary: Recommended update for apparmor Severity: moderate References: 1082956,1097370,1100779,1111342,1117354,1119937,1120472 Description: This update for apparmor fixes the following issues: - Change of path of rpm in lessopen.sh (bsc#1082956, bsc#1117354) - allow network access in lessopen.sh for reading files on NFS (workaround for bsc#1119937 / lp#1784499) - dropped check that lets aa-logprof error out in a corner-case (log event for a non-existing profile while a profile file with the default filename for that non-existing profile exists) (bsc#1120472) - netconfig: write resolv.conf to /run with link to /etc (fate#325872, bsc#1097370) [patch apparmor-nameservice-resolv-conf-link.patch] Update to AppArmor 2.12.2: - add profile names to most profiles - update dnsmasq profile (pid file and logfile path) (bsc#1111342) - add vulkan abstraction - add letsencrypt certificate path to abstractions/ssl_* - ignore *.orig and *.rej files when loading profiles - fix aa-complain etc. to handle named profiles - several bugfixes and small profile improvements - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.2 for the detailed upstream changelog Update to AppArmor 2.12.1: - add qt5 and qt5-compose-cache-write abstractions - add @{uid} and @{uids} kernel var placeholders - several profile and abstraction updates - add support for conditional includes ('include if exists') - ignore 'abi' rules in parser and tools (instead of erroring out) - utils: fix overwriting of child profile flags if they differ from the main profile - several bugfixes (including bsc#1100779) - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.1 for detailed upstream release notes ----------------------------------------- Patch: SUSE-2019-153 Released: Thu Jan 24 13:47:38 2019 Summary: Recommended update for dracut Severity: moderate References: 1008352,1112327,1119037,1121251 Description: This update for dracut fixes the following issues: - Ensures that mmc host modules get included properly (bsc#1119037) - Fixes a missing space in example configs (bsc#1121251) - Removes rule existence check (bsc#1008352). - dracut-installkernel: Stops keeping old kernel files as .old (bsc#1112327) ----------------------------------------- Patch: SUSE-2019-158 Released: Thu Jan 24 13:53:40 2019 Summary: Recommended update for hwinfo Severity: moderate References: 1018271,1084700,1107196,1117982 Description: This update for hwinfo provides the following fixes: - Adjust system type detection. (bsc#1117982) - Update PCI and USB IDs. (fate#326431) - Make hwinfo aware of RISC-V. - Fix ID of s-par storage controller. (bsc#1107196) - Add network interfaces found on mdio bus. (bsc#1018271) - The location of the S-Par drivers virtual buses has changed. (bsc#1107196) - Ensure udev device links are unique. (bsc#1084700) ----------------------------------------- Patch: SUSE-2019-162 Released: Thu Jan 24 13:55:33 2019 Summary: Recommended update for grub2 Severity: moderate References: 1111955 Description: This update for grub2 provides the following fix: - ieee1275: Fix double free in CAS reboot. (bsc#1111955) ----------------------------------------- Patch: SUSE-2019-166 Released: Fri Jan 25 08:05:56 2019 Summary: Recommended update for kernel-firmware Severity: moderate References: 1122456 Description: This update for kernel-firmware fixes the following issues: - Fix firmware for bcm43430 and bcm43455 (fate#326215) - renamed brcmfmac43450 and brcfmac43455 to the compatible name used by brcmf_of_probe - deleted brcmfmac43455-sdio.clm_blob as it was not accepted upstream - Add firmware for bcm43430 and bcm43455 (fate#326215) - brcmfmac43430-sdio.raspberrypi-rpi.txt - brcmfmac43455-sdio.clm_blob - brcmfmac43455-sdio.raspberrypi-rpi.txt - Update to version 20181218: (FATE#326045,FATE#325856,FATE#326294) - Revert 'amdgpu: update vega10 fw for 18.50 release' - brcm: Add 4330 NVRAM for the Prowise PT301 tablet - brcm: Add 43430 NVRAM for the Chuwi Vi8 Plus tablet - brcm: Add 43340 based AP6234 NVRAM for the Meegopad T08 HDMI stick - brcm: Add 43430a0 based AP6212 NVRAM for the Jumper EZpad mini 3 tablet - brcm: Add 43430a0 based AP6212 NVRAM for the Onda V80 Plus tablet - brcm: Add 4356 based AP6356 NVRAM for the GPD win handheld - brcm: Add brcmfmac43362-sdio.lemaker,bananapro.txt symlink - brcm: Add 43362 based AP6210 NVRAM for the Cubietech Cubietruck - WHENCE: Put quotes around brcmfmac NVRAM filenames - check_whence.py: Add support for filenames with spaces in them - rtl_bt: Add firmware and configuration files for the Bluetooth part of RTL8723BS - Update to version 20181217: - iwlwifi: update firmwares for 8000 series - iwlwifi: add -43.ucode for 9000 series - iwlwifi: update -41.ucode for 9000 series - brcm: provide new firmwares for BCM4366 chipset - Mellanox: Add new mlxsw_spectrum firmware 13.1910.622 - cavium: Update firmware for CNN55XX crypto driver - amdgpu: update vega12 fw for 18.50 release - amdgpu: update vega10 fw for 18.50 release - amdgpu: update raven fw for 18.50 release - amdgpu: update polaris11 fw for 18.50 release - amdgpu: update polaris10 fw for 18.50 release - amdgpu: add firmware for vega12 - amdgpu: Add new polaris MC firmwares - amdgpu: Add new polaris SMC firmwares - linux-firmware: Update AMD cpu microcode - nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.10.A.13 - microchip: add firmware for VSC8574 and VSC8584 Ethernet PHYs - linux-firmware: intel: Update Cannonlake audio firmware. - firmware/huc/bxt: Add huC Update for BXT - nfp: update Agilio SmartNIC firmware to rev 2.1.16 - cxgb4: update firmware to revision 1.21.5.0 - Update to version 20181026: (bsc#1122456) ----------------------------------------- Patch: SUSE-2019-170 Released: Fri Jan 25 13:43:29 2019 Summary: Recommended update for kmod Severity: moderate References: 1118629 Description: This update for kmod fixes the following issues: - Fixes module dependency file corruption on parallel invocation (bsc#1118629). - Allows 'modprobe -c' to print the status of 'allow_unsupported_modules' option. ----------------------------------------- Patch: SUSE-2019-175 Released: Fri Jan 25 16:24:01 2019 Summary: Security update for krb5 Severity: important References: 1083926,1083927,CVE-2018-5729,CVE-2018-5730 Description: This update for krb5 fixes the following issues: Security issues fixed: - CVE-2018-5729, CVE-2018-5730: Fixed multiple flaws in LDAP DN checking (bsc#1083926, bsc#1083927) ----------------------------------------- Patch: SUSE-2019-189 Released: Mon Jan 28 14:14:46 2019 Summary: Recommended update for rpm Severity: moderate References: Description: This update for rpm fixes the following issues: - Add kmod(module) provides to kernel and KMPs (fate#326579). ----------------------------------------- Patch: SUSE-2019-197 Released: Tue Jan 29 13:35:53 2019 Summary: Security update for openssl-1_1 Severity: moderate References: 1117951,1118913,CVE-2018-0737 Description: This update for openssl-1_1 fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951) - Fix FIPS RSA generator (bsc#1118913) ----------------------------------------- Patch: SUSE-2019-211 Released: Thu Jan 31 13:05:00 2019 Summary: Recommended update for openssh Severity: important References: 1123028 Description: This update for openssh fixes the following issues: - A previously applied security patch unintendedly changed the behavior of OpenSSH's 'scp' utility such that server-side brace expansion would no longer be supported. Attempts to copy a set files from a remote machine to the local one by running 'scp 'remote:{file-a,file-b}' /tmp' would fail. This change in behavior broke Corosync and, potentially, many user scripts that relied on brace expansion. [bsc#1123028] ----------------------------------------- Patch: SUSE-2019-215 Released: Thu Jan 31 15:59:57 2019 Summary: Security update for python3 Severity: important References: 1120644,1122191,CVE-2018-20406,CVE-2019-5010 Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) - CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644) ----------------------------------------- Patch: SUSE-2019-224 Released: Fri Feb 1 19:54:44 2019 Summary: Security update for the Linux Kernel Severity: important References: 1024718,1046299,1050242,1050244,1051510,1055120,1055121,1055186,1058115,1060463,1061840,1065600,1065729,1068273,1078248,1079935,1082387,1082555,1082653,1083647,1085535,1086196,1086282,1086283,1086423,1087978,1088386,1089350,1090888,1091405,1091800,1094244,1097593,1097755,1100132,1102875,1102877,1102879,1102882,1102896,1103257,1103356,1103925,1104124,1104353,1104427,1104824,1104967,1105168,1105428,1106105,1106110,1106237,1106240,1106615,1106913,1107256,1107385,1107866,1108270,1108468,1109272,1109772,1109806,1110006,1110558,1110998,1111040,1111062,1111174,1111183,1111188,1111469,1111696,1111795,1111809,1111921,1112878,1112963,1113295,1113408,1113412,1113501,1113667,1113677,1113722,1113751,1113769,1113780,1113972,1114015,1114178,1114279,1114385,1114576,1114577,1114578,1114579,1114580,1114581,1114582,1114583,1114584,1114585,1114839,1114871,1115074,1115269,1115431,1115433,1115440,1115567,1115709,1115976,1116040,1116183,1116336,1116692,1116693,1116698,1116699,1116700,1116701,1116803,1116841,1116862,1116863,1116876,1116877,1116878,1116891,1116895,1116899,1116950,1117115,1117162,1117165,1117168,1117172,1117174,1117181,1117184,1117186,1117188,1117189,1117349,1117561,1117656,1117788,1117789,1117790,1117791,1117792,1117794,1117795,1117796,1117798,1117799,1117801,1117802,1117803,1117804,1117805,1117806,1117807,1117808,1117815,1117816,1117817,1117818,1117819,1117820,1117821,1117822,1117953,1118102,1118136,1118137,1118138,1118140,1118152,1118215,1118316,1118319,1118428,1118484,1118505,1118752,1118760,1118761,1118762,1118766,1118767,1118768,1118769,1118771,1118772,1118773,1118774,1118775,1118798,1118809,1118962,1119017,1119086,1119212,1119322,1119410,1119714,1119749,1119804,1119946,1119962,1119968,1120036,1120046,1120053,1120054,1120055,1120058,1120088,1120092,1120094,1120096,1120097,1120173,1120214,1120223,1120228,1120230,1120232,1120234,1120235,1120238,1120594,1120598,1120600,1120601,1120602,1120603,1120604,1120606,1120612,1120613,1120614,1120615,1120616,1120617,1120618,1120620,1120621,1120632,1120633,1120743,1120954,1121017,1121058,1121263,1121273,1121477,1121483,1121599,1121621,1121714,1121715,1121973,CVE-2018-12232,CVE-2018-14625,CVE-2018-16862,CVE-2018-16884,CVE-2018-18281,CVE-2018-18397,CVE-2018-18710,CVE-2018-19407,CVE-2018-19824,CVE-2018-19854,CVE-2018-19985,CVE-2018-20169,CVE-2018-9568 Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. This update brings following features: - Support for Enhanced-IBRS on new Intel CPUs (fate#326564) The following security bugs were fixed: - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-12232: In net/socket.c there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593). - CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615). - CVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). The following non-security bugs were fixed: - acpi/apei: Handle GSIV and GPIO notification types (bsc#1115567). - acpica: Tables: Add WSMT support (bsc#1089350). - acpi/cpcc: Check for valid PCC subspace only if PCC is used (bsc#1117115). - acpi/cpcc: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115). - acpi/iort: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510). - acpi/LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510). - acpi/nfit: Fix ARS overflow continuation (bsc#1116895). - acpi/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279). - acpi/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279). - acpi/platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510). - acpi/watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510). - act_ife: fix a potential use-after-free (networking-stable-18_09_11). - aio: fix spectre gadget in lookup_ioctx (bsc#1120594). - alsa: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510). - alsa: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510). - alsa: control: Fix race between adding and removing a user element (bsc#1051510). - alsa: cs46xx: Potential NULL dereference in probe (bsc#1051510). - alsa: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: fireface: fix for state to fetch PCM frames (bsc#1051510). - alsa: fireface: fix reference to wrong register for clock configuration (bsc#1051510). - alsa: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510). - alsa: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510). - alsa: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510). - alsa: hda: Add 2 more models to the power_save blacklist (bsc#1051510). - alsa: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510). - alsa: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bsc#1051510). - alsa: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510). - alsa: hda - Add quirk for ASUS G751 laptop (bsc#1051510). - alsa: hda: Add support for AMD Stoney Ridge (bsc#1051510). - alsa: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510). - alsa: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510). - alsa: hda: fix front speakers on Huawei MBXP (bsc#1051510). - alsa: hda - Fix headphone pin config for ASUS G751 (bsc#1051510). - alsa: hda: fix unused variable warning (bsc#1051510). - alsa: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510). - alsa: hda/realtek - Add GPIO data update helper (bsc#1051510). - alsa: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510). - alsa: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510). - alsa: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510). - alsa: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510). - alsa: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510). - alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510). - alsa: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510). - alsa: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510). - alsa: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510). - alsa: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510). - alsa: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510). - alsa: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510). - alsa: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 (bsc#1051510). - alsa: hda/realtek - Manage GPIO bits commonly (bsc#1051510). - alsa: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510). - alsa: hda/realtek - Support ALC300 (bsc#1051510). - alsa: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510). - alsa: hda/tegra: clear pending irq handlers (bsc#1051510). - alsa: oss: Use kvzalloc() for local buffer allocations (bsc#1051510). - alsa: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510). - alsa: pcm: Fix interval evaluation with openmin/max (bsc#1051510). - alsa: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: pcm: Fix starvation on down_write_nonblock() (bsc#1051510). - alsa: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510). - alsa: trident: Suppress gcc string warning (bsc#1051510). - alsa: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510). - alsa: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510). - alsa: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510). - alsa: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510). - alsa: usb-audio: update quirk for B&W PX to remove microphone (bsc#1051510). - alsa: wss: Fix invalid snd_free_pages() at error path (bsc#1051510). - alsa: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - apparmor: do not try to replace stale label in ptrace access check (git-fixes). - apparmor: do not try to replace stale label in ptraceme check (git-fixes). - apparmor: Fix uninitialized value in aa_split_fqname (git-fixes). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612). - arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613). - arm64: cpu_errata: include required headers (bsc#1120615). - arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633). - arm64: Enabled ENA (Amazon network driver) for arm64. - arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632). - arm64: kvm: Move CPU ID reg trap setup off the world switch path (bsc#1110998). - arm64: kvm: Sanitize PSTATE.M when being set from userspace (bsc#1110998). - arm64: kvm: Tighten guest core register access from userspace (bsc#1110998). - arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614). - arm64: lse: remove -fcall-used-x0 flag (bsc#1120618). - arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617). - arm64/numa: Report correct memblock range for the dummy node (bsc#1120620). - arm64/numa: Unify common error path in numa_init() (bsc#1120621). - arm64: remove no-op -p linker flag (bsc#1120616). - arm: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510). - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535) - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510). - ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510). - ASoC: intel: skylake: Add missing break in skl_tplg_get_token() (bsc#1051510). - ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510). - ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510). - ASoC: rsnd: fixup clock start checker (bsc#1051510). - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510). - ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510). - ata: Fix racy link clearance (bsc#1107866). - ataflop: fix error handling during setup (bsc#1051510). - ath10k: do not assume this is a PCI dev in generic code (bsc#1051510). - ath10k: schedule hardware restart if WMI command times out (bsc#1051510). - ath6kl: Only use match sets when firmware supports it (bsc#1051510). - autofs: fix autofs_sbi() does not check super block type (git-fixes). - autofs: fix slab out of bounds read in getname_kernel() (git-fixes). - autofs: mount point create should honour passed in mode (git-fixes). - b43: Fix error in cordic routine (bsc#1051510). - badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes). - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510). - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510). - bcache: fix miss key refill->end in writeback (Git-fixes). - bcache: trace missed reading by cache_missed (Git-fixes). - bitops: protect variables in bit_clear_unless() macro (bsc#1051510). - bitops: protect variables in set_mask_bits() macro (bsc#1051510). - blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes). - block: allow max_discard_segments to be stacked (Git-fixes). - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes). - block: copy ioprio in __bio_clone_fast() (bsc#1082653). - block: really disable runtime-pm for blk-mq (Git-fixes). - block: reset bi_iter.bi_done after splitting bio (Git-fixes). - block: respect virtual boundary mask in bvecs (bsc#1113412). - block/swim: Fix array bounds check (Git-fixes). - bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510). - bluetooth: SMP: fix crash in unpairing (bsc#1051510). - bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ). - bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282). - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16). - bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ). - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16). - bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242). - bonding: avoid possible dead-lock (networking-stable-18_10_16). - bonding: fix length of actor system (networking-stable-18_11_02). - bonding: fix warning message (networking-stable-18_10_16). - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16). - bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647). - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647). - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24). - bpf: use per htab salt for bucket hash (git-fixes). - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647). - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510). - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510). - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510). - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02). - btrfs: Always try all copies when reading extent buffers (git-fixes). - btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469). - btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469). - btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469). - btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469). - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136). - btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137). - btrfs: fix cur_offset in the error case for nocow (bsc#1118140). - btrfs: fix data corruption due to cloning of eof block (bsc#1116878). - btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876). - btrfs: fix deadlock when writing out free space caches (bsc#1116700). - btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469). - btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes). - btrfs: fix error handling in btrfs_truncate() (bsc#1111469). - btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: fix fsync of files with multiple hard links in new directories (1120173). - btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877). - btrfs: Fix memory barriers usage with device stats counters (git-fixes). - btrfs: fix null pointer dereference on compressed write path error (bsc#1116698). - btrfs: fix use-after-free during inode eviction (bsc#1116701). - btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469). - btrfs: fix use-after-free when dumping free space (bsc#1116862). - btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692). - btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693). - btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469). - btrfs: get rid of unused orphan infrastructure (bsc#1111469). - btrfs: make sure we create all new block groups (bsc#1116699). - btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469). - btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863). - btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036). - btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469). - btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469). - btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469). - btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188). - btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138). - btrfs: stop creating orphan items for truncate (bsc#1111469). - btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875). - btrfs: update stale comments referencing vmtruncate() (bsc#1111469). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510). - can: flexcan: flexcan_irq(): fix indention (bsc#1051510). - can: hi311x: Use level-triggered interrupt (bsc#1051510). - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510). - can: rcar_can: Fix erroneous registration (bsc#1051510). - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510). - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510). - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510). - cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121273). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510). - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510). - char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058). - char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058). - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510). - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510). - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510). - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510). - clk: mmp: Off by one in mmp_clk_add() (bsc#1051510). - clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510). - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510). - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510). - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510). - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes). - config: arm64: enable erratum 1024718 - configfs: replace strncpy with memcpy (bsc#1051510). - cpufeature: avoid warning when compiling with clang (Git-fixes). - cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115). - cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115). - cpupower: remove stringop-truncation waring (git-fixes). - crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510). - crypto: caam - fix implicit casts in endianness helpers (bsc#1051510). - crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command (). - crypto: ccp - Add GET_ID SEV command (). - crypto: ccp - Add psp enabled message when initialization succeeds (). - crypto: ccp - Add support for new CCP/PSP device ID (). - crypto: ccp - Allow SEV firmware to be chosen based on Family and Model (). - crypto: ccp - Fix static checker warning (). - crypto: ccp - Remove unused #defines (). - crypto: ccp - Support register differences between PSP devices (). - crypto: lrw - Fix out-of bounds access on counter overflow (bsc#1051510). - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510). - crypto: tcrypt - fix ghash-generic speed test (bsc#1051510). - dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111). - dax: Check page->mapping isn't NULL (bsc#1120054). - dax: Do not access a freed inode (bsc#1120055). - device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510). - device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510). - disable stringop truncation warnings for now (git-fixes). - dm: allocate struct mapped_device with kvzalloc (Git-fixes). - dm cache: destroy migration_cache if cache target registration failed (Git-fixes). - dm cache: fix resize crash if user does not reload cache table (Git-fixes). - dm cache metadata: ignore hints array being too small during resize (Git-fixes). - dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes). - dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes). - dm cache: only allow a single io_mode cache feature to be requested (Git-fixes). - dm crypt: do not decrease device limits (Git-fixes). - dm: fix report zone remapping to account for partition offset (Git-fixes). - dm integrity: change 'suspending' variable from bool to int (Git-fixes). - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes). - dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes). - dm linear: fix linear_end_io conditional definition (Git-fixes). - dm thin: handle running out of data space vs concurrent discard (Git-fixes). - dm thin metadata: remove needless work from __commit_transaction (Git-fixes). - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes). - dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes). - dm writecache: report start_sector in status line (Git-fixes). - dm zoned: fix metadata block ref counting (Git-fixes). - dm zoned: fix various dmz_get_mblock() issues (Git-fixes). - doc/README.SUSE: correct GIT url No more gitorious, github we use. - Documentation/l1tf: Fix small spelling typo (bsc#1051510). - Documentation/l1tf: Fix typos (bsc#1051510). - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510). - do d_instantiate/unlock_new_inode combinations safely (git-fixes). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510). - drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749). - drivers/net/usb/r8152: remove the unneeded variable 'ret' in rtl8152_system_suspend (bsc#1119749). - drivers/tty: add missing of_node_put() (bsc#1051510). - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510). - drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722) - drm/amdgpu/powerplay: fix missing break in switch statements (bsc#1113722) - drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722) - drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722) - drm/ast: change resolution may cause screen blurred (boo#1112963). - drm/ast: fixed cursor may disappear sometimes (bsc#1051510). - drm/ast: Fix incorrect free on ioregs (bsc#1051510). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/dp_mst: Check if primary mstb is null (bsc#1051510). - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722) - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722) - drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113722) - drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113722) - drm/i915/audio: Hook up component bindings even if displays are (bsc#1113722) - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510). - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510). - drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit panel's native mode (bsc#1051510). - drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722) - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510). - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510). - drm/i915/gen9+: Fix initial readout for Y tiled framebuffers (bsc#1113722) - drm/i915/glk: Remove 99% limitation (bsc#1051510). - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510). - drm/i915: Large page offsets for pread/pwrite (bsc#1051510). - drm/i915: Mark pin flags as u64 (bsc#1051510). - drm/i915: Restore vblank interrupts earlier (bsc#1051510). - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510). - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510). - drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722) - drm/mediatek: fix OF sibling-node lookup (bsc#1106110) - drm/meson: add support for 1080p25 mode (bsc#1051510). - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510). - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510). - drm/msm: fix OF child-node lookup (bsc#1106110) - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510). - drm/nouveau: Do not disable polling in fallback mode (bsc#1103356). - drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722) - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510). - drm: rcar-du: Fix external clock error checks (bsc#1113722) - drm: rcar-du: Fix vblank initialization (bsc#1113722) - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510). - drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722) - drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722) - drm/sti: do not remove the drm_bridge that was never added (bsc#1100132) - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722) - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722) - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1113722) - dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes). - dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes). - dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes). - dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes). - dt-bindings: iio: update STM32 timers clock names (git-fixes). - dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes). - dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes). - dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes). - dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes). - dt-bindings: pwm: renesas: tpu: Fix 'compatible' prop description (git-fixes). - dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes). - EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279). - EDAC: Raise the maximum number of memory controllers (bsc#1113780). - EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279). - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279). - efi: Move some sysfs files to be read-only by root (bsc#1051510). - ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017). - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773). - ext2: fix potential use after free (bsc#1118775). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794). - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803). - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804). - ext4: fix possible use after free in ext4_quota_enable (bsc#1120602). - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789). - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603). - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - extable: Consolidate *kernel_text_address() functions (bsc#1120092). - extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722) - fbdev: fix broken menu dependencies (bsc#1113722) - firmware: add firmware_request_nowarn() - load firmware without warnings (). - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ). - firmware: dcdbas: include linux/io.h (bsc#1089350). - Fix the breakage of KMP build on x86_64 (bsc#1121017). - Fix tracing sample code warning (git-fixes). - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510). - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes). - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes). - fs: dcache: Avoid livelock between d_alloc_parallel and __d_add (git-fixes). - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes). - fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes). - fs: Do not leak MNT_INTERNAL away from internal mounts (git-fixes). - fs: fix lost error code in dio_complete (bsc#1118762). - fs: Make extension of struct super_block transparent (bsc#1117822). - fsnotify: Fix busy inodes during unmount (bsc#1117822). - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074). - fs/xfs: Use %pS printk format for direct addresses (git-fixes). - ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172). - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174). - ftrace: Remove incorrect setting of glob search field (bsc#1117184). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes). - fuse: fix use-after-free in fuse_direct_IO() (git-fixes). - fuse: set FR_SENT while locked (git-fixes). - gcc-plugins: Add include required by GCC release 8 (git-fixes). - gcc-plugins: Use dynamic initializers (git-fixes). - genirq: Fix race on spurious interrupt detection (bsc#1051510). - getname_kernel() needs to make sure that ->name != ->iname in long case (git-fixes). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769). - gfs2: Fix loop in gfs2_rbm_find (bsc#1120601). - gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600). - gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768). - gfs2: Put bitmap buffers in put_super (bsc#1118772). - git_sort.py: Remove non-existent remote tj/libata - gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes). - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510). - gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510). - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510). - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510). - gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510). - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes). - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24). - hid: Add quirk for Primax PIXART OEM mice (bsc#1119410). - hid: hiddev: fix potential Spectre v1 (bsc#1051510). - hid: input: Ignore battery reported by Symbol DS4308 (bsc#1051510). - hid: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510). - hid: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510). - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11). - hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510). - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510). - hwmon: (ina2xx) Fix current value calculation (bsc#1051510). - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510). - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510). - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510). - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510). - hwmon: (raspberrypi) Fix initial notify (bsc#1051510). - hwmon: (w83795) temp4_type has writable permission (bsc#1051510). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - hwrng: core - document the quality field (bsc#1051510). - i2c: axxia: properly handle master timeout (bsc#1051510). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510). - IB/hfi1: Add mtu check for operational data VLs (bsc#1060463 ). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ibmvnic: remove ndo_poll_controller (). - ibmvnic: Update driver queues after change in ring size support (). - IB/rxe: support for 802.1q VLAN on the listener (bsc#1082387). - ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510). - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510). - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510). - iio: ad5064: Fix regulator handling (bsc#1051510). - iio: adc: at91: fix acking DRDY irq on simple conversions (bsc#1051510). - iio: adc: at91: fix wrong channel number in triggered buffer mode (bsc#1051510). - iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() (bsc#1051510). - iio:st_magn: Fix enable device after trigger (bsc#1051510). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510). - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510). - Include modules.fips in kernel-binary as well as kernel-binary-base (). - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16). - initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes). - Input: add official Raspberry Pi's touchscreen driver (). - Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510). - Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510). - Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510). - Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510). - Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510). - Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510). - Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510). - Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510). - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510). - Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510). - Input: xpad - add PDP device id 0x02a4 (bsc#1051510). - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510). - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510). - Input: xpad - fix some coding style issues (bsc#1051510). - Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510). - integrity/security: fix digsig.c build error with header file (bsc#1051510). - intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02). - ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11). - ipmi: Fix timer race with module unload (bsc#1051510). - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21). - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (networking-stable-18_11_21). - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21). - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24). - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02). - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16). - iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510). - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510). - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510). - iwlwifi: fix LED command capability bit (bsc#1119086). - iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086). - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086). - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510). - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086). - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510). - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510). - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510). - iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086). - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510). - iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767). - jump_label: Split out code under the hotplug lock (bsc#1106913). - kabi: hide new member in struct iommu_table from genksyms (bsc#1061840). - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - kabi: mask raw in struct bpf_reg_state (bsc#1083647). - kabi: powerpc: export __find_linux_pte as __find_linux_pte_or_hugepte (bsc#1061840). - kabi: powerpc: Revert npu callback signature change (bsc#1055120). - kabi protect hnae_ae_ops (bsc#1104353). - kabi/severities: ignore __xive_vm_h_* KVM internal symbols. - kbuild: allow to use GCC toolchain not in Clang search path (git-fixes). - kbuild: fix # escaping in .cmd files for future Make (git-fixes). - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510). - kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes). - kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes). - kbuild: move '_all' target out of $(KBUILD_SRC) conditional (bsc#1114279). - kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes). - kbuild: suppress packed-not-aligned warning for default setting only (git-fixes). - kbuild: verify that $DEPMOD is installed (git-fixes). - kdb: use memmove instead of overlapping memcpy (bsc#1120954). - kernfs: Replace strncpy with memcpy (bsc#1120053). - kernfs: update comment about kernfs_path() return value (bsc#1051510). - keys: Fix the use of the C++ keyword 'private' in uapi/linux/keyctl.h (Git-fixes). - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510). - kobject: Replace strncpy with memcpy (git-fixes). - kprobes: Make list and blacklist root user read only (git-fixes). - kvm: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998). - kvm: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240). - kvm: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240). - kvm: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840). - kvm: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840). - kvm: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840). - kvm: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840). - kvm: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840). - kvm: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840). - kvm: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840). - kvm: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840). - kvm: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840). - kvm: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840). - kvm: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840). - kvm: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840). - kvm: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840). - kvm: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840). - kvm: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840). - kvm: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840). - kvm: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840). - kvm: PPC: Book3S HV: Do not use existing 'prodded' flag for XIVE escalations (bsc#1061840). - kvm: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840). - kvm: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840). - kvm: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840). - kvm: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840). - kvm: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840). - kvm: PPC: Book3S HV: Fix constant size warning (bsc#1061840). - kvm: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840). - kvm: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840). - kvm: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840). - kvm: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840). - kvm: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840). - kvm: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840). - kvm: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry (bsc#1061840). - kvm: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840). - kvm: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840). - kvm: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840). - kvm: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840). - kvm: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840). - kvm: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840). - kvm: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840). - kvm: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840). - kvm: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840). - kvm: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840). - kvm: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840). - kvm: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840). - kvm: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840). - kvm: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840). - kvm: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840). - kvm: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840). - kvm: PPC: Book3S HV: Remove useless statement (bsc#1061840). - kvm: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840). - kvm: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840). - kvm: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840). - kvm: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840). - kvm: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840). - kvm: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840). - kvm: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840). - kvm: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840). - kvm: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484). - kvm: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840). - kvm: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840). - kvm: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840). - kvm: PPC: Make iommu_table::it_userspace big endian (bsc#1061840). - kvm: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840). - kvm: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840). - kvm: s390: vsie: copy wrapping keys to right place (git-fixes). - kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279). - kvm: VMX: re-add ple_gap module parameter (bsc#1106240). - kvm: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086). - libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891). - libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7 (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962). - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899). - lib/raid6: Fix arm64 test build (bsc#1051510). - lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510). - Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715). - linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510). - livepatch: create and include UAPI headers (). - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02). - lockd: fix 'list_add double add' caused by legacy signal interface (git-fixes). - locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes). - locking/static_keys: Improve uninitialized key warning (bsc#1106913). - mac80211: Always report TX status (bsc#1051510). - mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510). - mac80211: fix reordering of buffered broadcast packets (bsc#1051510). - mac80211: fix TX status reporting for ieee80211s (bsc#1051510). - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510). - mac80211_hwsim: fix module init error paths for netlink (bsc#1051510). - mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510). - mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510). - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510). - mach64: fix display corruption on big endian machines (bsc#1113722) - mach64: fix image corruption due to reading accelerator registers (bsc#1113722) - mailbox: PCC: handle parse error (bsc#1051510). - make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes). - Mark HI and TASKLET softirq synchronous (git-fixes). - md: allow metadata updates while suspending an array - fix (git-fixes). - MD: fix invalid stored role for a disk - try2 (git-fixes). - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes). - md: fix raid10 hang issue caused by barrier (git-fixes). - md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes). - md/raid1: add error handling of read error from FailFast device (git-fixes). - md/raid5-cache: disable reshape completely (git-fixes). - md/raid5: fix data corruption of replacements after originals dropped (git-fixes). - media: cx231xx: fix potential sign-extension overflow on large shift (bsc#1051510). - media: dvb: fix compat ioctl translation (bsc#1051510). - media: em28xx: fix input name for Terratec AV 350 (bsc#1051510). - media: em28xx: Fix use-after-free when disconnecting (bsc#1051510). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510). - media: em28xx: use a default format if TRY_FMT fails (bsc#1051510). - media: omap3isp: Unregister media device as first (bsc#1051510). - media: pci: cx23885: handle adding to list failure (bsc#1051510). - media: tvp5150: avoid going past array on v4l2_querymenu() (bsc#1051510). - media: tvp5150: fix switch exit in set control handler (bsc#1051510). - media: tvp5150: fix width alignment during set_selection() (bsc#1051510). - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1051510). - media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD (bsc#1051510). - media: vsp1: Fix YCbCr planar formats pitch calculation (bsc#1051510). - memory_hotplug: cond_resched in __remove_pages (bnc#1114178). - mfd: arizona: Correct calling of runtime_put_sync (bsc#1051510). - mfd: menelaus: Fix possible race condition and leak (bsc#1051510). - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510). - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21). - mmc: bcm2835: reset host on timeout (bsc#1051510). - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510). - mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510). - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510). - mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752). - mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752). - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510). - mmc: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510). - mmc: omap_hsmmc: fix DMA API warning (bsc#1051510). - mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510). - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm: do not warn about large allocations for slab (git fixes (slab)). - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677). - mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962). - mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599). - mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599). - mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599). - mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)). - mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599). - mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599). - mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: migration: fix migration of huge PMD shared pages (bnc#1086423). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: rework memcg kernel stack accounting (bnc#1113677). - mm: sections are not offlined during memory hotremove (bnc#1119968). - mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem). - mm/vmstat.c: fix NUMA statistics updates (git fixes). - modpost: ignore livepatch unresolved relocations (). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820). - mount: Retest MNT_LOCKED in do_umount (bsc#1117818). - Move dell_rbu fix to sorted section (bsc#1087978). - mtd: cfi: convert inline functions to macros (git-fixes). - mtd: Fix comparison in map_word_andequal() (git-fixes). - namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766). - nbd: do not allow invalid blocksize settings (Git-fixes). - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24). - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679). - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24). - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16). - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02). - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21). - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11). - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510). - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes). - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16). - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16). - net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes). - net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561). - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561). - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561). - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561). - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561). - net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561). - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561). - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561). - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561). - net: ena: minor performance improvement (bsc#1111696 bsc#1117561). - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561). - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561). - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02). - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21). - net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353). - net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353). - net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353). - net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353). - net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353). - net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ). - net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353). - net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353). - net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353). - net: hns3: Check hdev state when getting link status (bsc#1104353). - net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353). - net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353). - net: hns3: Fix error of checking used vlan id (bsc#1104353 ). - net: hns3: Fix ets validate issue (bsc#1104353). - net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353). - net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353). - net: hns3: Fix for packet buffer setting bug (bsc#1104353 ). - net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353). - net: hns3: Fix for setting speed for phy failed problem (bsc#1104353). - net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ). - net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353). - net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353). - net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353). - net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ). - net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353). - net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353). - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16). - net: hp100: fix always-true check for link up state (networking-stable-18_09_24). - net: ibm: fix return type of ndo_start_xmit function (). - net/ibmnvic: Fix deadlock problem in reset (). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02). - net: ipv4: do not let PMTU updates increase route MTU (git-fixes). - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02). - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16). - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299). - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18). - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21). - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16). - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18). - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16). - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18). - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18). - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02). - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16). - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16). - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16). - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21). - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18). - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510). - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11). - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11). - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24). - net: sched: Fix for duplicate class dump (networking-stable-18_11_02). - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11). - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02). - net: smsc95xx: Fix MTU range (networking-stable-18_11_21). - net: socket: fix a missing-check bug (networking-stable-18_11_02). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02). - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16). - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16). - net: systemport: Protect stop from timeout (networking-stable-18_11_21). - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02). - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16). - net: usb: r8152: constify usb_device_id (bsc#1119749). - net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749). - nfc: nfcmrvl_uart: fix OF child-node lookup (bsc#1051510). - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11). - nfs: Avoid RCU usage in tracepoints (git-fixes). - nfs: commit direct writes even if they fail partially (git-fixes). - nfsd4: permit layoutget of executable-only files (git-fixes). - nfsd: check for use of the closed special stateid (git-fixes). - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes). - nfsd: deal with revoked delegations appropriately (git-fixes). - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes). - nfsd: Fix another OPEN stateid race (git-fixes). - nfsd: fix corrupted reply to badly ordered compound (git-fixes). - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes). - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes). - nfs: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes). - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes). - nfs: Ensure we commit after writeback is complete (bsc#1111809). - nfs: Fix an incorrect type in struct nfs_direct_req (git-fixes). - nfs: Fix a typo in nfs_rename() (git-fixes). - nfs: Fix typo in nomigration mount option (git-fixes). - nfs: Fix unstable write completion (git-fixes). - nfsv4.0 fix client reference leak in callback (git-fixes). - nfsv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes). - nfsv4.1 fix infinite loop on I/O (git-fixes). - nfsv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes). - nfsv4.1: Fix up replays of interrupted requests (git-fixes). - nfsv4: Fix a typo in nfs41_sequence_process (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510). - nospec: Allow index argument to have const-qualified type (git-fixes) - nospec: Include dependency (bsc#1114279). - nospec: Kill array_index_nospec_mask_check() (git-fixes). - nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Split label init out from the logic for getting config data (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Use namespace index data to reduce number of label reads needed (bsc#1111921, bsc#1113408, bsc#1113972). - nvme-fc: resolve io failures during connect (bsc#1116803). - nvme: Free ctrl device name on init failure (). - nvme-multipath: zero out ANA log buffer (bsc#1105168). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - objtool: Detect RIP-relative switch table references (bsc#1058115). - objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115). - objtool: Fix another switch table detection issue (bsc#1058115). - objtool: Fix double-free in .cold detection error path (bsc#1058115). - objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115). - objtool: Fix 'noreturn' detection for recursive sibling calls (bsc#1058115). - objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115). - objtool: Support GCC 8's cold subfunctions (bsc#1058115). - objtool: Support GCC 8 switch tables (bsc#1058115). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817). - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816). - ocfs2: fix ocfs2 read block panic (bsc#1117815). - ocfs2: free up write context when direct IO failed (bsc#1117821). - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808). - of: add helper to lookup compatible child node (bsc#1106110) - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02). - panic: avoid deadlocks in re-entrant console drivers (bsc#1088386). - pci: Add ACS quirk for Ampere root ports (bsc#1120058). - pci: Add ACS quirk for APM X-Gene devices (bsc#1120058). - pci: Add Device IDs for Intel GPU 'spurious interrupt' quirk (bsc#1051510). - pci/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510). - pci/ASPM: Fix link_state teardown on device removal (bsc#1051510). - pci: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058). - pci: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058). - pci: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058). - pci: dwc: remove duplicate fix (bsc#1115269) - pci: Export pcie_has_flr() (bsc#1120058). - pci: hv: Use effective affinity mask (bsc#1109772). - pci: imx6: Fix link training status detection in link up check (bsc#1109806). - pci: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058). - pci: iproc: Remove PAXC slot check to allow VF support (bsc#1109806). - pci: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058). - pci: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058). - pci: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058). - pci/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510). - pci: vmd: Assign vector zero to all bridges (bsc#1109806). - pci: vmd: Detach resources after stopping root bus (bsc#1109806). - pci: vmd: White list for fast interrupt handlers (bsc#1109806). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510). - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279). - perf: fix invalid bit in diagnostic entry (git-fixes). - perf tools: Fix tracing_path_mount proper path (git-fixes). - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510). - pinctrl: meson: fix pinconf bias disable (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510). - pipe: match pipe_max_size data type with procfs (git-fixes). - platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510). - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510). - pnfs: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes). - pnfs: Do not release the sequence slot until we've processed layoutget on open (git-fixes). - pnfs: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes). - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729). - powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes). - powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729). - powerpc/boot: Fix build failures with -j 1 (bsc#1065729). - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729). - powerpc/kvm/booke: Fix altivec related build break (bsc#1061840). - powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840). - powerpc/mm: Fix typo in comments (bsc#1065729). - powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb (bsc#1091800). - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248). - powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840). - powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120). - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729). - powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes). - powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840). - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729). - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729). - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121). - powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840). - powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840). - powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840). - powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840). - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120). - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120). - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120). - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120). - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120). - powerpc/powernv: Rework TCE level allocation (bsc#1061840). - powerpc/pseries: Fix DTL buffer registration (bsc#1065729). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729). - powerpc/pseries: Fix 'OF: ERROR: Bad of_node_put() on /cpus' during DLPAR (bsc#1113295). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc: pseries: remove dlpar_attach_node dependency on full path (bsc#1113295). - powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - powerpc/xive: Move definition of ESB bits (bsc#1061840). - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840). - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510). - power: supply: olpc_battery: correct the temperature units (bsc#1051510). - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24). - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168). - provide linux/set_memory.h (bsc#1113295). - ptp: fix Spectre v1 vulnerability (bsc#1051510). - ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913). - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510). - pxa168fb: prepare the clock (bsc#1051510). - qed: Add driver support for 20G link speed (bsc#1110558). - qed: Add support for virtual link (bsc#1111795). - qede: Add driver support for 20G link speed (bsc#1110558). - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510). - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510). - r8152: add byte_enable for ocp_read_word function (bsc#1119749). - r8152: add Linksys USB3GIGV1 id (bsc#1119749). - r8152: add r8153_phy_status function (bsc#1119749). - r8152: adjust lpm settings for RTL8153 (bsc#1119749). - r8152: adjust rtl8153_runtime_enable function (bsc#1119749). - r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749). - r8152: adjust U2P3 for RTL8153 (bsc#1119749). - r8152: avoid rx queue more than 1000 packets (bsc#1119749). - r8152: check if disabling ALDPS is finished (bsc#1119749). - r8152: correct the definition (bsc#1119749). - r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749). - r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749). - r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749). - r8152: move calling delay_autosuspend function (bsc#1119749). - r8152: move the default coalesce setting for RTL8153 (bsc#1119749). - r8152: move the initialization to reset_resume function (bsc#1119749). - r8152: move the setting of rx aggregation (bsc#1119749). - r8152: replace napi_complete with napi_complete_done (bsc#1119749). - r8152: set rx mode early when linking on (bsc#1119749). - r8152: split rtl8152_resume function (bsc#1119749). - r8152: support new chip 8050 (bsc#1119749). - r8152: support RTL8153B (bsc#1119749). - r8169: fix NAPI handling under high load (networking-stable-18_11_02). - race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes). - raid10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (git-fixes). - random: rate limit unseeded randomness warnings (git-fixes). - rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes). - rcu: Allow for page faults in NMI handlers (bsc#1120092). - rdma/bnxt_re: Add missing spin lock initialization (bsc#1050244 ). - rdma/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244). - rdma/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283). - rdma/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283). - rdma/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ). - rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387). - rds: fix two RCU related problems (networking-stable-18_09_18). - remoteproc: qcom: Fix potential device node leaks (bsc#1051510). - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510). - reset: imx7: Fix always writing bits as 0 (bsc#1051510). - reset: remove remaining WARN_ON() in (Git-fixes). - resource: Include resource end in walk_*() interfaces (bsc#1114279). - Revert 'blacklist.conf: blacklist inapplicable commits' This reverts commit 88bd1b2b53990d5518b819968445522fb1392bee. We only build with VIRT_CPU_ACCOUNTING_NATIVE on s390 - Revert 'ceph: fix dentry leak in splice_dentry()' (bsc#1114839). - Revert commit ef9209b642f 'staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c' (bsc#1051510). - Revert 'iommu/io-pgtable-arm: Check for v7s-incapable systems' (bsc#1106105). - Revert 'PCI/ASPM: Do not initialize link state when aspm_disabled is set' (bsc#1051510). - Revert 'powerpc/64: Fix checksum folding in csum_add()' (bsc#1065729). - Revert 'scsi: lpfc: ls_rjt erroneus FLOGIs' (bsc#1119322). - Revert 'usb: dwc3: gadget: skip Set/Clear Halt when invalid' (bsc#1051510). - Revert wlcore patch to follow stable tree develpment - ring-buffer: Allow for rescheduling when removing pages (bsc#1120238). - ring-buffer: Do no reuse reader page if still in use (bsc#1120096). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - rpmsg: Correct support for MODULE_DEVICE_TABLE() (git-fixes). - rtc: hctosys: Add missing range error reporting (bsc#1051510). - rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510). - rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510). - rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510). - rtl8xxxu: Fix missing break in switch (bsc#1051510). - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02). - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16). - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16). - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes). - s390/dasd: simplify locking in dasd_times_out (bsc#1104967,). - s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112). - s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112). - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235). - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes). - s390/mm: correct allocate_pgste proc_handler callback (git-fixes). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682). - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953). - s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682). - s390/qeth: handle failure on workqueue creation (git-fixes). - s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960). - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959). - s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960). - s390: revert ELF_ET_DYN_BASE base changes (git-fixes). - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes). - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273). - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273). - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273). - sbitmap: fix race in wait batch accounting (Git-fixes). - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228). - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578). - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580). - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015). - scsi: lpfc: add Trunking support (bsc#1114015). - scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215). - scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215). - scsi: lpfc: Correct errors accessing fw log (bsc#1114015). - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015). - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015). - scsi: lpfc: Correct LCB RJT handling (bsc#1114015). - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015). - scsi: lpfc: Correct race with abort on completion path (bsc#1114015). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015). - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015). - scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215). - scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215). - scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322). - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015). - scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215). - scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215). - scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215). - scsi: lpfc: Fix errors in log messages (bsc#1114015). - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015). - scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215). - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015). - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015). - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015). - scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215). - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015). - scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215). - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015). - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015). - scsi: lpfc: reduce locking when updating statistics (bsc#1114015). - scsi: lpfc: refactor mailbox structure context fields (bsc#1118215). - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015). - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015). - scsi: lpfc: rport port swap discovery issue (bsc#1118215). - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215). - scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581). - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582). - scsi: sg: fix minor memory leak in error path (bsc#1114584). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: target: Fix fortify_panic kernel exception (bsc#1114576). - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577). - scsi: target: tcmu: add read length support (bsc#1097755). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588). - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02). - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21). - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11). - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21). - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21). - sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16). - serial: 8250: Fix clearing FIFOs in RS485 mode again (bsc#1051510). - shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599). - shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599). - skd: Avoid that module unloading triggers a use-after-free (Git-fixes). - skd: Submit requests to firmware before triggering the doorbell (Git-fixes). - skip LAYOUTRETURN if layout is invalid (git-fixes). - soc: bcm2835: sync firmware properties with downstream () - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510). - soc/tegra: pmc: Fix child-node lookup (bsc#1051510). - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510). - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510). - spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510). - spi: bcm2835: Fix race on DMA termination (bsc#1051510). - spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510). - spi/bcm63xx-hsspi: keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: switch back to reading flash using smaller chunks (bsc#1051510). - spi: sh-msiof: fix deferred probing (bsc#1051510). - splice: do not read more than available pipe space (bsc#1119212). - staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510). - staging: comedi: ni_mio_common: protect register write overflow (bsc#1051510). - staging:iio:ad7606: fix voltage scales (bsc#1051510). - staging: rtl8712: Fix possible buffer overrun (bsc#1051510). - staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510). - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510). - staging: rts5208: fix gcc-8 logic error warning (bsc#1051510). - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510). - staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510). - sunrpc: Allow connect to return EHOSTUNREACH (git-fixes). - sunrpc: Do not use stack buffer with scatterlist (git-fixes). - sunrpc: Fix rpc_task_begin trace point (git-fixes). - sunrpc: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes). - supported.conf: add raspberrypi-ts driver - supported.conf: whitelist bluefield eMMC driver - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349). - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11). - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510). - termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510). - test_firmware: fix error return getting clobbered (bsc#1051510). - test_hexdump: use memcpy instead of strncpy (bsc#1051510). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21). - thermal: bcm2835: enable hwmon explicitly (bsc#1108468). - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510). - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510). - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21). - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11). - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510). - tools build: fix # escaping in .cmd files for future Make (git-fixes). - tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes). - tools: hv: include string.h in hv_fcopy_daemon (git-fixes). - tools/lib/lockdep: Rename 'trywlock' into 'trywrlock' (bsc#1121973). - tools/power/cpupower: fix compilation with STATIC=true (git-fixes). - tools/power turbostat: fix possible sprintf buffer overflow (git-fixes). - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555). - tpm: add retry logic (bsc#1082555). - tpm: consolidate the TPM startup code (bsc#1082555). - tpm: do not suspend/resume if power stays on (bsc#1082555). - tpm: fix intermittent failure with self tests (bsc#1082555). - tpm: fix response size validation in tpm_get_random() (bsc#1082555). - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555). - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555). - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555). - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555). - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555). - tpm: Restore functionality to xen vtpm driver (bsc#1082555). - tpm: self test failure should not cause suspend to fail (bsc#1082555). - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555). - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555). - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555). - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555). - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555). - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188). - tracing/blktrace: Fix to allow setting same value (Git-fixes). - tracing: Erase irqsoff trace with empty write (bsc#1117189). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix crash when freeing instances with event triggers (bsc#1120230). - tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097). - tracing: Fix double free of event_trigger_data (bsc#1120234). - tracing: Fix missing return symbol in function_graph output (bsc#1120232). - tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235). - tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing: Fix trace_pipe behavior for instance traces (bsc#1120088). - tracing: Remove RCU work arounds from stack tracer (bsc#1120092). - tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes). - tty: check name length in tty_find_polling_driver() (bsc#1051510). - tty: Do not block on IO when ldisc change is pending (bnc#1105428). - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510). - tty: Do not return -EAGAIN in blocking read (bsc#1116040). - tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510). - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428). - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428). - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428). - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428). - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428). - tty/ldsem: Wake up readers after timed out down_write() (bnc#1105428). - tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510). - tty: Simplify tty->count math in tty_reopen() (bnc#1105428). - tty: wipe buffer (bsc#1051510). - tty: wipe buffer if not echoing data (bsc#1051510). - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510). - tuntap: fix multiqueue rx (networking-stable-18_11_21). - ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598). - ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch: Fixup compilation failure due to different ubifs_assert() prototype. - udf: Allow mounting volumes with incorrect identification strings (bsc#1118774). - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24). - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24). - udp6: fix encap return code for resubmitting (git-fixes). - uio: ensure class is registered before devices (bsc#1051510). - uio: Fix an Oops on load (bsc#1051510). - uio: make symbol 'uio_class_registered' static (bsc#1051510). - unifdef: use memcpy instead of strncpy (bsc#1051510). - usb: appledisplay: Add 27' Apple Cinema Display (bsc#1051510). - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510). - usb: chipidea: Prevent unbalanced IRQ disable (bsc#1051510). - usb: core: Fix hub port connection events lost (bsc#1051510). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510). - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385). - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385). - usb: dwc2: host: use hrtimer for NAK retries (git-fixes). - usb: dwc3: core: Clean up ULPI device (bsc#1051510). - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510). - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510). - usb: gadget: fsl_udc_core: check allocation return value and cleanup on failure (bsc#1051510). - usb: gadget: fsl_udc_core: fixup struct_udc_setup documentation (bsc#1051510). - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510). - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510). - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510). - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510). - usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510). - usbip: tools: fix atoi() on non-null terminated string (bsc#1051510). - usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888). - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510). - usb: misc: appledisplay: add 20' Apple Cinema Display (bsc#1051510). - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510). - usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510). - usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510). - usb: omap_udc: use devm_request_irq() (bsc#1051510). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510). - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510). - usb: serial: cypress_m8: fix interrupt-out transfer length (bsc#1051510). - usb: serial: option: add Fibocom NL668 series (bsc#1051510). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510). - usb: serial: option: add HP lt4132 (bsc#1051510). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510). - usb: serial: option: add Telit LN940 series (bsc#1051510). - usb: serial: option: add two-endpoints device-id flag (bsc#1051510). - usb: serial: option: drop redundant interface-class test (bsc#1051510). - usb: serial: option: improve Quectel EP06 detection (bsc#1051510). - usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110). - usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510). - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510). - userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761). - userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809). - v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - vfs: close race between getcwd() and d_move() (git-fixes). - vfs: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes). - vhost: Fix Spectre V1 vulnerability (bsc#1051510). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510). - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02). - VMCI: Resource wildcard match fixed (bsc#1051510). - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510). - watchdog/core: Add missing prototypes for weak functions (git-fixes). - wireless: airo: potential buffer overflow in sprintf() (bsc#1051510). - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510). - Workaround for mysterious NVMe breakage with i915 CFL (bsc#1111040). - x86/boot/KASLR: Work around firmware bugs by excluding EFI_BOOT_SERVICES_* and EFI_LOADER_* from KASLR's choice (bnc#1112878). - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913). - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913). - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006). - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279). - x86/decoder: Fix and update the opcodes map (bsc#1058115). - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772). - x86/kabi: Fix cpu_tlbstate issue (bsc#1106913). - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279). - x86/l1tf: Show actual SMT state (bsc#1106913). - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279). - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279). - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279). - x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279). - x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606). - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279). - x86/PCI: Add additional VMD device root ports to VMD AER quirk (bsc#1120058). - x86/PCI: Add 'pci=big_root_window' option for AMD 64-bit windows (bsc#1120058). - x86/PCI: Apply VMD's AERSID fixup generically (bsc#1120058). - x86/PCI: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058). - x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058). - x86/PCI: Enable AMD 64-bit window on resume (bsc#1120058). - x86/PCI: Fix infinite loop in search for 64bit BAR placement (bsc#1120058). - x86/PCI: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058). - x86/PCI: Move VMD quirk to x86 fixups (bsc#1120058). - x86/PCI: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058). - x86/PCI: Use is_vmd() rather than relying on the domain number (bsc#1120058). - x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913). - x86/pti: Document fix wrong index (git-fixes). - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913). - x86/retpoline: Remove minimal retpoline support (bsc#1106913). - x86/speculataion: Mark command line parser data __initdata (bsc#1106913). - x86/speculation: Add command line control for indirect branch speculation (bsc#1106913). - x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913). - x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913). - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913). - x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913). - x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913). - x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913). - x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Mark string arrays const correctly (bsc#1106913). - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913). - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913). - x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913). - x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913). - x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913). - x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913). - x86/speculation: Provide IBPB always command line options (bsc#1106913). - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913). - x86/speculation: Rename SSBD update functions (bsc#1106913). - x86/speculation: Reorder the spec_v2 code (bsc#1106913). - x86/speculation: Reorganize speculation control MSRs update (bsc#1106913). - x86/speculation: Rework SMT state change (bsc#1106913). - x86/speculation: Split out TIF update (bsc#1106913). - x86/speculation: Support Enhanced IBRS on future CPUs (). - x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913). - x86/speculation: Update the TIF_SSBD comment (bsc#1106913). - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netfront: do not bug in case of too many frags (bnc#1104824). - xen/netfront: tolerate frags with no data (bnc#1119804). - xen/pvh: do not try to unplug emulated devices (bnc#1065600). - xen/pvh: increase early stack size (bnc#1065600). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfs: Align compat attrlist_by_handle with native implementation (git-fixes). - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes). - xfs: Properly detect when DAX won't be used on any device (bsc#1115976). - xfs: xfs_buf: drop useless LIST_HEAD (git-fixes). - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510). - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510). - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes). ----------------------------------------- Patch: SUSE-2019-245 Released: Tue Feb 5 16:42:55 2019 Summary: Recommended update for kernel-firmware Severity: moderate References: 1104289,1110720 Description: This update for kernel-firmware fixes the following issues: Update to version 20190118 (bsc#1110720,FATE#325946,bsc#1104289): - brcm: Add BCM43455 NVRAM for Raspberry Pi 3 B+ - brcm: Fix filename for BCM43430 NVRAM for the Raspberry Pi 3 Model B - amdgpu: add raven2 fw for 18.50 release - amdgpu: add picasso fw for 18.50 release - Revert 'brcm: Add BCM43455 NVRAM for Raspberry Pi 3 B+' - Update firmware file for Intel Bluetooth 8265 - Update firmware file for Intel Bluetooth 8260 - Update firmware file for Intel Bluetooth 9260 - Update firmware file for Intel Bluetooth 9560 - brcm: Add BCM43430 NVRAM for the Raspberry Pi 3 Model B - brcm: Add BCM43455 NVRAM for Raspberry Pi 3 B+ - update Marvell USB8801 B0 firmware image - iwlwifi: update firmwares for 9000 series - cxgb4: update firmware to revision 1.22.9.0 ----------------------------------------- Patch: SUSE-2019-247 Released: Wed Feb 6 07:18:45 2019 Summary: Security update for lua53 Severity: moderate References: 1123043,CVE-2019-6706 Description: This update for lua53 fixes the following issues: Security issue fixed: - CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043) ----------------------------------------- Patch: SUSE-2019-248 Released: Wed Feb 6 08:35:20 2019 Summary: Security update for curl Severity: important References: 1123371,1123377,1123378,CVE-2018-16890,CVE-2019-3822,CVE-2019-3823 Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378). - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377). - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371). ----------------------------------------- Patch: SUSE-2019-250 Released: Wed Feb 6 11:22:31 2019 Summary: Recommended update for gtk3 Severity: moderate References: 1119306,1121456 Description: This update for gtk3 fixes the following issues: - Add support for AtkTableCell. (bsc#1119306, fate#326548) - Export gtk_cell_accessible_parent_get_(row|column)_header_cells_ functions. (bsc#1121456) ----------------------------------------- Patch: SUSE-2019-251 Released: Wed Feb 6 11:22:43 2019 Summary: Recommended update for glib2 Severity: moderate References: 1090047 Description: This update for glib2 provides the following fix: - Enable systemtap. (fate#326393, bsc#1090047) ----------------------------------------- Patch: SUSE-2019-252 Released: Wed Feb 6 11:23:38 2019 Summary: Recommended update for grub2 Severity: moderate References: 1114754 Description: This update for grub2 fixes the following issues: - Fixed possible install media boot issues on certain hardware by changing default tsc calibration method to pmtimer on EFI. (bsc#1114754) ----------------------------------------- Patch: SUSE-2019-258 Released: Wed Feb 6 11:26:05 2019 Summary: Recommended update for man-pages Severity: low References: 1116987 Description: This update for man-pages fixes the following issues: - Supplements the package 'man' in order to install some missing man pages. (bsc#1116987) ----------------------------------------- Patch: SUSE-2019-271 Released: Wed Feb 6 16:45:08 2019 Summary: Security update for python Severity: moderate References: 1122191,CVE-2019-5010 Description: This update for python fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) ----------------------------------------- Patch: SUSE-2019-273 Released: Wed Feb 6 16:48:18 2019 Summary: Security update for MozillaFirefox Severity: important References: 1119069,1120374,1122983,CVE-2018-12404,CVE-2018-18500,CVE-2018-18501,CVE-2018-18505 Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: Security issues fixed: - CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (bsc#1122983). - CVE-2018-18501: Fixed multiple memory safety bugs (bsc#1122983). - CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (bsc#1122983). - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bsc#1119069). Non-security issue fixed: - Update to MozillaFirefox ESR 60.5.0 - Update to mozilla-nss 3.41.1 ----------------------------------------- Patch: SUSE-2019-285 Released: Thu Feb 7 13:25:07 2019 Summary: Security update for avahi Severity: moderate References: 1120281,CVE-2018-1000845 Description: This update for avahi fixes the following issues: Security issue fixed: - CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses (DOS) (bsc#1120281) ----------------------------------------- Patch: SUSE-2019-314 Released: Mon Feb 11 10:08:25 2019 Summary: Recommended update for libdlm Severity: moderate References: 1098449 Description: This update for libdlm fixes the following issues: - Explicitly use and link libstonithd from libpacemaker3 (bsc#1098449) ----------------------------------------- Patch: SUSE-2019-317 Released: Mon Feb 11 16:08:23 2019 Summary: Recommended update for sendmail Severity: moderate References: 1116675 Description: This update for sendmail addresses the following issues: - Fixes an issue with symlink creation on package installation. In order for the wrong symlink to be removed, the service needs to be disabled and re-enabled. (bsc#1116675) ----------------------------------------- Patch: SUSE-2019-319 Released: Mon Feb 11 16:10:02 2019 Summary: Recommended update for python-kiwi Severity: moderate References: 1110871,1119792 Description: This update for python-kiwi provides the following fixes: - Rebuild auto generated code with stable generateDS. For some reason the xml_parse code generated by generateDS v2.29.24 caused warnings on simple type XSD patterns. Therefore the code was rebuilt with the stable build version v2.29.14 which fixed the issue. (bsc#1119792) - Add Codec utils for bytes literals decoding. In case of a literal decoding failure it tries to decode the result in utf-8. This is handy in python2 environments where python and the host might be using different charset configurations. In python3 this issue seems to be solved. (bsc#1110871) ----------------------------------------- Patch: SUSE-2019-364 Released: Wed Feb 13 14:00:08 2019 Summary: Recommended update for ipset Severity: moderate References: 1122853 Description: This update for ipset fixes the following issues: - Fixed parsing service names for ports. Parsing is attempted both for numbers and service names and the temporary stored error message triggered to reset the state parameters about the set [bsc#1122853] ----------------------------------------- Patch: SUSE-2019-369 Released: Wed Feb 13 14:01:42 2019 Summary: Recommended update for itstool Severity: moderate References: 1065270,1111019 Description: This update for itstool and python-libxml2-python fixes the following issues: Package: itstool - Updated version to support Python3. (bnc#1111019) Package: python-libxml2-python - Fix segfault when parsing invalid data. (bsc#1065270) ----------------------------------------- Patch: SUSE-2019-374 Released: Wed Feb 13 14:03:02 2019 Summary: Recommended update for xrdb Severity: moderate References: 1120004 Description: This update for xrdb fixes the following issues: - Now no warnings will be shown when parsing valid comments. (bsc#1120004) ----------------------------------------- Patch: SUSE-2019-426 Released: Mon Feb 18 17:46:55 2019 Summary: Security update for systemd Severity: important References: 1117025,1121563,1122000,1123333,1123727,1123892,1124153,1125352,CVE-2019-6454 Description: This update for systemd fixes the following issues: - CVE-2019-6454: Overlong DBUS messages could be used to crash systemd (bsc#1125352) - units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) - logind: fix bad error propagation - login: log session state 'closing' (as well as New/Removed) - logind: fix borked r check - login: don't remove all devices from PID1 when only one was removed - login: we only allow opening character devices - login: correct comment in session_device_free() - login: remember that fds received from PID1 need to be removed eventually - login: fix FDNAME in call to sd_pid_notify_with_fds() - logind: fd 0 is a valid fd - logind: rework sd_eviocrevoke() - logind: check file is device node before using .st_rdev - logind: use the new FDSTOREREMOVE=1 sd_notify() message (bsc#1124153) - core: add a new sd_notify() message for removing fds from the FD store again - logind: make sure we don't trip up on half-initialized session devices (bsc#1123727) - fd-util: accept that kcmp might fail with EPERM/EACCES - core: Fix use after free case in load_from_path() (bsc#1121563) - core: include Found state in device dumps - device: fix serialization and deserialization of DeviceFound - fix path in btrfs rule (#6844) - assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) - Update systemd-system.conf.xml (bsc#1122000) - units: inform user that the default target is started after exiting from rescue or emergency mode - core: free lines after reading them (bsc#1123892) - sd-bus: if we receive an invalid dbus message, ignore and proceeed - automount: don't pass non-blocking pipe to kernel. ----------------------------------------- Patch: SUSE-2019-433 Released: Tue Feb 19 12:18:20 2019 Summary: Recommended update for open-iscsi Severity: moderate References: 1116711,1122938 Description: This update for open-iscsi provides the following fixes: - qedi: Set buf_size in case of ICMP and ARP packet. (bsc#1116711) - qedi: Use uio BD index instead on buffer index. (bsc#1116711) - Fix the output for iscsiadm node/iface print level P1. (bsc#1122938) ----------------------------------------- Patch: SUSE-2019-436 Released: Tue Feb 19 13:21:31 2019 Summary: Recommended update for yast2-registration Severity: moderate References: 1110246,1122608 Description: This update for yast2-registration fixes the following issues: - Do not try to remove services which have already been deleted. (bsc#1110246) - Improved the message in the registration skipping dialog (bsc#1122608) ----------------------------------------- Patch: SUSE-2019-441 Released: Tue Feb 19 18:53:05 2019 Summary: Recommended update for dmidecode Severity: moderate References: 1120149 Description: This update for dmidecode fixes the following issues: - Extensions to Memory Device (Type 17) (FATE#326830 bsc#1120149) - Add 'Logical non-volatile device' to the memory device types (FATE#326830 bsc#1120149) ----------------------------------------- Patch: SUSE-2019-444 Released: Tue Feb 19 18:53:28 2019 Summary: Recommended update for wicked Severity: moderate References: 1118378 Description: This update for wicked fixes the following issues: - Wicked test command now displays the hostname. (bsc#1118378) ----------------------------------------- Patch: SUSE-2019-447 Released: Wed Feb 20 08:38:23 2019 Summary: Security update for libqt5-qtbase Severity: moderate References: 1096328,1099874,1108889,1118595,1118596,1120639,CVE-2018-15518,CVE-2018-19873 Description: This update for libqt5-qtbase provides the following fixes: Security issues fixed: - CVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595) - CVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596) Non-security issues fixed: - Fix dynamic loading of libGL. (bsc#1099874) - Make sure printer settings are properly remembered. (bsc#1096328) - Add patch to fix fails to load pixmap cursors on XRender less system (bsc#1108889) - Fix krita pop-up palette not working properly (bsc#1120639) ----------------------------------------- Patch: SUSE-2019-455 Released: Wed Feb 20 17:44:54 2019 Summary: Recommended update for tuned Severity: low References: 1098395 Description: This update for tuned fixes the following issues: - Fix logrotation to be configurable (bsc#1098395) ----------------------------------------- Patch: SUSE-2019-459 Released: Thu Feb 21 17:12:36 2019 Summary: Recommended update for drbd Severity: important References: 1118732,1118974 Description: This update for drbd to version 9.0.15-1 and drbd-utils fixes the following issues: - split brain handles malfunction when 2 primaries (bsc#1118732) - remove the deprecated comment about drbd-overview (bsc#1118974) ----------------------------------------- Patch: SUSE-2019-460 Released: Thu Feb 21 17:12:54 2019 Summary: Recommended update for libstorage-ng Severity: moderate References: 1101870,1120070 Description: This update for libstorage-ng fixes the following issues: - Fix partitioning error by relaxing the check for luks correctness. (bsc#1120070, bsc#1101870) ----------------------------------------- Patch: SUSE-2019-461 Released: Thu Feb 21 17:13:30 2019 Summary: Recommended update for yast2-storage-ng Severity: moderate References: 1099485,1121442 Description: This update for yast2-storage-ng fixes the following issues: - Allows to cancel Guided Setup. (bsc#1121442) - Adds link to storage client from installation summary. (bsc#1099485) ----------------------------------------- Patch: SUSE-2019-464 Released: Fri Feb 22 09:43:52 2019 Summary: Recommended update for xkeyboard-config Severity: moderate References: 1123784 Description: This update for xkeyboard-config fixes the following issues: - Fixes missing mappings for evdev keys KEY_RFKILL and KEY_WWAN. (bsc#1123784) ----------------------------------------- Patch: SUSE-2019-480 Released: Mon Feb 25 11:55:21 2019 Summary: Security update for supportutils Severity: important References: 1043311,1046681,1051797,1071545,1105849,1112461,1115245,1117776,1118460,1118462,1118463,1125609,1125666,CVE-2018-19637,CVE-2018-19638,CVE-2018-19639,CVE-2018-19640 Description: This update for supportutils fixes the following issues: Security issues fixed: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes (bsc#1118463). - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files (bsc#1118460). - CVE-2018-19639: Fixed a code execution if run with -v (bsc#1118462). - CVE-2018-19637: Fixed an issue where static temporary filename could allow overwriting of files (bsc#1117776). Other issues fixed: - Fixed invalid exit code commands (bsc#1125666). - Included additional SUSE separation (bsc#1125609). - Merged added listing of locked packes by zypper. - Exclude pam.txt per GDPR by default (bsc#1112461). - Clarified -x functionality in supportconfig(8) (bsc#1115245). - udev service and provide the whole journal content in supportconfig (bsc#1051797). - supportconfig collects tuned profile settings (bsc#1071545). - sfdisk -d no disk device specified (bsc#1043311). - Added vulnerabilites status check in basic-health.txt (bsc#1105849). - Added only sched_domain from cpu0. - Blacklist sched_domain from proc.txt (bsc#1046681). - Added firewall-cmd info. - Add ls -lA --time-style=long-iso /etc/products.d/ - Dump lsof errors. - Added corosync status to ha_info. - Dump find errors in ib_info. ----------------------------------------- Patch: SUSE-2019-490 Released: Tue Feb 26 10:42:15 2019 Summary: Recommended update for systemd-presets-branding-SLE Severity: moderate References: 1121219 Description: This update for systemd-presets-branding-SLE fixes the following issues: - branding-preset-states: Apply preset to all unit types. (bsc#1121219) ----------------------------------------- Patch: SUSE-2019-496 Released: Tue Feb 26 16:43:02 2019 Summary: Security update for openssh Severity: moderate References: 1121816,1121821,1125687,CVE-2019-6109,CVE-2019-6111 Description: This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816) - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821) Other bug fixes and changes: - Handle brace expansion in scp when checking that filenames sent by the server side match what the client requested (bsc#1125687) ----------------------------------------- Patch: SUSE-2019-501 Released: Tue Feb 26 19:11:53 2019 Summary: Recommended update for crash Severity: moderate References: 1090127 Description: This update for crash fixes the following issues: - Fix crash utility printing 'bt:seek' and 'bt:read' errors. (bsc#1090127) ----------------------------------------- Patch: SUSE-2019-503 Released: Tue Feb 26 19:12:25 2019 Summary: Recommended update for polkit-default-privs Severity: moderate References: 1122116,1123653 Description: This update for polkit-default-privs fixes the following issues: - soften a flatpak permissions rule (bsc#1122116) - add an additional flatpak rule (bsc#1123653) ----------------------------------------- Patch: SUSE-2019-506 Released: Wed Feb 27 11:20:02 2019 Summary: Recommended update for permissions Severity: moderate References: 1120650,1123886 Description: This update for permissions fixes the following issues: - New whitelisting for /usr/lib/virtualbox/VirtualBoxVM and removed stale entries for VirtualBox(bsc#1120650) - Ensure consistency of entries, otherwise switching between settings becomes problematic - Whitelist for postgresql. Currently the checker doesn't complain because the directories aren't packaged, but that might change and/or our checkers might improve (bsc#1123886) ----------------------------------------- Patch: SUSE-2019-518 Released: Thu Feb 28 15:40:23 2019 Summary: Recommended update for dracut Severity: moderate References: 1113712,1124088 Description: This update for dracut fixes the following issues: - Correct fix for displaying text on emergency consoles (bsc#1124088) - 95iscsi: handle qedi like bnx2i (bsc#1113712) - 91zipl: Don't use contents of commented lines (osc#1119499) - Fix displaying text on emergency consoles (bsc#1124088) - Remove invalid 'FONT_MAP=none' from vconsole.conf (osc#1013573) ----------------------------------------- Patch: SUSE-2019-528 Released: Fri Mar 1 13:46:35 2019 Summary: Recommended update for gnome-shell Severity: important References: 1093541,1120178 Description: This update for gnome-shell and gsettings-desktop-schemas fixes the following issues: gnome-shell: - Fixes an issue where gnome-shell crashed and prevented booting into a GNOME environment (bsc#1120178) - Fixes a memory leak bug (bsc#1093541) gsettings-desktop-schemas: - Fixes an issue where gsettings-desktop-schemas crashed in combination with gnome-shell (bsc#1120178) ----------------------------------------- Patch: SUSE-2019-532 Released: Fri Mar 1 13:47:29 2019 Summary: Recommended update for console-setup, kbd Severity: moderate References: 1122361 Description: This update for console-setup and kbd provides the following fix: - Fix Shift-Tab mapping. (bsc#1122361) ----------------------------------------- Patch: SUSE-2019-544 Released: Tue Mar 5 14:36:49 2019 Summary: Recommended update for dracut Severity: moderate References: 1125327 Description: This update for dracut fixes the following issues: - purge-kernels: Avoid endless loop when uninstalling kernels that depend on KMPs which in themselves depend on other packages (bsc#1125327) ----------------------------------------- Patch: SUSE-2019-550 Released: Tue Mar 5 14:46:46 2019 Summary: Recommended update for sapconf Severity: moderate References: 1111243,1122741 Description: This update for sapconf fixes the following issues: - Source /etc/sysconfig/sapconf entries correctly, even if the /etc filesystem is read-only. (bsc#1122741) - log skipping of existing /etc/systemd/logind.conf.d/sap.conf file during package installation. (bsc#1111243) ----------------------------------------- Patch: SUSE-2019-560 Released: Wed Mar 6 14:12:17 2019 Summary: Recommended update for yast2-registration Severity: moderate References: 1111419,1125006 Description: This update for yast2-registration fixes the following issues: - Fixed 'can't modify frozen String' crash (bsc#1125006) - CRLF control characters cannot be included in the registration code, added validation check (bsc#1111419) ----------------------------------------- Patch: SUSE-2019-565 Released: Thu Mar 7 17:46:16 2019 Summary: Recommended update for supportutils Severity: moderate References: 1094225,1109664,1120049,1121043,1127063,1127069 Description: This update for supportutils fixes the following issues: - Dont show error if /proc/fb is not present (bsc#1127069) - Fixed issue where dasdview got called with wrong arguments (bsc#1109664) - Clarified -t argument description in help output (bsc#1121043) - Fixed grep error in NTP when /etc/cron.d is empty (bsc#1127063) - Collect systemd journal logs with minimum installation (bsc#1094225) - Fixed tar file generation (bsc#1120049) ----------------------------------------- Patch: SUSE-2019-570 Released: Thu Mar 7 17:50:46 2019 Summary: Recommended update for bind Severity: moderate References: 1094236 Description: This update for bind fixes the following issues: - Fixes dynamic DNS updates against samba and Microsoft DNS servers (bsc#1094236). ----------------------------------------- Patch: SUSE-2019-571 Released: Thu Mar 7 18:13:46 2019 Summary: Security update for file Severity: moderate References: 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907 Description: This update for file fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974) - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) ----------------------------------------- Patch: SUSE-2019-577 Released: Mon Mar 11 12:03:49 2019 Summary: Recommended update for apparmor Severity: important References: 1123820,1127073 Description: This update for apparmor fixes the following issues: - apparmor prevents libvirtd from starting (bsc#1127073) - Start apparmor after filesystem remount (bsc#1123820) ----------------------------------------- Patch: SUSE-2019-585 Released: Tue Mar 12 12:59:09 2019 Summary: Security update for java-1_8_0-ibm Severity: important References: 1122292,1122293,1122299,1128158,CVE-2018-11212,CVE-2018-1890,CVE-2019-2422,CVE-2019-2449 Description: This update for java-1_8_0-ibm to version 8.0.5.30 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2018-1890: Fixed a local privilege escalation via RPATHs (bsc#1128158). - CVE-2019-2449: Fixed a vulnerabilit which could allow remote atackers to delete arbitrary files (bsc#1122292). More information: https://www-01.ibm.com/support/docview.wss?uid=ibm10873332 ----------------------------------------- Patch: SUSE-2019-586 Released: Tue Mar 12 13:00:35 2019 Summary: Security update for ceph Severity: moderate References: 1084645,1086613,1096748,1099162,1101262,1111177,1114567,CVE-2018-10861,CVE-2018-1128,CVE-2018-1129,CVE-2018-14662,CVE-2018-16846 Description: This update for ceph version 13.2.4 fixes the following issues: Security issues fixed: - CVE-2018-14662: Fixed an issue with LUKS 'config-key' safety (bsc#1111177) - CVE-2018-10861: Fixed an authorization bypass on OSD pool ops in ceph-mon (bsc#1099162) - CVE-2018-1128: Fixed signature check bypass in cephx (bsc#1096748) - CVE-2018-1129: Fixed replay attack in cephx protocol (bsc#1096748) - CVE-2018-16846: Enforced bounds on max-keys/max-uploads/max-parts in rgw Non-security issues fixed: - ceph-volume Python 3 fixes (bsc#1114567) - fix python3 module loading (bsc#1086613) ----------------------------------------- Patch: SUSE-2019-600 Released: Tue Mar 12 18:40:17 2019 Summary: Security update for openssl-1_0_0 Severity: moderate References: 1117951,1127080,CVE-2019-1559 Description: This update for openssl-1_0_0 fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951) - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080). ----------------------------------------- Patch: SUSE-2019-605 Released: Wed Mar 13 12:40:48 2019 Summary: Recommended update for azure-li-services Severity: moderate References: 1127923,1127924 Description: This update for azure-li-services to version 1.1.27 provides the following: - Azure Large instances password reset and MAC based ifnames support (bsc#1127924) - Azure Very Large instances support for bonding (bsc#1127924) ----------------------------------------- Patch: SUSE-2019-608 Released: Wed Mar 13 15:21:02 2019 Summary: Recommended update for cups Severity: moderate References: 1118118 Description: This update for cups fixes the following issues: - Fixed validation of UTF-8 filenames to avoid crashes (bsc#1118118) ----------------------------------------- Patch: SUSE-2019-619 Released: Fri Mar 15 15:38:37 2019 Summary: Security update for wireshark Severity: moderate References: 1127367,1127369,1127370,CVE-2019-9208,CVE-2019-9209,CVE-2019-9214 Description: This update for wireshark to version 2.4.13 fixes the following issues: Security issues fixed: - CVE-2019-9214: Avoided a dereference of a null coversation which could make RPCAP dissector crash (bsc#1127367). - CVE-2019-9209: Fixed a buffer overflow in time values which could make ASN.1 BER and related dissectors crash (bsc#1127369). - CVE-2019-9208: Fixed a null pointer dereference which could make TCAP dissector crash (bsc#1127370). Release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.4.13.html ----------------------------------------- Patch: SUSE-2019-637 Released: Tue Mar 19 09:26:52 2019 Summary: Security update for libssh2_org Severity: moderate References: 1128471,1128472,1128474,1128476,1128480,1128481,1128490,1128492,1128493,CVE-2019-3855,CVE-2019-3856,CVE-2019-3857,CVE-2019-3858,CVE-2019-3859,CVE-2019-3860,CVE-2019-3861,CVE-2019-3862,CVE-2019-3863 Description: This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenicate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). ----------------------------------------- Patch: SUSE-2019-639 Released: Tue Mar 19 13:06:22 2019 Summary: Security update for ldb Severity: moderate References: 1125410,CVE-2019-3824 Description: This update for ldb fixes the following issue: Security issue fixed: - CVE-2019-3824: Fixed an out-of-bound read vulnerability in ldb_wildcard_compare (bsc#1125410). ----------------------------------------- Patch: SUSE-2019-640 Released: Tue Mar 19 13:17:09 2019 Summary: Recommended update for polkit-default-privs Severity: moderate References: 1122262 Description: This update for polkit-default-privs fixes the following issues: - backport of newly introduced NetworkManager wifi-scan rule (bsc#1122262). ----------------------------------------- Patch: SUSE-2019-641 Released: Tue Mar 19 13:17:28 2019 Summary: Recommended update for glibc Severity: moderate References: 1112570,1114984,1114993 Description: This update for glibc provides the following fixes: - Fix Haswell CPU string flags. (bsc#1114984) - Fix waiters-after-spinning case. (bsc#1114993) - Do not relocate absolute symbols. (bsc#1112570) - Add glibc-locale-base subpackage containing only C, C.UTF-8 and en_US.UTF-8 locales. (fate#326551) - Add HWCAP_ATOMICS to HWCAP_IMPORTANT (fate#325962) - Remove slow paths from math routines. (fate#325815, fate#325879, fate#325880, fate#325881, fate#325882) ----------------------------------------- Patch: SUSE-2019-659 Released: Wed Mar 20 14:40:11 2019 Summary: Recommended update for yast2-iscsi-client Severity: moderate References: 1099691,1103681 Description: This update for yast2-iscsi-client fixes the following issues: - Fix detection of service current status (bsc#1103681) - Added additional searchkeys to desktop file (fate#321043, bsc#1099691) ----------------------------------------- Patch: SUSE-2019-664 Released: Wed Mar 20 14:54:12 2019 Summary: Recommended update for gpgme Severity: low References: 1121051 Description: This update for gpgme provides the following fix: - Re-generate keys in Qt tests to not expire. (bsc#1121051) ----------------------------------------- Patch: SUSE-2019-678 Released: Thu Mar 21 10:40:31 2019 Summary: Security update for openssl-1_1 Severity: moderate References: 1116833,1125494,1128189,CVE-2019-1543 Description: This update for openssl-1_1 (OpenSSL Security Advisory [6 March 2019]) fixes the following issues: Security issue fixed: - CVE-2019-1543: Fixed an implementation error in ChaCha20-Poly1305 where it was allowed to set IV with more than 12 bytes (bsc#1128189). Other issues addressed: - Fixed a segfault in openssl speed when an unknown algorithm is passed (bsc#1125494). - Correctly skipped binary curves in openssl speed to avoid spitting errors (bsc#1116833). ----------------------------------------- Patch: SUSE-2019-680 Released: Thu Mar 21 15:43:36 2019 Summary: Recommended update for sbd Severity: moderate References: 1102930,1107321,1112918 Description: This update for sbd fixes the following issues: Updated to version 1.4.0+20190123.1829c40: - sbd.sysconfig: watchdog timeout set in the on-disk metadata takes precedence - sbd.8.pod: use the generic term 'cluster services' instead of the specific 'openais' (bsc#1112918) - make timeout-action executed by sbd configurable - use pacemaker's new pe api with constructors/destructors - sbd-common: avoid statting potential links - sbd-inquisitor: SBD_DELAY_START can be configured with a delay value (bsc#1107321) - sbd-common: don't follow symlinks outside /dev for watchdog ----------------------------------------- Patch: SUSE-2019-694 Released: Thu Mar 21 19:52:15 2019 Summary: Recommended update for autoyast2 Severity: moderate References: 1123091 Description: This update for autoyast2 provides the following fix: - Fixed conflicting items in rule dialogs. (bsc#1123091) ----------------------------------------- Patch: SUSE-2019-697 Released: Thu Mar 21 19:53:05 2019 Summary: Recommended update for libcap-ng Severity: moderate References: 1123319 Description: This update for libcap-ng fixes the following issues: - bsc#1123319: run SPEC file through spec-cleaner ----------------------------------------- Patch: SUSE-2019-698 Released: Thu Mar 21 19:53:19 2019 Summary: Recommended update for yast2-iscsi-lio-server Severity: moderate References: 1123316 Description: This update for yast2-iscsi-lio-server fixes the following issues: - Accept symlinks to block devices and files in dialogs. (bsc#1123316) ----------------------------------------- Patch: SUSE-2019-699 Released: Thu Mar 21 19:53:34 2019 Summary: Recommended update for firewalld Severity: moderate References: 1122151 Description: This update for firewalld fixes the following issues: - Fix --runtime-to-permanent error when NetworkMananger is not used. (bsc#1122151) ----------------------------------------- Patch: SUSE-2019-700 Released: Thu Mar 21 19:54:00 2019 Summary: Recommended update for cyrus-sasl Severity: moderate References: 1044840 Description: This update for cyrus-sasl provides the following fix: - Fix a problem that was causing syslog to be polluted with messages 'GSSAPI client step 1'. By server context the connection will be sent to the log function but the client content does not have log level information, so there is no way to stop DEBUG level logs. (bsc#1044840) ----------------------------------------- Patch: SUSE-2019-702 Released: Fri Mar 22 10:43:05 2019 Summary: Recommended update for bc Severity: moderate References: 1129038 Description: This update for bc fixes the following issues: - Correct return value after 'q' command which could lead to problems during Oracle patching (bsc#1129038) ----------------------------------------- Patch: SUSE-2019-707 Released: Fri Mar 22 13:32:07 2019 Summary: Security update for unzip Severity: moderate References: 1110194,CVE-2018-18384 Description: This update for unzip fixes the following issues: - CVE-2018-18384: Fixed a buffer overflow when listing archives (bsc#1110194) ----------------------------------------- Patch: SUSE-2019-711 Released: Fri Mar 22 15:51:07 2019 Summary: Security update for libjpeg-turbo Severity: moderate References: 1096209,1098155,1128712,CVE-2018-1152,CVE-2018-11813,CVE-2018-14498 Description: This update for libjpeg-turbo fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712). - CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop (bsc#1096209) - CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image (bsc#1098155) ----------------------------------------- Patch: SUSE-2019-712 Released: Fri Mar 22 15:54:43 2019 Summary: Security update for ucode-intel Severity: moderate References: 1129231 Description: This update for ucode-intel fixes the following issues: Updated to the 20190312 bundle release (bsc#1129231) New Platforms: - AML-Y22 H0 6-8e-9/10 0000009e Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2 Core Gen8 Mobile - CFL-S P0 6-9e-c/22 000000a2 Core Gen9 Desktop - CFL-H R0 6-9e-d/22 000000b0 Core Gen9 Mobile Updated Platforms: - HSX-E/EP Cx/M1 6-3f-2/6f 0000003d->00000041 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000012->00000013 Xeon E7 v3 - SKX-SP H0/M0/U0 6-55-4/b7 0200004d->0000005a Xeon Scalable - SKX-D M1 6-55-4/b7 0200004d->0000005a Xeon D-21xx - BDX-DE V1 6-56-2/10 00000017->00000019 Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000013->07000016 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000012->0f000014 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000a->0e00000c Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000032->00000036 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - APL E0 6-5c-a/03 0000000c->00000010 Atom x5/7-E39xx - GLK B0 6-7a-1/01 00000028->0000002c Pentium Silver N/J5xxx, Celeron N/J4xxx - KBL-U/Y H0 6-8e-9/c0 0000008e->0000009a Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 00000096->0000009e Core Gen8 Mobile - KBL-H/S/E3 B0 6-9e-9/2a 0000008e->0000009a Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 00000096->000000aa Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 0000008e->000000aa Core Gen8 ----------------------------------------- Patch: SUSE-2019-713 Released: Fri Mar 22 15:55:05 2019 Summary: Recommended update for glibc Severity: moderate References: 1063675,1126590 Description: This update for glibc fixes the following issues: - Add MAP_SYNC from Linux 4.15 (bsc#1126590) - Add MAP_SHARED_VALIDATE from Linux 4.15 (bsc#1126590) - nptl: Preserve error in setxid thread broadcast in coredumps (bsc#1063675, BZ #22153) ----------------------------------------- Patch: SUSE-2019-732 Released: Mon Mar 25 14:10:04 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1088524,1118364,1128246 Description: This update for aaa_base fixes the following issues: - Restore old position of ssh/sudo source of profile (bsc#1118364). - Update logic for JRE_HOME env variable (bsc#1128246) ----------------------------------------- Patch: SUSE-2019-749 Released: Tue Mar 26 15:32:24 2019 Summary: Recommended update for dracut Severity: moderate References: 1127891 Description: This update for dracut fixes the following issues: - Check SUSE kernel module dependencies recursively (bsc#1127891) - Avoid 'Failed to chown ... Operation not permitted' when run from non-root, by not copying xattrs. (osc#1092178) - Handle non-versioned dependency in purge-kernels. ----------------------------------------- Patch: SUSE-2019-771 Released: Wed Mar 27 10:36:06 2019 Summary: Security update for gd Severity: moderate References: 1123361,1123522,CVE-2019-6977,CVE-2019-6978 Description: This update for gd fixes the following issues: Security issues fixed: - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123361). - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). ----------------------------------------- Patch: SUSE-2019-784 Released: Thu Mar 28 08:46:21 2019 Summary: Security update for the Linux Kernel Severity: important References: 1046305,1046306,1050252,1050549,1051510,1054610,1055121,1056658,1056662,1056787,1060463,1063638,1065600,1070995,1071995,1078355,1082943,1083548,1083647,1084216,1086095,1086282,1086301,1086313,1086314,1086323,1087082,1087092,1088133,1094555,1098382,1098425,1098995,1103429,1104353,1106105,1106434,1106811,1107078,1107665,1108101,1108870,1109695,1110096,1110705,1111666,1113042,1113712,1113722,1113939,1114279,1114585,1117108,1117155,1117645,1118338,1119019,1119086,1119766,1119843,1120008,1120318,1120601,1120758,1120854,1120902,1120909,1120955,1121317,1121726,1121789,1121805,1122019,1122192,1122324,1122554,1122662,1122764,1122779,1122822,1122885,1122927,1122944,1122971,1122982,1123060,1123061,1123161,1123317,1123348,1123357,1123456,1123538,1123697,1123882,1123933,1124055,1124204,1124235,1124579,1124589,1124728,1124732,1124735,1124969,1124974,1124975,1124976,1124978,1124979,1124980,1124981,1124982,1124984,1124985,1125109,1125125,1125252,1125315,1125614,1125728,1125780,1125797,1125799,1125800,1125907,1125947,1126131,1126209,1126389,1126393,1126476,1126480,1126481,1126488,1126495,1126555,1126579,1126789,1126790,1126802,1126803,1126804,1126805,1126806,1126807,1127042,1127062,1127082,1127154,1127285,1127286,1127307,1127363,1127493,1127494,1127495,1127496,1127497,1127498,1127534,1127561,1127567,1127595,1127603,1127682,1127731,1127750,1127836,1127961,1128094,1128166,1128351,1128451,1128895,1129046,1129080,1129163,1129179,1129181,1129182,1129183,1129184,1129205,1129281,1129284,1129285,1129291,1129292,1129293,1129294,1129295,1129296,1129326,1129327,1129330,1129363,1129366,1129497,1129519,1129543,1129547,1129551,1129581,1129625,1129664,1129739,1129923,824948,CVE-2018-20669,CVE-2019-2024,CVE-2019-3459,CVE-2019-3460,CVE-2019-3819,CVE-2019-6974,CVE-2019-7221,CVE-2019-7222,CVE-2019-7308,CVE-2019-8912,CVE-2019-8980,CVE-2019-9213 Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). - CVE-2019-9213: expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209). - CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable (bnc#1123161). - CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr (bnc#1125907). - CVE-2019-7308: kernel/bpf/verifier.c performed undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (bnc#1124055). - CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732). - CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bnc#1124728). - CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks. (bnc#1122971). The following non-security bugs were fixed: - 6lowpan: iphc: reset mac_header after decompress to fix panic (bsc#1051510). - 9p: clear dangling pointers in p9stat_free (bsc#1051510). - 9p locks: fix glock.client_id leak in do_lock (bsc#1051510). - 9p/net: fix memory leak in p9_client_create (bsc#1051510). - 9p/net: put a lower bound on msize (bsc#1051510). - 9p: use inode->i_lock to protect i_size_write() under 32-bit (bsc#1051510). - ACPI/APEI: Clear GHES block_status before panic() (bsc#1051510). - acpi / device_sysfs: Avoid OF modalias creation for removed device (bsc#1051510). - acpi/nfit: Block function zero DSMs (bsc#1051510). - acpi, nfit: Fix Address Range Scrub completion tracking (bsc#1124969). - acpi/nfit: Fix bus command validation (bsc#1051510). - acpi/nfit: Fix command-supported detection (bsc#1051510). - acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() (bsc#1122662). - acpi/nfit: Fix user-initiated ARS to be 'ARS-long' rather than 'ARS-short' (bsc#1124969). - acpi: NUMA: Use correct type for printing addresses on i386-PAE (bsc#1051510). - acpi: power: Skip duplicate power resource references in _PRx (bsc#1051510). - acpi / video: Extend chassis-type detection with a 'Lunch Box' check (bsc#1051510). - acpi / video: Refactor and fix dmi_is_desktop() (bsc#1051510). - add 1 entry 2bcbd406715dca256912b9c5ae449c7968f15705 - Add delay-init quirk for Corsair K70 RGB keyboards (bsc#1087092). - add mainline tags for two hyperv iommu patches - Adjust a commit id in a nvme patch to make our scripts happy - af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers (bsc#1051510). - ALSA: bebob: fix model-id of unit for Apogee Ensemble (bsc#1051510). - alsa: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 (bsc#1051510). - ALSA: compress: Fix stop handling on compressed capture streams (bsc#1051510). - alsa: compress: prevent potential divide by zero bugs (bsc#1051510). - alsa: firewire-motu: fix construction of PCM frame for capture direction (bsc#1051510). - ALSA: hda - Add mute LED support for HP ProBook 470 G5 (bsc#1051510). - ALSA: hda - Add quirk for HP EliteBook 840 G5 (bsc#1051510). - ALSA: hda/ca0132 - Fix build error without CONFIG_PCI (bsc#1051510). - ALSA: hda/realtek: Disable PC beep in passthrough on alc285 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX362FA with ALC294 (bsc#1051510). - ALSA: hda/realtek - Fixed hp_pin no value (bsc#1051510). - ALSA: hda/realtek - Fix lose hp_pins for disable auto mute (bsc#1051510). - ALSA: hda/realtek - Headset microphone and internal speaker support for System76 oryp5 (bsc#1051510). - ALSA: hda/realtek - Headset microphone support for System76 darp5 (bsc#1051510). - ALSA: hda/realtek - Reduce click noise on Dell Precision 5820 headphone (bsc#1126131). - ALSA: hda/realtek - Use a common helper for hp pin reference (bsc#1051510). - ALSA: hda - Serialize codec registrations (bsc#1122944). - ALSA: hda - Use standard device registration for beep (bsc#1122944). - ALSA: oxfw: add support for APOGEE duet FireWire (bsc#1051510). - ALSA: usb-audio: Add Opus #3 to quirks for native DSD support (bsc#1051510). - ALSA: usb-audio: Add support for new T+A USB DAC (bsc#1051510). - ALSA: usb-audio: Fix implicit fb endpoint setup by quirk (bsc#1051510). - altera-stapl: check for a null key before strcasecmp'ing it (bsc#1051510). - amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs (bsc#1122927). - apparmor: Fix aa_label_build() error handling for failed merges (bsc#1051510). - applicom: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - aquantia: Setup max_mtu in ndev to enable jumbo frames (bsc#1051510). - arm64: fault: avoid send SIGBUS two times (bsc#1126393). - arm: 8802/1: Call syscall_trace_exit even when system call skipped (bsc#1051510). - arm: 8808/1: kexec:offline panic_smp_self_stop CPU (bsc#1051510). - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bsc#1051510). - arm: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart (bsc#1051510). - arm/arm64: KVM: Rename function kvm_arch_dev_ioctl_check_extension() (bsc#1126393). - arm/arm64: KVM: vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs (bsc#1051510). - arm: cns3xxx: Fix writing to wrong PCI config registers after alignment (bsc#1051510). - arm: cns3xxx: Use actual size reads for PCIe (bsc#1051510). - arm: imx: update the cpu power up timing setting on i.mx6sx (bsc#1051510). - arm: iop32x/n2100: fix PCI IRQ mapping (bsc#1051510). - arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1051510). - arm: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt (bsc#1051510). - arm: OMAP1: ams-delta: Fix possible use of uninitialized field (bsc#1051510). - arm: OMAP2+: hwmod: Fix some section annotations (bsc#1051510). - arm: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bsc#1051510). - arm: pxa: avoid section mismatch warning (bsc#1051510). - arm: tango: Improve ARCH_MULTIPLATFORM compatibility (bsc#1051510). - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bsc#1051510). - ASoC: dapm: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: dma-sh7760: cleanup a debug printk (bsc#1051510). - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode (bsc#1051510). - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bsc#1051510). - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: imx-sgtl5000: put of nodes if finding codec fails (bsc#1051510). - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field (bsc#1051510). - ASoC: msm8916-wcd-analog: add missing license information (bsc#1051510). - ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of() (bsc#1051510). - ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check (bsc#1051510). - ASoC: rt5514-spi: Fix potential NULL pointer dereference (bsc#1051510). - assoc_array: Fix shortcut creation (bsc#1051510). - ata: ahci: mvebu: remove stale comment (bsc#1051510). - ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom (bsc#1051510). - ath9k: dynack: check da->enabled first in sampling routines (bsc#1051510). - ath9k: dynack: make ewma estimation faster (bsc#1051510). - ath9k: dynack: use authentication messages for 'late' ack (bsc#1051510). - atm: he: fix sign-extension overflow on large shift (bsc#1051510). - ax25: fix a use-after-free in ax25_fillin_cb() (networking-stable-19_01_04). - ax25: fix possible use-after-free (bsc#1051510). - backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial (bsc#1113722) - batman-adv: Avoid WARN on net_device without parent in netns (bsc#1051510). - batman-adv: fix uninit-value in batadv_interface_tx() (bsc#1051510). - batman-adv: Force mac header to start of data on xmit (bsc#1051510). - be2net: do not flip hw_features when VXLANs are added/deleted (bsc#1050252). - bio: Introduce BIO_ALLOCED flag and check it in bio_free (bsc#1128094). - blkdev: avoid migration stalls for blkdev pages (bsc#1084216). - blk-mq: fix a hung issue when fsync (bsc#1125252). - blk-mq: fix kernel oops in blk_mq_tag_idle() (bsc#1051510). - block: break discard submissions into the user defined size (git-fixes). - block: cleanup __blkdev_issue_discard() (git-fixes). - block_dev: fix crash on chained bios with O_DIRECT (bsc#1128094). - blockdev: Fix livelocks on loop device (bsc#1124984). - block: do not deal with discard limit in blkdev_issue_discard() (git-fixes). - block: do not use bio->bi_vcnt to figure out segment number (bsc#1128895). - block: do not warn when doing fsync on read-only devices (bsc#1125252). - block: fix 32 bit overflow in __blkdev_issue_discard() (git-fixes). - block: fix infinite loop if the device loses discard capability (git-fixes). - block/loop: Use global lock for ioctl() operation (bsc#1124974). - block: make sure discard bio is aligned with logical block size (git-fixes). - block: make sure writesame bio is aligned with logical block size (git-fixes). - block: move bio_integrity_{intervals,bytes} into blkdev.h (bsc#1114585). - block/swim3: Fix -EBUSY error when re-opening device after unmount (git-fixes). - bluetooth: Fix locking in bt_accept_enqueue() for BH context (bsc#1051510). - bluetooth: Fix unnecessary error message for HCI request completion (bsc#1051510). - bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bsc#1086323). - bnx2x: Clear fip MAC when fcoe offload support is disabled (bsc#1086323). - bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw (bsc#1086323). - bnx2x: Remove configured vlans as part of unload sequence (bsc#1086323). - bnx2x: Send update-svid ramrod with retry/poll flags enabled (bsc#1086323). - bnxt_en: Fix typo in firmware message timeout logic (bsc#1086282). - bnxt_en: Wait longer for the firmware message response to complete (bsc#1086282). - bonding: update nest level on unlink (git-fixes). - bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() (bsc#1083647). - bpf: drop refcount if bpf_map_new_fd() fails in map_create() (bsc#1083647). - bpf: fix lockdep false positive in percpu_freelist (bsc#1083647). - bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1083647). - bpf: fix sanitation rewrite in case of non-pointers (bsc#1083647). - bpf: Fix syscall's stackmap lookup potential deadlock (bsc#1083647). - bpf, lpm: fix lookup bug in map_delete_elem (bsc#1083647). - bpf/verifier: fix verifier instability (bsc#1056787). - bsg: allocate sense buffer if requested (bsc#1106811). - bsg: Do not copy sense if no response buffer is allocated (bsc#1106811,bsc#1126555). - btrfs: dedupe_file_range ioctl: remove 16MiB restriction (bsc#1127494). - btrfs: do not unnecessarily pass write_lock_level when processing leaf (bsc#1126802). - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128451). - btrfs: fix clone vs chattr NODATASUM race (bsc#1127497). - btrfs: fix corruption reading shared and compressed extents after hole punching (bsc#1126476). - btrfs: fix deadlock when allocating tree block during leaf/node split (bsc#1126806). - btrfs: fix deadlock when using free space tree due to block group creation (bsc#1126804). - btrfs: fix fsync after succession of renames and unlink/rmdir (bsc#1126488). - btrfs: fix fsync after succession of renames of different files (bsc#1126481). - btrfs: fix invalid-free in btrfs_extent_same (bsc#1127498). - btrfs: fix reading stale metadata blocks after degraded raid1 mounts (bsc#1126803). - btrfs: fix use-after-free of cmp workspace pages (bsc#1127603). - btrfs: grab write lock directly if write_lock_level is the max level (bsc#1126802). - btrfs: Improve btrfs_search_slot description (bsc#1126802). - btrfs: move get root out of btrfs_search_slot to a helper (bsc#1126802). - btrfs: qgroup: Cleanup old subtree swap code (bsc#1063638). - btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1063638). - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree (bsc#1129327). - btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled (bsc#1122324). - btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1063638). - btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1063638). - btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1063638). - btrfs: qgroup: Introduce trace event to analyse the number of dirty extents accounted (bsc#1063638 dependency). - btrfs: qgroup: Make qgroup async transaction commit more aggressive (bsc#1113042). - btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1063638). - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1063638). - btrfs: qgroup: Search commit root for rescan to avoid missing extent (bsc#1129326). - btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1063638). - btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1063638). - btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf (bsc#1129327). - btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1063638). - btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1129497). - btrfs: remove always true check in unlock_up (bsc#1126802). - btrfs: remove superfluous free_extent_buffer in read_block_for_search (bsc#1126802). - btrfs: remove unnecessary level check in balance_level (bsc#1126802). - btrfs: remove unused check of skip_locking (bsc#1126802). - btrfs: reuse cmp workspace in EXTENT_SAME ioctl (bsc#1127495). - btrfs: send, fix race with transaction commits that create snapshots (bsc#1126802). - btrfs: simplify IS_ERR/PTR_ERR checks (bsc#1126481). - btrfs: split btrfs_extent_same (bsc#1127493). - btrfs: use kvzalloc for EXTENT_SAME temporary data (bsc#1127496). - btrfs: use more straightforward extent_buffer_uptodate check (bsc#1126802). - can: bcm: check timer values before ktime conversion (bsc#1051510). - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bsc#1051510). - can: gw: ensure DLC boundaries after CAN frame modification (bsc#1051510). - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bsc#1051510). - cdc-wdm: pass return value of recover_from_urb_loss (bsc#1051510). - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126790). - ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125799). - cfg80211: extend range deviation for DMG (bsc#1051510). - ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235). - char/mwave: fix potential Spectre v1 vulnerability (bsc#1051510). - checkstack.pl: fix for aarch64 (bsc#1051510). - ch: fixup refcounting imbalance for SCSI devices (bsc#1124235). - cifs: add missing debug entries for kconfig options (bsc#1051510). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510). - cifs: add sha512 secmech (bsc#1051510). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510). - cifs: Always resolve hostname before reconnecting (bsc#1051510). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: fix return value for cifs_listxattr (bsc#1051510). - cifs: Fix separator when building path from dentry (bsc#1051510). - cifs: fix set info (bsc#1051510). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510). - cifs: fix wrapping bugs in num_entries() (bsc#1051510). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: implement v3.11 preauth integrity (bsc#1051510). - cifs: invalidate cache when we truncate a file (bsc#1051510). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510). - cifs: OFD locks do not conflict with eachothers (bsc#1051510). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510). - clk: armada-370: fix refcount leak in a370_clk_init() (bsc#1051510). - clk: armada-xp: fix refcount leak in axp_clk_init() (bsc#1051510). - clk: dove: fix refcount leak in dove_clk_init() (bsc#1051510). - clk: highbank: fix refcount leak in hb_clk_init() (bsc#1051510). - clk: imx6q: fix refcount leak in imx6q_clocks_init() (bsc#1051510). - clk: imx6q: reset exclusive gates on init (bsc#1051510). - clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bsc#1051510). - clk: imx6sx: fix refcount leak in imx6sx_clocks_init() (bsc#1051510). - clk: imx7d: fix refcount leak in imx7d_clocks_init() (bsc#1051510). - clk: kirkwood: fix refcount leak in kirkwood_clk_init() (bsc#1051510). - clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init() (bsc#1051510). - clk: qoriq: fix refcount leak in clockgen_init() (bsc#1051510). - clk: rockchip: fix typo in rk3188 spdif_frac parent (bsc#1051510). - clk: samsung: exynos4: fix refcount leak in exynos4_get_xom() (bsc#1051510). - clk: socfpga: fix refcount leak (bsc#1051510). - clk: sunxi: A31: Fix wrong AHB gate number (bsc#1051510). - clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks (bsc#1051510). - clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock (bsc#1051510). - clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent (bsc#1051510). - clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it (bsc#1051510). - clk: uniphier: Fix update register for CPU-gear (bsc#1051510). - clk: vf610: fix refcount leak in vf610_clocks_init() (bsc#1051510). - clocksource/drivers/exynos_mct: Fix error path in timer resources initialization (bsc#1051510). - clocksource/drivers/integrator-ap: Add missing of_node_put() (bsc#1051510). - clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable (bsc#1051510). - configfs: fix registered group removal (bsc#1051510). - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - cpufreq: Cap the default transition delay value to 10 ms (bsc#1127042). - cpufreq: conservative: Take limits changes into account properly (bsc#1051510). - cpufreq: governor: Avoid accessing invalid governor_data (bsc#1051510). - cpufreq: governor: Drop min_sampling_rate (bsc#1127042). - cpufreq: governor: Ensure sufficiently large sampling intervals (bsc#1127042). - cpufreq: imx6q: add return value check for voltage scale (bsc#1051510). - cpufreq: Use transition_delay_us for legacy governors as well (bsc#1127042). - cpuidle: big.LITTLE: fix refcount leak (bsc#1051510). - Cramfs: fix abad comparison when wrap-arounds occur (bsc#1051510). - crypto: aes_ti - disable interrupts while accessing S-box (bsc#1051510). - crypto: ahash - fix another early termination in hash walk (bsc#1051510). - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling (bsc#1051510). - crypto: arm/crct10dif - revert to C code for short inputs (bsc#1051510). - crypto: authencesn - Avoid twice completion call in decrypt path (bsc#1051510). - crypto: authenc - fix parsing key with misaligned rta_len (bsc#1051510). - crypto: bcm - convert to use crypto_authenc_extractkeys() (bsc#1051510). - crypto: brcm - Fix some set-but-not-used warning (bsc#1051510). - crypto: caam - fixed handling of sg list (bsc#1051510). - crypto: caam - fix zero-length buffer DMA mapping (bsc#1051510). - crypto: cavium/zip - fix collision with generic cra_driver_name (bsc#1051510). - crypto: crypto4xx - add missing of_node_put after of_device_is_available (bsc#1051510). - crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments (bsc#1051510). - crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails (bsc#1051510). - crypto: testmgr - skip crc32c context test for ahash algorithms (bsc#1051510). - crypto: tgr192 - fix unaligned memory access (bsc#1051510). - crypto: user - support incremental algorithm dumps (bsc#1120902). - crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bsc#1051510). - crypto: ux500 - Use proper enum in hash_set_dma_transfer (bsc#1051510). - cw1200: drop useless LIST_HEAD (bsc#1051510). - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bsc#1051510). - cw1200: fix missing unlock on error in cw1200_hw_scan() (bsc#1051510). - dccp: fool proof ccid_hc_[rt]x_parse_options() (bsc#1051510). - debugfs: fix debugfs_rename parameter checking (bsc#1051510). - Delete patches.fixes/block-loop-Use-global-lock-for-ioctl-operation.patch: It makes existing deadlocks much more probable (bsc#1129739). - dlm: Do not swamp the CPU with callbacks queued during recovery (bsc#1051510). - dlm: fixed memory leaks after failed ls_remove_names allocation (bsc#1051510). - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bsc#1051510). - dlm: memory leaks on error path in dlm_user_request() (bsc#1051510). - dlm: possible memory leak on error path in create_lkb() (bsc#1051510). - dmaengine: at_hdmac: drop useless LIST_HEAD (bsc#1051510). - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bsc#1051510). - dmaengine: at_hdmac: fix module unloading (bsc#1051510). - dmaengine: at_xdmac: Fix wrongfull report of a channel as in use (bsc#1051510). - dmaengine: bcm2835: Fix abort of transactions (bsc#1051510). - dmaengine: bcm2835: Fix interrupt race on RT (bsc#1051510). - dmaengine: dma-jz4780: Return error if not probed from DT (bsc#1051510). - dmaengine: dmatest: Abort test in case of mapping error (bsc#1051510). - dmaengine: dw: drop useless LIST_HEAD (bsc#1051510). - dmaengine: dw: Fix FIFO size for Intel Merrifield (bsc#1051510). - dmaengine: imx-dma: fix wrong callback invoke (bsc#1051510). - dmaengine: mv_xor: Use correct device for DMA API (bsc#1051510). - dmaengine: pl330: drop useless LIST_HEAD (bsc#1051510). - dmaengine: sa11x0: drop useless LIST_HEAD (bsc#1051510). - dmaengine: st_fdma: drop useless LIST_HEAD (bsc#1051510). - dmaengine: stm32-dma: fix incomplete configuration in cyclic mode (bsc#1051510). - dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll (bsc#1051510). - dma: Introduce dma_max_mapping_size() (bsc#1120008). - dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty() (git-fixes). - dm: call blk_queue_split() to impose device limits on bios (git-fixes). - dm: do not allow readahead to limit IO size (git-fixes). - dm thin: send event about thin-pool state change _after_ making it (git-fixes). - dm zoned: Fix target BIO completion handling (git-fixes). - doc: rcu: Suspicious RCU usage is a warning (bsc#1051510). - Do not log confusing message on reconnect by default (bsc#1129664). - Do not log expected error on DFS referral request (bsc#1051510). - driver core: Do not resume suppliers under device_links_write_lock() (bsc#1051510). - driver core: Move async_synchronize_full call (bsc#1051510). - drivers: core: Remove glue dirs from sysfs earlier (bsc#1051510). - drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389, bsc#1126579). - drivers: hv: vmbus: preserve hv_ringbuffer_get_debuginfo kABI (bsc#1126389, bsc#1126579). - drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels (bsc#1126389, bsc#1126579). - drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bsc#1051510). - drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo (bsc#1086314 bsc#1086313 bsc#1086301 ). - drivers/sbus/char: add of_node_put() (bsc#1051510). - drm/amdgpu: Add delay after enable RLC ucode (bsc#1051510). - drm/ast: Fix connector leak during driver unload (bsc#1051510). - drm/ast: fixed reading monitor EDID not stable issue (bsc#1051510). - drm/atomic-helper: Complete fake_commit->flip_done potentially earlier (bsc#1051510). - drm: Block fb changes for async plane updates (bsc#1051510). - drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE (bsc#1051510). - drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value (bsc#1051510). - drm/bridge: tc358767: fix output H/V syncs (bsc#1051510). - drm/bridge: tc358767: fix single lane configuration (bsc#1051510). - drm/bridge: tc358767: reject modes which require too much BW (bsc#1051510). - drm/bufs: Fix Spectre v1 vulnerability (bsc#1051510). - drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state() (bsc#1051510). - drm: disable uncached DMA optimization for ARM and arm64 (bsc#1051510). - drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump() (bsc#1113722) - drm/etnaviv: potential NULL dereference (bsc#1113722) - drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2 (bsc#1113722) - drm: Fix error handling in drm_legacy_addctx (bsc#1113722) - drm/i915: Block fbdev HPD processing during suspend (bsc#1113722) - drm/i915/fbdev: Actually configure untiled displays (bsc#1113722) - drm/i915: Flush GPU relocs harder for gen3 (bsc#1113722) - drm/i915/gvt: Fix mmap range check (bsc#1120902) - drm/i915/gvt: free VFIO region space in vgpu detach (bsc#1113722) - drm/i915/gvt: release shadow batch buffer and wa_ctx before destroy one workload (bsc#1051510). - drm/i915/opregion: fix version check (bsc#1113722) - drm/i915/opregion: rvda is relative from opregion base in opregion (bsc#1113722) - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1113722) - drm/i915: Redefine some Whiskey Lake SKUs (bsc#1051510). - drm/i915: Use the correct crtc when sanitizing plane mapping (bsc#1113722) - drm/meson: add missing of_node_put (bsc#1051510). - drm/modes: Prevent division by zero htotal (bsc#1051510). - drm/msm: Fix error return checking (bsc#1051510). - drm/msm: Grab a vblank reference when waiting for commit_done (bsc#1051510). - drm/msm: Unblock writer if reader closes file (bsc#1051510). - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1113722) - drm/nouveau: Do not spew kernel WARNING for each timeout (bsc#1126480). - drm/nouveau: Do not WARN_ON VCPI allocation failures (bsc#1113722) - drm/nouveau/falcon: avoid touching registers if engine is off (bsc#1051510). - drm/nouveau/pmu: do not print reply values if exec is false (bsc#1113722) - drm/nouveau/tmr: detect stalled gpu timer and break out of waits (bsc#1123538). - drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1113722) - drm: Reorder set_property_atomic to avoid returning with an active ww_ctx (bsc#1051510). - drm/rockchip: fix for mailbox read size (bsc#1051510). - drm/shmob: Fix return value check in shmob_drm_probe (bsc#1113722) - drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init (bsc#1051510). - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1103429) - drm/vmwgfx: Fix setting of dma masks (bsc#1120902) - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1120902) - e1000e: allow non-monotonic SYSTIM readings (bsc#1051510). - earlycon: Initialize port->uartclk based on clock-frequency property (bsc#1051510). - earlycon: Remove hardcoded port->uartclk initialization in of_setup_earlycon (bsc#1051510). - Enable CONFIG_RDMA_RXE=m also for ppc64le (bsc#1107665,) - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK (bsc#1051510). - enic: fix checksum validation for IPv6 (bsc#1051510). - esp6: fix memleak on error path in esp6_input (bsc#1051510). - esp: Fix locking on page fragment allocation (bsc#1051510). - esp: Fix memleaks on error paths (bsc#1051510). - esp: Fix skb tailroom calculation (bsc#1051510). - exportfs: do not read dentry after free (bsc#1051510). - ext4: avoid kernel warning when writing the superblock to a dead device (bsc#1124981). - ext4: check for shutdown and r/o file system in ext4_write_inode() (bsc#1124978). - ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bsc#1124980). - ext4: Fix crash during online resizing (bsc#1122779). - ext4: force inode writes when nfsd calls commit_metadata() (bsc#1125125). - ext4: include terminating u32 in size of xattr entries when expanding inodes (bsc#1124976). - ext4: make sure enough credits are reserved for dioread_nolock writes (bsc#1124979). - ext4: track writeback errors using the generic tracking infrastructure (bsc#1124982). - fanotify: fix handling of events on child sub-directory (bsc#1122019). - fat: validate ->i_start before using (bsc#1051510). - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1113722) - firmware/efi: Add NULL pointer checks in efivars API functions (bsc#1051510). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510). - floppy: check_events callback should not return a negative number (bsc#1051510). - fork: do not copy inconsistent signal handler state to child (bsc#1051510). - fork: record start_time late (git-fixes). - fork: unconditionally clear stack on fork (git-fixes). - fs/cifs: require sha512 (bsc#1051510). - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (git-fixes). - fs/devpts: always delete dcache dentry-s in dput() (git-fixes). - fuse: call pipe_buf_release() under pipe lock (bsc#1051510). - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS (bsc#1051510). - fuse: decrement NR_WRITEBACK_TEMP on the right page (bsc#1051510). - fuse: handle zero sized retrieve correctly (bsc#1051510). - futex: Fix (possible) missed wakeup (bsc#1050549). - gdrom: fix a memory leak bug (bsc#1051510). - geneve: cleanup hard coded value for Ethernet header length (bsc#1123456). - geneve: correctly handle ipv6.disable module parameter (bsc#1051510). - geneve, vxlan: Do not check skb_dst() twice (bsc#1123456). - geneve, vxlan: Do not set exceptions if skb->len < mtu (bsc#1123456). - genwqe: Fix size check (bsc#1051510). - gfs2: Revert 'Fix loop in gfs2_rbm_find' (bsc#1120601). - gianfar: fix a flooded alignment reports because of padding issue (bsc#1051510). - gianfar: Fix Rx byte accounting for ndev stats (bsc#1051510). - gianfar: prevent integer wrapping in the rx handler (bsc#1051510). - gpio: altera-a10sr: Set proper output level for direction_output (bsc#1051510). - gpio: pcf857x: Fix interrupts on multiple instances (bsc#1051510). - gpio: pl061: handle failed allocations (bsc#1051510). - gpio: pl061: Move irq_chip definition inside struct pl061 (bsc#1051510). - gpio: vf610: Mask all GPIO interrupts (bsc#1051510). - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1113722) - gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1113722) - gpu: ipu-v3: image-convert: Prevent race between run and unprepare (bsc#1051510). - gro_cell: add napi_disable in gro_cells_destroy (networking-stable-19_01_04). - gro_cells: make sure device is up in gro_cells_receive() (git-fixes). - hfs: do not free node before using (bsc#1051510). - hfsplus: do not free node before using (bsc#1051510). - hfsplus: prevent btree data loss on root split (bsc#1051510). - hfs: prevent btree data loss on root split (bsc#1051510). - hid: lenovo: Add checks to fix of_led_classdev_register (bsc#1051510). - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (git-fixes). - hvc_opal: do not set tb_ticks_per_usec in udbg_init_opal_common() (bsc#1051510). - hv: v4.12 API for hyperv-iommu (bsc#1122822). - hwmon: (lm80) fix a missing check of bus read in lm80 probe (bsc#1051510). - hwmon: (lm80) fix a missing check of the status of SMBus read (bsc#1051510). - hwmon: (lm80) Fix missing unlock on error in set_fan_div() (bsc#1051510). - hwmon: (tmp421) Correct the misspelling of the tmp442 compatible attribute in OF device ID table (bsc#1051510). - HYPERV/IOMMU: Add Hyper-V stub IOMMU driver (bsc#1122822). - i2c-axxia: check for error conditions first (bsc#1051510). - i2c: bcm2835: Clear current buffer pointers and counts after a transfer (bsc#1051510). - i2c: cadence: Fix the hold bit setting (bsc#1051510). - i2c: dev: prevent adapter retries and timeout being set as minus value (bsc#1051510). - i2c: omap: Use noirq system sleep pm ops to idle device for suspend (bsc#1051510). - i2c: sh_mobile: add support for r8a77990 (R-Car E3) (bsc#1051510). - i40e: fix mac filter delete when setting mac address (bsc#1056658 bsc#1056662). - i40e: report correct statistics when XDP is enabled (bsc#1056658 bsc#1056662). - i40e: restore NETIF_F_GSO_IPXIP to netdev features (bsc#1056658 bsc#1056662). - IB/core: Destroy QP if XRC QP fails (bsc#1046306). - IB/core: Fix potential memory leak while creating MAD agents (bsc#1046306). - IB/core: Unregister notifier before freeing MAD security (bsc#1046306). - IB/hfi1: Close race condition on user context disable and close (bsc#1060463). - IB/mlx5: Unmap DMA addr from HCA before IOMMU (bsc#1046305 ). - ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357). - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (networking-stable-19_01_04). - ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726). - ibmvnic: Increase maximum queue size limit (bsc#1121726). - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726). - ibmvnic: Report actual backing device speed and duplex values (bsc#1129923). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - ide: pmac: add of_node_put() (bsc#1051510). - ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done (bsc#1051510). - ieee802154: lowpan_header_create check must check daddr (networking-stable-19_01_04). - igb: Fix an issue that PME is not enabled during runtime suspend (bsc#1051510). - iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID (bsc#1051510). - iio: adc: exynos-adc: Fix NULL pointer exception on unbind (bsc#1051510). - iio: chemical: atlas-ph-sensor: correct IIO_TEMP values to millicelsius (bsc#1051510). - input: bma150 - register input device after setting private data (bsc#1051510). - input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G (bsc#1051510). - input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK (bsc#1051510). - input: elan_i2c - add id for touchpad found in Lenovo s21e-20 (bsc#1051510). - input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bsc#1051510). - input: omap-keypad - fix idle configuration to not block SoC idle states (bsc#1051510). - input: raspberrypi-ts - fix link error (git-fixes). - input: raspberrypi-ts - select CONFIG_INPUT_POLLDEV (git-fixes). - input: restore EV_ABS ABS_RESERVED (bsc#1051510). - input: synaptics - enable RMI on ThinkPad T560 (bsc#1051510). - input: synaptics - enable SMBus for HP EliteBook 840 G4 (bsc#1051510). - input: wacom_serial4 - add support for Wacom ArtPad II tablet (bsc#1051510). - input: xpad - add support for SteelSeries Stratus Duo (bsc#1111666). - intel_th: Do not reference unassigned outputs (bsc#1051510). - intel_th: gth: Fix an off-by-one in output unassigning (bsc#1051510). - iomap: fix integer truncation issues in the zeroing and dirtying helpers (bsc#1125947). - iomap: warn on zero-length mappings (bsc#1127062). - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105). - iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129181). - iommu: Document iommu_ops.is_attach_deferred() (bsc#1129182). - iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129205). - iommu/vt-d: Check identity map for hot-added devices (bsc#1129183). - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105). - iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#1129184). - ip6mr: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ip6_tunnel: get the min mtu properly in ip6_tnl_xmit (bsc#1123456). - ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit (bsc#1123456). - ipmi:pci: Blacklist a Realtek 'IPMI' device (git-fixes). - ipmi:ssif: Fix handling of multi-part return messages (bsc#1051510). - ip: on queued skb use skb_header_pointer instead of pskb_may_pull (git-fixes). - ipsec: check return value of skb_to_sgvec always (bsc#1051510). - ipv4: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (networking-stable-18_12_12). - ipv4: speedup ipv6 tunnels dismantle (bsc#1122982). - ipv6: addrlabel: per netns list (bsc#1122982). - ipv6: Check available headroom in ip6_xmit() even without options (networking-stable-18_12_12). - ipv6: Consider sk_bound_dev_if when binding a socket to an address (networking-stable-19_02_01). - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (networking-stable-19_01_22). - ipv6: explicitly initialize udp6_addr in udp_sock_create6() (networking-stable-19_01_04). - ipv6: fix kernel-infoleak in ipv6_local_error() (networking-stable-19_01_20). - ipv6: speedup ipv6 tunnels dismantle (bsc#1122982). - ipv6: sr: properly initialize flowi6 prior passing to ip6_route_output (networking-stable-18_12_12). - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (networking-stable-19_01_22). - ipv6: tunnels: fix two use-after-free (networking-stable-19_01_04). - ip: validate header length on virtual device xmit (networking-stable-19_01_04). - ipvlan, l3mdev: fix broken l3s mode wrt local routes (networking-stable-19_02_01). - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bsc#1051510). - irqchip/gic-v3-its: Do not bind LPI to unavailable NUMA node (bsc#1051510). - irqchip/gic-v3-its: Fix ITT_entry_size accessor (bsc#1051510). - iscsi target: fix session creation failure handling (bsc#1051510). - isdn: avm: Fix string plus integer warning from Clang (bsc#1051510). - isdn: fix kernel-infoleak in capi_unlocked_ioctl (bsc#1051510). - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bsc#1051510). - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs (bsc#1051510). - iser: set sector for ambiguous mr status errors (bsc#1051510). - iwlwifi: mvm: avoid possible access out of array (bsc#1051510). - iwlwifi: mvm: fix A-MPDU reference assignment (bsc#1051510). - iwlwifi: mvm: fix RSS config command (bsc#1051510). - iwlwifi: pcie: fix emergency path (bsc#1051510). - iwlwifi: pcie: fix TX while flushing (bsc#1120902). - ixgbe: Be more careful when modifying MAC filters (bsc#1051510). - ixgbe: check return value of napi_complete_done() (bsc#1051510). - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps (bsc#1051510). - jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bsc#1051510). - kabi: cpufreq: keep min_sampling_rate in struct dbs_data (bsc#1127042). - kabi: fix xhci kABI stability (bsc#1119086). - kabi: handle addition of ip6addrlbl_table into struct netns_ipv6 (bsc#1122982). - kabi: handle addition of uevent_sock into struct net (bsc#1122982). - kabi: Preserve kABI for dma_max_mapping_size() (bsc#1120008). - kabi: protect struct sctp_association (kabi). - kabi: protect vhost_log_write (kabi). - kabi: restore ip_tunnel_delete_net() (bsc#1122982). - kabi workaroudn for ath9k ath_node.ackto type change (bsc#1051510). - kABI workaround for bt_accept_enqueue() change (bsc#1051510). - kabi workaround for deleted snd_hda_register_beep_device() (bsc#1122944). - kabi workaround for snd_hda_bus.bus_probing addition (bsc#1122944). - kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805). - kconfig: fix file name and line number of warn_ignored_character() (bsc#1051510). - kconfig: fix line numbers for if-entries in menu tree (bsc#1051510). - kconfig: fix memory leak when EOF is encountered in quotation (bsc#1051510). - kconfig: fix the rule of mainmenu_stmt symbol (bsc#1051510). - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (git-fixes). - KEYS: allow reaching the keys quotas exactly (bsc#1051510). - keys: Timestamp new keys (bsc#1051510). - kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() (bsc#1051510). - kgdboc: Fix restrict error (bsc#1051510). - kgdboc: Fix warning with module build (bsc#1051510). - kobject: add kobject_uevent_net_broadcast() (bsc#1122982). - kobject: copy env blob in one go (bsc#1122982). - kobject: factorize skb setup in kobject_uevent_net_broadcast() (bsc#1122982). - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() (bsc#1051510). - kvm: arm/arm64: Properly protect VGIC locks from IRQs (bsc#1117155). - kvm: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity (bsc#1117155). - kvm: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock (bsc#1117155). - kvm: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls (bsc#1117155). - kvm: mmu: Fix race in emulated page table writes (bsc#1129284). - kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#1129291). - kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT (bsc#1129292). - kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#1129293). - kvm: PPC: Book3S PR: Set hflag to indicate that POWER9 supports 1T segments (bsc#1124589). - kvm: sev: Fail KVM_SEV_INIT if already initialized (bsc#1114279). - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129294). - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082). - kvm: x86: fix L1TF's MMIO GFN calculation (bsc#1124204). - kvm: x86: Fix single-step debugging (bsc#1129295). - kvm: x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bsc#1129296). - l2tp: copy 4 more bytes to linear part if necessary (networking-stable-19_02_01). - l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes). - l2tp: fix reading optional fields of L2TPv3 (networking-stable-19_02_01). - lan78xx: Resolve issue with changing MAC address (bsc#1051510). - leds: lp5523: fix a missing check of return value of lp55xx_read (bsc#1051510). - leds: lp55xx: fix null deref on firmware load failure (bsc#1051510). - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125800). - libceph: handle an empty authorize reply (bsc#1126789). - lib/div64.c: off by one in shift (bsc#1051510). - libnvdimm: Fix altmap reservation size calculation (bsc#1127682). - libnvdimm/label: Clear 'updating' flag after label-set update (bsc#1129543). - libnvdimm/pmem: Honor force_raw for legacy pmem regions (bsc#1129551). - lib/rbtree-test: lower default params (git-fixes). - lightnvm: fail fast on passthrough commands (bsc#1125780). - livepatch: Change unsigned long old_addr -> void *old_func in struct klp_func (bsc#1071995). - livepatch: Consolidate klp_free functions (bsc#1071995 ). - livepatch: core: Return EOPNOTSUPP instead of ENOSYS (bsc#1071995). - livepatch: Define a macro for new API identification (bsc#1071995). - livepatch: Do not block the removal of patches loaded after a forced transition (bsc#1071995). - livepatch: Introduce klp_for_each_patch macro (bsc#1071995 ). - livepatch: Module coming and going callbacks can proceed with all listed patches (bsc#1071995). - livepatch: Proper error handling in the shadow variables selftest (bsc#1071995). - livepatch: Remove ordering (stacking) of the livepatches (bsc#1071995). - livepatch: Remove signal sysfs attribute (bsc#1071995 ). - livepatch: return -ENOMEM on ptr_id() allocation failure (bsc#1071995). - livepatch: Send a fake signal periodically (bsc#1071995 ). - livepatch: Shuffle klp_enable_patch()/klp_disable_patch() code (bsc#1071995). - livepatch: Simplify API by removing registration step (bsc#1071995). - llc: do not use sk_eat_skb() (bsc#1051510). - lockd: fix access beyond unterminated strings in prints (git-fixes). - locking/rwsem: Fix (possible) missed wakeup (bsc#1050549). - loop: drop caches if offset or block_size are changed (bsc#1124975). - loop: Reintroduce lo_ctl_mutex removed by commit 310ca162d (bsc#1124974). - LSM: Check for NULL cred-security on free (bsc#1051510). - mac80211: Add attribute aligned(2) to struct 'action' (bsc#1051510). - mac80211: do not initiate TDLS connection if station is not associated to AP (bsc#1051510). - mac80211: ensure that mgmt tx skbs have tailroom for encryption (bsc#1051510). - mac80211: fix miscounting of ttl-dropped frames (bsc#1051510). - mac80211: fix radiotap vendor presence bitmap handling (bsc#1051510). - mac80211: Free mpath object when rhashtable insertion fails (bsc#1051510). - mac80211: Restore vif beacon interval if start ap fails (bsc#1051510). - macvlan: Only deliver one copy of the frame to the macvlan interface (bsc#1051510). - mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue (bsc#1051510). - mdio_bus: Fix use-after-free on device_register fails (bsc#1051510). - media: adv*/tc358743/ths8200: fill in min width/height/pixelclock (bsc#1051510). - media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bsc#1051510). - media: dt-bindings: media: i2c: Fix i2c address for OV5645 camera sensor (bsc#1051510). - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bsc#1051510). - media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm() (bsc#1051510). - media: s5k4ecgx: delete a bogus error message (bsc#1051510). - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration (bsc#1051510). - media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL (bsc#1051510). - media: s5p-mfc: fix incorrect bus assignment in virtual child device (bsc#1051510). - media: usb: pwc: Do not use coherent DMA buffers for ISO transfer (bsc#1054610). - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming (bsc#1051510). - media: uvcvideo: Fix 'type' check leading to overflow (bsc#1051510). - media: v4l2: i2c: ov7670: Fix PLL bypass register values (bsc#1051510). - media: v4l2-tpg: array index could become negative (bsc#1051510). - media: v4l: ioctl: Validate num_planes for debug messages (bsc#1051510). - media: vb2: be sure to unlock mutex on errors (bsc#1051510). - media: vb2: vb2_mmap: move lock up (bsc#1051510). - media: vivid: fix error handling of kthread_run (bsc#1051510). - media: vivid: free bitmap_cap when updating std/timings/etc (bsc#1051510). - media: vivid: set min width/height to a value > 0 (bsc#1051510). - memstick: Prevent memstick host from getting runtime suspended during card detection (bsc#1051510). - mfd: ab8500-core: Return zero in get_register_interruptible() (bsc#1051510). - mfd: db8500-prcmu: Fix some section annotations (bsc#1051510). - mfd: mc13xxx: Fix a missing check of a register-read failure (bsc#1051510). - mfd: mt6397: Do not call irq_domain_remove if PMIC unsupported (bsc#1051510). - mfd: qcom_rpm: write fw_version to CTRL_REG (bsc#1051510). - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells (bsc#1051510). - mfd: tps65218: Use devm_regmap_add_irq_chip and clean up error path in probe() (bsc#1051510). - mfd: tps6586x: Handle interrupts on suspend (bsc#1051510). - mfd: twl-core: Fix section annotations on {,un}protect_pm_master (bsc#1051510). - mfd: wm5110: Add missing ASRC rate register (bsc#1051510). - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data (bsc#1051510). - misc: hmc6352: fix potential Spectre v1 (bsc#1051510). - misc: hpilo: Do not claim unsupported hardware (bsc#1129330). - misc: hpilo: Exclude unsupported device via blacklist (bsc#1129330). - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bsc#1051510). - misc: mic: SCIF Fix scif_get_new_port() error handling (bsc#1051510). - misc: sram: enable clock before registering regions (bsc#1051510). - misc: sram: fix resource leaks in probe error path (bsc#1051510). - misc: ti-st: Fix memory leak in the error path of probe() (bsc#1051510). - misc: vexpress: Off by one in vexpress_syscfg_exec() (bsc#1051510). - mISDN: fix a race in dev_expire_timer() (bsc#1051510). - mlxsw: __mlxsw_sp_port_headroom_set(): Fix a use of local variable (git-fixes). - mlxsw: spectrum: Disable lag port TX before removing it (networking-stable-19_01_22). - mmap: introduce sane default mmap limits (git fixes (mm/mmap)). - mmap: relax file size limit for regular files (git fixes (mm/mmap)). - mmc: atmel-mci: do not assume idle after atmci_request_end (bsc#1051510). - mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1051510). - mmc: bcm2835: Recover from MMC_SEND_EXT_CSD (bsc#1051510). - mmc: dw_mmc-bluefield: : Fix the license information (bsc#1051510). - mmc: Kconfig: Enable CONFIG_MMC_SDHCI_IO_ACCESSORS (bsc#1051510). - mmc: omap: fix the maximum timeout setting (bsc#1051510). - mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-esdhc-imx: fix HS400 timing issue (bsc#1051510). - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-of-esdhc: Fix timeout checks (bsc#1051510). - mmc: sdhci-xenon: Fix timeout checks (bsc#1051510). - mmc: spi: Fix card detection during probe (bsc#1051510). - mm: do not drop unused pages when userfaultd is running (git fixes (mm/userfaultfd)). - mm/hmm: hmm_pfns_bad() was accessing wrong struct (git fixes (mm/hmm)). - mm: hwpoison: use do_send_sig_info() instead of force_sig() (git fixes (mm/hwpoison)). - mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() (git fixes (mm/ksm)). - mm: madvise(MADV_DODUMP): allow hugetlbfs pages (git fixes (mm/madvise)). - mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#1127731). - mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (git fixes (mm/migrate)). - mm: migrate: lock buffers before migrate_page_move_mapping() (bsc#1084216). - mm: migrate: Make buffer_migrate_page_norefs() actually succeed (bsc#1084216) - mm: migrate: provide buffer_migrate_page_norefs() (bsc#1084216). - mm: migration: factor out code to compute expected number of page references (bsc#1084216). - mm, oom: fix use-after-free in oom_kill_process (git fixes (mm/oom)). - mm: use swp_offset as key in shmem_replace_page() (git fixes (mm/shmem)). - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed (git fixes (mm/vmscan)). - Move the upstreamed HD-audio fix into sorted section - mpt3sas: check sense buffer before copying sense data (bsc#1106811). - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking (bsc#1051510). - mtd: cfi_cmdset_0002: Change write buffer to check correct value (bsc#1051510). - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bsc#1051510). - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary (bsc#1051510). - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bsc#1051510). - mtdchar: fix overflows in adjustment of `count` (bsc#1051510). - mtdchar: fix usage of mtd_ooblayout_ecc() (bsc#1051510). - mtd: docg3: do not set conflicting BCH_CONST_PARAMS option (bsc#1051510). - mtd/maps: fix solutionengine.c printk format warnings (bsc#1051510). - mtd: mtd_oobtest: Handle bitflips during reads (bsc#1051510). - mtd: nand: atmel: fix buffer overflow in atmel_pmecc_user (bsc#1051510). - mtd: nand: atmel: Fix get_sectorsize() function (bsc#1051510). - mtd: nand: atmel: fix of_irq_get() error check (bsc#1051510). - mtd: nand: brcmnand: Disable prefetch by default (bsc#1051510). - mtd: nand: brcmnand: Zero bitflip is not an error (bsc#1051510). - mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510). - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() (bsc#1051510). - mtd: nand: Fix nand_do_read_oob() return value (bsc#1051510). - mtd: nand: Fix writing mtdoops to nand flash (bsc#1051510). - mtd: nand: fsl_ifc: Fix nand waitfunc return value (bsc#1051510). - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM (bsc#1051510). - mtd: nand: ifc: update bufnum mask for ver >= 2.0.0 (bsc#1051510). - mtd: nand: mtk: fix infinite ECC decode IRQ issue (bsc#1051510). - mtd: nand: omap2: Fix subpage write (bsc#1051510). - mtd: nand: pxa3xx: Fix READOOB implementation (bsc#1051510). - mtd: nand: qcom: Add a NULL check for devm_kasprintf() (bsc#1051510). - mtd: nandsim: remove debugfs entries in error path (bsc#1051510). - mtd: nand: sunxi: Fix ECC strength choice (bsc#1051510). - mtd: nand: sunxi: fix potential divide-by-zero error (bsc#1051510). - mtd: nand: vf610: set correct ooblayout (bsc#1051510). - mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI page fault kernel panic (bsc#1051510). - mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB (bsc#1051510). - mtd: spi-nor: stm32-quadspi: Fix uninitialized error return code (bsc#1051510). - mv88e6060: disable hardware level MAC learning (bsc#1051510). - nbd: Use set_blocksize() to set device blocksize (bsc#1124984). - neighbour: Avoid writing before skb->head in neigh_hh_output() (networking-stable-18_12_12). - net: 8139cp: fix a BUG triggered by changing mtu with network traffic (networking-stable-18_12_12). - net: add uevent socket member (bsc#1122982). - net: aquantia: driver should correctly declare vlan_features bits (bsc#1051510). - net: aquantia: fixed instack structure overflow (git-fixes). - net: aquantia: Fix hardware DMA stream overload on large MRRS (bsc#1051510). - net: bcmgenet: abort suspend on error (bsc#1051510). - net: bcmgenet: code movement (bsc#1051510). - net: bcmgenet: fix OF child-node lookup (bsc#1051510). - net: bcmgenet: remove HFB_CTRL access (bsc#1051510). - net: bcmgenet: return correct value 'ret' from bcmgenet_power_down (bsc#1051510). - net: bridge: fix a bug on using a neighbour cache entry without checking its state (networking-stable-19_01_20). - net: bridge: Fix ethernet header pointer before check skb forwardable (networking-stable-19_01_26). - net: core: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - net: do not call update_pmtu unconditionally (bsc#1123456). - net: Do not default Cavium PTP driver to 'y' (bsc#1110096). - net: dp83640: expire old TX-skb (networking-stable-19_02_10). - net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex (git-fixes). - net: dsa: mv88x6xxx: mv88e6390 errata (networking-stable-19_01_22). - net: dsa: slave: Do not propagate flag changes on down slave interfaces (networking-stable-19_02_10). - net: ena: fix race between link up and device initalization (bsc#1083548). - netfilter: nf_tables: check the result of dereferencing base_chain->stats (git-fixes). - net: Fix usage of pskb_trim_rcsum (networking-stable-19_01_26). - net/hamradio/6pack: use mod_timer() to rearm timers (networking-stable-19_01_04). - net: hns3: add error handler for hns3_nic_init_vector_data() (bsc#1104353). - net: hns3: add handling for big TX fragment (bsc#1104353 ). - net: hns3: Fix client initialize state issue when roce client initialize failed (bsc#1104353). - net: hns3: Fix for loopback selftest failed problem (bsc#1104353 ). - net: hns3: fix for multiple unmapping DMA problem (bsc#1104353 ). - net: hns3: Fix tc setup when netdev is first up (bsc#1104353 ). - net: hns3: Fix tqp array traversal condition for vf (bsc#1104353 ). - net: hns3: move DMA map into hns3_fill_desc (bsc#1104353 ). - net: hns3: remove hns3_fill_desc_tso (bsc#1104353). - net: hns3: rename hns_nic_dma_unmap (bsc#1104353). - net: hns3: rename the interface for init_client_instance and uninit_client_instance (bsc#1104353). - net: ipv4: Fix memory leak in network namespace dismantle (networking-stable-19_01_26). - net: macb: restart tx after tx used bit read (networking-stable-19_01_04). - net/mlx4_core: Add masking for a few queries on HCA caps (networking-stable-19_02_01). - net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling (git-fixes). - net/mlx4_core: Fix qp mtt size calculation (git-fixes). - net/mlx4_core: Fix reset flow when in command polling mode (git-fixes). - net/mlx4_en: Change min MTU size to ETH_MIN_MTU (networking-stable-18_12_12). - net/mlx5e: Allow MAC invalidation while spoofchk is ON (networking-stable-19_02_01). - net/mlx5e: IPoIB, Fix RX checksum statistics update (git-fixes). - net/mlx5e: Remove the false indication of software timestamping support (networking-stable-19_01_04). - net/mlx5e: RX, Fix wrong early return in receive queue poll (bsc#1046305). - net/mlx5: fix uaccess beyond 'count' in debugfs read/write handlers (git-fixes). - net/mlx5: Release resource on error flow (git-fixes). - net/mlx5: Return success for PAGE_FAULT_RESUME in internal error state (git-fixes). - net/mlx5: Typo fix in del_sw_hw_rule (networking-stable-19_01_04). - net/mlx5: Use multi threaded workqueue for page fault handling (git-fixes). - net: netem: fix skb length BUG_ON in __skb_to_sgvec (git-fixes). - netns: restrict uevents (bsc#1122982). - net: phy: do not allow __set_phy_supported to add unsupported modes (networking-stable-18_12_12). - net: phy: Fix the issue that netif always links up after resuming (networking-stable-19_01_04). - net: phy: marvell: Errata for mv88e6390 internal PHYs (networking-stable-19_01_26). - net: phy: mdio_bus: add missing device_del() in mdiobus_register() error handling (networking-stable-19_01_26). - net: phy: Micrel KSZ8061: link failure after cable connect (git-fixes). - netrom: fix locking in nr_find_socket() (networking-stable-19_01_04). - netrom: switch to sock timer API (bsc#1051510). - net/rose: fix NULL ax25_cb kernel panic (networking-stable-19_02_01). - net/sched: act_tunnel_key: fix memory leak in case of action replace (networking-stable-19_01_26). - net_sched: refetch skb protocol for each filter (networking-stable-19_01_26). - net: set default network namespace in init_dummy_netdev() (networking-stable-19_02_01). - net: skb_scrub_packet(): Scrub offload_fwd_mark (networking-stable-18_12_03). - net/smc: fix TCP fallback socket release (networking-stable-19_01_04). - net: stmmac: Fix a race in EEE enable callback (git-fixes). - net: stmmac: fix broken dma_interrupt handling for multi-queues (git-fixes). - net: stmmac: Fix PCI module removal leak (git-fixes). - net: stmmac: handle endianness in dwmac4_get_timestamp (git-fixes). - net: stmmac: Use mutex instead of spinlock (git-fixes). - net: systemport: Fix WoL with password after deep sleep (networking-stable-19_02_10). - net: thunderx: fix NULL pointer dereference in nic_remove (git-fixes). - net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue (networking-stable-18_12_03). - net: thunderx: set xdp_prog to NULL if bpf_prog_add fails (networking-stable-18_12_03). - net/wan: fix a double free in x25_asy_open_tty() (networking-stable-19_01_04). - nfit: acpi_nfit_ctl(): Check out_obj->type in the right place (bsc#1129547). - nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot (bsc#1051510). - nfit/ars: Attempt short-ARS even in the no_init_ars case (bsc#1051510). - nfp: bpf: fix ALU32 high bits clearance bug (git-fixes). - nfsd: COPY and CLONE operations require the saved filehandle to be set (git-fixes). - nfsd: Fix an Oops in free_session() (git-fixes). - nfs: Fix a missed page unlock after pg_doio() (git-fixes). - nfs: Fix up return value on fatal errors in nfs_page_async_flush() (git-fixes). - nfsv4.1: Fix the r/wsize checking (git-fixes). - nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - niu: fix missing checks of niu_pci_eeprom_read (bsc#1051510). - ntb_transport: Fix bug with max_mw_size parameter (bsc#1051510). - nvme-fc: reject reconnect if io queue count is reduced to zero (bsc#1128351). - nvme: flush namespace scanning work just before removing namespaces (bsc#1108101). - nvme: kABI fix for scan_lock (bsc#1123882). - nvme: lock NS list changes while handling command effects (bsc#1123882). - nvme-loop: fix kernel oops in case of unhandled command (bsc#1126807). - nvme-multipath: drop optimization for static ANA group IDs (bsc#1113939). - nvme-multipath: round-robin I/O policy (bsc#1110705). - nvme-pci: fix out of bounds access in nvme_cqe_pending (bsc#1127595). - of, numa: Validate some distance map rules (bsc#1051510). - of: unittest: Disable interrupt node tests for old world MAC systems (bsc#1051510). - omap2fb: Fix stack memory disclosure (bsc#1120902) - openvswitch: Avoid OOB read when parsing flow nlattrs (bsc#1051510). - openvswitch: fix the incorrect flow action alloc size (bsc#1051510). - openvswitch: Remove padding from packet before L3+ conntrack processing (bsc#1051510). - packet: Do not leak dev refcounts on error exit (git-fixes). - packet: validate address length if non-zero (networking-stable-19_01_04). - packet: validate address length (networking-stable-19_01_04). - parport_pc: fix find_superio io compare code, should use equal test (bsc#1051510). - Partially revert 'block: fail op_is_write() requests to (bsc#1125252). - pci: add USR vendor id and use it in r8169 and w6692 driver (networking-stable-19_01_22). - pci: Disable broken RTIT_BAR of Intel TH (bsc#1120318). - pci: endpoint: functions: Use memcpy_fromio()/memcpy_toio() (bsc#1051510). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822). - pci/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() (bsc#1051510). - pci: qcom: Do not deassert reset GPIO during probe (bsc#1129281). - pcrypt: use format specifier in kobject_add (bsc#1051510). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - phonet: af_phonet: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS (bsc#1051510). - phy: qcom-qmp: Fix failure path in phy_init functions (bsc#1051510). - phy: qcom-qmp: Fix phy pipe clock gating (bsc#1051510). - phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs (bsc#1051510). - phy: rockchip-emmc: retry calpad busy trimming (bsc#1051510). - phy: sun4i-usb: add support for missing USB PHY index (bsc#1051510). - phy: tegra: remove redundant self assignment of 'map' (bsc#1051510). - phy: work around 'phys' references to usb-nop-xceiv devices (bsc#1051510). - pinctrl: max77620: Use define directive for max77620_pinconf_param values (bsc#1051510). - pinctrl: meson: fix pull enable register calculation (bsc#1051510). - pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins (bsc#1051510). - pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: msm: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: sh-pfc: emev2: Add missing pinmux functions (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group (bsc#1051510). - pinctrl: sh-pfc: r8a7778: Fix HSPI pin numbers and names (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group (bsc#1051510). - pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field (bsc#1051510). - pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration (bsc#1051510). - pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups (bsc#1051510). - pinctrl: sh-pfc: sh7734: Add missing IPSR11 field (bsc#1051510). - pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 (bsc#1051510). - pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value (bsc#1051510). - pinctrl: sunxi: a64: Rename function csi0 to csi (bsc#1051510). - pinctrl: sunxi: a64: Rename function ts0 to ts (bsc#1051510). - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 (bsc#1051510). - pinctrl: sx150x: handle failure case of devm_kstrdup (bsc#1051510). - pktcdvd: Fix possible Spectre-v1 for pkt_devs (bsc#1051510). - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bsc#1051510). - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bsc#1051510). - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bsc#1051510). - platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 (bsc#1051510). - powerpc/64s: Clear on-stack exception marker upon exception return (bsc#1071995). - powerpc: Always save/restore checkpointed regs during treclaim/trecheckpoint (bsc#1118338). - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695). - powerpc: Detect the presence of big-cores via 'ibm, thread-groups' (bsc#1109695). - powerpc/livepatch: relax reliable stack tracer checks for first-frame (bsc#1071995). - powerpc/livepatch: small cleanups in save_stack_trace_tsk_reliable() (bsc#1071995). - powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695). - powerpc/powernv: Clear LPCR[PECE1] via stop-api only for deep state offline (bsc#1119766, bsc#1055121). - powerpc/powernv: Clear PECE1 in LPCR via stop-api only on Hotplug (bsc#1119766, bsc#1055121). - powerpc/pseries: export timebase register sample in lparcfg (bsc#1127750). - powerpc/pseries: Perform full re-add of CPU for topology update post-migration (bsc#1125728). - powerpc: Remove facility loadups on transactional {fp, vec, vsx} unavailable (bsc#1118338). - powerpc: Remove redundant FP/Altivec giveup code (bsc#1118338). - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695). - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695). - powerpc/smp: Add Power9 scheduler topology (bsc#1109695). - powerpc/smp: Rework CPU topology construction (bsc#1109695). - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695). - powerpc/tm: Avoid machine crash on rt_sigreturn (bsc#1118338). - powerpc/tm: Do not check for WARN in TM Bad Thing handling (bsc#1118338). - powerpc/tm: Fix comment (bsc#1118338). - powerpc/tm: Fix endianness flip on trap (bsc#1118338). - powerpc/tm: Fix HFSCR bit for no suspend case (bsc#1118338). - powerpc/tm: Fix HTM documentation (bsc#1118338). - powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM (bsc#1118338). - powerpc/tm: P9 disable transactionally suspended sigcontexts (bsc#1118338). - powerpc/tm: Print 64-bits MSR (bsc#1118338). - powerpc/tm: Print scratch value (bsc#1118338). - powerpc/tm: Reformat comments (bsc#1118338). - powerpc/tm: Remove msr_tm_active() (bsc#1118338). - powerpc/tm: Remove struct thread_info param from tm_reclaim_thread() (bsc#1118338). - powerpc/tm: Save MSR to PACA before RFID (bsc#1118338). - powerpc/tm: Set MSR[TS] just prior to recheckpoint (bsc#1118338, bsc#1120955). - powerpc/tm: Unset MSR[TS] if not recheckpointing (bsc#1118338). - powerpc/tm: Update function prototype comment (bsc#1118338). - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695). - powerpc/xmon: Fix invocation inside lock region (bsc#1122885). - pptp: dst_release sk_dst_cache in pptp_sock_destruct (git-fixes). - proc/sysctl: do not return ENOMEM on lookup when a table is unregistering (git-fixes). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - pstore/ram: Avoid allocation and leak of platform data (bsc#1051510). - pstore/ram: Avoid NULL deref in ftrace merging failure path (bsc#1051510). - pstore/ram: Correctly calculate usable PRZ bytes (bsc#1051510). - pstore/ram: Do not treat empty buffers as valid (bsc#1051510). - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bsc#1051510). - ptp: Fix pass zero to ERR_PTR() in ptp_clock_register (bsc#1051510). - ptp_kvm: probe for kvm guest availability (bsc#1098382). - ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() (networking-stable-19_01_04). - qed: Avoid constant logical operation warning in qed_vf_pf_acquire (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_set_tunn_cls_info (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix an error code qed_ll2_start_xmit() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix bitmap_weight() check (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix blocking/unlimited SPQ entries leak (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix command number mismatch between driver and the mfw (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix memory/entry leak in qed_init_sp_request() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix potential memory corruption (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix PTT leak in qed_drain() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix QM getters to always return a valid pq (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix rdma_info structure allocation (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix reading wrong value in loop condition (bsc#1086314 bsc#1086313 bsc#1086301). - qla2xxx: Fixup dual-protocol FCP connections (bsc#1108870). - qmi_wwan: Added support for Fibocom NL668 series (networking-stable-19_01_04). - qmi_wwan: Added support for Telit LN940 series (networking-stable-19_01_04). - qmi_wwan: add MTU default to qmap network interface (networking-stable-19_01_22). - qmi_wwan: Add support for Fibocom NL678 series (networking-stable-19_01_04). - r8169: Add support for new Realtek Ethernet (networking-stable-19_01_22). - r8169: use PCI_VDEVICE macro (networking-stable-19_01_22). - rapidio/rionet: do not free skb before reading its length (networking-stable-18_12_03). - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set (bsc#1125797). - rcu: Fix up pending cbs check in rcu_prepare_for_idle (git fixes (kernel/rcu)). - rcu: Make need_resched() respond to urgent RCU-QS needs (git fixes (kernel/rcu)). - RDMA/core: Fix unwinding flow in case of error to register device (bsc#1046306). - RDMA/vmw_pvrdma: Support upto 64-bit PFNs (bsc#1127285). - Refresh patches.suse/scsi-do-not-print-reservation-conflict-for-TEST-UNIT.patch (bsc#1119843) - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting (bsc#1051510). - regulator: pv88060: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88080: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88090: Fix array out-of-bounds access (bsc#1051510). - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 (bsc#1051510). - regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA (bsc#1051510). - Remove blacklist of virtio patch so we can install it (bsc#1114585) - Revert 'drm/rockchip: Allow driver to be shutdown on reboot/kexec' (bsc#1051510). - Revert 'Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G' (bsc#1051510). - Revert 'openvswitch: Fix template leak in error cases.' (bsc#1051510). - Revert 'scsi: qla2xxx: Fix NVMe Target discovery' (bsc#1125252). - Revert 'sd: disable logical block provisioning if 'lbpme' is not set' This reverts commit e365f138cb9c9c48b710864a9f37a91b4b93381d. Patch not accepted upstream. - Revert 'serial: 8250: Fix clearing FIFOs in RS485 mode again' (bsc#1051510). - Revert the previous merge of drm fixes The branch was merged mistakenly and breaks the build. Revert it. - Revert 'xhci: Reset Renesas uPD72020x USB controller for 32-bit DMA issue' (bsc#1120854). - rocker: fix rocker_tlv_put_* functions for KASAN (bsc#1051510). - rpm/kernel-binary.spec.in: fix initrd permissions (bsc#1123697) dracut has been using permissions 0600 for the initrd for a long time. - rpm/kernel-source.changes.old: Really drop old changelogs (bsc#1098995) - rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620 (bsc#1120902). - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (networking-stable-18_12_12). - rxrpc: bad unlock balance in rxrpc_recvmsg (networking-stable-19_02_10). - s390/cio: Fix how vfio-ccw checks pinned pages (git-fixes). - s390/cpum_cf: Reject request for sampling in event initialization (git-fixes). - s390/early: improve machine detection (git-fixes). - s390/mm: always force a load of the primary ASCE on context switch (git-fixes). - s390/mm: fix addressing exception after suspend/resume (bsc#1125252). - s390/qeth: cancel close_dev work before removing a card (LTC#175898, bsc#1127561). - s390/qeth: conclude all event processing before offlining a card (LTC#175901, bsc#1127567). - s390/qeth: fix use-after-free in error path (bsc#1127534). - s390/qeth: invoke softirqs after napi_schedule() (git-fixes). - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (git-fixes). - s390/smp: fix CPU hotplug deadlock with CPU rescan (git-fixes). - s390/sthyi: Fix machine name validity indication (git-fixes). - s390/zcrypt: fix specification exception on z196 during ap probe (LTC#174936, bsc#1123061). - sata_rcar: fix deferred probing (bsc#1051510). - sbus: char: add of_node_put() (bsc#1051510). - sc16is7xx: Fix for multi-channel stall (bsc#1051510). - sched: Do not re-read h_load_next during hierarchical load calculation (bnc#1120909). - sched/wait: Fix rcuwait_wake_up() ordering (git-fixes). - sched/wake_q: Document wake_q_add() (bsc#1050549). - sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549). - sched/wake_q: Reduce reference counting for special users (bsc#1050549). - sch_multiq: fix double free on init failure (bsc#1051510). - scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes - scripts/git_sort/git_sort.py: Add s390/linux.git fixes. - scripts/git_sort/git_sort.py: add vfs 'fixes' branch - scsi: core: reset host byte in DID_NEXUS_FAILURE case (bsc#1122764). - scsi: csiostor: remove flush_scheduled_work() (bsc#1127363). - scsi: fix queue cleanup race before queue initialization is done (bsc#1125252). - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task (bsc#1122192). - scsi: lpfc: Add log messages to aid in debugging fc4type discovery issues (bsc#1121317). - scsi: lpfc: Correct MDS loopback diagnostics support (bsc#1121317). - scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid (bsc#1121317). - scsi: lpfc: Fix discovery failure when PLOGI is defered (bsc#1121317). - scsi: lpfc: Fix link state reporting for trunking when adapter is offline (bsc#1121317). - scsi: lpfc: fix remoteport access (bsc#1125252). - scsi: lpfc: remove an unnecessary NULL check (bsc#1121317). - scsi: lpfc: update fault value on successful trunk events (bsc#1121317). - scsi: lpfc: Update lpfc version to 12.0.0.10 (bsc#1121317). - scsi: mpt3sas: Add ioc_ logging macros (bsc#1117108). - scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to %s: (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging levels (bsc#1117108). - scsi: mpt3sas: Convert mlsleading uses of pr_ with MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Convert uses of pr_ with MPT3SAS_FMT to ioc_ (bsc#1117108). - scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler() (bsc#1117108). - scsi: mpt3sas: Fix indentation (bsc#1117108). - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108). - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108). - scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108). - scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108). - scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks (bsc#1117108). - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Split _base_reset_handler(), mpt3sas_scsih_reset_handler() and mpt3sas_ctl_reset_handler() (bsc#1117108). - scsi: mpt3sas: Swap I/O memory read value back to cpu endianness (bsc#1117108). - scsi: mpt3sas: switch to generic DMA API (bsc#1117108). - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108). - scsi: mptsas: Fixup device hotplug for VMWare ESXi (bsc#1129046). - scsi: qedi: Add ep_state for login completion on un-reachable targets (bsc#1113712). - scsi: qla2xxx: Enable FC-NVME on NPIV ports (bsc#1094555). - scsi: qla2xxx: Fix a typo in MODULE_PARM_DESC (bsc#1094555). - scsi: qla2xxx: Fix for FC-NVMe discovery for NPIV port (bsc#1094555). - scsi: qla2xxx: Fix NPIV handling for FC-NVMe (bsc#1094555). - scsi: qla2xxx: Initialize port speed to avoid setting lower speed (bsc#1094555). - scsi: qla2xxx: Modify fall-through annotations (bsc#1094555). - scsi: qla2xxx: Remove unnecessary self assignment (bsc#1094555). - scsi: qla2xxx: Simplify conditional check (bsc#1094555). - scsi: qla2xxx: Timeouts occur on surprise removal of QLogic adapter (bsc#1124985). - scsi: qla2xxx: Update driver version to 10.00.00.12-k (bsc#1094555). - scsi: storvsc: Fix a race in sub-channel creation that can cause panic (). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933). - scsi: virtio_scsi: fix pi_bytes{out,in} on 4 KiB block size devices (bsc#1114585). - sctp: add a ceiling to optlen in some sockopts (bnc#1129163). - sctp: improve the events for sctp stream adding (networking-stable-19_02_01). - sctp: improve the events for sctp stream reset (networking-stable-19_02_01). - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (networking-stable-19_01_04). - sctp: kfree_rcu asoc (networking-stable-18_12_12). - sd: disable logical block provisioning if 'lbpme' is not set (bsc#1086095 bsc#1078355). - selftests/livepatch: add DYNAMIC_DEBUG config dependency (bsc#1071995). - selftests/livepatch: introduce tests (bsc#1071995). - selftests/powerpc: Use snprintf to construct DSCR sysfs interface paths (bsc#1124579). - selinux: Add __GFP_NOWARN to allocation at str_read() (bsc#1051510). - selinux: always allow mounting submounts (bsc#1051510). - selinux: fix GPF on invalid policy (bsc#1051510). - seq_buf: Make seq_buf_puts() null-terminate the buffer (bsc#1051510). - serial: 8250_pci: Fix number of ports for ACCES serial cards (bsc#1051510). - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() (bsc#1051510). - serial: fix race between flush_to_ldisc and tty_open (bsc#1051510). - serial: fsl_lpuart: clear parity enable bit when disable parity (bsc#1051510). - serial: imx: fix error handling in console_setup (bsc#1051510). - serial: set suppress_bind_attrs flag only if builtin (bsc#1051510). - serial/sunsu: fix refcount leak (bsc#1051510). - serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly (bsc#1051510). - serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO (bsc#1051510). - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init (git-fixes). - skge: potential memory corruption in skge_get_regs() (bsc#1051510). - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 (bsc#1051510). - sky2: Increase D3 delay again (bsc#1051510). - slab: alien caches must not be initialized if the allocation of the alien cache failed (git fixes (mm/slab)). - smb3.1.1 dialect is no longer experimental (bsc#1051510). - smb311: Fix reconnect (bsc#1051510). - smb311: Improve checking of negotiate security contexts (bsc#1051510). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510). - smb3: check for and properly advertise directory lease support (bsc#1051510). - smb3: directory sync should not return an error (bsc#1051510). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510). - smb3: do not request leases in symlink creation and query (bsc#1051510). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510). - smb3: Enable encryption for SMB3.1.1 (bsc#1051510). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510). - smb3: fix various xid leaks (bsc#1051510). - smb3: Improve security, move default dialect to SMB3 from old CIFS (bsc#1051510). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510). - smb3: Remove ifdef since SMB3 (and later) now STRONGLY preferred (bsc#1051510). - smb3: remove noisy warning message on mount (bsc#1129664). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510). - soc: bcm: brcmstb: Do not leak device tree node reference (bsc#1051510). - soc/tegra: Do not leak device tree node reference (bsc#1051510). - splice: do not merge into linked buffers (git-fixes). - staging: comedi: ni_660x: fix missing break in switch statement (bsc#1051510). - staging:iio:ad2s90: Make probe handle spi_setup failure (bsc#1051510). - staging: iio: ad7780: update voltage on read (bsc#1051510). - staging: iio: adc: ad7280a: handle error from __ad7280_read32() (bsc#1051510). - staging: iio: adt7316: allow adt751x to use internal vref for all dacs (bsc#1051510). - staging: iio: adt7316: fix register and bit definitions (bsc#1051510). - staging: iio: adt7316: fix the dac read calculation (bsc#1051510). - staging: iio: adt7316: fix the dac write calculation (bsc#1051510). - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bsc#1051510). - staging: rtl8723bs: Fix build error with Clang when inlining is disabled (bsc#1051510). - staging: speakup: Replace strncpy with memcpy (bsc#1051510). - staging: wilc1000: fix to set correct value for 'vif_num' (bsc#1051510). - sunrpc: correct the computation for page_ptr when truncating (git-fixes). - sunrpc: Fix a potential race in xprt_connect() (git-fixes). - sunrpc: Fix leak of krb5p encode pages (git-fixes). - sunrpc: handle ENOMEM in rpcb_getport_async (git-fixes). - sunrpc: safely reallow resvport min/max inversion (git-fixes). - svm: Add mutex_lock to protect apic_access_page_done on AMD systems (bsc#1129285). - swiotlb: Add is_swiotlb_active() function (bsc#1120008). - swiotlb: Introduce swiotlb_max_mapping_size() (bsc#1120008). - switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite (bsc#1051510). - switchtec: Remove immediate status check after submitting MRPC command (bsc#1051510). - sysfs: Disable lockdep for driver bind/unbind files (bsc#1051510). - tcp: batch tcp_net_metrics_exit (bsc#1122982). - tcp: change txhash on SYN-data timeout (networking-stable-19_01_20). - tcp: Do not underestimate rwnd_limited (networking-stable-18_12_12). - tcp: fix a race in inet_diag_dump_icsk() (networking-stable-19_01_04). - tcp: fix NULL ref in tail loss probe (networking-stable-18_12_12). - tcp: handle inet_csk_reqsk_queue_add() failures (git-fixes). - tcp: lack of available data can also cause TSO defer (git-fixes). - team: avoid complex list operations in team_nl_cmd_options_set() (bsc#1051510). - team: Free BPF filter when unregistering netdev (bsc#1051510). - thermal: do not clear passive state during system sleep (bsc#1051510). - thermal/drivers/hisi: Encapsulate register writes into helpers (bsc#1051510). - thermal/drivers/hisi: Fix configuration register setting (bsc#1051510). - thermal: generic-adc: Fix adc to temp interpolation (bsc#1051510). - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set (bsc#1051510). - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check (bsc#1051510). - thermal: mediatek: fix register index error (bsc#1051510). - timekeeping: Use proper seqcount initializer (bsc#1051510). - tipc: compare remote and local protocols in tipc_udp_enable() (networking-stable-19_01_04). - tipc: eliminate KMSAN uninit-value in strcmp complaint (bsc#1051510). - tipc: error path leak fixes in tipc_enable_bearer() (bsc#1051510). - tipc: fix a double kfree_skb() (networking-stable-19_01_04). - tipc: fix a race condition of releasing subscriber object (bsc#1051510). - tipc: fix bug in function tipc_nl_node_dump_monitor (bsc#1051510). - tipc: fix infinite loop when dumping link monitor summary (bsc#1051510). - tipc: fix RDM/DGRAM connect() regression (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_doit (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_set (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bsc#1051510). - tipc: use lock_sock() in tipc_sk_reinit() (networking-stable-19_01_04). - tpm: fix kdoc for tpm2_flush_context_cmd() (bsc#1051510). - tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented (bsc#1051510). - tpm: Return the actual size when receiving an unsupported command (bsc#1051510). - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated (bsc#1051510). - tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x (bsc#1051510). - tpm: tpm_try_transmit() refactor error flow (bsc#1051510). - tracing: Do not free iter->trace in fail path of tracing_open_pipe() (bsc#1129581). - tracing/uprobes: Fix output for multiple string arguments (bsc#1126495). - tracing: Use strncpy instead of memcpy for string keys in hist triggers (bsc#1129625). - Tree connect for SMB3.1.1 must be signed for non-encrypted shares (bsc#1051510). - tty: Handle problem if line discipline does not have receive_buf (bsc#1051510). - tty: ipwireless: Fix potential NULL pointer dereference (bsc#1051510). - tty/n_hdlc: fix __might_sleep warning (bsc#1051510). - tty/serial: do not free trasnmit buffer page under port lock (bsc#1051510). - tty: serial: samsung: Properly set flags in autoCTS mode (bsc#1051510). - tun: forbid iface creation with rtnl ops (networking-stable-18_12_12). - uart: Fix crash in uart_write and uart_put_char (bsc#1051510). - ucc_geth: Reset BQL queue when stopping device (networking-stable-19_02_01). - ucma: fix a use-after-free in ucma_resolve_ip() (bsc#1051510). - uevent: add alloc_uevent_skb() helper (bsc#1122982). - Update config files. Remove conditional support for SMB2 and SMB3: - Update patches.arch/s390-sles15-zcrypt-fix-specification-exception.patch (LTC#174936, bsc#1123060, bsc#1123061). - Update patches.fixes/acpi-nfit-Block-function-zero-DSMs.patch (bsc#1051510, bsc#1121789). - Update patches.fixes/acpi-nfit-Fix-command-supported-detection.patch (bsc#1051510, bsc#1121789). Add more detailed bugzilla reference. - Update patches.kabi/bpf-prevent-memory-disambiguation-attack.patch (bsc#1087082). - Update patches.kabi/bpf-properly-enforce-index-mask-to-prevent-out-of-bo.patch (bsc#1098425). - uprobes: Fix handle_swbp() vs. unregister() + register() race once more (bsc#1051510). - usb: Add new USB LPM helpers (bsc#1120902). - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bsc#1120902). - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bsc#1120902). - usb: Consolidate LPM checks to avoid enabling LPM twice (bsc#1120902). - usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb() (bsc#1051510). - usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup (bsc#1120902). - usb: dwc3: gadget: Disable CSP for stream OUT ep (bsc#1051510). - usb: dwc3: gadget: Handle 0 xfer length for OUT EP (bsc#1051510). - usb: dwc3: trace: add missing break statement to make compiler happy (bsc#1120902). - usb: gadget: musb: fix short isoc packets with inventra dma (bsc#1051510). - usb: gadget: udc: net2272: Fix bitwise and boolean operations (bsc#1051510). - usb: hub: delay hub autosuspend if USB3 port is still link training (bsc#1051510). - usb: mtu3: fix the issue about SetFeature(U1/U2_Enable) (bsc#1051510). - usb: musb: dsps: fix otg state machine (bsc#1051510). - usb: musb: dsps: fix runtime pm for peripheral mode (bsc#1120902). - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (networking-stable-18_12_03). - usbnet: smsc95xx: fix rx packet alignment (bsc#1051510). - usb: phy: am335x: fix race condition in _probe (bsc#1051510). - usb: serial: option: add Fibocom NL678 series (bsc#1120902). - usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bsc#1120902). - usb: serial: pl2303: add new PID to support PL2303TB (bsc#1051510). - usb: serial: simple: add Motorola Tetra TPG2200 device id (bsc#1051510). - usb: storage: add quirk for SMI SM3350 (bsc#1120902). - usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bsc#1120902). - usb: xhci: fix 'broken_suspend' placement in struct xchi_hcd (bsc#1119086). - veth: set peer GSO values (bsc#1051510). - vfio: ccw: fix cleanup if cp_prefetch fails (git-fixes). - vfio: ccw: process ssch with interrupts disabled (git-fixes). - vfs: Add iomap_seek_hole and iomap_seek_data helpers (bsc#1070995). - vfs: Add page_cache_seek_hole_data helper (bsc#1070995). - vfs: in iomap seek_{hole,data}, return -ENXIO for negative offsets (bsc#1070995). - vhost: correctly check the return value of translate_desc() in log_used() (bsc#1051510). - vhost: log dirty page correctly (networking-stable-19_01_26). - vhost: make sure used idx is seen before log in vhost_add_used_n() (networking-stable-19_01_04). - vhost/vsock: fix uninitialized vhost_vsock->guest_cid (bsc#1051510). - video: clps711x-fb: release disp device node in probe() (bsc#1051510). - virtio-blk: Consider virtio_max_dma_size() for maximum segment size (bsc#1120008). - virtio: Introduce virtio_max_dma_size() (bsc#1120008). - virtio_net: Do not call free_old_xmit_skbs for xdp_frames (networking-stable-19_02_01). - virtio-net: fail XDP set if guest csum is negotiated (networking-stable-18_12_03). - virtio-net: keep vnet header zeroed after processing XDP (networking-stable-18_12_12). - virtio/s390: avoid race on vcdev->config (git-fixes). - virtio/s390: fix race in ccw_io_helper() (git-fixes). - vmci: Support upto 64-bit PPNs (bsc#1127286). - vscok: Send reset control packet when socket is partially bound (networking-stable-19_01_04). - vsock: cope with memory allocation failure at socket creation time (bsc#1051510). - vt: invoke notifier on screen size change (bsc#1051510). - vxge: ensure data0 is initialized in when fetching firmware version information (bsc#1051510). - vxlan: Fix GRO cells race condition between receive and link delete (git-fixes). - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() (git-fixes). - vxlan: update skb dst pmtu on tx path (bsc#1123456). - w90p910_ether: remove incorrect __init annotation (bsc#1051510). - watchdog: docs: kernel-api: do not reference removed functions (bsc#1051510). - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434). - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86/a.out: Clear the dump structure initially (bsc#1114279). - x86/apic: Provide apic_ack_irq() (bsc#1122822). - x86/boot/e820: Avoid overwriting e820_table_firmware (bsc#1127154). - x86/boot/e820: Introduce the bootloader provided e820_table_firmware[] table (bsc#1127154). - x86/boot/e820: Rename the e820_table_firmware to e820_table_kexec (bsc#1127154). - x86/bugs: Add AMD's variant of SSB_NO (bsc#1114279). - x86/bugs: Update when to check for the LS_CFG SSBD mitigation (bsc#1114279). - x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822). - x86/kaslr: Fix incorrect i8254 outb() parameters (bsc#1114279). - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock (bsc#1098382). - x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bsc#1114279). - x86/microcode/amd: Do not falsely trick the late loading mechanism (bsc#1114279). - x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init() (bsc#1114279). - x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (bsc#1114279). - x86/mtrr: Do not copy uninitialized gentry fields back to userspace (bsc#1114279). - x86/pkeys: Properly copy pkey state at fork() (bsc#1129366). - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (bsc#1125614). - x86/pvclock: add setter for pvclock_pvti_cpu0_va (bsc#1098382). - x86/resctrl: Fix rdt_find_domain() return value and checks (bsc#1114279). - x86: respect memory size limiting via mem= parameter (bsc#1117645). - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant (bsc#1114279). - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1114279). - x86/vdso: Remove obsolete 'fake section table' reservation (bsc#1114279). - x86/xen: dont add memory above max allowed allocation (bsc#1117645). - x86/xen/time: Output xen sched_clock time from 0 (bsc#1098382). - x86/xen/time: set pvclock flags on xen_time_init() (bsc#1098382). - x86/xen/time: setup vcpu 0 time info page (bsc#1098382). - xen, cpu_hotplug: Prevent an out of bounds access (bsc#1065600). - xen: fix dom0 boot on huge systems (bsc#1127836). - xen: Fix x86 sched_clock() interface for xen (bsc#1098382). - xen/manage: do not complain about an empty value in control/sysrq node (bsc#1065600). - xen: remove pre-xen3 fallback handlers (bsc#1065600). - xfs: add option to mount with barrier=0 or barrier=1 (bsc#1088133). - xfs: fix contiguous dquot chunk iteration livelock (bsc#1070995). - xfs: remove filestream item xfs_inode reference (bsc#1127961). - xfs: Switch to iomap for SEEK_HOLE / SEEK_DATA (bsc#1070995). - xhci: Add quirk to zero 64bit registers on Renesas PCIe controllers (bsc#1120854). - xhci: workaround CSS timeout on AMD SNPS 3.0 xHC (bsc#1119086). - xprtrdma: Reset credit grant properly after a disconnect (git-fixes). - yama: Check for pid death before checking ancestry (bsc#1051510). - yama: fix a missing-check bug (bsc#1051510). - zswap: re-check zswap_is_full() after do zswap_shrink() (bsc#1051510). - xfs: rewrite xfs_dq_get_next_id using xfs_iext_lookup_extent (bsc#1070995). ----------------------------------------- Patch: SUSE-2019-786 Released: Thu Mar 28 11:21:38 2019 Summary: Security update for tiff Severity: moderate References: 1108606,1115717,1121626,1125113,CVE-2018-17000,CVE-2018-19210,CVE-2019-6128,CVE-2019-7663 Description: This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-19210: Fixed a NULL pointer dereference in TIFFWriteDirectorySec function (bsc#1115717). - CVE-2018-17000: Fixed a NULL pointer dereference in the _TIFFmemcmp function (bsc#1108606). - CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626). - CVE-2019-7663: Fixed an invalid address dereference in the TIFFWriteDirectoryTagTransfer function in libtiff/tif_dirwrite.c (bsc#1125113) ----------------------------------------- Patch: SUSE-2019-788 Released: Thu Mar 28 11:55:06 2019 Summary: Security update for sqlite3 Severity: moderate References: 1119687,CVE-2018-20346 Description: This update for sqlite3 to version 3.27.2 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Release notes: https://www.sqlite.org/releaselog/3_27_2.html ----------------------------------------- Patch: SUSE-2019-790 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Severity: moderate References: 1130557 Description: This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------- Patch: SUSE-2019-791 Released: Thu Mar 28 12:06:50 2019 Summary: Security update for libnettle Severity: moderate References: 1129598 Description: This update for libnettle to version 3.4.1 fixes the following issues: Issues addressed and new features: - Updated to 3.4.1 (fate#327114 and bsc#1129598) - Fixed a missing break statements in the parsing of PEM input files in pkcs1-conv. - Fixed a link error on the pss-mgf1-test which was affecting builds without public key support. - All functions using RSA private keys are now side-channel silent. This applies both to the bignum calculations, which now use GMP's mpn_sec_* family of functions, and the processing of PKCS#1 padding needed for RSA decryption. - Changes in behavior: The functions rsa_decrypt and rsa_decrypt_tr may now clobber all of the provided message buffer, independent of the actual message length. They are side-channel silent, in that branches and memory accesses don't depend on the validity or length of the message. Side-channel leakage from the caller's use of length and return value may still provide an oracle useable for a Bleichenbacher-style chosen ciphertext attack. Which is why the new function rsa_sec_decrypt is recommended. ----------------------------------------- Patch: SUSE-2019-806 Released: Fri Mar 29 13:16:51 2019 Summary: Security update for sysstat Severity: low References: 1117001,1117260,CVE-2018-19416,CVE-2018-19517 Description: This update for sysstat fixes the following issues: Security issues fixed: - CVE-2018-19416: Fixed out-of-bounds read during a memmove call inside the remap_struct function (bsc#1117001). - CVE-2018-19517: Fixed out-of-bounds read during a memset call inside the remap_struct function (bsc#1117260). ----------------------------------------- Patch: SUSE-2019-819 Released: Fri Mar 29 18:08:54 2019 Summary: Recommended update for openssh Severity: moderate References: 1119183,1127180 Description: This update for openssh fixes the following issues: Issues addressed: - Removed the 'KexDHMin' config keyword (bsc#1127180) It used to allow lowering of the minimal allowed DH group size, which was increased to 2048 by upstream in the light of the Logjam attack. However, the code was broken since the upgrade to 7.6p1. It's still possible to use the fixed 1024-bit diffie-hellman-group1-sha1 key exchange method when working with legacy systems. - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183) ----------------------------------------- Patch: SUSE-2019-836 Released: Mon Apr 1 15:38:35 2019 Summary: Recommended update for createrepo_c Severity: moderate References: 1125044 Description: This update for createrepo_c to version 0.12.1 fixes the following issue: - fix for huge rpm packages (bsc#1125044) ----------------------------------------- Patch: SUSE-2019-849 Released: Tue Apr 2 22:23:24 2019 Summary: Recommended update for pacemaker Severity: moderate References: 1082883,1094208,1102915,1107270,1114840,1121272,1121808,974108 Description: This update for pacemaker provides the following fixes: - cts: Do not require nodes to be specified if only listing tests. (bsc#1114840) - cts: Temporarily disable any enabled cluster services when running remote tests. - cts: Count service as enabled only if it is explicitly enabled. - cts: Ignore monitor failures when testing remote node fencing. - cts: Lower remote connection failure detection time. - cts: Clear constraints on cluster nodes. (bsc#1121272) - cts: Resume any possibly frozen pacemaker_remoted when cleaning up the test. (bsc#1121272) - cts: Simulate failure of pacemaker_remoted by freezing it with SIGSTOP. (bsc#1121272) - cts-exec: Run the tests for the other resource classes even without python systemd bindings. (bsc#1121808) - cts-scheduler: Avoid unsupported usage of requires. - fenced: Handle fencing requested with nodeid by using the membership cache of known nodes. (bsc#1094208, bsc#1107270, bsc#974108) - controld: Make it possible to manually confirm unseen nodes are down. (bsc#1094208, bsc#1107270) - controld: Avoid memory leak when synthesizing failure. - spec: Install /etc/pacemaker directory for storing authkey file. (bsc#1082883) - tools: Improve error messages from crm_resource --move. - tools: Use output redirection correctly in crm_standby. - tools: Handle multiple values properly in crm_attribute. - tools: Fix a bash portability issue in crm_failcount. - tools: cibsecret --help/--version does not require cluster to be running. (bsc#1102915) - scheduler: Improve failed op message. - controller,scheduler: Guard hash table deletes. - controller: Do not abort after delay if the instance is no longer DC. - libcrmservice: Do not consider a canceled recurring operation as failed. - libcrmservice: Find absolute paths when used with 'service:'. - libcrmservice: Separate LSB-specific code into own source files. - execd: Avoid memory leak when testing remote key. - execd: Handle systemd actions correctly when used with 'service:'. - libcrmcommon,pacemakerd: Kernel task name is at most 15 characters. - io.c: restore -Werror buildability, put conversion specifier last. - libcrmcommon: Avoid memory leak on failed IPC send. - libcrmcommon: Improve connection loss message. - daemons: Improve connection loss messages. - pacemaker_remote: Correct documentation URL in systemd unit file. - libcrmcommon: Improve checking of file/directory writability. ----------------------------------------- Patch: SUSE-2019-850 Released: Wed Apr 3 07:31:47 2019 Summary: Recommended update for polkit-default-privs Severity: moderate References: 1125110,1128560 Description: This update for polkit-default-privs fixes the following issues: - add renamed wifi-scan -> wifi.scan action (bsc#1128560) - relax change-own-user-data action in the restrictive profile (bsc#1125110) ----------------------------------------- Patch: SUSE-2019-858 Released: Wed Apr 3 15:50:37 2019 Summary: Recommended update for libtirpc Severity: moderate References: 1120689,1126096 Description: This update for libtirpc fixes the following issues: - Fix a yp_bind_client_create_v3: RPC: Unknown host error (bsc#1126096). - add an option to enforce connection via protocol version 2 first (bsc#1120689). ----------------------------------------- Patch: SUSE-2019-861 Released: Wed Apr 3 16:09:41 2019 Summary: Security update for clamav Severity: important References: 1130721,CVE-2019-1787,CVE-2019-1788,CVE-2019-1789 Description: This update for clamav to version 0.100.3 fixes the following issues: Security issues fixed (bsc#1130721): - CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. - CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). - CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. ----------------------------------------- Patch: SUSE-2019-862 Released: Wed Apr 3 16:33:58 2019 Summary: Recommended update for mdadm Severity: moderate References: 1049126,1082766,1095177,1095729,1101110,1101348,1123814 Description: This update for mdadm fixes the following issues: - Assemble: prevent segfault with faulty 'best' devices (bsc#1082766, bsc#1095729) - Bugfix: MD RAID grow doesn't start for size larger than 2147483647 K (bsc#1095177) - Bugfix: Wrong size after grow of IMSM Volume (bsc#1101110) - Bugfix: LICENSE file gets now installed in the correct directory. - Bugfix: Device names were truncated when calling 'mdadm --detail --export' (bsc#1123814) ----------------------------------------- Patch: SUSE-2019-866 Released: Thu Apr 4 11:24:48 2019 Summary: Recommended update for apparmor Severity: moderate References: 1120279,1125439 Description: This update for apparmor fixes the following issues: - Add /proc/pid/tcp and /proc/pid/tcp6 entries to the apparmor profile. (bsc#1125439) - allow network access and notify file creation/access (bsc#1120279) ----------------------------------------- Patch: SUSE-2019-870 Released: Thu Apr 4 11:46:21 2019 Summary: Recommended update for yast2-packager Severity: moderate References: 1082369,1119564 Description: This update for yast2-packager fixes the following issues: - Changing repo URL has been ignored (bsc#1119564) - Added warning in case the NTP configuration was modified but the package is not selected to be installed (bsc#1082369) ----------------------------------------- Patch: SUSE-2019-871 Released: Thu Apr 4 13:36:42 2019 Summary: Security update for MozillaFirefox Severity: important References: 1125330,1127987,1129821,1130262,CVE-2018-18335,CVE-2018-18356,CVE-2018-18506,CVE-2019-5785,CVE-2019-9788,CVE-2019-9790,CVE-2019-9791,CVE-2019-9792,CVE-2019-9793,CVE-2019-9794,CVE-2019-9795,CVE-2019-9796,CVE-2019-9801,CVE-2019-9810,CVE-2019-9813 Description: This update for MozillaFirefox to version ESR 60.6.1 fixes the following issues: Security issuess addressed: - update to Firefox ESR 60.6.1 (bsc#1130262): - CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations - CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information - Update to Firefox ESR 60.6 (bsc#1129821): - CVE-2018-18506: Fixed an issue with Proxy Auto-Configuration file - CVE-2019-9801: Fixed an issue which could allow Windows programs to be exposed to web content - CVE-2019-9788: Fixed multiple memory safety bugs - CVE-2019-9790: Fixed a Use-after-free vulnerability when removing in-use DOM elements - CVE-2019-9791: Fixed an incorrect Type inference for constructors entered through on-stack replacement with IonMonkey - CVE-2019-9792: Fixed an issue where IonMonkey leaks JS_OPTIMIZED_OUT magic value to script - CVE-2019-9793: Fixed multiple improper bounds checks when Spectre mitigations are disabled - CVE-2019-9794: Fixed an issue where command line arguments not discarded during execution - CVE-2019-9795: Fixed a Type-confusion vulnerability in IonMonkey JIT compiler - CVE-2019-9796: Fixed a Use-after-free vulnerability in SMIL animation controller - Update to Firefox ESR 60.5.1 (bsc#1125330): - CVE-2018-18356: Fixed a use-after-free vulnerability in the Skia library which can occur when creating a path, leading to a potentially exploitable crash. - CVE-2019-5785: Fixed an integer overflow vulnerability in the Skia library which can occur after specific transform operations, leading to a potentially exploitable crash. - CVE-2018-18335: Fixed a buffer overflow vulnerability in the Skia library which can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default. Other issue addressed: - Fixed an issue with MozillaFirefox-translations-common which was causing error on update (bsc#1127987). Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ ----------------------------------------- Patch: SUSE-2019-886 Released: Fri Apr 5 07:55:15 2019 Summary: Recommended update for grub2 Severity: moderate References: 1113702,1122569 Description: This update for grub2 fixes the following issues: - Fixed regression of crashing lvm on multipath SAN (bsc#1113702) - Add exception handling to FCP lun enumeration (bsc#1113702) - Fix LOADER_TYPE parsing in grub2-once (bsc#1122569) ----------------------------------------- Patch: SUSE-2019-894 Released: Fri Apr 5 17:16:23 2019 Summary: Recommended update for rpm Severity: moderate References: 1119414,1126327,1129753,SLE-3853,SLE-4117 Description: This update for rpm fixes the following issues: - This update shortens RPM changelog to after a certain cut off date (bsc#1129753) - Translate dashes to underscores in kmod provides (FATE#326579, jsc#SLE-4117, jsc#SLE-3853, bsc#1119414). - Re-add symset-table from SLE 12 (bsc#1126327). ----------------------------------------- Patch: SUSE-2019-903 Released: Mon Apr 8 15:41:44 2019 Summary: Security update for glibc Severity: moderate References: 1100396,1122729,1130045,CVE-2016-10739 Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2016-10739: Fixed an improper implementation of getaddrinfo function which could allow applications to incorrectly assume that had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings (bsc#1122729). Other issue fixed: - Fixed an issue where pthread_mutex_trylock did not use a correct order of instructions while maintained the robust mutex list due to missing compiler barriers (bsc#1130045). - Added new Japanese Era name support (bsc#1100396). ----------------------------------------- Patch: SUSE-2019-905 Released: Mon Apr 8 16:48:02 2019 Summary: Recommended update for gcc Severity: moderate References: 1096008 Description: This update for gcc fixes the following issues: - Fix gcc-PIE spec to properly honor -no-pie at link time. (bsc#1096008) ----------------------------------------- Patch: SUSE-2019-909 Released: Tue Apr 9 08:04:44 2019 Summary: Recommended update for chrony Severity: moderate References: 1129914 Description: This update for chrony fixes the following issues: - Fix ordering and dependencies of chronyd.service, so that it is started after name resolution is up (bsc#1129914). ----------------------------------------- Patch: SUSE-2019-919 Released: Tue Apr 9 15:47:42 2019 Summary: Security update for blktrace Severity: low References: 1091942,CVE-2018-10689 Description: This update for blktrace fixes the following issues: - CVE-2018-10689: Prevent buffer overflow in the dev_map_read function because the device and devno arrays were too small (bsc#1091942) ----------------------------------------- Patch: SUSE-2019-923 Released: Wed Apr 10 15:54:57 2019 Summary: Recommended update for openssh Severity: moderate References: 1065237,1115550 Description: This update for openssh fixes the following issues: - Fix SSHD termination of multichannel sessions with non-root users (error on 'mm_request_receive_expect') (bsc#1115550) - Fix a double free() in the KDF CAVS testing tool (bsc#1065237) Please note that this is a FIPS certification helper tool and can not get attacker input. ----------------------------------------- Patch: SUSE-2019-925 Released: Wed Apr 10 16:32:50 2019 Summary: Security update for wget Severity: important References: 1131493,CVE-2019-5953 Description: This update for wget fixes the following issues: Security issue fixed: - CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution (bsc#1131493). ----------------------------------------- Patch: SUSE-2019-926 Released: Wed Apr 10 16:33:12 2019 Summary: Security update for tar Severity: moderate References: 1120610,1130496,CVE-2018-20482,CVE-2019-9923 Description: This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). ----------------------------------------- Patch: SUSE-2019-927 Released: Wed Apr 10 16:33:53 2019 Summary: Security update for libqt5-qtbase Severity: moderate References: 1108889,1118597,1129662,1130246,CVE-2018-19870,CVE-2018-19872 Description: This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2018-19872: Fixed an issue which could allow a division by zero leading to crash (bsc#1130246). - CVE-2018-19870: Fixed an improper check in QImage allocation which could allow Denial of Service when opening crafted gif files (bsc#1118597). Other issue addressed: - Fixed an issue which showing remote locations was not allowed (bsc#1129662). ----------------------------------------- Patch: SUSE-2019-936 Released: Fri Apr 12 09:06:23 2019 Summary: Security update for libvirt Severity: important References: 1081516,1102604,1104662,1106420,1108086,1108395,1112182,1117058,1118952,1120813,1123642,1124667,1125665,1126325,1127458,1130129,CVE-2019-3840 Description: This update for libvirt provides the following fixes: Security issue fixed: - CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). Other issues addressed: - apparmor: reintroduce upstream lxc mount rules (bsc#1130129). - hook: encode incoming XML to UTF-8 before passing to lxml etree from string method (bsc#1123642). - supportconfig: collect rotated logs in /var/log/libvirt/* (bsc#1124667). - libxl: support Xen's max_grant_frames setting with maxGrantFrames attribute on the xenbus controller (bsc#1126325). - conf: added new 'xenbus' controller type - util: skip RDMA detection for non-PCI network devices (bsc#1112182). - qemu: don't use CAP_DAC_OVERRIDE capability if non-root (bsc#1125665). - qemu: fix issues related to restricted permissions on /dev/sev(bsc#1102604). - apparmor: add support for named profiles (bsc#1118952). - libxl: save current memory value after successful balloon (bsc#1120813). - apparmor: Fix ptrace rules. (bsc#1117058) - libxl: Add support for soft reset. (bsc#1081516) - libxl: Fix VM migration on busy hosts. (bsc#1108086) - qemu: Add support for SEV guests. (fate#325817) - util: Don't check for parallel iteration in hash-related functions. (bsc#1106420) - spec: Don't restart libvirt-guests when updating libvirt-client. (bsc#1104662) - Fix virNodeGetSEVInfo API crashing libvirtd on AMD SEV enabled hosts. (bsc#1108395) ----------------------------------------- Patch: SUSE-2019-937 Released: Fri Apr 12 09:42:29 2019 Summary: Recommended update for at-spi2-core Severity: moderate References: 1127792 Description: This update for at-spi2-core and at-spi2-atk fixes the following issues: - Bugfix: Querying table cell headers crashed the application (bsc#1127792). ----------------------------------------- Patch: SUSE-2019-938 Released: Fri Apr 12 09:42:37 2019 Summary: Recommended update for yast2-pkg-bindings Severity: moderate References: 1094468,1097756 Description: This update for yast2-pkg-bindings fixes the following issues: - Does no longer save plugin services to the target system (bsc#1094468) - Fixes an error when saving services during an upgrade (bsc#1097756) ----------------------------------------- Patch: SUSE-2019-947 Released: Fri Apr 12 21:49:31 2019 Summary: Recommended update for cluster-glue Severity: moderate References: 1098758 Description: This update for cluster-glue provides the following fix: - stonith:ibmhmc: Add 'managedsyspat' and 'password' as supported parameters. (bsc#1098758) ----------------------------------------- Patch: SUSE-2019-966 Released: Wed Apr 17 12:20:13 2019 Summary: Recommended update for python-rpm-macros Severity: moderate References: 1128323 Description: This update for python-rpm-macros fixes the following issues: The Python RPM macros were updated to version 20190408.32abece, fixing bugs (bsc#1128323) * Add missing $ expansion on the pytest call * Rewrite pytest and pytest_arch into Lua macros with multiple arguments. * We should preserve existing PYTHONPATH. * Add --ignore to pytest calls to ignore build directories. * Actually make pytest into function to capture arguments as well * Add pytest definitions. * Use upstream-recommended %{_rpmconfigdir}/macros.d directory for the rpm macros. * Fix an issue with epoch printing having too many \ * add epoch while printing 'Provides:' ----------------------------------------- Patch: SUSE-2019-969 Released: Wed Apr 17 13:20:16 2019 Summary: Recommended update for btrfsprogs Severity: important References: 1122539 Description: This update for btrfsprogs provides the following: - Advise user of fs recovery options when we fail to mount (bsc#1122539) - Use correct path for dracut-fsck-help.txt in module-setup.sh (bsc#1122539) ----------------------------------------- Patch: SUSE-2019-970 Released: Wed Apr 17 14:28:17 2019 Summary: Recommended update for python-kiwi Severity: moderate References: 1108508,1110869,1110871,1119416,1123185,1123186,1126283,1126318 Description: This update for python-kiwi provides the following fixes: - Change the default value for bundler compression. If no compression is configured in the kiwi config file the default was set to False. However this led to big trouble on the OBS side for images which have fixed storage disk sizes configured (for example Azure images which request 30G disk size per instance). The default has changed to be True. - Support alternative EFI and grub modules paths. In SUSE products EFI binaries are historically located in /usr/lib*/efi. In a recent move to package grub2 as noarch, a collision between x86_64 and aarch64 has been identified as both packages place platform-specific files in the same location. To fix this, a new location was devised: /usr/share/efi/$(uname -m). At the same time /usr/lib/grub2 will move to /usr/share/grub2. (fate#326960) - Fix Xen guest detection. Xen setup (e.g in the Amazon Cloud) is only supported for the x86_64 architecture. (bsc#1123186, bsc#1123185) - Fix the location of grub unicode font file. grub2 is expecting the unicode font under the fonts directory in the /boot/grub*/ depending on how the distribution installs grub2. (bsc#1119416) - Add Codec utils for bytes literals decoding. In case of a literal decoding failure it tries to decode the result in utf-8. This is handy in python2 environments where python and the host might be using different charset configurations. In python3 this issue seems to be solved. (bsc#1110871) - Fixed URI handling with token query option. So far only the query format '?credentials=' was supported. In case of '?random_token_data' the returned uri was truncated and also the format check on the query caused a python trace. (bsc#1110869, bsc#1108508) - Fix disk size calculation for VMX. Disk size calculation must take into account the empty volumes that are to be mounted in a directory that does not exist in the root tree otherwise there is KeyError. The result of storate/setup._calculate_volume_mbytes must be a dictionary including all defined volumes. - Fixes an issue where the resize of a disk didn't work if the system is multipath based (bsc#1126283) ----------------------------------------- Patch: SUSE-2019-971 Released: Wed Apr 17 14:43:26 2019 Summary: Security update for python3 Severity: important References: 1129346,CVE-2019-9636 Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). ----------------------------------------- Patch: SUSE-2019-972 Released: Wed Apr 17 14:44:05 2019 Summary: Security update for python Severity: important References: 1129346,1130847,CVE-2019-9636,CVE-2019-9948 Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). ----------------------------------------- Patch: SUSE-2019-986 Released: Fri Apr 19 08:18:20 2019 Summary: Recommended update for release-notes-sles-for-sap Severity: moderate References: 1117170,1131037 Description: This update for release-notes-sles-for-sap to 15.0.20190329 fixes the following issues: New notes: - 'Support for SAP HANA Workloads on Intel Optane DC Memory' (FATE#326967, requested via bsc#1117170) - Removed notes: - 'Removed Kernel Modules' was meant for SLES, not specifically for SLES for SAP(FATE#326411) ----------------------------------------- Patch: SUSE-2019-989 Released: Tue Apr 23 09:29:36 2019 Summary: Security update for libsoup Severity: moderate References: 1100097,CVE-2018-12910 Description: This update for libsoup fixes the following issues: Security issue fixed: - CVE-2018-12910: Fix crash when handling empty hostnames (bsc#1100097). ----------------------------------------- Patch: SUSE-2019-994 Released: Tue Apr 23 17:37:41 2019 Summary: Recommended update for release-notes-ha Severity: moderate References: 1122351,1122353,1131034 Description: This update for release-notes-ha fixes the following issues: Various document fixes and changed notes: - Removed de-de language code from URL (bsc#1122353) - Removed misleading link, fix a version number (bsc#1122351) ----------------------------------------- Patch: SUSE-2019-1002 Released: Wed Apr 24 10:13:34 2019 Summary: Recommended update for zlib Severity: moderate References: 1110304,1129576 Description: This update for zlib fixes the following issues: - Fixes a segmentation fault error (bsc#1110304, bsc#1129576) ----------------------------------------- Patch: SUSE-2019-1023 Released: Wed Apr 24 13:47:19 2019 Summary: Recommended update for NetworkManager Severity: moderate References: 1103678,1122262,1128560,1130355 Description: This update for NetworkManager fixes the following issues: - Make the enablement of n-m-wait-online.service follow n-m.service (bsc#1130355). - Use polkit action 'org.freedesktop.NetworkManager.wifi.scan' instead of 'org.freedesktop.NetworkManager.wifi-scan' to sync with upstream (bsc#1128560). - Fix the connectivity value of devices which was set to LIMITED when the connectivity check fails. Now if the connectivity is being set to LIMITED but the device state is DISCONNECTED, then the value is coerced to NONE. (bsc#1103678): - Fix the global connectivity value which wasn't updated when a device was removed. Which is a problem if the device being removed is the one providing the connectivity. (bsc#1103678) - Adding a new polkit action 'org.freedesktop.NetworkManager.wifi-scan' so that distributions can add specific rule to allow Wi-Fi scans (bsc#1122262) ----------------------------------------- Patch: SUSE-2019-1025 Released: Wed Apr 24 14:53:48 2019 Summary: Recommended update for yast2-network Severity: moderate References: 1094934,1107470,709176 Description: This update for yast2-network fixes the following issues: - Fixes an error when writing remote configuration by cmdline (yast remote allow set=yes) (bsc#1094934) - Will now keep the original hostnames untouched in /etc/hosts when only the IP has changed (bsc#709176) ----------------------------------------- Patch: SUSE-2019-1036 Released: Thu Apr 25 14:53:44 2019 Summary: Security update for wireshark Severity: moderate References: 1131945,CVE-2019-10894,CVE-2019-10895,CVE-2019-10896,CVE-2019-10899,CVE-2019-10901,CVE-2019-10903 Description: This update for wireshark to version 2.4.14 fixes the following issues: Security issues fixed: - CVE-2019-10895: NetScaler file parser crash. - CVE-2019-10899: SRVLOC dissector crash. - CVE-2019-10894: GSS-API dissector crash. - CVE-2019-10896: DOF dissector crash. - CVE-2019-10901: LDSS dissector crash. - CVE-2019-10903: DCERPC SPOOLSS dissector crash. Non-security issue fixed: - Update to version 2.4.14 (bsc#1131945). ----------------------------------------- Patch: SUSE-2019-1040 Released: Thu Apr 25 17:09:21 2019 Summary: Security update for samba Severity: important References: 1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880 Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686): - Out of bound read in ldb_wildcard_compare - Hold at most 10 outstanding paged result cookies - Put 'results_store' into a doubly linked list - Refuse to build Samba against a newer minor version of ldb Non-security issues fixed: - Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377). - Abide to the load_printers parameter in smb.conf (bsc#1124223). - Provide the 32bit samba winbind PAM module and its dependend 32bit libraries. ----------------------------------------- Patch: SUSE-2019-1050 Released: Fri Apr 26 12:41:08 2019 Summary: Recommended update for patterns-sap Severity: moderate References: 1132119 Description: This update for patterns-sap fixes the following issues: - The HANA 2 SPS04 Installer required additional libraries for the installation. The missing GCC7 libraries are now be installed with the HANA pattern (bsc#1132119) ----------------------------------------- Patch: SUSE-2019-1054 Released: Fri Apr 26 14:46:02 2019 Summary: Recommended update for crash Severity: moderate References: 1122594,1124690 Description: This update for crash fixes the following issues: - XEN dom0 changes in v4.11 caused coredumps not loading (bsc#1124690, bsc#1122594) ----------------------------------------- Patch: SUSE-2019-1059 Released: Sat Apr 27 09:44:01 2019 Summary: Security update for libssh2_org Severity: important References: 1130103,1133528,CVE-2019-3859 Description: This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] ----------------------------------------- Patch: SUSE-2019-1090 Released: Mon Apr 29 14:32:33 2019 Summary: Security update for rubygem-actionpack-5_1 Severity: moderate References: 1129271,1129272,CVE-2019-5418,CVE-2019-5419 Description: This update for rubygem-actionpack-5_1 fixes the following issues: Security issues fixed: - CVE-2019-5418: Fixed a file content disclosure vulnerability in Action View which could be exploited via specially crafted accept headers in combination with calls to render file (bsc#1129272). - CVE-2019-5419: Fixed a resource exhaustion issue in Action View which could make the server unable to process requests (bsc#1129271). ----------------------------------------- Patch: SUSE-2019-1092 Released: Mon Apr 29 14:36:45 2019 Summary: Recommended update for pacemaker Severity: moderate References: 1117934,1128374,1128772 Description: This update for pacemaker provides the following fixes: - libcrmcluster: Avoid use of NULL when searching for remote node. (bsc#1128772) - scheduler: Respect the order of constraints when relevant resources are being probed. (bsc#1117934, bsc#1128374) ----------------------------------------- Patch: SUSE-2019-1105 Released: Tue Apr 30 12:10:58 2019 Summary: Recommended update for gcc7 Severity: moderate References: 1084842,1114592,1124644,1128794,1129389,1131264,SLE-6738 Description: This update for gcc7 fixes the following issues: Update to gcc-7-branch head (r270528). - Disables switch jump-tables when retpolines are used. This restores some lost performance for kernel builds with retpolines. (bsc#1131264, jsc#SLE-6738) - Fix ICE compiling tensorflow on aarch64. (bsc#1129389) - Fix for aarch64 FMA steering pass use-after-free. (bsc#1128794) - Fix for s390x FP load-and-test issue. (bsc#1124644) - Improve build reproducability by disabling address-space randomization during build. - Adjust gnat manual entries in the info directory. (bsc#1114592) - Includes fix to no longer try linking -lieee with -mieee-fp. (bsc#1084842) ----------------------------------------- Patch: SUSE-2019-1113 Released: Tue Apr 30 14:08:42 2019 Summary: Recommended update for python-pycurl Severity: moderate References: 1128355 Description: This update for python-pycurl fixes the following issues: - bsc#1128355: update to the Factory package to get multibuild and better working tests. - Update to 7.43.0.2: * Added perform_rb and perform_rs methods to Curl objects to return response body as byte string and string, respectively. * Added OPT_COOKIELIST constant for consistency with other option constants. * PycURL is now able to report errors triggered by libcurl via CURLOPT_FAILONERROR mechanism when the error messages are not decodable in Python's default encoding (GitHub issue #259). * Added getinfo_raw method to Curl objects to return byte strings as is from libcurl without attempting to decode them (GitHub issue #493). * When adding a Curl easy object to CurlMulti via add_handle, the easy objects now have their reference counts increased so that the application is no longer required to keep references to them to keep them from being garbage collected (GitHub issue #171). * PycURL easy, multi and share objects can now be weak referenced. * set_ca_certs now accepts byte strings as it should have been all along. * Use OpenSSL 1.1 and 1.0 specific APIs for controlling thread locks depending on OpenSSL version (patch by Vitaly Murashev). * Fixed a crash when closesocket callback failed (patch by Gisle Vanem and toddrme2178). * Added CURLOPT_PROXY_SSLCERT, CURLOPT_PROXY_SSLCERTTYPE, CURLOPT_PROXY_SSLKEY, CURLOPT_PROXY_SSLKEYTYPE, CURLOPT_PROXY_SSL_VERIFYPEER (libcurl 7.52.0+, patch by Casey Miller). * Added CURLOPT_PRE_PROXY (libcurl 7.52.0+, patch by ziggy). * Added SOCKET_BAD constant and it is now recognized as a valid return value from OPENSOCKET callback. ----------------------------------------- Patch: SUSE-2019-1114 Released: Tue Apr 30 14:09:17 2019 Summary: Recommended update for open-iscsi Severity: moderate References: 1127913,1128972 Description: This update for open-iscsi fixes the following issues: - Fix a regression in behavior of iscsiadm caused by the switch to libopeniscsiusr (bsc#1128972) - Prevent iscsiuio segmentation fault in case get_tx_pkt fails while sending ARP (bsc#1127913) ----------------------------------------- Patch: SUSE-2019-1121 Released: Tue Apr 30 18:02:43 2019 Summary: Security update for gnutls Severity: important References: 1118087,1130681,1130682,CVE-2018-16868,CVE-2019-3829,CVE-2019-3836 Description: This update for gnutls fixes to version 3.6.7 the following issues: Security issued fixed: - CVE-2019-3836: Fixed an invalid pointer access via malformed TLS1.3 async messages (bsc#1130682). - CVE-2019-3829: Fixed a double free vulnerability in the certificate verification API (bsc#1130681). - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification (bsc#1118087) Non-security issue fixed: - Update gnutls to support TLS 1.3 (fate#327114) ----------------------------------------- Patch: SUSE-2019-1127 Released: Thu May 2 09:39:24 2019 Summary: Security update for sqlite3 Severity: moderate References: 1130325,1130326,CVE-2019-9936,CVE-2019-9937 Description: This update for sqlite3 to version 3.28.0 fixes the following issues: Security issues fixed: - CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326). - CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325). ----------------------------------------- Patch: SUSE-2019-1130 Released: Thu May 2 13:07:59 2019 Summary: Recommended update for azure-li-services Severity: moderate References: 1125372,1125373 Description: This update for azure-li-services fixes the following issues: - Create /etc/sysconfig/sbd configuration Write /etc/sysconfig/sbd which contains the disk device name used to initialize the SBD device - Add support for iSCSI SBD device setup In a new an optional stonith section the configuration for the iSCSI initiator and ip address can be setup. Once present the process to setup the iSCSI initiator as well as the device discovery is started. (bsc#1125373 and bsc#1125372) ----------------------------------------- Patch: SUSE-2019-1134 Released: Thu May 2 17:57:27 2019 Summary: Recommended update for quota Severity: moderate References: 1131513,SLE-5734 Description: This update for quota fixes the following issues: Quota was updated to 4.05 release jsc#SLE-5734 bsc#1131513: * This release includes mostly various smaller cleanups and fixes in various areas. * Most visible changes are addition of f2fs and exfs among recognized filesystems. * Remove quot binary functionality could be achieved by using repquota instead ----------------------------------------- Patch: SUSE-2019-1144 Released: Fri May 3 14:45:18 2019 Summary: Recommended update for yast2-cluster Severity: moderate References: 1132881 Description: This update for yast2-cluster fixes the following issues: - yast2-cluster will now depend on sharutils in order to work in combination with uuencode (bsc#1132881) ----------------------------------------- Patch: SUSE-2019-1154 Released: Mon May 6 13:00:55 2019 Summary: Recommended update for multipath-tools Severity: important References: 1028857,1107179,1110060,1110439,1111116,1118224,1118495,1121134,1125043,1125145,1131789 Description: This update for multipath-tools fixes the following issues: multipath-tools was update to version 0.7.3+114+suse.22c2357: - Fix boot issues on certain hardware (bsc#1125145, bsc#1131789) - Fix daemon shutdown issues (bsc#1110060, bsc#1110439) * multipathd: fix daemon not really shutdown * multipath: fix rcu thread cancellation hang * multipathd: check for DAEMON_SHUTDOWN in configure * multipathd: make DAEMON_SHUTDOWN a terminal state - Other fixes * setup_map: wait for pending path checkers to finish (bsc#1118224) * multipathd: Fix miscounting active paths (bsc#1125043) * multipathd: fix device creation issues (bsc#1111116) * multipathd: fix irritating 'minor number mismatch' message (bsc#1111116) * libmultipath: Increase SERIAL_SIZE to 128 bytes (bsc#1107179) * multipathd: avoid crash in cli_list_path (bsc#1121134) * multipathd: add a NVMe ANA-based path prioritizer (bsc#1118495) - Added dependency on sg3_utils (bsc#1028857) ----------------------------------------- Patch: SUSE-2019-1160 Released: Mon May 6 14:24:31 2019 Summary: Recommended update for sg3_utils Severity: moderate References: 1005063,1069384,1131482,1133418,840054 Description: This update for sg3_utils fixes the following issues: - Update to version 1.44~763+19.1ed0757: * rescan-scsi-bus.sh: use LUN wildcard in idlist (bsc#1069384) * 40-usb-blacklist.rules: use ID_SCSI_INQUIRY (bsc#840054, bsc#1131482) * Changed versioning scheme (svn r763, pre-release of upstream 1.44, plus 16 SUSE patches, SUSE git commit b2fedfa) * 59-fc-wwpn-id.rules: fix rule syntax (bsc#1133418) - Spec file: add fc_wwpn_id to generate by-path links for fibrechannel (bsc#1005063) ----------------------------------------- Patch: SUSE-2019-1169 Released: Tue May 7 14:15:58 2019 Summary: Recommended update for MozillaFirefox Severity: important References: 1134126 Description: This update for MozillaFirefox fixes the following issues: - An internal certificate in Firefox expired recently and that certificate was used to ensure the validity of installed extensions modules. This update includes a new, valid copy of that certificate so that users can continue to use and install their preferred extensions. (bsc#1134126) ----------------------------------------- Patch: SUSE-2019-1173 Released: Tue May 7 15:33:40 2019 Summary: Recommended update for cifs-utils Severity: moderate References: 1130528 Description: This update for cifs-utils fixes the following issues: - Allow cached DNS entry to expire (fate#325270). - Document new SMB2.1+ defaults (bsc#1130528). - Add typo corrections, better doc and configure fixes from upstream - Update to cifs-utils 6.8 (please find all 6.8 changes in the changelog) ----------------------------------------- Patch: SUSE-2019-1177 Released: Tue May 7 16:19:37 2019 Summary: Recommended update for kernel-firmware Severity: moderate References: 1132303 Description: This update for kernel-firmware fixes the following issues: kernel firmware was updated to version 20190312: * drm/amdgpu: update picasso to latest from 18.50 branch * drm/amdgpu: update polaris12 to latest from 18.50 branch * drm/amdgpu: update vega20 to latest from 18.50 branch * rtw88: RTL8822C: update rtw8822c_fw.bin to v5.0 * rtl_bt: Update firmware for BT part of RTL8822C * linux-firmware: update Marvell 8787/8801/8887 firmware images * linux-firmware: update Marvell 8897/8997 firmware images * nfp: update Agilio SmartNIC firmware to rev 2.1.16.1 * QCA: Add the fw files for BT Chip QCA6174. The update to version 20190221 contained: * linux-firmware: Add AMD SEV firmware * WHENCE: Correct errant entries * amdgpu: update raven2 rlc firmware * amdgpu: drop raven2_sdma1.bin * linux-firmware: Update firmware file for Intel Bluetooth,9560 * linux-firmware: Update firmware file for Intel Bluetooth,9260 * qca: Add firmware files for BT chip wcn3990. * nvidia: add TU10x typec controller firmware The update to version 20190212 contained: * bnx2x: Add FW 7.13.11.0. (bsc#1132303) * amdgpu: add firmware for vega20 from 18.50 * amdgpu: bump year on license * linux-firmware: update Marvell PCIe-USB8997 firmware image * linux-firmware: update Marvell SD8897-B0 firmware image * linux-firmware: add Marvell SD8977 firmware image * ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00021 * ath10k: QCA988X hw2.0: update firmware-5.bin to 10.2.4-1.0-00043 * ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00024 * ath10k: QCA6174 hw3.0: update board-2.bin ----------------------------------------- Patch: SUSE-2019-1206 Released: Fri May 10 14:01:55 2019 Summary: Security update for bzip2 Severity: low References: 985657,CVE-2016-3189 Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). ----------------------------------------- Patch: SUSE-2019-1209 Released: Fri May 10 14:04:58 2019 Summary: Security update for pacemaker Severity: important References: 1117381,1131353,1131356,1131357,CVE-2018-16877,CVE-2018-16878,CVE-2019-3885 Description: This update for pacemaker fixes the following issues: Security issues fixed: - CVE-2019-3885: Fixed an information disclosure in log output. (bsc#1131357) - CVE-2018-16877: Fixed a local privilege escalation through insufficient IPC client-server authentication. (bsc#1131356) - CVE-2018-16878: Fixed a denial of service through insufficient verification inflicted preference of uncontrolled processes. (bsc#1131353) Non-security issue fixed: - crmd: delete resource from lrmd when appropriate to avoid timeouts with crmsh (bsc#1117381). ----------------------------------------- Patch: SUSE-2019-1221 Released: Mon May 13 13:28:42 2019 Summary: Security update for libxslt Severity: moderate References: 1132160,CVE-2019-11068 Description: This update for libxslt fixes the following issues: Security issue fixed: - CVE-2019-11068: Fixed a protection mechanism bypass where callers of xsltCheckRead() and xsltCheckWrite() would permit access upon receiving an error (bsc#1132160). ----------------------------------------- Patch: SUSE-2019-1226 Released: Mon May 13 16:09:07 2019 Summary: Recommended update for wicked Severity: moderate References: 1106809,1118206,1123555,1127340 Description: This update for wicked fixes the following issues: Wicked was updated to version 0.6.54: - switch to use systemd notify and prevent event backlog at start by calling udevadm settle before starting wickedd (bsc#1118206) - dhcp6: don't discard confirm reply without status (bsc#1127340) - ethtool: set lro legacy flag and not txvlan (bsc#1123555) - init memory before use in ioctl - fsm: fix find pending worker loop segfault (bsc#1106809) ----------------------------------------- Patch: SUSE-2019-1229 Released: Tue May 14 11:05:55 2019 Summary: Recommended update for sensors Severity: moderate References: 1108468,1116021 Description: This update for sensors fixes the following issues: sensors was updated to version 3.5.0: The following changes were done: + soname was bumped due to commit dcf2367 which introduced an ABI change. (This was reverted for the SUSE packages, as it was not necessary) + Fixed disappearance of certain hwmon chips with 4.19+ kernels (bsc#1116021). + Add the find-driver script for debugging. + Various documentation and man page improvements. + Fix various issues found by Coverity Scan. + Updated links in documentation to reflect the new home of lm_sensors. + sensors.1: Add reference to sensors-detect and document -j option (json output). + sensors: Add support for json output, add support for power min, lcrit, min_alarm, lcrit_alarm. + sensors-detect changes: * Fix systemd paths. * Add detection of Fintek F81768. * Only probe I/O ports on x86. * Add detection of Nuvoton NCT6793D. * Add detection of Microchip MCP9808. * Mark F71868A as supported by the f71882fg driver. * Mark F81768D as supported by the f71882fg driver. * Mark F81866D as supported by the f71882fg driver. * Add detection of various ITE chips. * Add detection of Nuvoton NCT6795D. * Add detection of DDR4 SPD. * Add detection of ITE IT8987D. * Add detection of AMD Family 17h temperature sensors. * Add detection of AMD KERNCZ SMBus controller. * Add detection of various Intel SMBus controllers. * Add detection of Giantec GT30TS00. * Add detection of ONS CAT34TS02C and CAT34TS04. * Add detection of AMD Family 15h Model 60+ temperature sensors. * Add detection of Nuvoton NCT6796D. * Add detection of AMD Family 15h Model 70+ temperature sensors. + configs: Add sample configuration files. + sensors.conf.default: * Add hardwired inputs of NCT6795D * Add hardwired inputs of F71868A * Add hardwired NCT6796D inputs + vt1211_pwm: replaced deprecated sub shell syntax, run with bash instead of sh. + pwmconfig: replaced deprecated sub shell syntax. + fancontrol: replaced deprecated sub shell syntax, save original pwm values. + fancontrol.8: replaced deprecated sub shell syntax. + libsensors: * Add support for SENSORS_BUS_TYPE_SCSI, add support for power min, lcrit, min_alarm, lcrit_alarm. * Handle hwmon device with thermal device parent (bsc#1108468). - Undo unnecessary libsensors version bump. - Undo the SENSORS_API_VERSION change, to stay source-compatible with upstream. ----------------------------------------- Patch: SUSE-2019-1236 Released: Tue May 14 19:01:39 2019 Summary: Security update for ucode-intel Severity: important References: 1111331,CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2019-11091 Description: This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2 - ---- updated platforms ------------------------------------ - SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2 - IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3 - HSW C0 6-3c-3/32 00000025->00000027 Core Gen4 - BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5 - IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series; Xeon E5 v2 - IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2 - HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3 - HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4 - HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4 - BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5 - SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6 - SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable - SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx - BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5 - DNV B0 6-5f-1/01 00000024->0000002e Atom Processor C Series - GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver N/J5xxx, Celeron N/J4xxx - AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile - KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8 - CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9 - CFL-H R0 6-9e-d/22 000000b0->000000b8 Core Gen9 Mobile ----------------------------------------- Patch: SUSE-2019-1244 Released: Tue May 14 19:06:56 2019 Summary: Security update for the Linux Kernel Severity: important References: 1050549,1051510,1052904,1053043,1055117,1055121,1061840,1065600,1065729,1070872,1082555,1083647,1085535,1085536,1088804,1094244,1097583,1097584,1097585,1097586,1097587,1097588,1100132,1103259,1111331,1112128,1112178,1113399,1113722,1114279,1114542,1114638,1119086,1119680,1120318,1120902,1122767,1123105,1125342,1126221,1126356,1126704,1126740,1127175,1127371,1127372,1127374,1127378,1127445,1128415,1128544,1129276,1129770,1130130,1130154,1130195,1130335,1130336,1130337,1130338,1130425,1130427,1130518,1130527,1130567,1131062,1131107,1131167,1131168,1131169,1131170,1131171,1131172,1131173,1131174,1131175,1131176,1131177,1131178,1131179,1131180,1131290,1131335,1131336,1131416,1131427,1131442,1131467,1131574,1131587,1131659,1131673,1131847,1131848,1131851,1131900,1131934,1131935,1132083,1132219,1132226,1132227,1132365,1132368,1132369,1132370,1132372,1132373,1132384,1132397,1132402,1132403,1132404,1132405,1132407,1132411,1132412,1132413,1132414,1132426,1132527,1132531,1132555,1132558,1132561,1132562,1132563,1132564,1132570,1132571,1132572,1132589,1132618,1132681,1132726,1132828,1132943,1133005,1133094,1133095,1133115,1133149,1133486,1133529,1133584,1133667,1133668,1133672,1133674,1133675,1133698,1133702,1133731,1133769,1133772,1133774,1133778,1133779,1133780,1133825,1133850,1133851,1133852,CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-16880,CVE-2019-11091,CVE-2019-3882,CVE-2019-9003,CVE-2019-9500,CVE-2019-9503 Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security issues were fixed: - CVE-2018-16880: A flaw was found in the handle_rx() function in the vhost_net driver. A malicious virtual guest, under specific conditions, could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bnc#1122767). - CVE-2019-3882: A flaw was found in the vfio interface implementation that permitted violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427). - CVE-2019-9003: Attackers could trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a 'service ipmievd restart' loop (bnc#1126704). - CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results was fixed. (bnc#1132681). - CVE-2019-9503: A brcmfmac frame validation bypass was fixed. (bnc#1132828). The following non-security bugs were fixed: - 9p: do not trust pdu content for stat item size (bsc#1051510). - acpi: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1132426). - acpi / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510). - alsa: core: Fix card races between register and disconnect (bsc#1051510). - alsa: echoaudio: add a check for ioremap_nocache (bsc#1051510). - alsa: firewire: add const qualifier to identifiers for read-only symbols (bsc#1051510). - alsa: firewire-motu: add a flag for AES/EBU on XLR interface (bsc#1051510). - alsa: firewire-motu: add specification flag for position of flag for MIDI messages (bsc#1051510). - alsa: firewire-motu: add support for MOTU Audio Express (bsc#1051510). - alsa: firewire-motu: add support for Motu Traveler (bsc#1051510). - alsa: firewire-motu: use 'version' field of unit directory to identify model (bsc#1051510). - alsa: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist (bsc#1051510). - alsa: hda - Add two more machines to the power_save_blacklist (bsc#1051510). - alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bsc#1051510). - alsa: hda: Initialize power_state field properly (bsc#1051510). - alsa: hda/realtek - Add quirk for Tuxedo XC 1509 (bsc#1131442). - alsa: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic (bsc#1051510). - alsa: hda/realtek - Add support headset mode for DELL WYSE AIO (bsc#1051510). - alsa: hda/realtek - Add support headset mode for New DELL WYSE NB (bsc#1051510). - alsa: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510). - alsa: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer AIO with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256 (bsc#1051510). - alsa: hda - Record the current power state before suspend/resume calls (bsc#1051510). - alsa: info: Fix racy addition/deletion of nodes (bsc#1051510). - alsa: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bsc#1051510). - alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510). - alsa: pcm: Do not suspend stream in unrecoverable PCM state (bsc#1051510). - alsa: pcm: Fix possible OOB access in PCM oss plugins (bsc#1051510). - alsa: rawmidi: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: sb8: add a check for request_region (bsc#1051510). - alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510). - alsa: seq: oss: Fix Spectre v1 vulnerability (bsc#1051510). - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510). - ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510). - ASoC: topology: free created components in tplg load error (bsc#1051510). - assume flash part size to be 4MB, if it can't be determined (bsc#1127371). - ath10k: avoid possible string overflow (bsc#1051510). - auxdisplay: hd44780: Fix memory leak on ->remove() (bsc#1051510). - auxdisplay: ht16k33: fix potential user-after-free on module unload (bsc#1051510). - batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510). - bcm2835 MMC issues (bsc#1070872). - blkcg: Introduce blkg_root_lookup() (bsc#1131673). - blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673). - blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673). - blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673). - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673). - blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673). - blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673). - blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673). - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673). - block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673). - block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673). - block: Introduce blk_exit_queue() (bsc#1131673). - block: kABI fixes for bio_rewind_iter() removal (bsc#1131673). - block: remove bio_rewind_iter() (bsc#1131673). - bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510). - bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bsc#1051510). - bluetooth: Fix decrementing reference count twice in releasing socket (bsc#1051510). - bluetooth: hci_ldisc: Initialize hci_dev before open() (bsc#1051510). - bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() (bsc#1051510). - bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731). - bnxt_en: Drop oversize TX packets to prevent errors (networking-stable-19_03_07). - bonding: fix PACKET_ORIGDEV regression (git-fixes). - bpf: fix use after free in bpf_evict_inode (bsc#1083647). - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes). - btrfs: check for refs on snapshot delete resume (bsc#1131335). - btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes). - btrfs: fix deadlock between clone/dedupe and rename (bsc#1130518). - btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195). - btrfs: remove WARN_ON in log_dir_items (bsc#1131847). - btrfs: save drop_progress if we drop refs at all (bsc#1131336). - cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510). - cgroup: fix parsing empty mount option string (bsc#1133094). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510). - cifs: do not dereference smb_file_target before null check (bsc#1051510). - cifs: Do not hide EINTR after sending network packets (bsc#1051510). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510). - cifs: Fix credits calculations for reads with errors (bsc#1051510). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510). - cifs: Fix potential OOB access of lock element array (bsc#1051510). - cifs: Fix read after write for files with read caching (bsc#1051510). - clk: clk-twl6040: Fix imprecise external abort for pdmclk (bsc#1051510). - clk: fractional-divider: check parent rate only if flag is set (bsc#1051510). - clk: ingenic: Fix doc of ingenic_cgu_div_info (bsc#1051510). - clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bsc#1051510). - clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510). - clk: sunxi-ng: v3s: Fix TCON reset de-assert bit (bsc#1051510). - clk: vc5: Abort clock configuration without upstream clock (bsc#1051510). - clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510). - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bsc#1051510). - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bsc#1051510). - cpcap-charger: generate events for userspace (bsc#1051510). - cpufreq: pxa2xx: remove incorrect __init annotation (bsc#1051510). - cpufreq: tegra124: add missing of_node_put() (bsc#1051510). - cpupowerutils: bench - Fix cpu online check (bsc#1051510). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - crypto: caam - add missing put_device() call (bsc#1129770). - crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510). - crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510). - crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510). - cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371). - cxgb4: Added missing break in ndo_udp_tunnel_{add/del} (bsc#1127371). - cxgb4: Add flag tc_flower_initialized (bsc#1127371). - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371). - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 (bsc#1127371). - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371). - cxgb4: add per rx-queue counter for packet errors (bsc#1127371). - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371). - cxgb4: add support to display DCB info (bsc#1127371). - cxgb4: Add support to read actual provisioned resources (bsc#1127371). - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371). - cxgb4: collect hardware queue descriptors (bsc#1127371). - cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371). - cxgb4: convert flower table to use rhashtable (bsc#1127371). - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371). - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371). - cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374). - cxgb4/cxgb4vf: Link management changes (bsc#1127371). - cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac() (bsc#1127371). - cxgb4: display number of rx and tx pages free (bsc#1127371). - cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371). - cxgb4: Export sge_host_page_size to ulds (bsc#1127371). - cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371). - cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371). - cxgb4: Mask out interrupts that are not enabled (bsc#1127175). - cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371). - cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371). - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371). - cxgb4: remove the unneeded locks (bsc#1127371). - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371). - cxgb4: Support ethtool private flags (bsc#1127371). - cxgb4: update supported DCB version (bsc#1127371). - cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371). - cxgb4vf: Few more link management changes (bsc#1127374). - cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374). - cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374). - device_cgroup: fix RCU imbalance in error case (bsc#1051510). - device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1051510). - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bsc#1051510). - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510). - dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510). - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510). - dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510). - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638). - drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567). - drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510). - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722) - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510). - drm/i915/bios: assume eDP is present on port A when there is no VBT (bsc#1051510). - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722) - drm/i915/gvt: Annotate iomem usage (bsc#1051510). - drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510). - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722) - drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check (bsc#1051510). - drm/i915: Relax mmap VMA check (bsc#1051510). - drm/imx: ignore plane updates on disabled crtcs (bsc#1051510). - drm/imx: imx-ldb: add missing of_node_puts (bsc#1051510). - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722) - drm/meson: Fix invalid pointer in meson_drv_unbind() (bsc#1051510). - drm/meson: Uninstall IRQ handler (bsc#1051510). - drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure (bsc#1051510). - drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510). - drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510). - drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722) - drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722) - drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722) - drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722) - drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722) - drm/udl: add a release method and delay modeset teardown (bsc#1085536) - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722) - Drop 'PCI: designware-ep: Read-only registers need DBI_RO_WR_EN to' - dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit (networking-stable-19_02_20). - e1000e: fix cyclic resets at link up with active tx (bsc#1051510). - e1000e: Fix -Wformat-truncation warnings (bsc#1051510). - ext2: Fix underflow in ext2_max_size() (bsc#1131174). - ext4: add mask of ext4 flags to swap (bsc#1131170). - ext4: add missing brelse() in add_new_gdb_meta_bg() (bsc#1131176). - ext4: Avoid panic during forced reboot (bsc#1126356). - ext4: brelse all indirect buffer in ext4_ind_remove_space() (bsc#1131173). - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851). - ext4: cleanup pagecache before swap i_data (bsc#1131178). - ext4: fix check of inode in swap_inode_boot_loader (bsc#1131177). - ext4: fix data corruption caused by unaligned direct AIO (bsc#1131172). - ext4: fix EXT4_IOC_SWAP_BOOT (bsc#1131180). - ext4: fix NULL pointer dereference while journal is aborted (bsc#1131171). - ext4: update quota information while swapping boot loader inode (bsc#1131179). - fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510). - fix cgroup_do_mount() handling of failure exits (bsc#1133095). - Fix kabi after 'md: batch flush requests.' (bsc#1119680). - fm10k: Fix a potential NULL pointer dereference (bsc#1051510). - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219). - fs/dax: deposit pagetable even when installing zero page (bsc#1126740). - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes). - futex: Cure exit race (bsc#1050549). - futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549). - futex: Handle early deadlock return correctly (bsc#1050549). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510). - gpio: gpio-omap: fix level interrupt idling (bsc#1051510). - gpio: of: Fix of_gpiochip_add() error path (bsc#1051510). - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes). - hid: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486). - hid: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510). - hid: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510). - hv_netvsc: Fix IP header checksum for coalesced packets (networking-stable-19_03_07). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (fate#323887). - hwrng: virtio - Avoid repeated init of completion (bsc#1051510). - i2c: tegra: fix maximum transfer size (bsc#1051510). - ibmvnic: Enable GRO (bsc#1132227). - ibmvnic: Fix completion structure initialization (bsc#1131659). - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227). - iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510). - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510). - iio: ad_sigma_delta: select channel when reading register (bsc#1051510). - iio: core: fix a possible circular locking dependency (bsc#1051510). - iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510). - iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510). - iio: Fix scan mask selection (bsc#1051510). - iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510). - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510). - input: cap11xx - switch to using set_brightness_blocking() (bsc#1051510). - input: matrix_keypad - use flush_delayed_work() (bsc#1051510). - input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510). - input: st-keyscan - fix potential zalloc NULL dereference (bsc#1051510). - input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510). - input: uinput - fix undefined behavior in uinput_validate_absinfo() (bsc#1120902). - intel_idle: add support for Jacobsville (jsc#SLE-5394). - io: accel: kxcjk1013: restore the range after resume (bsc#1051510). - iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130336). - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130337). - iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425). - iommu/amd: Set exclusion range correctly (bsc#1130425). - iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130). - iommu/vt-d: Check capability before disabling protected memory (bsc#1130338). - ip6: fix PMTU discovery when using /127 subnets (git-fixes). - ip6mr: Do not call __IP6_INC_STATS() from preemptible context (git-fixes). - ip6_tunnel: fix ip6 tunnel lookup in collect_md mode (git-fixes). - ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv4/route: fail early when inet dev is missing (git-fixes). - ipv6: Fix dangling pointer when ipv6 fragment (git-fixes). - ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24). - ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes). - ipvlan: disallow userns cap_net_admin to change global mode/flags (networking-stable-19_03_15). - ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes). - irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table (bsc#1051510). - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bsc#1051510). - iscsi_ibft: Fix missing break in switch statement (bsc#1051510). - iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371). - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770). - iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770). - iwlwifi: mvm: fix firmware statistics usage (bsc#1129770). - jbd2: clear dirty flag when revoking a buffer from an older transaction (bsc#1131167). - jbd2: fix compile warning when using JBUFFER_TRACE (bsc#1131168). - kabi/severities: add cxgb4 and cxgb4vf shared data to the whitelis (bsc#1127372) - kasan: fix shadow_size calculation error in kasan_module_alloc (bsc#1051510). - kbuild: fix false positive warning/error about missing libelf (bsc#1051510). - kbuild: modversions: Fix relative CRC byte order interpretation (bsc#1131290). - kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729). - kcm: switch order of device registration to fix a crash (bnc#1130527). - kernfs: do not set dentry->d_fsdata (boo#1133115). - keys: always initialize keyring_index_key::desc_len (bsc#1051510). - keys: user: Align the payload buffer (bsc#1051510). - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563). - kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149). - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561). - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564). - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562). - kvm: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840). - kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149). - kvm: VMX: Compare only a single byte for VMCS' 'launched' in vCPU-run (bsc#1132555). - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279). - kvm: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570). - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571). - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331). - leds: pca9532: fix a potential NULL pointer dereference (bsc#1051510). - libceph: wait for latest osdmap in ceph_monc_blacklist_add() (bsc#1130427). - libertas_tf: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - lightnvm: if LUNs are already allocated fix return (bsc#1085535). - locking/atomics, asm-generic: Move some macros from to a new file (bsc#1111331). - mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510). - mac80211: Fix Tx aggregation session tear down with ITXQs (bsc#1051510). - mac80211_hwsim: propagate genlmsg_reply return code (bsc#1051510). - md: batch flush requests (bsc#1119680). - md: Fix failed allocation of md_register_thread (git-fixes). - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes). - md/raid5: fix 'out of memory' during raid cache recovery (git-fixes). - media: mt9m111: set initial frame size other than 0x0 (bsc#1051510). - media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: rc: mce_kbd decoder: fix stuck keys (bsc#1100132). - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: v4l2-ctrls.c/uvc: zero v4l2_event (bsc#1051510). - media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed (bsc#1119086). - memremap: fix softlockup reports at teardown (bnc#1130154). - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bsc#1051510). - missing barriers in some of unix_sock ->addr and ->path accesses (networking-stable-19_03_15). - mmc: davinci: remove extraneous __init annotation (bsc#1051510). - mmc: pxamci: fix enum type confusion (bsc#1051510). - mmc: sdhci: Fix data command CRC error handling (bsc#1051510). - mmc: sdhci: Handle auto-command errors (bsc#1051510). - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510). - mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510). - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934). - mm: Fix modifying of page protection by insert_pfn() (bsc#1126740). - mm: Fix warning in insert_pfn() (bsc#1126740). - mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd() (bsc#1126740). - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935). - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825). - mpls: Return error for RTA_GATEWAY attribute (networking-stable-19_03_07). - mt7601u: bump supported EEPROM version (bsc#1051510). - mwifiex: do not advertise IBSS features without FW support (bsc#1129770). - net: Add header for usage of fls64() (networking-stable-19_02_20). - net: Add __icmp_send helper (networking-stable-19_03_07). - net: avoid false positives in untrusted gso validation (git-fixes). - net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07). - net: bridge: add vlan_tunnel to bridge port policies (git-fixes). - net: bridge: fix per-port af_packet sockets (git-fixes). - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (git-fixes). - net: datagram: fix unbounded loop in __skb_try_recv_datagram() (git-fixes). - net: Do not allocate page fragments that are not skb aligned (networking-stable-19_02_20). - net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129276 bsc#1125342). - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (git-fixes). - netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info (git-fixes). - netfilter: ip6t_MASQUERADE: add dependency on conntrack module (git-fixes). - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() (git-fixes). - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (git-fixes). - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} (git-fixes). - netfilter: x_tables: fix int overflow in xt_alloc_table_info() (git-fixes). - net: Fix for_each_netdev_feature on Big endian (networking-stable-19_02_20). - net: fix IPv6 prefix route residue (networking-stable-19_02_20). - net: Fix untag for vlan packets without ethernet header (git-fixes). - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (git-fixes). - net/hsr: Check skb_put_padto() return value (git-fixes). - net: hsr: fix memory leak in hsr_dev_finalize() (networking-stable-19_03_15). - net/hsr: fix possible crash in add_timer() (networking-stable-19_03_15). - netlabel: fix out-of-bounds memory accesses (networking-stable-19_03_07). - netlink: fix nla_put_{u8,u16,u32} for KASAN (git-fixes). - net/mlx5e: Do not overwrite pedit action when multiple pedit used (networking-stable-19_02_24). - net/ncsi: Fix AEN HNCDSC packet length (git-fixes). - net/ncsi: Stop monitor if channel times out or is inactive (git-fixes). - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (networking-stable-19_03_07). - net/packet: fix 4gb buffer limit due to overflow check (networking-stable-19_02_24). - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (git-fixes). - net_sched: acquire RTNL in tc_action_net_exit() (git-fixes). - net_sched: fix two more memory leaks in cls_tcindex (networking-stable-19_02_24). - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (networking-stable-19_03_15). - net: sit: fix memory leak in sit_init_net() (networking-stable-19_03_07). - net: sit: fix UBSAN Undefined behaviour in check_6rd (networking-stable-19_03_15). - net: socket: set sock->sk to NULL after calling proto_ops::release() (networking-stable-19_03_07). - net-sysfs: Fix mem leak in netdev_register_kobject (git-fixes). - net: validate untrusted gso packets without csum offload (networking-stable-19_02_20). - net/x25: fix a race in x25_bind() (networking-stable-19_03_15). - net/x25: fix use-after-free in x25_device_event() (networking-stable-19_03_15). - net/x25: reset state in x25_connect() (networking-stable-19_03_15). - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (git-fixes). - NFC: nci: Add some bounds checking in nci_hci_cmd_received() (bsc#1051510). - nfsd4: catch some false session retries (git-fixes). - nfsd4: fix cached replies to solo SEQUENCE compounds (git-fixes). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes). - nfs: Do not use page_file_mapping after removing the page (git-fixes). - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes). - nfs: Fix a soft lockup in the delegation recovery code (git-fixes). - nfs: Fix a typo in nfs_init_timeout_values() (git-fixes). - nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618). - nfs: Fix I/O request leakages (git-fixes). - nfs: fix mount/umount race in nlmclnt (git-fixes). - nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes). - nfsv4.1 do not free interrupted slot on open (git-fixes). - nfsv4.1: Reinitialise sequence results before retransmitting a request (git-fixes). - nfsv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() (git-fixes). - nvme: add proper discard setup for the multipath device (bsc#1114638). - nvme: fix the dangerous reference of namespaces list (bsc#1131673). - nvme: make sure ns head inherits underlying device limits (bsc#1131673). - nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673). - nvme: only reconfigure discard if necessary (bsc#1114638). - nvme: schedule requeue whenever a LIVE state is entered (bsc#1123105). - ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock (bsc#1131169). - pci: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bsc#1051510). - pci: designware-ep: dw_pcie_ep_set_msi() should only set MMC bits (bsc#1051510). - pci: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable (bsc#1051510). - pci: pciehp: Convert to threaded IRQ (bsc#1133005). - pci: pciehp: Ignore Link State Changes after powering off a slot (bsc#1133005). - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs (bsc#1051510). - pm / wakeup: Rework wakeup source timer cancellation (bsc#1051510). - powercap: intel_rapl: add support for Jacobsville (). - powercap: intel_rapl: add support for Jacobsville (FATE#327454). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107). - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls (bsc#1088804, git-fixes). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729). - powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729). - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest (bsc#1061840). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback (bsc#1131900). - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840). - powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes). - powerpc/mm: Check secondary hash page table (bsc#1065729). - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900). - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584). - powerpc/numa: improve control of topology updates (bsc#1133584). - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043). - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043). - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1055121). - powerpc/powernv: Do not reprogram SLW image on every KVM guest entry/exit (bsc#1061840). - powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840). - powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand (bsc#1061840). - powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (bsc#1061840). - powerpc/powernv: Make opal log only readable by root (bsc#1065729). - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107). - powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - power: supply: charger-manager: Fix incorrect return value (bsc#1051510). - pwm-backlight: Enable/disable the PWM before/after LCD enable toggle (bsc#1051510). - qmi_wwan: Add support for Quectel EG12/EM12 (networking-stable-19_03_07). - qmi_wwan: apply SET_DTR quirk to Sierra WP7607 (bsc#1051510). - qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup (bsc#1051510). - raid10: It's wrong to add len to sector_nr in raid10 reshape twice (git-fixes). - RAS/CEC: Check the correct variable in the debugfs error handling (bsc#1085535). - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (networking-stable-19_03_15). - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371). - rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371). - rdma/cxgb4: Add support for srq functions & structs (bsc#1127371). - rdma/cxgb4: fix some info leaks (bsc#1127371). - rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371). - rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371). - rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371). - rds: fix refcount bug in rds_sock_addref (git-fixes). - rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete (git-fixes). - regulator: max77620: Initialize values for DT properties (bsc#1051510). - regulator: s2mpa01: Fix step values for some LDOs (bsc#1051510). - Revert drm/i915 patches that caused regressions (bsc#1131062) - Revert 'ipv4: keep skb->dst around in presence of IP options' (git-fixes). - rhashtable: Still do rehash when we get EEXIST (bsc#1051510). - ring-buffer: Check if memory is available before allocation (bsc#1132531). - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race (networking-stable-19_03_15). - rtc: 88pm80x: fix unintended sign extension (bsc#1051510). - rtc: 88pm860x: fix unintended sign extension (bsc#1051510). - rtc: cmos: ignore bogus century byte (bsc#1051510). - rtc: ds1672: fix unintended sign extension (bsc#1051510). - rtc: Fix overflow when converting time64_t to rtc_time (bsc#1051510). - rtc: pm8xxx: fix unintended sign extension (bsc#1051510). - rtnetlink: bring NETDEV_CHANGE_TX_QUEUE_LEN event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_CHANGEUPPER event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_POST_TYPE_CHANGE event process back in rtnetlink_event (git-fixes). - rtnetlink: check DO_SETLINK_NOTIFY correctly in do_setlink (git-fixes). - rxrpc: Do not release call mutex on error pointer (git-fixes). - rxrpc: Do not treat call aborts as conn aborts (git-fixes). - rxrpc: Fix client call queueing, waiting for channel (networking-stable-19_03_15). - rxrpc: Fix Tx ring annotation after initial Tx failure (git-fixes). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/pkey: move pckmo subfunction available checks away from module init (bsc#1128544). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bsc#1127378). - scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467). - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment (networking-stable-19_02_24). - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart (bsc#1051510). - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling (bsc#1051510). - serial: imx: Update cached mctrl value when changing RTS (bsc#1051510). - serial: max310x: Fix to avoid potential NULL pointer dereference (bsc#1051510). - serial: sh-sci: Fix setting SCSCR_TIE while transferring data (bsc#1051510). - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (networking-stable-19_02_24). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510). - soc: fsl: qbman: avoid race in clearing QMan interrupt (bsc#1051510). - soc: imx-sgtl5000: add missing put_device() (bsc#1051510). - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510). - soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510). - spi: pxa2xx: Setup maximum supported DMA transfer length (bsc#1051510). - spi: ti-qspi: Fix mmap read when more than one CS in use (bsc#1051510). - spi/topcliff_pch: Fix potential NULL dereference on allocation error (bsc#1051510). - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bsc#1051510). - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bsc#1051510). - staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510). - staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510). - staging: vt6655: Fix interrupt race condition on device start up (bsc#1051510). - staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510). - sunrpc/cache: handle missing listeners better (bsc#1126221). - sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (git-fixes). - supported.conf: Add vxlan to kernel-default-base (bsc#1132083). - supported.conf: dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574). - svm/avic: Fix invalidate logical APIC id entry (bsc#1132726). - svm: Fix AVIC DFR and LDR handling (bsc#1132558). - svm: Fix improper check when deactivate AVIC (bsc#1130335). - sysctl: handle overflow for file-max (bsc#1051510). - tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes). - tcp: tcp_v4_err() should be more careful (networking-stable-19_02_20). - thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs (bsc#1051510). - thermal/intel_powerclamp: fix truncated kthread name (). - thermal/intel_powerclamp: fix truncated kthread name (FATE#326597). - tipc: fix race condition causing hung sendto (networking-stable-19_03_07). - tpm: Fix some name collisions with drivers/char/tpm.h (bsc#1051510). - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1082555). - tpm_tis_spi: Pass the SPI IRQ down to the driver (bsc#1051510). - tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bsc#1051510). - tracing: Fix a memory leak by early error exit in trace_pid_write() (bsc#1133702). - tracing: Fix buffer_ref pipe ops (bsc#1133698). - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bsc#1132527). - tty: atmel_serial: fix a potential NULL pointer dereference (bsc#1051510). - tun: fix blocking read (networking-stable-19_03_07). - tun: remove unnecessary memory barrier (networking-stable-19_03_07). - udf: Fix crash on IO error during truncate (bsc#1131175). - uio: Reduce return paths from uio_write() (bsc#1051510). - Update patches.kabi/kabi-cxgb4-MU.patch (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584 bsc#1127371). - usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770). - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510). - usb: common: Consider only available nodes for dr_mode (bsc#1129770). - usb: core: only clean up what we allocated (bsc#1051510). - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts (bsc#1051510). - usb: dwc3: gadget: synchronize_irq dwc irq in suspend (bsc#1051510). - usb: f_fs: Avoid crash due to out-of-scope stack ptr access (bsc#1051510). - usb: gadget: f_hid: fix deadlock in f_hidg_write() (bsc#1129770). - usb: gadget: Potential NULL dereference on allocation error (bsc#1051510). - usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk (bsc#1051510). - usb: mtu3: fix EXTCON dependency (bsc#1051510). - usb: phy: fix link errors (bsc#1051510). - usb: phy: twl6030-usb: fix possible use-after-free on remove (bsc#1051510). - usb: serial: cp210x: add ID for Ingenico 3070 (bsc#1129770). - usb: serial: cp210x: add new device id (bsc#1051510). - usb: serial: cp210x: fix GPIO in autosuspend (bsc#1120902). - usb: serial: ftdi_sio: add additional NovaTech products (bsc#1051510). - usb: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 (bsc#1129770). - usb: serial: mos7720: fix mos_parport refcount imbalance on error path (bsc#1129770). - usb: serial: option: add Olicard 600 (bsc#1051510). - usb: serial: option: add support for Quectel EM12 (bsc#1051510). - usb: serial: option: add Telit ME910 ECM composition (bsc#1129770). - usb: serial: option: set driver_info for SIM5218 and compatibles (bsc#1129770). - vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219). - vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219). - vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219). - vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219). - vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219). - vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219). - vfs: limit size of dedupe (bsc#1132397, bsc#1132219). - vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219). - vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219). - vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774, bsc#1132219). - vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219). - video: fbdev: Set pixclock = 0 in goldfishfb (bsc#1051510). - vxlan: test dev->flags & IFF_UP before calling netif_rx() (networking-stable-19_02_20). - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies (bsc#1051510). - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bsc#1051510). - x86/cpu: Add Atom Tremont (Jacobsville) (). - x86/cpu: Add Atom Tremont (Jacobsville) (FATE#327454). - x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bsc#1114279). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331). - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (bsc#1132572). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank types (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE SMCA bank types (bsc#1128415). - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type (bsc#1128415). - x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415). - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415). - x86/mce: Handle varying MCA bank counts (bsc#1128415). - x86/mce: Improve error message when kernel cannot recover, p2 (bsc#1114279). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318) - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279). - x86/speculation: Simplify the CPU bug detection logic (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904). - x86/uaccess: Do not leak the AC flag into __put_user() value evaluation (bsc#1114279). - xen-netback: do not populate the hash cache on XenBus disconnect (networking-stable-19_03_07). - xen-netback: fix occasional leak of grant ref mappings under memory pressure (networking-stable-19_03_07). - xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600). - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos (git-fixes). - xfrm: Fix ESN sequence number handling for IPsec GSO packets (git-fixes). - xfrm: fix rcu_read_unlock usage in xfrm_local_error (git-fixes). - xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674). - xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219). - xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219). - xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219). - xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219). - xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219). - xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219). - xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219). - xfs: fix reporting supported extra file attributes for statx() (bsc#1133529). - xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219). - xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (bsc#1133675). - xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219). - xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219). - xfs: refactor xfs_trans_roll (bsc#1133667). - xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219). - xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219). - xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219). - xfs: remove the ip argument to xfs_defer_finish (bsc#1133672). - xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668). - xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219). - xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219). - xhci: Do not let USB3 ports stuck in polling state prevent suspend (bsc#1051510). - xhci: Fix port resume done detection for SS ports with LPM enabled (bsc#1051510). ----------------------------------------- Patch: SUSE-2019-1258 Released: Wed May 15 13:40:11 2019 Summary: Recommended update for postfix Severity: moderate References: 1120110,1120757 Description: This update for postfix fixes the following issues: - Setting the security file permissions to 'paranoid' could have caused postfix to hang (bsc#1120757) - postfix-files contained an incorrect path to postfix-ldap.so which resulted in an error when running postfix set-permissions (bsc#bsc#1120110) ----------------------------------------- Patch: SUSE-2019-1260 Released: Wed May 15 14:06:52 2019 Summary: Recommended update for SUSEConnect Severity: moderate References: 1128969,959561 Description: This update for SUSEConnect fixes the following issues: - Does no longer try to remove a service during migration, if a zypper service plugin already exists (bsc#1128969) - Shows non-enabled extensions with a remark about availability - Adds output information about registration and unregistration progress - Output proper message when SUSEConnect is called without parameters (bsc#959561) - Default to https URI when no protocol prefix is provided for --url - Support transactional-update systems (fate#326482) ----------------------------------------- Patch: SUSE-2019-1261 Released: Wed May 15 14:07:06 2019 Summary: Recommended update for systemd-presets-branding-SLE Severity: moderate References: 1128428 Description: This update for systemd-presets-branding-SLE fixes the following issues: - Enables nvmefc-boot-connections.service to discover network-provided nvme drives on boot (bsc#1128428) ----------------------------------------- Patch: SUSE-2019-1267 Released: Thu May 16 09:55:03 2019 Summary: Security update for graphviz Severity: moderate References: 1132091,CVE-2019-11023 Description: This update for graphviz fixes the following issues: Security issue fixed: - CVE-2019-11023: Fixed a denial of service vulnerability, which was caused by a NULL pointer dereference in agroot() (bsc#1132091). ----------------------------------------- Patch: SUSE-2019-1275 Released: Fri May 17 07:49:58 2019 Summary: Recommended update for gtk3 Severity: moderate References: 1134062 Description: This update for gtk3 provides the following fixes: - Set a transparent background for windows to prevent them to blink black when opened. (bsc#1134062) ----------------------------------------- Patch: SUSE-2019-1282 Released: Fri May 17 13:14:19 2019 Summary: Recommended update for azure-li-services Severity: moderate References: 1133162 Description: This update for azure-li-services to 1.1.31 fixes the following issues: - Umount LUN only on cleanup If one service(A) needs the LUN and another service(B) that needs the LUN too runs in parallel a potential race condition exists in a way the service A could have umounted the LUN exactly at a time service B accesses it. Thus this patch changes the services such that only the last service, the cleanup service umounts the LUN. - Load softdog module when STONITH is set up It loads the module and make the load boot persistant - Fixup system-setup service dependencies The setup of the stonith SBD device requires the network to be up beforehand because the target is an iSCSI endpoint. ----------------------------------------- Patch: SUSE-2019-1285 Released: Fri May 17 15:33:33 2019 Summary: Security update for libvirt Severity: moderate References: 1131595,CVE-2019-3886 Description: This update for libvirt fixes the following issues: Security issue fixed: - CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595). ----------------------------------------- Patch: SUSE-2019-1293 Released: Mon May 20 17:22:26 2019 Summary: Recommended update for MozillaFirefox Severity: important References: 1130694,1134126 Description: This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to 60.6.3 (bsc#1134126) * Further improvements to re-enable web extensions which had been disabled for users with a master password set. ----------------------------------------- Patch: SUSE-2019-1294 Released: Tue May 21 07:32:39 2019 Summary: Recommended update for glib-networking Severity: important References: 1134795 Description: This update for glib-networking fixes the following issues: - Fix invalid TLS sessions when TLS 1.3 is used (bsc#1134795) ----------------------------------------- Patch: SUSE-2019-1308 Released: Tue May 21 18:35:23 2019 Summary: Security update for java-1_8_0-ibm Severity: important References: 1132728,1132729,1132732,1132734,1134718,CVE-2019-10245,CVE-2019-2602,CVE-2019-2684,CVE-2019-2697,CVE-2019-2698 Description: This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 35. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). ----------------------------------------- Patch: SUSE-2019-1312 Released: Wed May 22 12:19:12 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1096191 Description: This update for aaa_base fixes the following issue: * Shell detection in /etc/profile and /etc/bash.bashrc was broken within AppArmor-confined containers (bsc#1096191) ----------------------------------------- Patch: SUSE-2019-1313 Released: Wed May 22 13:06:38 2019 Summary: Security update for ucode-intel Severity: important References: 1111331,CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2019-11091 Description: This update for ucode-intel fixes the following issues: The Intel CPU Microcode was updated to the official QSR 2019.1 Microcode release (bsc#1111331 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091) ---- new platforms ---------------------------------------- VLV C0 6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0 6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X series Readded missing in last update: BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx ----------------------------------------- Patch: SUSE-2019-1336 Released: Fri May 24 11:10:52 2019 Summary: Recommended update for resource-agents Severity: moderate References: 1112334 Description: This update for resource-agents fixes the following issues: - Supplement azure-events for the Azure Public Cloud (bsc#1112334) ----------------------------------------- Patch: SUSE-2019-1337 Released: Fri May 24 11:13:13 2019 Summary: Recommended update for yast2, yast2-firewall, and yast2-services-manager Severity: moderate References: 1087867,1108199,1108628,1108942,1109812,1110549,1111370,1112547,1113732 Description: This update for yast2, yast2-firewall, and yast2-services-manager fixes the following issues: # Package: yast2 Installation: - Show dialog if registration is skipped. (fate#318196) - Add tags to describe the location for the 'all-packages' medium. This information will be shown if the registration has been skipped by the user. No hint will be shown if these tags have not been defined. (fate#325834) Logging: - Log viewer: replace invalid UTF-8 characters from the displayed log to avoid a crash. (bsc#1110549) Firewall: - firewalld configuration failed when setting public zone as default second time. (bsc#1109812) - firewalld: fixed the API cmd call for removing services from zones, when the firewall is in offline mode. (bsc#1108628) - Added new methods to firewalld_wrapper in order to switch yast2-dhcp-server to new firewall module. (bsc#1108942) - Network (Firewall): Added modify_masquerade method to zones API unifying the way changes are applied to single value attributes. (bsc#1112547) - CWMFirewallInterfaces: Improved the UX replacing the api calls for checking supported services once the list supported ones are already known by the firewalld instance. (fate#324662) # Package: yast2-firewall AutoYast schema: - Allowed the new 'description', 'short' and 'target' elements in zone entries (bsc#1108199) Included Features: - New user interface for firewalld configuration (fate#324662, bsc#1111370): * Manage the firewalld service * Browse interfaces and assign them to firewall zones * List zones and design one of them as the default * Assign services to zones * Open ports - Enable and open the SSH port when only public key authentication is available for the root user. (fate#324690) # Package: yast2-services-manager - Do not crash in chroot environment (bsc#1113732) - Adapted to use the new Y2Firewall::Firewalld::Interface objects instead of a hash. (fate#324662) ----------------------------------------- Patch: SUSE-2019-1351 Released: Fri May 24 14:41:10 2019 Summary: Security update for gnutls Severity: important References: 1118087,1134856,CVE-2018-16868 Description: This update for gnutls fixes the following issues: Security issue fixed: - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification (bsc#1118087). Non-security issue fixed: - Explicitly require libnettle 3.4.1 to prevent missing symbol errors (bsc#1134856). ----------------------------------------- Patch: SUSE-2019-1352 Released: Fri May 24 14:41:44 2019 Summary: Security update for python3 Severity: moderate References: 1130840,1133452,CVE-2019-9947 Description: This update for python3 to version 3.6.8 fixes the following issues: Security issue fixed: - CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840). Non-security issue fixed: - Fixed broken debuginfo packages by switching off LTO and PGO optimization (bsc#1133452). ----------------------------------------- Patch: SUSE-2019-1356 Released: Mon May 27 13:28:48 2019 Summary: Security update for libvirt Severity: important References: 1111331,1135273,CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2019-11091 Description: This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273). For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 ----------------------------------------- Patch: SUSE-2019-1357 Released: Mon May 27 13:29:15 2019 Summary: Security update for curl Severity: important References: 1135170,CVE-2019-5436 Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). ----------------------------------------- Patch: SUSE-2019-1358 Released: Mon May 27 13:51:26 2019 Summary: Recommended update for rsync Severity: moderate References: 1100786,1108562 Description: This update for rsync fixes the following issues: - rsync invoked with --sparse and --preallocate could have resulted in a failure (bsc#1108562) - Don't require systemd explicitly as it's not present in containers [bsc#1100786]. ----------------------------------------- Patch: SUSE-2019-1364 Released: Tue May 28 10:51:38 2019 Summary: Security update for systemd Severity: moderate References: 1036463,1121563,1124122,1125352,1125604,1126056,1127557,1130230,1132348,1132400,1132721,1133506,1133509,CVE-2019-3842,CVE-2019-3843,CVE-2019-3844,CVE-2019-6454,SLE-5933 Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could be exploited by a local user (bsc#1132348). - CVE-2019-6454: Fixed a denial of service via crafted D-Bus message (bsc#1125352). - CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where services with DynamicUser could gain new privileges or create SUID/SGID binaries (bsc#1133506, bsc#1133509). Non-security issued fixed: - logind: fix killing of scopes (bsc#1125604) - namespace: make MountFlags=shared work again (bsc#1124122) - rules: load drivers only on 'add' events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - systemd-coredump: generate a stack trace of all core dumps and log into the journal (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - Do not automatically online memory on s390x (bsc#1127557) - Removed sg.conf (bsc#1036463) ----------------------------------------- Patch: SUSE-2019-1367 Released: Tue May 28 12:41:43 2019 Summary: Recommended update for tcsh Severity: moderate References: 1129112 Description: This update for tcsh fixes the following issues: - Incorrect postcmd handling could have caused miscalculation of a while loop start resulting in an infinite loop (bsc#1129112) ----------------------------------------- Patch: SUSE-2019-1368 Released: Tue May 28 13:15:38 2019 Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root Severity: important References: 1134524,CVE-2019-5021 Description: This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) ----------------------------------------- Patch: SUSE-2019-1369 Released: Tue May 28 13:16:01 2019 Summary: Security update for NetworkManager Severity: moderate References: 1086263,CVE-2018-1000135 Description: This update for NetworkManager fixes the following issues: Following security issue was fixed: - CVE-2018-1000135: A potential leak of private DNS queries to other DNS servers could happen while on VPN (bsc#1086263, bgo#746422). ----------------------------------------- Patch: SUSE-2019-1372 Released: Tue May 28 16:53:28 2019 Summary: Security update for libtasn1 Severity: moderate References: 1105435,CVE-2018-1000654 Description: This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). ----------------------------------------- Patch: SUSE-2019-1383 Released: Thu May 30 08:11:26 2019 Summary: Recommended update for supportutils Severity: moderate References: 1081326,1088234,1100529,1120967,1125623,1132865,1133844,1134599 Description: This update for supportutils fixes the following issues: - Updated to version 3.1.3 + Uses SUSE FTP servers (bsc#1132865) + btrfs quota #43 + supportconfig: open-files: add file flags #44 + Merged etc_info: Add support for .cfg files in /etc dir #46 + Silence warning in rpm backup db collection path #47 + Set files in tarball to 660 instead of 600 #48 + SUSE separation finalized (bsc#1125623) + Default compression through xz, but -z forces bzip2 + Updated man pages (bsc#1088234) + Changed VAR_OPTION_BIN_TIMEOUT_SEC from 300 to 120 + Avoids some IO delays (bsc#1100529) + Corrected supported services help info for -U + Collects iSCSI Target information (bsc#1133844) + FTPES uses --ssl-reqd instead of depricated --ftp-ssl + Defaults to https FTP server uploads (bsc#1134599) - Updated to version 3.1.2 + Fixed missing sapconf and log (bsc#1081326) + Added timed_log_cmd to hwinfo and showmount commands (bsc#1120967) ----------------------------------------- Patch: SUSE-2019-1389 Released: Fri May 31 10:12:36 2019 Summary: Security update for cronie Severity: low References: 1128935,1128937,1130746,1133100,CVE-2019-9704,CVE-2019-9705 Description: This update for cronie fixes the following issues: Security issues fixed: - CVE-2019-9704: Fixed an insufficient check in the return value of calloc which could allow a local user to create Denial of Service by crashing the daemon (bsc#1128937). - CVE-2019-9705: Fixed an implementation vulnerability which could allow a local user to exhaust the memory resulting in Denial of Service (bsc#1128935). Bug fixes: - Manual start of cron is possible even when it's already started using systemd (bsc#1133100). - Cron schedules only one job of crontab (bsc#1130746). ----------------------------------------- Patch: SUSE-2019-1394 Released: Fri May 31 10:18:42 2019 Summary: Recommended update for pam-config Severity: moderate References: 1114835 Description: This update for pam-config fixes the following issues: - Update to version 0.96: * Add missing pam_cracklib options [bsc#1114835] ----------------------------------------- Patch: SUSE-2019-1398 Released: Fri May 31 12:54:22 2019 Summary: Security update for libpng16 Severity: low References: 1100687,1121624,1124211,CVE-2018-13785,CVE-2019-7317 Description: This update for libpng16 fixes the following issues: Security issues fixed: - CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211). - CVE-2018-13785: Fixed a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c, which could haved triggered and integer overflow and result in an divide-by-zero while processing a crafted PNG file, leading to a denial of service (bsc#1100687) ----------------------------------------- Patch: SUSE-2019-1403 Released: Mon Jun 3 10:45:52 2019 Summary: Recommended update for fio Severity: moderate References: 1129706 Description: This update ships the performance measurement tool 'fio' to the SUSE Linux Enterprise 15 Module for Basesystem. (bsc#1129706) ----------------------------------------- Patch: SUSE-2019-1405 Released: Mon Jun 3 13:30:15 2019 Summary: Security update for MozillaFirefox Severity: important References: 1135824,CVE-2019-11691,CVE-2019-11692,CVE-2019-11693,CVE-2019-11694,CVE-2019-11698,CVE-2019-7317,CVE-2019-9800,CVE-2019-9815,CVE-2019-9816,CVE-2019-9817,CVE-2019-9818,CVE-2019-9819,CVE-2019-9820 Description: This update for MozillaFirefox fixes the following issues: Security issues fixed: - CVE-2019-11691: Use-after-free in XMLHttpRequest - CVE-2019-11692: Use-after-free removing listeners in the event listener manager - CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux - CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox - CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks - CVE-2019-7317: Use-after-free in png_image_free of libpng library - CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 - CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS - CVE-2019-9816: Type confusion with object groups and UnboxedObjects - CVE-2019-9817: Stealing of cross-domain images using canvas - CVE-2019-9818: Use-after-free in crash generation server - CVE-2019-9819: Compartment mismatch with fetch API - CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell Non-security issues fixed: - Font and date adjustments to accommodate the new Reiwa era in Japan - Update to Firefox ESR 60.7 (bsc#1135824) ----------------------------------------- Patch: SUSE-2019-1407 Released: Mon Jun 3 13:33:51 2019 Summary: Security update for bind Severity: important References: 1104129,1126068,1126069,1133185,CVE-2018-5740,CVE-2018-5743,CVE-2018-5745,CVE-2019-6465 Description: This update for bind fixes the following issues: Security issues fixed: - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). - CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068). - CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185). - CVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129). ----------------------------------------- Patch: SUSE-2019-1413 Released: Tue Jun 4 07:58:25 2019 Summary: Recommended update for yast2-network Severity: moderate References: 1105692,1129012,1131588 Description: This update for yast2-network provides the following fixes: - Display a confirmation popup when the static route is going to be removed after switching a device to DHCP. (bsc#1131588) - autoyast: Use the bus_id of the udev parent device when using virtio netcards and matching the existent rules with the ones defined in the profile. (bsc#1129012) - Showing correct start mode for nfsroot device. (bsc#1105692) ----------------------------------------- Patch: SUSE-2019-1415 Released: Tue Jun 4 13:18:42 2019 Summary: Recommended update for fping Severity: moderate References: 1133988 Description: This update for fping fixes the following issues: - Fix fping on servers with disabled IPv6 [bsc#1133988] ----------------------------------------- Patch: SUSE-2019-1417 Released: Tue Jun 4 15:40:25 2019 Summary: Recommended update for libselinux, policycoreutils, setools Severity: moderate References: 1130097,1136515 Description: This update for libselinux, policycoreutils, setools fixes the following issues: This update provides policycoreutils-python that contains binaries necessary for SELinux administration. (bsc#1130097) Also necessary dependencies for this package have been included in the update. python2-setools and python3-setools are shipped instead of python-setools. ----------------------------------------- Patch: SUSE-2019-1436 Released: Thu Jun 6 13:43:37 2019 Summary: Recommended update for lvm2 Severity: moderate References: 1095960,1127219 Description: This update for lvm2 fixes the following issues: - Sending BLKDISCARD on SSD devices could lead to data loss in test mode (bsc#1095960) - Fix the wrong filter for the cdrom device in /etc/lvm/lvm.conf (bsc#1127219) ----------------------------------------- Patch: SUSE-2019-1445 Released: Fri Jun 7 11:22:59 2019 Summary: Recommended update for resource-agents Severity: moderate References: 1137038,1137231 Description: This update for resource-agents fixes the following issues: - Fixes a byte conversion error (bsc#1137038, bsc#1137231) ----------------------------------------- Patch: SUSE-2019-1457 Released: Tue Jun 11 10:09:14 2019 Summary: Security update for vim Severity: important References: 1137443,CVE-2019-12735 Description: This update for vim fixes the following issue: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). ----------------------------------------- Patch: SUSE-2019-1471 Released: Wed Jun 12 12:02:49 2019 Summary: Recommended update for permissions Severity: moderate References: 1110797 Description: This update for permissions fixes the following issues: - Updated permissons for amanda (bsc#1110797) ----------------------------------------- Patch: SUSE-2019-1484 Released: Thu Jun 13 07:46:46 2019 Summary: Recommended update for e2fsprogs Severity: moderate References: 1128383 Description: This update for e2fsprogs fixes the following issues: - Check and fix tails of all bitmap blocks (bsc#1128383) ----------------------------------------- Patch: SUSE-2019-1486 Released: Thu Jun 13 09:40:24 2019 Summary: Security update for elfutils Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7150,CVE-2019-7665 Description: This update for elfutils fixes the following issues: Security issues fixed: - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084) - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085) - CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088) - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089) - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090) - CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) - CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) - CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067) - CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726) - CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007) ----------------------------------------- Patch: SUSE-2019-1492 Released: Thu Jun 13 14:51:01 2019 Summary: Recommended update for libidn Severity: low References: 1132869 Description: This update for libidn fixes the following issue: - The missing libidn11-32bit compat library package was provided. (bsc#1132869) ----------------------------------------- Patch: SUSE-2019-1498 Released: Fri Jun 14 11:10:45 2019 Summary: Recommended update for yast2-storage-ng, libstorage-ng, and autoyast2 Severity: moderate References: 1104899,1120979,1121720,1122660,1130256,1134330 Description: This update for libstorage-ng, yast2-storage-ng, and autoyast2 fixes the following issues: # Package: yast2-storage-ng - Fixes broken support for retaining existing MD RAIDs in some scenarios (bsc#1120979, bsc#1121720). - Adds support for installing over NFS (bsc#1130256). - Adds a new format for importing/exporting NFS drives - It will no longer ask for a reusable filesystem when it's not really needed (bsc#1134330) # Package: libstorage-ng - Does no longer crash when parsing docker devices (bsc#1104899) # Package: autoyast2 - Removed check for available devices. When there are no devices, the proposal issues will be shown (bsc#1130256) - Fixes an issue where IPv6 gets activated even if it was deactivated (bsc#1122660) ----------------------------------------- Patch: SUSE-2019-1499 Released: Fri Jun 14 11:11:15 2019 Summary: Recommended update for gtk3 Severity: moderate References: 1134059,1136605 Description: This update for gtk3 provides the following fixes: - Improve font handling. (bsc#1134059) - Always use the None pixmap for no background on X11, to prevent GTK3 applications from staying on top of other applications in Awesome WM. (bsc#1136605) ----------------------------------------- Patch: SUSE-2019-1521 Released: Mon Jun 17 17:28:18 2019 Summary: Security update for dbus-1 Severity: important References: 1082318,1137832,CVE-2019-12749 Description: This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). - Fixes in spec file: * fix warning and error messages. * fix licensing directory. (bsc#1082318) ----------------------------------------- Patch: SUSE-2019-1529 Released: Mon Jun 17 19:18:06 2019 Summary: Security update for the Linux Kernel Severity: important References: 1012382,1050242,1051510,1053043,1055186,1056787,1058115,1063638,1064802,1065600,1065729,1066129,1068546,1071995,1075020,1082387,1083647,1085535,1099658,1103992,1104353,1104427,1106011,1106284,1108193,1108838,1108937,1110946,1111696,1112063,1113722,1114427,1115688,1117158,1117561,1118139,1119843,1120091,1120423,1120566,1120843,1120902,1122776,1123454,1123663,1124503,1124839,1126356,1127616,1128052,1128904,1128979,1129138,1129273,1129497,1129693,1129770,1130579,1130699,1130972,1131326,1131451,1131488,1131565,1131673,1132044,1133176,1133188,1133190,1133320,1133612,1133616,1134160,1134162,1134199,1134200,1134201,1134202,1134203,1134204,1134205,1134354,1134393,1134459,1134460,1134461,1134537,1134597,1134651,1134671,1134760,1134806,1134810,1134813,1134848,1134936,1135006,1135007,1135008,1135056,1135100,1135120,1135278,1135281,1135309,1135312,1135314,1135315,1135316,1135320,1135323,1135330,1135492,1135542,1135556,1135603,1135642,1135661,1135758,1136206,1136424,1136428,1136430,1136432,1136434,1136435,1136438,1136439,1136477,1136478,1136573,1136586,1136881,1136935,1136990,1137151,1137152,1137153,1137162,1137372,1137444,1137586,1137739,1137752,CVE-2018-7191,CVE-2019-10124,CVE-2019-11085,CVE-2019-11477,CVE-2019-11478,CVE-2019-11479,CVE-2019-11486,CVE-2019-11487,CVE-2019-11815,CVE-2019-11833,CVE-2019-11884,CVE-2019-12382,CVE-2019-3846,CVE-2019-5489 Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848) - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188) The following non-security bugs were fixed: - 9p locks: add mount option for lock retry interval (bsc#1051510). - acpi / utils: Drop reference in test for device presence (bsc#1051510). - acpi: button: reinitialize button state upon resume (bsc#1051510). - acpi: fix menuconfig presentation of ACPI submenu (bsc#1117158). - acpicA: AML interpreter: add region addresses in global list during initialization (bsc#1051510). - acpica: Namespace: remove address node from global list after method termination (bsc#1051510). - alsa: core: Do not refer to snd_cards array directly (bsc#1051510). - alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510). - alsa: hda - Register irq handler after the chip initialization (bsc#1051510). - alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510). - alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510). - alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510). - alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510). - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510). - alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510). - alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: hda/realtek - EAPD turn on later (bsc#1051510). - alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510). - alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510). - alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510). - alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops (bsc#1051510). - alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: line6: Avoid polluting led_* namespace (bsc#1051510). - alsa: line6: use dynamic buffers (bsc#1051510). - alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510). - alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510). - alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510). - alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510). - alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510). - alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510). - alsa: seq: Remove superfluous irqsave flags (bsc#1051510). - alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510). - alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510). - alsa: timer: Coding style fixes (bsc#1051510). - alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510). - alsa: timer: Make sure to clear pending ack list (bsc#1051510). - alsa: timer: Revert active callback sync check at close (bsc#1051510). - alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510). - alsa: timer: Unify timer callback process code (bsc#1051510). - alsa: usb-audio: Fix a memory leak bug (bsc#1051510). - alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510). - alsa: usx2y: fix a double free bug (bsc#1051510). - appletalk: Fix compile regression (bsc#1051510). - appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510). - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671). - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158). - arm64: Export save_stack_trace_tsk() (jsc#SLE-4214). - arm64: acpi: fix alignment fault in accessing ACPI (bsc#1117158). - arm64: fix ACPI dependencies (bsc#1117158). - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510). - arm: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510). - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510). - arm: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510). - arm: OMAP2+: Variable 'reg' in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510). - arm: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510). - arm: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510). - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510). - arm: iop: do not use using 64-bit DMA masks (bsc#1051510). - arm: orion: do not use using 64-bit DMA masks (bsc#1051510). - arm: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510). - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510). - arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510). - asoc: Intel: avoid Oops if DMA setup fails (bsc#1051510). - asoc: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510). - asoc: cs4270: Set auto-increment bit for register writes (bsc#1051510). - asoc: fix valid stream condition (bsc#1051510). - asoc: fsl_esai: Fix missing break in switch statement (bsc#1051510). - asoc: hdmi-codec: fix S/PDIF DAI (bsc#1051510). - asoc: max98090: Fix restore of DAPM Muxes (bsc#1051510). - asoc: nau8810: fix the issue of widget with prefixed name (bsc#1051510). - asoc: nau8824: fix the issue of the widget with prefix name (bsc#1051510). - asoc: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510). - asoc: stm32: fix sai driver name initialisation (bsc#1051510). - asoc: tlv320aic32x4: Fix Common Pins (bsc#1051510). - asoc: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510). - asoc:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510). - at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1051510). - audit: fix a memleak caused by auditing load module (bsc#1051510). - b43: shut up clang -Wuninitialized variable warning (bsc#1051510). - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510). - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: Replace bch_read_string_list() by __sysfs_match_string() (bsc#1130972). - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add comment for cache_set->fill_iter (bsc#1130972). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add missing SPDX header (bsc#1130972). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: correct dirty data statistics (bsc#1130972). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: fix code comments style (bsc#1130972). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input overflow to cache set io_error_limit (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bsc#1130972). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: improve sysfs_strtoul_clamp() (bsc#1130972). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: never writeback a discard operation (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: stop bcache device when backing device is offline (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: treat stale and dirty keys as bad keys (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: update comment in sysfs.c (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - block: Do not revalidate bdev of hidden gendisk (bsc#1120091). - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843). - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843). - block: do not leak memory in bio_copy_user_iov() (bsc#1135309). - block: fix the return errno for direct IO (bsc#1135320). - block: fix use-after-free on gendisk (bsc#1135312). - bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510). - bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556). - bluetooth: hidp: fix buffer overflow (bsc#1051510). - bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() (bsc#1050242). - bnxt_en: Improve RX consumer index validity check (networking-stable-19_04_10). - bnxt_en: Improve multicast address setup logic (networking-stable-19_05_04). - bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10). - bonding: fix event handling for stacked bonds (networking-stable-19_04_19). - bpf, lru: avoid messing with eviction heuristics upon syscall lookup (bsc#1083647). - bpf: Add missed newline in verifier verbose log (bsc#1056787). - bpf: add map_lookup_elem_sys_only for lookups from syscall side (bsc#1083647). - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510). - btrfs: Do not panic when we can't find a root key (bsc#1112063). - btrfs: Factor out common delayed refs init code (bsc#1134813). - btrfs: Introduce init_delayed_ref_head (bsc#1134813). - btrfs: Open-code add_delayed_data_ref (bsc#1134813). - btrfs: Open-code add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813). - btrfs: add a helper to return a head ref (bsc#1134813). - btrfs: breakout empty head cleanup to a helper (bsc#1134813). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758). - btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: fix fsync not persisting changed attributes of a directory (bsc#1137151). - btrfs: fix race between ranged fsync and writeback of adjacent ranges (bsc#1136477). - btrfs: fix race updating log root item during fsync (bsc#1137153). - btrfs: fix wrong ctime and mtime of a directory after log replay (bsc#1137152). - btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454). - btrfs: move all ref head cleanup to the helper function (bsc#1134813). - btrfs: move extent_op cleanup to a helper (bsc#1134813). - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162). - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1133612). - btrfs: remove delayed_ref_node from ref_head (bsc#1134813). - btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320). - btrfs: split delayed ref head initialization and addition (bsc#1134813). - btrfs: track refs in a rb_tree instead of a list (bsc#1134813). - btrfs: tree-checker: detect file extent items with overlapping ranges (bsc#1136478). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix use-after-free on symlink traversal (bsc#1134459). - ceph: only use d_name directly when parent is locked (bsc#1134460). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510). - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510). - configfs: Fix use-after-free when accessing sd->s_dentry (bsc#1051510). - configfs: fix possible use-after-free in configfs_register_group (bsc#1051510). - crypto: arm/aes-neonbs - do not access already-freed walk.iv (bsc#1051510). - crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510). - crypto: ccm - fix incompatibility between 'ccm' and 'ccm_base' (bsc#1051510). - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510). - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510). - crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510). - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510). - crypto: gcm - fix incompatibility between 'gcm' and 'gcm_base' (bsc#1051510). - crypto: skcipher - do not WARN on unprocessed data after slow walk step (bsc#1051510). - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510). - crypto: vmx - CTR: always increment IV as quadword (bsc#1051510). - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510). - dccp: Fix memleak in __feat_register_sp (bsc#1051510). - dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - debugfs: fix use-after-free on symlink traversal (bsc#1051510). - devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510). - dmaengine: axi-dmac: Do not check the number of frames for alignment (bsc#1051510). - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510). - documentation: Add MDS vulnerability documentation (bsc#1135642). - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158). - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510). - drm/etnaviv: lock MMU while dumping core (bsc#1113722) - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510). - drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510). - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722) - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722) - drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+ (bsc#1113722) - drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722) - drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware (bsc#1051510). - drm/i915/gvt: refine ggtt range validation (bsc#1113722) - drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510). - drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510). - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510). - drm/imx: do not skip DP channel disable for background plane (bsc#1051510). - drm/mediatek: fix possible object reference leak (bsc#1051510). - drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722) - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722) - drm/rockchip: fix for mailbox read validation (bsc#1051510). - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510). - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722) - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488) - drm/vmwgfx: Do not send drm sysfs hotplug events on initial master set (bsc#1051510). - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1113722) - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read (bsc#1051510). - dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902). - dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902). - dt-bindings: net: Add binding for the external clock for TI WiLink (bsc#1085535). - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770). - dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902). - dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510). - efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158). - efi/arm: Do not mark ACPI reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). - efi/arm: Revert 'Defer persistent reservations until after paging_init()' (bsc#1117158). - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158). - efi/arm: libstub: add a root memreserve config table (bsc#1117158). - efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158). - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158). - efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158). - efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158). - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158). - efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158). - efi: add API to reserve memory persistently across kexec reboot (bsc#1117158). - efi: honour memory reservations passed via a linux specific config table (bsc#1117158). - ext4: actually request zeroing of inode table after grow (bsc#1135315). - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356). - ext4: fix data corruption caused by overlapping unaligned and aligned IO (bsc#1136428). - ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314). - ext4: make sanity check in mballoc more strict (bsc#1136439). - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438). - fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722) - fbdev: fix divide error in fb_var_to_videomode (bsc#1113722) - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671). - fix rtnh_ok() (git-fixes). - fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback (bsc#1136432). - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount (bsc#1136435). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - genetlink: Fix a memory leak on error path (networking-stable-19_03_28). - ghes, EDAC: Fix ghes_edac registration (bsc#1133176). - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510). - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510). - hid: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510). - hid: input: add mapping for 'Toggle Display' key (bsc#1051510). - hid: input: add mapping for Assistant key (bsc#1051510). - hid: input: add mapping for Expose/Overview key (bsc#1051510). - hid: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510). - hid: logitech: check the return value of create_singlethread_workqueue (bsc#1051510). - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510). - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - igmp: fix incorrect unsolicit report count when join group (git-fixes). - iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510). - indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503). - inetpeer: fix uninit-value in inet_getpeer (git-fixes). - input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510). - input: introduce KEY_ASSISTANT (bsc#1051510). - input: synaptics-rmi4 - fix possible double free (bsc#1051510). - intel_th: msu: Fix single mode with IOMMU (bsc#1051510). - intel_th: pci: Add Comet Lake support (bsc#1051510). - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158). - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671). - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006). - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008). - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (networking-stable-19_04_10). - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address (git-fixes). - ip_gre: fix parsing gre header in ipgre_err (git-fixes). - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (git-fixes). - ipconfig: Correctly initialise ic_nameservers (bsc#1051510). - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193). - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510). - ipmi_ssif: Remove duplicate NULL check (bsc#1108193). - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes). - ipv4: add sanity checks in ipv4_link_failure() (git-fixes). - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (networking-stable-19_04_19). - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (networking-stable-19_05_04). - ipv4: recompile ip options in ipv4_link_failure (networking-stable-19_04_19). - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (networking-stable-19_04_30). - ipv6/flowlabel: wait rcu grace period before put_pid() (git-fixes). - ipv6: fix cleanup ordering for ip6_mr failure (git-fixes). - ipv6: fix cleanup ordering for pingv6 registration (git-fixes). - ipv6: invert flowlabel sharing check in process and user mode (git-fixes). - ipv6: mcast: fix unsolicited report interval after receiving querys (git-fixes). - ipvlan: Add the skb->mark as flow4's member to lookup route (bsc#1051510). - ipvlan: fix ipv6 outbound device (bsc#1051510). - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510). - ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510). - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf (git-fixes). - ipvs: fix buffer overflow with sync daemon and service (git-fixes). - ipvs: fix check on xmit to non-local addresses (git-fixes). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510). - ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes). - ipvs: fix stats update from local clients (git-fixes). - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510). - jbd2: check superblock mapped prior to committing (bsc#1136430). - kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510). - kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510). - kABI: protect dma-mapping.h include (kabi). - kABI: protect ip_options_rcv_srr (kabi). - kABI: protect struct mlx5_td (kabi). - kABI: protect struct pci_dev (kabi). - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586) - kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes). - kernel/sys.c: prctl: fix false positive in validate_prctl_map() (git-fixes). - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510). - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510). - keys: safe concurrent user->{session,uid}_keyring access (bsc#1135642). - kmsg: Update message catalog to latest IBM level (2019/03/08) (bsc#1128904 LTC#176078). - kvm: Fix UAF in nested posted interrupt processing (bsc#1134199). - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202). - kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200). - kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201). - kvm: s390: fix memory overwrites when not using SCA entries (bsc#1136206). - kvm: s390: provide io interrupt kvm_stat (bsc#1136206). - kvm: s390: use created_vcpus in more places (bsc#1136206). - kvm: s390: vsie: fix 8k check for the itdba (bsc#1136206). - kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203). - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204). - kvm: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205). - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510). - l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes). - l2tp: prevent pppol2tp_connect() from creating kernel sockets (git-fixes). - l2tp: revert 'l2tp: fix missing print session offset info' (bsc#1051510). - leds: avoid races with workqueue (bsc#1051510). - leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510). - lib: add crc64 calculation routines (bsc#1130972). - lib: do not depend on linux headers being installed (bsc#1130972). - libata: fix using DMA buffers on stack (bsc#1051510). - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510). - livepatch: Convert error about unsupported reliable stacktrace into a warning (bsc#1071995). - livepatch: Remove custom kobject state handling (bsc#1071995). - livepatch: Remove duplicated code for early initialization (bsc#1071995). - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138). - mISDN: Check address length before reading address family (bsc#1051510). - mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510). - mac80211: fix unaligned access in mesh table hash function (bsc#1051510). - mac8390: Fix mmio access size probe (bsc#1051510). - md: fix invalid stored role for a disk (bsc#1051510). - media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510). - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510). - media: cx23885: check allocation return (bsc#1051510). - media: davinci-isif: avoid uninitialized variable use (bsc#1051510). - media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510). - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510). - media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510). - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510). - media: pvrusb2: Prevent a buffer overflow (bsc#1129770). - media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510). - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510). - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap (bsc#1051510). - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510). - media: wl128x: prevent two potential buffer overflows (bsc#1051510). - memcg: make it work on sparse non-0-node systems (bnc#1133616). - memcg: make it work on sparse non-0-node systems kabi (bnc#1133616). - mlxsw: spectrum: Fix autoneg status in ethtool (networking-stable-19_04_30). - mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses (bsc#1135330). - mm: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372) - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - mmc: block: Delete gendisk before cleaning up the request queue (bsc#1127616). - mmc: core: fix possible use after free of host (bsc#1051510). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510). - mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510). - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510). - mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510). - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510). - mwifiex: Fix possible buffer overflows at parsing bss descriptor - mwifiex: prevent an array overflow (bsc#1051510). - mwl8k: Fix rate_idx underflow (bsc#1051510). - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes). - net-gro: Fix GRO flush when receiving a GSO packet (networking-stable-19_04_10). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760). - net/ibmvnic: Update carrier state after link state change (bsc#1135100). - net/ipv4: defensive cipso option parsing (git-fixes). - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on new inet6_dev (git-fixes). - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes). - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices (git-fixes). - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE (git-fixes). - net/mlx5: Decrease default mr cache size (networking-stable-19_04_10). - net/mlx5e: Add a lock on tir list (networking-stable-19_04_10). - net/mlx5e: Fix error handling when refreshing TIRs (networking-stable-19_04_10). - net/mlx5e: Fix trailing semicolon (bsc#1075020). - net/mlx5e: IPoIB, Reset QP after channels are closed (bsc#1075020). - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_04_30). - net/rose: fix unbound loop in rose_loopback_timer() (networking-stable-19_04_30). - net/sched: act_sample: fix divide by zero in the traffic path (networking-stable-19_04_10). - net/sched: do not dereference a->goto_chain to read the chain index (bsc#1064802 bsc#1066129). - net/sched: fix ->get helper of the matchall cls (networking-stable-19_04_10). - net: Fix a bug in removing queues from XPS map (git-fixes). - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 (networking-stable-19_03_28). - net: atm: Fix potential Spectre v1 vulnerabilities (networking-stable-19_04_19). - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes). - net: do not keep lonely packets forever in the gro hash (git-fixes). - net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc (networking-stable-19_05_04). - net: dsa: legacy: do not unmask port bitmaps (git-fixes). - net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT (git-fixes). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561). - net: ethtool: not call vzalloc for zero sized memory request (networking-stable-19_04_10). - net: fix uninit-value in __hw_addr_add_ex() (git-fixes). - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (networking-stable-19_04_19). - net: hns3: remove resetting check in hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056). - net: initialize skb->peeked when cloning (git-fixes). - net: make skb_partial_csum_set() more robust against overflows (git-fixes). - net: phy: marvell: Fix buffer overrun with stats counters (networking-stable-19_05_04). - net: rds: exchange of 8K and 1M pool (networking-stable-19_04_30). - net: rose: fix a possible stack overflow (networking-stable-19_03_28). - net: socket: fix potential spectre v1 gadget in socketcall (git-fixes). - net: stmmac: fix memory corruption with large MTUs (networking-stable-19_03_28). - net: stmmac: move stmmac_check_ether_addr() to driver probe (networking-stable-19_04_30). - net: test tailroom before appending to linear skb (git-fixes). - net: thunderx: do not allow jumbo frames with XDP (networking-stable-19_04_19). - net: thunderx: raise XDP MTU to 1508 (networking-stable-19_04_19). - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503). - net: use indirect call wrappers at GRO network layer (bsc#1124503). - net: use indirect call wrappers at GRO transport layer (bsc#1124503). - netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev (git-fixes). - netfilter: bridge: ebt_among: add missing match size checks (git-fixes). - netfilter: bridge: ebt_among: add more missing match size checks (git-fixes). - netfilter: drop template ct when conntrack is skipped (git-fixes). - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule (git-fixes). - netfilter: ebtables: handle string from userspace with care (git-fixes). - netfilter: ebtables: reject non-bridge targets (git-fixes). - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel (git-fixes). - netfilter: nf_log: do not hold nf_log_mutex during user access (git-fixes). - netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes). - netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} (git-fixes). - netfilter: nf_tables: can't fail after linking rule into active rule list (git-fixes). - netfilter: nf_tables: check msg_type before nft_trans_set(trans) (git-fixes). - netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() (git-fixes). - netfilter: nf_tables: fix leaking object reference count (git-fixes). - netfilter: nf_tables: release chain in flushing set (git-fixes). - netfilter: nft_compat: do not dump private area (git-fixes). - netfilter: x_tables: initialise match/target check parameter struct (git-fixes). - netlink: fix uninit-value in netlink_sendmsg (git-fixes). - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes). - nfs: add module option to limit NFSv4 minor version (jsc#PM-231). - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands (bsc#1051510). - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1129273). - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423). - nvme: Do not remove namespaces during reset (bsc#1131673). - nvme: flush scan_work when resetting controller (bsc#1131673). - objtool: Fix function fallthrough detection (bsc#1058115). - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434). - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393. - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - omapfb: add missing of_node_put after of_device_is_available (bsc#1051510). - openvswitch: add seqadj extension when NAT is used (bsc#1051510). - openvswitch: fix flow actions reallocation (bsc#1051510). - p54: drop device reference count if fails to enable device (bsc#1135642). - packet: fix reserve calculation (git-fixes). - packet: in packet_snd start writing at link layer allocation (git-fixes). - packet: refine ring v3 block size test to hold one frame (git-fixes). - packet: reset network header if packet shorter than ll reserved space (git-fixes). - packet: validate msg_namelen in send directly (git-fixes). - packets: Always register packet sk in the same order (networking-stable-19_03_28). - pci: Factor out pcie_retrain_link() function (git-fixes). - pci: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510). - pci: Mark Atheros AR9462 to avoid bus reset (bsc#1051510). - pci: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum (git-fixes). - pci: endpoint: Use EPC's device in dma_alloc_coherent()/dma_free_coherent() (git-fixes). - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode (bsc#1051510). - platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510). - platform/x86: dell-rbtn: Add missing #include (bsc#1051510). - platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510). - platform/x86: intel_punit_ipc: Revert 'Fix resource ioremap warning' (bsc#1051510). - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510). - platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510). - power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros (bsc#1051510). - power: supply: axp288_charger: Fix unchecked return value (bsc#1051510). - powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937). - powerpc/eeh: Fix race with driver un/bind (bsc#1065729). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, git-fixes). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, git-fixes). - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729). - powerpc/process: Fix sparse address space warnings (bsc#1065729). - powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729). - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729). - proc/kcore: do not bounds check against address 0 (bsc#1051510). - proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510). - proc: revalidate kernel thread inodes to root:root (bsc#1051510). - ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK (git-fixes). - pwm: Fix deadlock warning when removing PWM device (bsc#1051510). - pwm: meson: Consider 128 a valid pre-divider (bsc#1051510). - pwm: meson: Do not disable PWM when setting duty repeatedly (bsc#1051510). - pwm: meson: Use the spin-lock only to protect register modifications (bsc#1051510). - pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510). - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979). - qla2xxx: always allocate qla_tgt_wq (bsc#1131451). - qmi_wwan: add Olicard 600 (bsc#1051510). - rdma/hns: Fix bug that caused srq creation to fail (bsc#1104427 ). - rdma/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992). - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB (bsc#1051510). - rt2x00: do not increment sequence number while re-transmitting (bsc#1051510). - rtc: da9063: set uie_unsupported when relevant (bsc#1051510). - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510). - rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510). - rxrpc: Fix error reception on AF_INET6 sockets (git-fixes). - rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket (git-fixes). - s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516). - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bsc#1051510). - sc16is7xx: move label 'err_spi' to correct section (bsc#1051510). - sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510). - scripts: override locale from environment when running recordmcount.pl (bsc#1134354). - scsi: qedf: fixup bit operations (bsc#1135542). - scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542). - scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542). - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (bsc#1130579). - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444). - scsi: qla2xxx: Fix function argument descriptions (bsc#1118139). - scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139). - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044). - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444). - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444). - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444). - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444). - scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444). - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444). - scsi: qla2xxx: Remove unused symbols (bsc#1118139). - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444). - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139). - scsi: qla2xxx: fix error message (bsc#1118139). - scsi: qla2xxx: fix spelling mistake: 'existant' -> 'existent' (bsc#1118139). - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444). - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139). - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139). - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444). - sctp: avoid running the sctp state machine recursively (networking-stable-19_05_04). - sctp: fix identification of new acks for SFR-CACC (git-fixes). - sctp: get sctphdr by offset in sctp_compute_cksum (networking-stable-19_03_28). - sctp: initialize _pad of sockaddr_in before copying to user memory (networking-stable-19_04_10). - sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes). - selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810). - serial: 8250_pxa: honor the port number from devicetree (bsc#1051510). - serial: ar933x_uart: Fix build failure with disabled console (bsc#1051510). - serial: uartps: console_setup() can't be placed to init section (bsc#1051510). - signal: Always notice exiting tasks (git-fixes). - signal: Better detection of synchronous signals (git-fixes). - signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes). - soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510). - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() (bsc#1051510). - spi: Micrel eth switch: declare missing of table (bsc#1051510). - spi: ST ST95HF NFC: declare missing of table (bsc#1051510). - spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510). - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios (bsc#1051510). - spi: bcm2835aux: setup gpio-cs to output and correct level during setup (bsc#1051510). - spi: bcm2835aux: warn in dmesg that native cs is not really supported (bsc#1051510). - spi: rspi: Fix sequencer reset during initialization (bsc#1051510). - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit (bsc#1051510). - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc (bsc#1051510). - stm class: Fix an endless loop in channel allocation (bsc#1051510). - stm class: Fix channel free in stm output free path (bsc#1051510). - stm class: Prevent division by zero (bsc#1051510). - stmmac: pci: Adjust IOT2000 matching (networking-stable-19_04_30). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - switchtec: Fix unintended mask of MRPC event (git-fixes). - tcp: Ensure DCTCP reacts to losses (networking-stable-19_04_10). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: fix fack_count accounting on tcp_shift_skb_data() (CVE-2019-11477 bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: purge write queue in tcp_connect_init() (git-fixes). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - tcp: tcp_grow_window() needs to respect tcp_space() (networking-stable-19_04_19). - team: fix possible recursive locking when add slaves (networking-stable-19_04_30). - team: set slave to promisc if team is already in promisc mode (bsc#1051510). - thermal/int340x_thermal: Add additional UUIDs (bsc#1051510). - thermal/int340x_thermal: fix mode setting (bsc#1051510). - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power (bsc#1051510). - thunderx: eliminate extra calls to put_page() for pages held for recycling (networking-stable-19_03_28). - thunderx: enable page recycling for non-XDP case (networking-stable-19_03_28). - tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes). - tipc: missing entries in name table of publications (networking-stable-19_04_19). - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770). - tracing: Fix partial reading of trace event's id file (bsc#1136573). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - tty: increase the default flip buffer limit to 2*640K (bsc#1051510). - tty: pty: Fix race condition between release_one_tty and pty_write (bsc#1051510). - tty: serial_core, add ->install (bnc#1129693). - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 (bsc#1051510). - tun: add a missing rcu_read_unlock() in error path (networking-stable-19_03_28). - tun: properly test for IFF_UP (networking-stable-19_03_28). - uas: fix alignment of scatter/gather segments (bsc#1129770). - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503). - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1135323). - usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510). - usb: cdc-acm: fix unthrottle races (bsc#1051510). - usb: core: Fix bug caused by duplicate interface PM usage counter (bsc#1051510). - usb: core: Fix unterminated string returned by usb_string() (bsc#1051510). - usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510). - usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510). - usb: serial: f81232: fix interrupt worker not stop (bsc#1051510). - usb: serial: fix unthrottle races (bsc#1051510). - usb: u132-hcd: fix resource leak (bsc#1051510). - usb: usb251xb: fix to avoid potential NULL pointer dereference (bsc#1051510). - usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510). - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bsc#1051510). - usb: yurex: Fix protection fault after device removal (bsc#1051510). - userfaultfd: use RCU to free the task struct when fork fails (git-fixes). - vfio/mdev: Avoid release parent reference during error path (bsc#1051510). - vfio/mdev: Fix aborting mdev child device removal if one fails (bsc#1051510). - vfio/pci: use correct format characters (bsc#1051510). - vfio_pci: Enable memory accesses before calling pci_map_rom (bsc#1051510). - vhost/vsock: fix reset orphans race with close timeout (bsc#1051510). - vhost: reject zero size iova range (networking-stable-19_04_19). - virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510). - virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510). - virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510). - vrf: check accept_source_route on the original netdevice (networking-stable-19_04_10). - vsock/virtio: Initialize core virtio vsock before registering the driver (bsc#1051510). - vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510). - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock (bsc#1051510). - vsock/virtio: reset connected sockets on device removal (bsc#1051510). - vt: always call notifier with the console lock held (bsc#1051510). - vxlan: Do not call gro_cells_destroy() before device is unregistered (networking-stable-19_03_28). - x86/speculation/mds: Fix documentation typo (bsc#1135642). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600). - xfrm6: avoid potential infinite loop in _decode_session6() (git-fixes). - xfrm6: call kfree_skb when skb is toobig (git-fixes). - xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes). - xfrm: Return error on unknown encap_type in init_state (git-fixes). - xfrm: Validate address prefix lengths in the xfrm selector (git-fixes). - xfrm: fix 'passing zero to ERR_PTR()' warning (git-fixes). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (git-fixes). - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes). - xfrm: reset crypto_done when iterating over multiple input xfrms (git-fixes). - xfrm: reset transport header back to network header after all input transforms ahave been applied (git-fixes). - xfrm_user: prevent leaking 2 bytes of kernel memory (git-fixes). - xfs: add log item pinning error injection tag (bsc#1114427). - xfs: buffer lru reference count error injection tag (bsc#1114427). - xfs: check _btree_check_block value (bsc#1123663). - xfs: convert drop_writes to use the errortag mechanism (bsc#1114427). - xfs: create block pointer check functions (bsc#1123663). - xfs: create inode pointer verifiers (bsc#1114427). - xfs: detect and fix bad summary counts at mount (bsc#1114427). - xfs: export _inobt_btrec_to_irec and _ialloc_cluster_alignment for scrub (bsc#1114427). - xfs: export various function for the online scrubber (bsc#1123663). - xfs: expose errortag knobs via sysfs (bsc#1114427). - xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427). - xfs: force summary counter recalc at next mount (bsc#1114427). - xfs: kill meaningless variable 'zero' (bsc#1106011). - xfs: make errortag a per-mountpoint structure (bsc#1123663). - xfs: move error injection tags into their own file (bsc#1114427). - xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011). - xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL (bsc#1106011). - xfs: refactor btree block header checking functions (bsc#1123663). - xfs: refactor btree pointer checks (bsc#1123663). - xfs: refactor unmount record write (bsc#1114427). - xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663). - xfs: remove xfs_zero_range (bsc#1106011). - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663). - xfs: replace log_badcrc_factor knob with error injection tag (bsc#1114427). - xfs: sanity-check the unused space before trying to use it (bsc#1123663). - xfs: serialize unaligned dio writes against all other dio writes (bsc#1134936). ----------------------------------------- Patch: SUSE-2019-1577 Released: Thu Jun 20 16:40:23 2019 Summary: Recommended update for permissions Severity: moderate References: 1128598 Description: This update for permissions fixes the following issues: - Added whitelisting for /usr/lib/singularity/bin/starter-suid in the new singularity 3.1 version. (bsc#1128598) ----------------------------------------- Patch: SUSE-2019-1594 Released: Fri Jun 21 10:17:15 2019 Summary: Security update for glib2 Severity: important References: 1103678,1137001,CVE-2019-12450 Description: This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). Other issue addressed: - glib2 was handling an UNKNOWN connectivity state from NetworkManager as if there was a connection thus giving false positives to PackageKit (bsc#1103678) ----------------------------------------- Patch: SUSE-2019-1597 Released: Fri Jun 21 10:18:19 2019 Summary: Security update for dbus-1 Severity: important References: 1137832,CVE-2019-12749 Description: This update for dbus-1 fixes the following issue: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). ----------------------------------------- Patch: SUSE-2019-1607 Released: Fri Jun 21 10:26:45 2019 Summary: Security update for wireshark Severity: moderate References: 1136021 Description: This update for wireshark to version 2.4.15 fixes the following issues: Security issue fixed: - Fixed a denial of service in the dissection engine (bsc#1136021). ----------------------------------------- Patch: SUSE-2019-1615 Released: Fri Jun 21 11:04:21 2019 Summary: Recommended update for python-kiwi Severity: moderate References: 1128146 Description: This update for python-kiwi fixes the following issues: - Update compression flag for qcow2 format. (bsc#1128146) - Refactoring for the evaluation of the compress flag in the runtime config. ----------------------------------------- Patch: SUSE-2019-1616 Released: Fri Jun 21 11:04:39 2019 Summary: Recommended update for rpcbind Severity: moderate References: 1134659 Description: This update for rpcbind fixes the following issues: - Change rpcbind locking path from /var/run/rpcbind.lock to /run/rpcbind.lock. (bsc#1134659) - Change the order of socket/service in the %postun scriptlet to avoid an error from rpcbind.socket when rpcbind is running during package update. ----------------------------------------- Patch: SUSE-2019-1627 Released: Fri Jun 21 11:15:11 2019 Summary: Recommended update for xfsprogs Severity: moderate References: 1073421,1122271,1129859 Description: This update for xfsprogs fixes the following issues: - xfs_repair: will now allow '/' in attribute names (bsc#1122271) - xfs_repair: will now allow zeroing of corrupt log (bsc#1073421) - enabdled offline (unmounted) filesystem geometry queries (bsc#1129859) ----------------------------------------- Patch: SUSE-2019-1629 Released: Fri Jun 21 11:16:53 2019 Summary: Security update for MozillaFirefox Severity: important References: 1137792,1138614,CVE-2019-11707 Description: This update for MozillaFirefox to version 60.7.1 fixes the following issues: Security issue fixed: - CVE-2019-11707: Fixed a type confusion vulnerability in Arrary.pop (bsc#1138614) Other issues addressed: - Added the new Mozilla's GPG key expiring on 2021-05-29 to the mozilla.keyring file - Fixed broken language plugins (bsc#1137792) ----------------------------------------- Patch: SUSE-2019-1631 Released: Fri Jun 21 11:17:21 2019 Summary: Recommended update for xz Severity: low References: 1135709 Description: This update for xz fixes the following issues: Add SUSE-Public-Domain licence as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain licence [bsc#1135709] ----------------------------------------- Patch: SUSE-2019-1634 Released: Fri Jun 21 11:46:22 2019 Summary: Recommended update for resource-agents Severity: moderate References: 1137038 Description: This update for resource-agents provides the following fixes: - Change message log level for the non action messages. The messages can still be seen using the verbose parameter. (bsc#1137038) ----------------------------------------- Patch: SUSE-2019-1637 Released: Fri Jun 21 13:53:54 2019 Summary: Security update for libvirt Severity: important References: 1136109,1138301,1138302,1138303,CVE-2019-10161,CVE-2019-10166,CVE-2019-10167 Description: This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain's config used for managedsave or execute arbitrary emulator binaries (bsc#1138302). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Other issue addressed: - spec: add systemd-container dependency to qemu and lxc drivers (bsc#1136109). ----------------------------------------- Patch: SUSE-2019-1682 Released: Sat Jun 22 13:20:04 2019 Summary: Security update for MozillaFirefox Severity: important References: 1138872,CVE-2019-11708 Description: This update for MozillaFirefox fixes the following issues: - Mozilla Firefox Firefox 60.7.2 MFSA 2019-19 (bsc#1138872) - CVE-2019-11708: Fix sandbox escape using Prompt:Open. * Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes could result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. ----------------------------------------- Patch: SUSE-2019-1728 Released: Tue Jul 2 17:35:39 2019 Summary: Recommended update for openssl-1_0_0 Severity: moderate References: 1130041 Description: This update for openssl-1_0_0 fixes the following issues: - Add back the steam subpackage on openSUSE Leap 15 whose openssl-1_0_0 package is inherited from this package (bsc#1130041) This update also ships openssl-1_0_0 to the SUSE Manager Client Tools 15 repository, to be used for phantomjs / grafana. ----------------------------------------- Patch: SUSE-2019-1738 Released: Wed Jul 3 21:12:22 2019 Summary: Recommended update for rdma-core Severity: moderate References: 1049515,1058504,1060413,1072884,1086910,1093170,996146 Description: This update for rdma-core fixes the following issues: - Update rdma-core (bsc#996146) - suse: fix dracut support - mlx5: Fix masking service level in mlx5_create_ah - cmake: Explicitly convert build type to be STRING - libhns: Bugfix for filtering zero length sge - buildlib: Ensure stanza is properly sorted - mlx4: Allow loopback when using raw Ethernet QP - travis: Change SuSE package target due to Travis CI failures - cbuild: fix tumbleweed docker image - libhns: Bugfix for using buffer length - mlx5: Fix incorrect error handling when SQ wqe count is 0 - mlx5: Fix SL to Ethernet priority conversion - travis: Fix travis failures - verbs: If the uverbs module is not loaded allow get_devices to retry init - mlx5: Fix flow tag mask - rxe: fix rxe compilation with newer kernels - Revert 'buildlib: pick leap over tumbleweed' - buildlib: pick leap over tumbleweed - mlx5: Fix compilation on 32 bit systems when sse3 is on - mlx5: Allocate huge page chunks only when needed - rxe: Do not use _sockaddr in struct rxe_av - rxe: Remove duplicate include - Update rdma-core with backport fixes: - buildilb: Fix -msse breakage on ARM builds - buildlib: Use -msse if the compiler does not support target(sse) (bsc#1086910) - suse: do not call %service rules on a template file (bsc#1093170) - mlx5: Convert ah_attr static rate to mlx5 static rate - ccan: Add array_size.h file - iwpmd: Initialize address of sockaddr - mlx5: Fix need_uuar_lock when there are no medium bfregs - verbs: Fix wrong clean up flow in ibv_rc_pingpong - Match kernel ABI to for 4.17 for 32 bit - librdmacm: Set errno correctly if status is positive - verbs: Remove bogus cq_fd - verbs: Fix typo in copying IBV_FLOW_SPEC_UDP/TCP 'val' - SRP daemon not handling SM changes. (bsc#1072884, bsc#1049515) - Remove dracut requirement. (bsc#1058504) - Includes Broadcom patches. (bsc#1060413) ----------------------------------------- Patch: SUSE-2019-1742 Released: Wed Jul 3 21:13:54 2019 Summary: Recommended update for gd Severity: moderate References: 1136574 Description: This update for gd fixes the following issues: - Change order while installing splitted library. (bsc#1136574) ----------------------------------------- Patch: SUSE-2019-1747 Released: Thu Jul 4 11:44:06 2019 Summary: Recommended update for cluster-glue Severity: moderate References: 1131545 Description: This update for cluster-glue fixes the following issues: - Directory /var/run/heartbeat/rsctmp will now get created if it doesn't exist (bsc#1131545) ----------------------------------------- Patch: SUSE-2019-1757 Released: Fri Jul 5 12:08:11 2019 Summary: Recommended update for yast2-network Severity: moderate References: 1123102,1134784,1136103 Description: This update for yast2-network is fixing the following issues: - A bug has been fixed when configuring a static IP address without any hostname (bsc#1123102) ----------------------------------------- Patch: SUSE-2019-1780 Released: Mon Jul 8 20:24:24 2019 Summary: Recommended update for icewm Severity: moderate References: 1076817 Description: This update for icewm fixes the following issues: - Disabled icewm's suspend function in order to allow systemd the handling of power key events (bsc#1076817) ----------------------------------------- Patch: SUSE-2019-1796 Released: Tue Jul 9 23:39:34 2019 Summary: Recommended update for saptune Severity: moderate References: 1116799,1120741,1123808,1124485,1124486,1124487,1124488,1124489,1126220,1128322,1128325 Description: This update for saptune fixes the following issues: - Resetting all values to clean the system during package removal - Fix saptune issues with /etc/security/limits.conf. (bsc#1124485) - Add deprecated message to the description of some notes set scheduler for note SUSE-GUIDE-01 correctly.(bsc#1123808) - Ship both versions of saptune in one package to support a smooth migration controlled by the customer. See man saptune-migrate(5) for more information. - Support note name changes and note deletion during update of saptune v2 from SLE12 to SLE15. - Support different SAP Note definitions and solution definitions related to the used operation system version (distinguish between SLE12 and SLE15 at the moment) - Remove calculation of optimized values, only set the values from the configuration file irrespective of the current system value. Current system value can be increase or decrease. ATTENTION: saptune no longer respects higher system values. Use the override option to change the values of the Note definition files, if needed. (bsc#1124488) - Mark the Notes SUSE-GUIDE-01 and SUSE-GUIDE-02 as deprecated in saptune v1 and remove these Note definitions from saptune v2. (bsc#1116799) - Add bash-completion for saptune. - Add action 'show' to the 'note' operation to print content of the note definition file to stdout. - Add new action 'create' to support the customer/vendor while creating a vendor or customer specific file in /etc/saptune/extra using the template file /usr/share/saptune/NoteTemplate.conf - Simplify file name syntax for the vendor files available in /etc/saptune/extra. Old file names still valid and supported. - Add header support (version, date, description) for the vendor files available in /etc/saptune/extra as already available for the note definition files in /usr/share/saptune/notes - No longer write or remove entries from /etc/security/limits.conf. Instead add or remove drop-in files in /etc/security/limits.d The filename syntax for the drop-in files /etc/security/limits.d is saptune---.conf. The limits entry syntax inside the Note definition files changed to support more than one limits settings in the definition file. (bsc#1128322) - Preserve comment sections of the security limits file /etc/security/limits.conf. Especially, if this is the only content of the file. (bsc#1124485) - Work with the current Note definition file to define the pagecache settings. (bsc#1126220) - Setting of UserTaskMax by applying the related SAP Notes in the postinstall of the package. (bsc#1124489) - Starting to support severities INFO, WARNING, ERROR and DEBUG for the logging and add a defined format for the log messages. - Remove saptune as active tuned profile during action 'saptune daemon stop' - start/stop services, if requested by SAP Notes, but do not enable/disable these services. (bsc#1128325) - Adapt the parameter oriented save state file handling (store and revert) to the special needs of the security limits parameter. (bsc#1124485) - Disable parameter settings using an override file. (bsc#1124486) - Store the order of the note as they are applied to get the same system tuning result after a system reboot as before. - Correct the revert of the vm.dirty parameters by handling their counterpart parameters in addition. (bsc#1124487) - Adjust operation customize to the new configuration files and override location and enable customize option for vendor and customer specific files in /etc/saptune/extra. (bsc#1124487) - Change output format of the operations list, verify and simulate. (bsc#1124487) - Display footnotes during 'verify' and 'simulate'. (bsc#1124487) - Remove Netweaver formula for page cache calculation. Use the HANA approach '2% system memory' for both. - Display a warning message, if a [block] section is found in the Note definition file because on systems with a huge number of block devices this operation may take some time. - Add force_latency handling to 'cpu' section. Use the files in /sys/devices/system/cpu/cpu* instead of /dev/cpu_dma_latency. Remove the parameter from the tuned.conf file and add it to the SAP note files '1984787' and '2205917' - Add action 'saptune revert all' and add parameter based saved state files to support proper revert functionality. (bsc#1124487) - Add override file handling for the solution definition using /etc/saptune/override/solution. (bsc#1124486) - Read solution definition from file /usr/share/saptune/solution instead of static coding inside of saptune. (bsc#1124486) - Make sure a note, which is part of an applied solution definition, but was reverted manually later, will NOT applied again after a system reboot. - One configuration file per SAP Note. (bsc#1124486) - Add new SAP Notes and adapt content of SAP Notes. - Handle different locations of the new configuration files (/usr/share/saptune/note, /etc/saptune/extra). (bsc#1124486) - Allow parameter override by the customer. (bsc#1124486) - Expand section handling of the 'ini file' handler to handle the new configuration file entries. Supported sections: version, reminder, login, mem, vm, block, limits, sysctl, pagecache, cpu, service, rpm, grub. (bsc#1124486) - Remove new line from println arg list of main.go to support newer go versions. (bsc#1120741) ----------------------------------------- Patch: SUSE-2019-1798 Released: Tue Jul 9 23:41:19 2019 Summary: Recommended update for grub2 Severity: moderate References: 1127293,928131,940457 Description: This update for grub2 fixes the following issues: - Check/refresh zipl-kernel before hibernate on s390x. (bsc#940457) - Removing hardcoded 'vmlinuz'. - Try to refresh zipl-kernel on failed kexec. (bsc#1127293) - Fully support 'previous' zipl-kernel with 'mem=1G' being available on dedicated entries. (bsc#928131) ----------------------------------------- Patch: SUSE-2019-1803 Released: Wed Jul 10 09:40:11 2019 Summary: Security update for kernel-firmware Severity: moderate References: 1136334,1136498,1139383,CVE-2019-9836 Description: This update for kernel-firmware fixes the following issues: kernel-firmware was updated to version 20190618: * cavium: Add firmware for CNN55XX crypto driver. * linux-firmware: Update firmware file for Intel Bluetooth 22161 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update AMD SEV firmware (CVE-2019-9836, bsc#1139383) * linux-firmware: update licence text for Marvell firmware * linux-firmware: update firmware for mhdp8546 * linux-firmware: rsi: update firmware images for Redpine 9113 chipset * imx: sdma: update firmware to v3.5/v4.5 * nvidia: update GP10[2467] SEC2 RTOS with the one already used on GP108 * linux-firmware: Update firmware file for Intel Bluetooth 8265 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * amlogic: add video decoder firmwares * iwlwifi: update -46 firmwares for 22260 and 9000 series * iwlwifi: add firmware for 22260 and update 9000 series -46 firmwares * iwlwifi: add -46.ucode firmwares for 9000 series * amdgpu: update vega20 to the latest 19.10 firmware * amdgpu: update vega12 to the latest 19.10 firmware * amdgpu: update vega10 to the latest 19.10 firmware * amdgpu: update polaris11 to the latest 19.10 firmware * amdgpu: update polaris10 to the latest 19.10 firmware * amdgpu: update raven2 to the latest 19.10 firmware * amdgpu: update raven to the latest 19.10 firmware * amdgpu: update picasso to the latest 19.10 firmware * linux-firmware: update fw for qat devices * Mellanox: Add new mlxsw_spectrum firmware 13.2000.1122 * drm/i915/firmware: Add ICL HuC v8.4.3238 * drm/i915/firmware: Add ICL GuC v32.0.3 * drm/i915/firmware: Add GLK HuC v03.01.2893 * drm/i915/firmware: Add GLK GuC v32.0.3 * drm/i915/firmware: Add KBL GuC v32.0.3 * drm/i915/firmware: Add SKL GuC v32.0.3 * drm/i915/firmware: Add BXT GuC v32.0.3 * linux-firmware: Add firmware file for Intel Bluetooth 22161 * cxgb4: update firmware to revision 1.23.4.0 (bsc#1136334) * linux-firmware: Update NXP Management Complex firmware to version 10.14.3 * linux-firmware: add firmware for MT7615E * mediatek: update MT8173 VPU firmware to v1.1.2 [decoder] Enlarge struct vdec_pic_info to support more capture buffer plane and capture buffer format change. * linux-firmware: update Marvell 8797/8997 firmware images * nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.10.A.23 ----------------------------------------- Patch: SUSE-2019-1804 Released: Wed Jul 10 10:40:44 2019 Summary: Security update for ruby-bundled-gems-rpmhelper, ruby2.5 Severity: important References: 1082007,1082008,1082009,1082010,1082011,1082014,1082058,1087433,1087434,1087436,1087437,1087440,1087441,1112530,1112532,1130028,1130611,1130617,1130620,1130622,1130623,1130627,1133790,CVE-2017-17742,CVE-2018-1000073,CVE-2018-1000074,CVE-2018-1000075,CVE-2018-1000076,CVE-2018-1000077,CVE-2018-1000078,CVE-2018-1000079,CVE-2018-16395,CVE-2018-16396,CVE-2018-6914,CVE-2018-8777,CVE-2018-8778,CVE-2018-8779,CVE-2018-8780,CVE-2019-8320,CVE-2019-8321,CVE-2019-8322,CVE-2019-8323,CVE-2019-8324,CVE-2019-8325 Description: This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues: Changes in ruby2.5: Update to 2.5.5 and 2.5.4: https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/ https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/ Security issues fixed: - CVE-2019-8320: Delete directory using symlink when decompressing tar (bsc#1130627) - CVE-2019-8321: Escape sequence injection vulnerability in verbose (bsc#1130623) - CVE-2019-8322: Escape sequence injection vulnerability in gem owner (bsc#1130622) - CVE-2019-8323: Escape sequence injection vulnerability in API response handling (bsc#1130620) - CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution (bsc#1130617) - CVE-2019-8325: Escape sequence injection vulnerability in errors (bsc#1130611) Ruby 2.5 was updated to 2.5.3: This release includes some bug fixes and some security fixes. Security issues fixed: - CVE-2018-16396: Tainted flags are not propagated in Array#pack and String#unpack with some directives (bsc#1112532) - CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly (bsc#1112530) Ruby 2.5 was updated to 2.5.1: This release includes some bug fixes and some security fixes. Security issues fixed: - CVE-2017-17742: HTTP response splitting in WEBrick (bsc#1087434) - CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir (bsc#1087441) - CVE-2018-8777: DoS by large request in WEBrick (bsc#1087436) - CVE-2018-8778: Buffer under-read in String#unpack (bsc#1087433) - CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (bsc#1087440) - CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir (bsc#1087437) - Multiple vulnerabilities in RubyGems were fixed: - CVE-2018-1000079: Fixed path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058) - CVE-2018-1000075: Fixed infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014) - CVE-2018-1000078: Fixed XSS vulnerability in homepage attribute when displayed via gem server (bsc#1082011) - CVE-2018-1000077: Fixed that missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL (bsc#1082010) - CVE-2018-1000076: Fixed improper verification of signatures in tarball allows to install mis-signed gem (bsc#1082009) - CVE-2018-1000074: Fixed unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (bsc#1082008) - CVE-2018-1000073: Fixed path traversal when writing to a symlinked basedir outside of the root (bsc#1082007) Other changes: - Fixed Net::POPMail methods modify frozen literal when using default arg - ruby: change over of the Japanese Era to the new emperor May 1st 2019 (bsc#1133790) - build with PIE support (bsc#1130028) Changes in ruby-bundled-gems-rpmhelper: - Add a new helper for bundled ruby gems. ----------------------------------------- Patch: SUSE-2019-1812 Released: Wed Jul 10 15:58:38 2019 Summary: Security update for libqb Severity: moderate References: 1137835,CVE-2019-12779 Description: This update for libqb fixes the following issues: Security issue fixed: - CVE-2019-12779: Fixed an issue where a local attacker could overwrite privileged system files (bsc#1137835). ----------------------------------------- Patch: SUSE-2019-1813 Released: Wed Jul 10 17:42:06 2019 Summary: Security update for fence-agents Severity: low References: 1049852,1137314,CVE-2019-10153 Description: This update for fence-agents version 4.4.0 fixes the following issues: Security issue fixed: - CVE-2019-10153: Fixed a denial of service via guest VM comments (bsc#1137314). Non-security issue fixed: - Included timestamps when logging (bsc#1049852). ----------------------------------------- Patch: SUSE-2019-1815 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Severity: moderate References: 1140016 Description: This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------- Patch: SUSE-2019-1833 Released: Fri Jul 12 17:53:51 2019 Summary: Security update for glib2 Severity: moderate References: 1139959,CVE-2019-13012 Description: This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). ----------------------------------------- Patch: SUSE-2019-1835 Released: Fri Jul 12 18:06:31 2019 Summary: Security update for expat Severity: moderate References: 1139937,CVE-2018-20843 Description: This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). ----------------------------------------- Patch: SUSE-2019-1846 Released: Mon Jul 15 11:36:33 2019 Summary: Security update for bzip2 Severity: important References: 1139083,CVE-2019-12900 Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). ----------------------------------------- Patch: SUSE-2019-1853 Released: Mon Jul 15 16:03:36 2019 Summary: Recommended update for systemd Severity: moderate References: 1107617,1137053 Description: This update for systemd fixes the following issues: - conf-parse: remove 4K line length limit (bsc#1137053) - udevd: change the default value of udev.children-max (again) (bsc#1107617) - meson: stop creating enablement symlinks in /etc during installation (sequel) - Fixed build for openSUSE Leap 15+ - Make sure we don't ship any static enablement symlinks in /etc Those symlinks must only be created by the presets. There are no changes in practice since systemd/udev doesn't ship such symlinks in /etc but let's make sure no future changes will introduce new ones by mistake. ----------------------------------------- Patch: SUSE-2019-1855 Released: Mon Jul 15 17:12:56 2019 Summary: Security update for the Linux Kernel Severity: important References: 1051510,1061840,1065600,1071995,1088047,1094555,1098633,1106383,1106751,1109137,1114279,1119532,1120423,1124167,1127155,1128432,1128902,1128910,1131645,1132154,1132390,1133401,1133738,1134303,1134395,1135296,1135556,1135642,1136157,1136598,1136922,1136935,1137103,1137194,1137429,1137625,1137728,1137884,1137995,1137996,1137998,1137999,1138000,1138002,1138003,1138005,1138006,1138007,1138008,1138009,1138010,1138011,1138012,1138013,1138014,1138015,1138016,1138017,1138018,1138019,1138291,1138293,1138374,1138375,1138589,1138719,1139751,1139771,1139782,1139865,1140133,1140328,1140405,1140424,1140428,1140575,1140577,1140637,1140658,1140715,1140719,1140726,1140727,1140728,1140814,CVE-2018-16871,CVE-2018-20836,CVE-2019-10126,CVE-2019-10638,CVE-2019-10639,CVE-2019-11478,CVE-2019-11599,CVE-2019-12380,CVE-2019-12456,CVE-2019-12614,CVE-2019-12818,CVE-2019-12819 Description: The SUSE Linux Enterprise 15 kernel version 4.12.14 was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: Attackers used to be able to track the Linux kernel by the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack could have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. [bnc#1140575] - CVE-2019-10639: The Linux kernel used to allow Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely by the attacker forcing the target device to send UDP or ICMP traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. [bnc#1140577] - CVE-2018-20836: A race condition used to exist in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. [bnc#1134395] - CVE-2019-10126: A heap based buffer overflow in the wireless driver code was fixed. This issue might have lead to memory corruption and possibly other consequences. [bnc#1136935] - CVE-2019-11599: The coredump implementation did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. [bnc#1131645]. - CVE-2019-12614: There was an unchecked kstrdup of prop->name on PowerPC platforms, which allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). [bnc#1137194] - CVE-2018-16871: A flaw was found in the NFS implementation. An attacker who was able to mount an exported NFS filesystem was able to trigger a null pointer dereference by an invalid NFS sequence. This could panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will were lost. [bnc#1137103] - CVE-2019-12819: The function __mdiobus_register() used to call put_device(), which would trigger a fixed_mdio_bus_init use-after-free error. This would cause a denial of service. [bnc#1138291] - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it could trigger a NULL pointer dereference. This would cause denial of service. [bnc#1138293] - CVE-2019-12456: An issue in the MPT3COMMAND case in _ctl_ioctl_main() allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a 'double fetch' vulnerability. [bsc#1136922] - CVE-2019-12380: An issue was in the EFI subsystem existed that mishandled memory allocation failures. Note, however, that all relevant code runs only at boot-time, before any user processes are started. Therefore, there was no possibility for an unprivileged user to exploit this issue. [bnc#1136598] The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - ACPI / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510). - ACPI: Add Hygon Dhyana support (). - ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - ALSA: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - ALSA: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - ALSA: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - ALSA: hda/realtek - Set default power save node to 0 (bsc#1051510). - ALSA: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - ALSA: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - ALSA: line6: Fix write on zero-sized buffer (bsc#1051510). - ALSA: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - ALSA: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - ALSA: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510). - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510). - ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - ASoC: fsl_sai: Update is_slave_mode with correct value (bsc#1051510). - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510). - ASoC: hdmi-codec: unlock the device on startup errors (bsc#1051510). - Add kernel-subpackage-build.spec (). - add kernel-subpackage-build.spec.in and support scripts - hook it in mkspec - extend the mechanism that copies dependencies inside kernel-binary.spec.in from kernel-%build_flavor to kernel-%build_flavor-base to also handle kernel-subpackage-build.spec.in using BINARY DEPS marker. - expand %name in kernel-%build_flavor so the dependencies are expanded correctly in kernel-subpackage-build.spec.in - Add sample kernel-default-base spec file (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - Bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - Build klp-symbols in kernel devel projects. - Do not provide kernel-default from kernel-default-base (boo#1132154, bsc#1106751). - Do not provide kernel-default-srchash from kernel-default-base. - Do not restrict NFSv4.2 on openSUSE (bsc#1138719). - Documentation: Correct the possible MDS sysfs values (bsc#1135642). - Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - EDAC, amd64: Add Hygon Dhyana support (). - EDAC/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - HID: Wacom: switch Dell canvas into highres mode (bsc#1051510). - HID: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510). - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510). - HID: wacom: Add ability to provide explicit battery status info (bsc#1051510). - HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - HID: wacom: Add support for Pro Pen slim (bsc#1051510). - HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - HID: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - HID: wacom: Do not set tool type until we're in range (bsc#1051510). - HID: wacom: Mark expected switch fall-through (bsc#1051510). - HID: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - HID: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - HID: wacom: Properly handle AES serial number and tool type (bsc#1051510). - HID: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - HID: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - HID: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - HID: wacom: Support 'in range' for Intuos/Bamboo tablets where possible (bsc#1051510). - HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - HID: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - HID: wacom: fix mistake in printk (bsc#1051510). - HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - HID: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - HID: wacom: generic: Refactor generic battery handling (bsc#1051510). - HID: wacom: generic: Report AES battery information (bsc#1051510). - HID: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - HID: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - HID: wacom: generic: Support multiple tools per report (bsc#1051510). - HID: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - HID: wacom: generic: add the 'Report Valid' usage (bsc#1051510). - HID: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - Input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - Install extra rpm scripts for kernel subpackaging (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - KVM: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840). - KVM: PPC: Book3S: Protect memslots while validating user address (bsc#1061840). - KVM: PPC: Release all hardware TCE tables attached to a group (bsc#1061840). - KVM: PPC: Remove redundand permission bits removal (bsc#1061840). - KVM: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840). - KVM: PPC: Validate all tces before updating tables (bsc#1061840). - Kabi fixup blk_mq_register_dev() (bsc#1140637). - Move stuff git_sort chokes on, out of the way - PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - PCI: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - PCI: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - PM / core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - RAS/CEC: Convert the timer callback to a workqueue (bsc#1114279). - RAS/CEC: Fix binary search function (bsc#1114279). - SMB3: Fix endian warning (bsc#1137884). - Staging: vc04_services: Fix a couple error codes (bsc#1051510). - Trim build dependencies of sample subpackage spec file (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - USB: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510). - USB: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510). - USB: core: Do not unbind interfaces following device reset failure (bsc#1051510). - USB: rio500: fix memory leak in close after disconnect (bsc#1051510). - USB: rio500: refuse more than one device at a time (bsc#1051510). - USB: serial: fix initial-termios handling (bsc#1135642). - USB: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - USB: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - USB: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - USB: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510). - USB: usb-storage: Add new ID to ums-realtek (bsc#1051510). - added De0-Nanos-SoC board support (and others based on Altera SOC). - af_key: unconditionally clone on broadcast (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510). - brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510). - brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510). - brcmfmac: fix missing checks for kmemdup (bsc#1051510). - brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - chardev: add additional check for minor range overlap (bsc#1051510). - clk: rockchip: Turn on 'aclk_dmac1' for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpu/topology: Export die_id (jsc#SLE-5454). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpufreq: Add Hygon Dhyana support (). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dm, dax: Fix detection of DAX support (bsc#1139782). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510). - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/radeon: prefer lower reference dividers (bsc#1051510). - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510). - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - fuse: fallocate: fix return with locked inode (bsc#1051510). - fuse: fix writepages on 32bit (bsc#1051510). - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510). - gpio: fix gpio-adp5588 build errors (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (). - hwmon: (k10temp) Add Hygon Dhyana support (). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (). - hwmon: (k10temp) Add support for family 17h (). - hwmon: (k10temp) Add support for temperature offsets (). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (). - hwmon: (k10temp) Correct model name for Ryzen 1600X (). - hwmon: (k10temp) Display both Tctl and Tdie (). - hwmon: (k10temp) Fix reading critical temperature register (). - hwmon: (k10temp) Make function get_raw_temp static (). - hwmon: (k10temp) Move chip specific code into probe function (). - hwmon: (k10temp) Only apply temperature offset if result is positive (). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (). - hwmon: (k10temp) Use API function to access System Management Network (). - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (). - hwrng: omap - Set default quality (bsc#1051510). - i2c-piix4: Add Hygon Dhyana SMBus support (). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510). - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510). - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510). - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510). - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510). - iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kernel-binary: Use -c grep option in klp project detection. - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-subpackage-spec: Add dummy package to ensure subpackages are rebuilt with kernel update (bsc#1106751). In factory packages are not rebuilt automatically so a dependency is needed on the old kernel to get a rebuild with the new kernel. THe subpackage itself cannot depend on the kernel so add another empty pacakge that does depend on it. - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - leds: avoid flush_work in atomic context (bsc#1051510). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510). - media: au0828: stop video streaming only when last user stops (bsc#1051510). - media: coda: clear error return value before picture run (bsc#1051510). - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510). - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510). - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510). - media: ov2659: make S_FMT succeed even if requested format does not match (bsc#1051510). - media: saa7146: avoid high stack usage with clang (bsc#1051510). - media: smsusb: better handle optional alignment (bsc#1051510). - media: usb: siano: Fix false-positive 'uninitialized variable' warning (bsc#1051510). - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: Verify SD bus width (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510). - mmc_spi: add a status check for spi_sync_locked (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - parport: Fix mem leak in parport_register_dev_model (bsc#1051510). - perf tools: Add Hygon Dhyana support (). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510). - rtc: do not reference bogus function pointer in kdoc (bsc#1051510). - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/setup: fix early warning messages (bsc#1051510). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - sort patches to proper position - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510). - staging: wlan-ng: fix adapter initialization failure (bsc#1051510). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - tcp: refine memory limit test in tcp_fragment() (CVE-2019-11478, bsc#1139751). - test_firmware: Use correct snprintf() limit (bsc#1135642). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thunderbolt: Fix to check for kmemdup failure (bsc#1051510). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510). - tty: ipwireless: fix missing checks for ioremap (bsc#1051510). - tty: max310x: Fix external crystal register setup (bsc#1051510). - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510). - usbnet: fix kernel crash after disconnect (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - vxlan: trivial indenting fix (bsc#1051510). - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510). - w1: fix the resume command API (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Add support for Raven Ridge CPUs (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions. - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/kvm: Add Hygon Dhyana support to KVM (). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/xen: Add Hygon Dhyana support to Xen (). - xen/pciback: Do not disable PCI_COMMAND on PCI device reset (bsc#1065600). - xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510). - xhci: Use %zu for printing size_t type (bsc#1051510). - xhci: update bounce buffer with correct sg num (bsc#1051510). ----------------------------------------- Patch: SUSE-2019-1859 Released: Tue Jul 16 13:08:46 2019 Summary: Security update for libgcrypt Severity: moderate References: 1097073,1125740,1138939,CVE-2019-12904 Description: This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-12904: The C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) (bsc#1138939) Other bugfixes: - Don't run full FIPS self-tests from constructor (bsc#1097073) - Skip all the self-tests except for binary integrity when called from the constructor (bsc#1097073) - Enforce the minimal RSA keygen size in fips mode (bsc#1125740) - avoid executing some tests twice. - Fixed a race condition in initialization. - Fixed env-script-interpreter in cavs_driver.pl - Fixed redundant fips tests in some situations causing failure to boot in fips mode. (bsc#1097073) This helps during booting of the system in FIPS mode with insufficient entropy. ----------------------------------------- Patch: SUSE-2019-1869 Released: Wed Jul 17 14:03:20 2019 Summary: Security update for MozillaFirefox Severity: important References: 1140868,CVE-2019-11709,CVE-2019-11711,CVE-2019-11712,CVE-2019-11713,CVE-2019-11715,CVE-2019-11717,CVE-2019-11719,CVE-2019-11729,CVE-2019-11730,CVE-2019-9811 Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: * Added IPSEC IKE support to softoken * Many new FIPS test cases ----------------------------------------- Patch: SUSE-2019-1877 Released: Thu Jul 18 11:31:46 2019 Summary: Security update for glibc Severity: moderate References: 1117993,1123710,1127223,1127308,1131330,CVE-2009-5155,CVE-2019-9169 Description: This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). - CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Non-security issues fixed: - Does no longer compress debug sections in crt*.o files (bsc#1123710) - Fixes a concurrency problem in ldconfig (bsc#1117993) - Fixes a race condition in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330) ----------------------------------------- Patch: SUSE-2019-1892 Released: Thu Jul 18 15:54:35 2019 Summary: Recommended update for openslp Severity: moderate References: 1117969,1136136 Description: This update for openslp fixes the following issues: - Use tcp connects to talk with other directory agents (DAs) (bsc#1117969) - Fix segfault in predicate match if a registered service has a malformed attribute list (bsc#1136136) ----------------------------------------- Patch: SUSE-2019-1908 Released: Fri Jul 19 12:51:17 2019 Summary: Recommended update for grub2 Severity: important References: 1134287,1139345 Description: This update for grub2 fixes the following issues: - Fix a regression introduced by the previous update which could prevent booting on ppc64. (bsc#1134287, bsc#1139345). ----------------------------------------- Patch: SUSE-2019-1909 Released: Fri Jul 19 13:52:23 2019 Summary: Security update for ucode-intel Severity: important References: 1111331,CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2019-11091 Description: This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X ----------------------------------------- Patch: SUSE-2019-1914 Released: Mon Jul 22 08:43:12 2019 Summary: Recommended update for NetworkManager Severity: moderate References: 1129587 Description: This update for NetworkManager fixes the following issues: - Add CAP_SYS_ADMIN which netconfig needs to call setdomainname. (bsc#1129587). ----------------------------------------- Patch: SUSE-2019-1916 Released: Mon Jul 22 08:44:01 2019 Summary: Recommended update for yast2-saptune Severity: moderate References: 1077615,1135879 Description: This update for yast2-saptune fixes the following issues: - Fix to disable tuned daemon, if saptune is not configured (bsc#1135879) ----------------------------------------- Patch: SUSE-2019-1967 Released: Thu Jul 25 02:26:37 2019 Summary: Recommended update for dracut Severity: important References: 1098915,1121238,1125393,1130107,1130114,1132448,1133819,1134347,1134472,1137784 Description: This update for dracut fixes the following issues: - 95dasd-rules 95zfcp-rules: was not correctly looking for rule names (bsc#1137784) - Early microcode was not added from files with .early postfix (bsc#1098915, bsc#1125393) - GPIO modules weren't get included on ARM (bsc#1133819) - Routes were not properly added due to a spelling error (bsc#1134347) - Decouple iscsi from sysinit.target (bsc#1134472) - dracut-lib.sh:dev_unit_name() guard against $dev beginning with '-' (bsc#1132448) - 95iscsi: error messages were created when building initrd, due to multipath timeouts (bsc#1130114, bsc#1130107, bsc#1121238) ----------------------------------------- Patch: SUSE-2019-1976 Released: Fri Jul 26 00:08:35 2019 Summary: Recommended update for resource-agents Severity: moderate References: 1114855,1125138,1131793,1133337,1133962,1137038,1137231,1140874 Description: This update for resource-agents fixes the following issues: - The version of resource-agents was updated to 4.3.018.a7fb5035 and has addressed a couple of bugs. Some of the bugs are: * L3: Pacemaker SST databases to /dev/null (bsc#1131793) [waiting for a customer friendly description] * azure-events: changed the default log level to 'warning' (bsc#1137038, bsc#1137231) * CTDB: Fixes the version string with vendor trailer comparison (bsc#1133337) * Fixes an issue where aws-vpc-move-ip failed when a VM has more than one network interface (bsc#1133962) Please refer to this rpm's changelog to obtain a full list of all changes. ----------------------------------------- Patch: SUSE-2019-1985 Released: Fri Jul 26 00:17:21 2019 Summary: Recommended update for suse-module-tools Severity: moderate References: 1100989,1123697,1123704,1123721,1127155,1127891,1134819,937216 Description: This update for suse-module-tools fixes the following issues: - Softdep of bridge on br_netfilter. (bsc#937216, bsc#1134819) - weak-modules2: Emit 'inconsistent' warning only if replacement fails. (bsc#1127155) - spec file: Add conflicts for dracut < 44.2. (bsc#1127891) - modprobe.conf.common: Add csiostor->cxgb4 dependency. (bsc#1100989) - Fix driver-check.sh. (bsc#1123697, bsc#1123704) - Make code work without kmod-compat - Remove hard dependency on mkinitrd. (bsc#1123721) ----------------------------------------- Patch: SUSE-2019-1994 Released: Fri Jul 26 16:12:05 2019 Summary: Recommended update for libxml2 Severity: moderate References: 1135123 Description: This update for libxml2 fixes the following issues: - Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit when processing large XML files. (bsc#1135123) ----------------------------------------- Patch: SUSE-2019-1998 Released: Fri Jul 26 16:13:22 2019 Summary: Recommended update for sysstat Severity: moderate References: 1138767 Description: This update for sysstat fixes the following issues: - Fix scaling issue with mtab symlinks and automounter. (bsc#1138767) ----------------------------------------- Patch: SUSE-2019-2004 Released: Mon Jul 29 13:01:59 2019 Summary: Security update for bzip2 Severity: important References: 1139083,CVE-2019-12900 Description: This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). ----------------------------------------- Patch: SUSE-2019-2006 Released: Mon Jul 29 13:02:49 2019 Summary: Security update for gpg2 Severity: important References: 1124847,1141093,CVE-2019-13050 Description: This update for gpg2 fixes the following issues: Security issue fixed: - CVE-2019-13050: Fixed a denial of service attacks via big keys (bsc#1141093). Non-security issue fixed: - Allow coredumps in X11 desktop sessions (bsc#1124847) ----------------------------------------- Patch: SUSE-2019-2018 Released: Tue Jul 30 13:16:48 2019 Summary: Security update for polkit Severity: important References: 1121826,CVE-2019-6133 Description: This update for polkit fixes the following issues: Security issue fixed: - CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend (bsc#1121826). ----------------------------------------- Patch: SUSE-2019-2030 Released: Wed Jul 31 18:34:34 2019 Summary: Security update for zypper, libzypp and libsolv Severity: moderate References: 1047962,1049826,1053177,1065022,1099019,1102261,1110542,1111319,1112911,1113296,1114908,1115341,1116840,1118758,1119373,1119820,1119873,1120263,1120463,1120629,1120630,1120631,1121611,1122062,1122471,1123137,1123681,1123843,1123865,1123967,1124897,1125415,1127026,1127155,1127220,1130161,1131823,1135749,1137977,663358,764147,965786,978193,993025,CVE-2018-20532,CVE-2018-20533,CVE-2018-20534 Description: This update for libzypp and libsolv fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed NULL pointer dereference at ext/testcase.c (function testcase_read) (bsc#1120629). - CVE-2018-20533: Fixed NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a (bsc#1120630). - CVE-2018-20534: Fixed illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a (bsc#1120631). Fixed bugs and enhancements: - make cleandeps jobs on patterns work (bnc#1137977) - Fixed an issue where libsolv failed to build against swig 4.0 by updating the version to 0.7.5 (bsc#1135749). - Virtualization host upgrade from SLES-15 to SLES-15-SP1 finished with wrong product name shown up (bsc#1131823). - Copy pattern categories from the rpm that defines the pattern (fate#323785). - Enhance scanning /sys for modaliases (bsc#1130161). - Prevent SEGV if the application sets an empty TextLocale (bsc#1127026). - Handle libgpgme error when gpg key is not completely read and user hits CTRL + C (bsc#1127220). - Added a hint when registration codes have expired (bsc#965786). - Adds a better handling of an error when verifying any repository medium (bsc#1065022). - Will now only write type field when probing (bsc#1114908). - Fixes an issue where zypper has showed the info message 'Installation aborted by user' while the installation was aborted by wicked (bsc#978193). - Suppresses reporting `/memfd:` pseudo files (bsc#1123843). - Fixes an issue where zypper was not able to install or uninstall packages when rpm is unavailable (bsc#1122471). - Fixes an issue where locks were ignored (bsc#1113296). - Simplify complex locks so zypper can display them (bsc#1112911). - zypper will now set `SYSTEMD_OFFLINE=1` during chrooted commits (bsc#1118758). - no-recommends: Nevertheless consider resolver namespaces (hardware, language,..supporting packages) (fate#325513). - Removes world-readable bit from /var/log/zypp (bsc#1099019). - Does no longer fail service-refresh on a empty repoindex.xml (bsc#1116840). - Fixes soname due to libsolv ABI changes (bsc#1115341). - Add infrastructure to flag specific packages to trigger a reboot needed hint (fate#326451). This update for zypper 1.14.27 fixes the following issues: - bash-completion: add package completion for addlock (bsc#1047962) - bash-completion: fix incorrect detection of command names (bsc#1049826) - Offer to change the 'runSearchPackages' config option at the prompt (bsc#1119373, FATE#325599) - Prompt: provide a 'yes/no/always/never' prompt. - Prompt: support '#NUM' as answer to select the NUMth option... - Augeas: enable writing back changed option values (to ~/.zypper.conf) - removelocale: fix segfault - Move needs-restarting command to subpackage (fixes #254) - Allow empty string as argument (bsc#1125415) - Provide a way to delete cache for volatile repositories (bsc#1053177) - Adapt to boost-1.69 requiring explicit casts tribool->bool (fixes #255) - Show support status in info if not unknown (bsc#764147) - Fix installing plain rpm files with `zypper in` (bsc#1124897) - Show only required info in the summary in quiet mode (bsc#993025) - Stay with legacy behavior and return ZYPPER_EXIT_INF_REBOOT_NEEDED only for patches. We don't extend this return code to packages, although they may also carry the 'reboot-needed' attribute. The preferred way to test whether the system needs to be rebooted is `zypper needs-rebooting`. (openSUSE/zypper#237) - Skip repository on error (bsc#1123967) - New commands for locale management: locales addlocale removelocale Inspect and manipulate the systems `requested locales`, aka. the languages software packages should try support by installing translations, dictionaries and tools, as far as they are available. - Don't throw, just warn if options are repeated (bsc#1123865) - Fix detection whether stdout is a tty (happened too late) - Fix broken --plus-content switch (fixes bsc#1123681) - Fix broken --replacefiles switch (fixes bsc#1123137) - Extend zypper source-install (fixes bsc#663358) - Fix inconsistent results for search (bsc#1119873) - Show reboot hint in zypper ps and summary (fixes bsc#1120263) - Improve handling of partially locked packages (bsc#1113296) - Fix wrong default values in help text (bsc#1121611) - Fixed broken argument parsing for --reposd-dir (bsc#1122062) - Fix wrong zypp::indeterminate use (bsc#1120463) - CLI parser: fix broken initialization enforcing 'select by name' (bsc#1119820) - zypper.conf: [commit] autoAgreeWithLicenses {=false} (fixes #220) - locks: Fix printing of versioned locks (bsc#1112911) - locks: create and write versioned locks correctly (bsc#1112911) - patch: --with update may implicitly assume --with-optional (bsc#1102261) - no-recommends: Nevertheless consider resolver namespaces (hardware, language,..supporting packages) (FATE#325513) - Optionally run 'zypper search-packages' after 'search' (FATE#325599) - zypper.conf: Add [search]runSearchPackages config variable. - Don't iterate twice on --no-cd (bsc#1111319) - zypper-log: Make it Python 3 compatible - man: mention /etc/zypp/needreboot config file (fate#326451, fixes #140) - Add `needs-restarting` shell script and manpage (fate#326451) - Add zypper needs-rebooting command (fate#326451) - Introduce new zypper command framefork. Migrated commands so far: addlock addrepo addservice clean cleanlocks modifyrepo modifyservice ps refresh refresh-services removelock removerepo removeservice renamerepo repos services - MediaChangeReport: fix https URLs causing 2 prompts on error (bsc#1110542) ----------------------------------------- Patch: SUSE-2019-2050 Released: Tue Aug 6 09:42:37 2019 Summary: Security update for python3 Severity: important References: 1094814,1138459,1141853,CVE-2018-20852,CVE-2019-10160 Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Non-security issue fixed: - Fixed an issue where the SIGINT signal was ignored or not handled (bsc#1094814). ----------------------------------------- Patch: SUSE-2019-2061 Released: Tue Aug 6 14:28:33 2019 Summary: Recommended update for several bugs for Hawk2 Severity: moderate References: 1089802,1137891 Description: Update for Hawk2 for the following issues: - Fix display in case of nameless cluster (bsc#1137891) - Fix utility method for checking ACL version in Hawk (bsc#1089802) ----------------------------------------- Patch: SUSE-2019-2064 Released: Tue Aug 6 15:50:23 2019 Summary: Security update for python Severity: important References: 1138459,CVE-2019-10160 Description: This update for python fixes the following issues: Security issue fixed: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). ----------------------------------------- Patch: SUSE-2019-2071 Released: Wed Aug 7 00:51:11 2019 Summary: Security update for the Linux Kernel Severity: important References: 1051510,1055117,1071995,1083647,1083710,1102247,1119222,1123080,1127034,1127315,1129770,1130972,1133021,1134097,1134390,1134399,1135335,1135642,1137458,1137534,1137535,1137584,1137609,1137827,1139358,1140133,1140322,1140652,1140903,1140945,1141401,1141402,1141452,1141453,1141454,1141478,1142023,1142112,1142220,1142221,1142254,1142350,1142351,1142354,1142359,1142450,1142701,1142868,1143003,1143045,1143105,1143185,1143189,1143191,1143507,CVE-2018-20855,CVE-2019-1125,CVE-2019-11810,CVE-2019-13631,CVE-2019-13648,CVE-2019-14283,CVE-2019-14284 Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045). - CVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358). - CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default. (bnc#1143191) - CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399). - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame. (bnc#1142254) - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023) The following non-security bugs were fixed: - Correct the CVE and bug reference for a floppy security fix (CVE-2019-14284,bsc#1143189) A dedicated CVE was already assigned - acpi/nfit: Always dump _DSM output payload (bsc#1142351). - Add back sibling paca poiter to paca (bsc#1055117). - Add support for crct10dif-vpmsum (). - af_unix: remove redundant lockdep class (git-fixes). alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - alsa: compress: Do not allow paritial drain operations on capture streams (bsc#1051510). - alsa: compress: Fix regression on compressed capture streams (bsc#1051510). - alsa: compress: Prevent bypasses of set_params (bsc#1051510). - alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - alsa: line6: Fix a typo (bsc#1051510). - alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - alsa: seq: Break too long mutex context in the write loop (bsc#1051510). - alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510). - alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - asoc : cs4265 : readable register too low (bsc#1051510). - asoc: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - asoc: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ath6kl: add some bounds checking (bsc#1051510). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: remove 'XXX:' comment line from run_cache_set() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: Revert 'bcache: fix high CPU occupancy during journal' (bsc#1140652). - bcache: Revert 'bcache: free heap cache_set->flush_btree in bch_journal_free' (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - btrfs: fix race between block group removal and block group allocation (bsc#1143003). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - dmaengine: hsu: Revert 'set HSU_CH_MTSR to memory width' (bsc#1051510). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - e1000e: start network tx queue only when link is up (bsc#1051510). - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - Fix memory leak in sctp_process_init (networking-stable-19_06_09). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - hid: wacom: correct touch resolution x/y typo (bsc#1051510). - hid: wacom: generic: Correct pad syncing (bsc#1051510). - hid: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - hid: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510). - input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - input: psmouse - fix build error of multiple definition (bsc#1051510). - input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995). - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - kvm: polling: add architecture backend to disable polling (bsc#1119222). - kvm: s390: change default halt poll time to 50us (bsc#1119222). - kvm: s390: enable CONFIG_HAVE_KVM_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_KVM_NO_POLL for bsc#1119222 - kvm: s390: fix typo in parameter description (bsc#1119222). - kvm: s390: kABI Workaround for 'kvm_vcpu_stat' Add halt_no_poll_steal to kvm_vcpu_stat. Hide it from the kABI checker. - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222). - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - lib/bitmap.c: make bitmap_parselist() thread-safe and much faster (bsc#1143507). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mmc: sdhci-pci: Try 'cd' for card-detect lookup before using NULL (bsc#1051510). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net: avoid weird emergency message (networking-stable-19_05_21). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - pci: Always allow probing with driver_override (bsc#1051510). - pci: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - pci: hv: Remove unused reason for refcount handler (bsc#1142701). - pci: hv: support reporting serial number as slot information (bsc#1142701). - pci: Return error if cannot probe VF (bsc#1051510). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - rds: ib: fix 'passing zero to ERR_PTR()' warning (git-fixes). - Revert 'bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()' (bsc#1140652). - Revert 'e1000e: fix cyclic resets at link up with active tx' (bsc#1051510). - Revert 'livepatch: Remove reliable stacktrace check in klp_try_switch_task()' (bsc#1071995). - Revert 'serial: 8250: Do not service RX FIFO if interrupts are disabled' (bsc#1051510). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390/vtime: steal time exponential moving average (bsc#1119222). - scripts/git_sort/git_sort.py: Add mmots tree. - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - team: Always enable vlan tx offload (bsc#1051510). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - usb: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - vmci: Fix integer overflow in VMCI handle arrays (bsc#1051510). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - wil6210: fix potential out-of-bounds read (bsc#1051510). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xfs: do not overflow xattr listent buffer (bsc#1143105). ----------------------------------------- Patch: SUSE-2019-2084 Released: Wed Aug 7 13:57:01 2019 Summary: Recommended update for polkit-default-privs Severity: moderate References: 1140151 Description: This update for polkit-default-privs fixes the following issues: - various new libvirt actions were white listed (bsc#1140151) ----------------------------------------- Patch: SUSE-2019-2085 Released: Wed Aug 7 13:58:43 2019 Summary: Recommended update for apparmor Severity: moderate References: 1135751 Description: This update for apparmor fixes the following issues: - Profile updates for dnsmasq, dovecot, identd, syslog-ng - Parser: fix 'Px -> foo-bar' (the '-' was rejected before) - Add certbot paths to abstractions/ssl_certs and abstractions/ssl_keys. - Fix build with swig 4.0. (bsc#1135751) ----------------------------------------- Patch: SUSE-2019-2086 Released: Wed Aug 7 13:59:40 2019 Summary: Recommended update for postfix Severity: moderate References: 1104543,1140521 Description: This update for postfix fixes the following issues: - config.postfix does not start tlsmgr in master.cf when using POSTFIX_SMTP_TLS_CLIENT='must'. (bsc#1104543) - Fixed postfix can not use ldap tables (bsc#1140521) ----------------------------------------- Patch: SUSE-2019-2087 Released: Wed Aug 7 18:16:48 2019 Summary: Security update for tcpdump Severity: moderate References: 1068716,1142439,CVE-2017-16808,CVE-2019-1010220 Description: This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2019-1010220: Fixed a buffer over-read in print_prefix() which may expose data (bsc#1142439). - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print() and lookup_emem() (bsc#1068716). ----------------------------------------- Patch: SUSE-2019-2103 Released: Fri Aug 9 13:16:36 2019 Summary: Security update for wireshark Severity: moderate References: 1141980,CVE-2019-13619 Description: This update for wireshark to version 2.4.16 fixes the following issues: Security issue fixed: - CVE-2019-13619: ASN.1 BER and related dissectors crash (bsc#1141980). ----------------------------------------- Patch: SUSE-2019-2114 Released: Mon Aug 12 11:56:44 2019 Summary: Security update for python Severity: moderate References: 1141853,CVE-2018-20852 Description: This update for python fixes the following issues: - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). ----------------------------------------- Patch: SUSE-2019-2130 Released: Wed Aug 14 11:26:59 2019 Summary: Recommended update for kernel-firmware Severity: important References: 1143331 Description: This update for kernel-firmware fixes the following issues: - Reverts a patch which has caused systems to hang during booting in specific scenarios (bsc#1143331) ----------------------------------------- Patch: SUSE-2019-2134 Released: Wed Aug 14 11:54:56 2019 Summary: Recommended update for zlib Severity: moderate References: 1136717,1137624,1141059,SLE-5807 Description: This update for zlib fixes the following issues: - Update the s390 patchset. (bsc#1137624) - Tweak zlib-power8 to have type of crc32_vpmsum conform to usage. (bsc#1141059) - Use FAT LTO objects in order to provide proper static library. - Do not enable the previous patchset on s390 but just s390x. (bsc#1137624) - Add patchset for s390 improvements. (jsc#SLE-5807, bsc#1136717) ----------------------------------------- Patch: SUSE-2019-2142 Released: Wed Aug 14 18:14:04 2019 Summary: Recommended update for mozilla-nspr, mozilla-nss Severity: moderate References: 1141322 Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.45 (bsc#1141322) : * New function in pk11pub.h: PK11_FindRawCertsWithSubject * The following CA certificates were Removed: CN = Certinomis - Root CA (bmo#1552374) * Implement Delegated Credentials (draft-ietf-tls-subcerts) (bmo#1540403) This adds a new experimental function SSL_DelegateCredential Note: In 3.45, selfserv does not yet support delegated credentials (See bmo#1548360). Note: In 3.45 the SSLChannelInfo is left unmodified, while an upcoming change in 3.46 will set SSLChannelInfo.authKeyBits to that of the delegated credential for better policy enforcement (See bmo#1563078). * Replace ARM32 Curve25519 implementation with one from fiat-crypto (bmo#1550579) * Expose a function PK11_FindRawCertsWithSubject for finding certificates with a given subject on a given slot (bmo#1552262) * Add IPSEC IKE support to softoken (bmo#1546229) * Add support for the Elbrus lcc compiler (<=1.23) (bmo#1554616) * Expose an external clock for SSL (bmo#1543874) This adds new experimental functions: SSL_SetTimeFunc, SSL_CreateAntiReplayContext, SSL_SetAntiReplayContext, and SSL_ReleaseAntiReplayContext. The experimental function SSL_InitAntiReplay is removed. * Various changes in response to the ongoing FIPS review (bmo#1546477) Note: The source package size has increased substantially due to the new FIPS test vectors. This will likely prompt follow-on work, but please accept our apologies in the meantime. mozilla-nspr was updated to version 4.21 * Changed prbit.h to use builtin function on aarch64. * Removed Gonk/B2G references. ----------------------------------------- Patch: SUSE-2019-2161 Released: Fri Aug 16 08:57:18 2019 Summary: Recommended update for net-snmp Severity: moderate References: 1108471,1116807,1140341,SLE-6120 Description: This update for net-snmp fixes the following issues: - Added Lustre filesystem support (bsc#1140341, jsc#SLE-6120). - Added info about the original agent which triggered the trap. When the trap is forwarded there was no info about the original agent (bsc#1116807). - Fixes missing sysconfig files creation (bsc#1108471) ----------------------------------------- Patch: SUSE-2019-2162 Released: Fri Aug 16 08:57:42 2019 Summary: Recommended update for multipath-tools Severity: moderate References: 1118495,1119898,1125507,1134648,1139369 Description: This update for multipath-tools contains the following changes: - Added basic NVMe ANA support (bsc#1119898, bsc#1118495) - mpathpersist: optimize for setups with many LUNs (bsc#1134648) - mpathpersist: add option -f/--batch-file (bsc#1134648) - libmultipath: get_prio(): really don't reset prio for inaccessible paths (bsc#1118495) - Upstream bug fixes from dm-devel (bsc#1139369): * multipath: call store_pathinfo with DI_BLACKLIST - hwtable: add Lenovo DE series (bsc#1125507) ----------------------------------------- Patch: SUSE-2019-2173 Released: Mon Aug 19 14:46:35 2019 Summary: Recommended update for yast2 Severity: moderate References: 1093052,1113732,1128032 Description: This update for yast2 fixes the following issues: - Stop 'ls: write error: Broken pipe' messages. (bsc#1128032) - Choose SuSEfirewall2 as default if no firewall has been installed. (bsc#1093052) - Added more testcases if e.g. system is running in chroot environment and systemd does not work properly (bsc#1113732) ----------------------------------------- Patch: SUSE-2019-2174 Released: Mon Aug 19 14:46:47 2019 Summary: Recommended update for yast2-proxy Severity: moderate References: 1140199 Description: This update for yast2-proxy fixes the following issues: - Fix 'proxy' behaviour when running in firstboot (bsc#1140199) ----------------------------------------- Patch: SUSE-2019-2183 Released: Tue Aug 20 09:49:59 2019 Summary: Recommended update for ebtables Severity: moderate References: 1140898 Description: This update for ebtables fixes the following issues: - Fix path /sbin to /usr/sbin in ebtables.systemd. (bsc#1140898) ----------------------------------------- Patch: SUSE-2019-2188 Released: Wed Aug 21 10:10:29 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1140647 Description: This update for aaa_base fixes the following issues: - Make systemd detection cgroup oblivious. (bsc#1140647) ----------------------------------------- Patch: SUSE-2019-2189 Released: Wed Aug 21 10:12:23 2019 Summary: Recommended update for sysstat Severity: moderate References: 1142470 Description: This update for sysstat fixes the following issues: - Remove deprecated gettext and require gettext-runtime during build only. (bsc#1142470) ----------------------------------------- Patch: SUSE-2019-2200 Released: Thu Aug 22 14:36:04 2019 Summary: Recommended update for quota Severity: low References: 1144265 Description: This update for quota fixes the following issues: - quota will stop processing the config file in case of errors (bsc#1144265) ----------------------------------------- Patch: SUSE-2019-2218 Released: Mon Aug 26 11:29:57 2019 Summary: Recommended update for pinentry Severity: moderate References: 1141883 Description: This update for pinentry fixes the following issues: - Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883) ----------------------------------------- Patch: SUSE-2019-2241 Released: Wed Aug 28 14:58:49 2019 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1144169 Description: This update for ca-certificates-mozilla fixes the following issues: ca-certificates-mozillawas updated to 2.34 state of the Mozilla NSS Certificate store (bsc#1144169) Removed CAs: - Certinomis - Root CA Includes new root CAs from the 2.32 version: - emSign ECC Root CA - C3 (email and server auth) - emSign ECC Root CA - G3 (email and server auth) - emSign Root CA - C1 (email and server auth) - emSign Root CA - G1 (email and server auth) - Hongkong Post Root CA 3 (server auth) ----------------------------------------- Patch: SUSE-2019-2248 Released: Thu Aug 29 08:18:23 2019 Summary: Recommended update for python-kiwi Severity: moderate References: 1141168 Description: This update for python-kiwi fixes the following issues: - kiwi will no longer create an empty machine-id file in case it is not provided during the system installation (bsc#1141168) ----------------------------------------- Patch: SUSE-2019-2279 Released: Wed Sep 4 12:22:23 2019 Summary: Recommended update for SUSEConnect Severity: moderate References: 1136752,1144020 Description: This update for SUSEConnect fixes the following issues: - Fix failing on registered system without arguments (bsc#1144020) - Fix base product service removal during de-registration in public clouds (bsc#1136752) ----------------------------------------- Patch: SUSE-2019-2289 Released: Wed Sep 4 14:23:43 2019 Summary: Recommended update for open-iscsi Severity: moderate References: 1113712 Description: This update for open-iscsi fixes the following issues: - Fixes an issue where an iSCSI boot failure appeared in MPIO config with single path active (bsc#1113712) Additionally: This update includes a lot of smaller bug fixes. Please refer to this rpm's changelog file to get the full list of all changes. ----------------------------------------- Patch: SUSE-2019-2291 Released: Wed Sep 4 16:48:52 2019 Summary: Security update for java-1_8_0-ibm Severity: important References: 1122292,1122299,1141780,1141782,1141783,1141785,1141787,1141789,1147021,CVE-2018-11212,CVE-2019-11771,CVE-2019-11772,CVE-2019-11775,CVE-2019-2449,CVE-2019-2762,CVE-2019-2766,CVE-2019-2769,CVE-2019-2786,CVE-2019-2816,CVE-2019-4473,CVE-2019-7317 Description: This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 40. Security issues fixed: - CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11772: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780). - CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). - CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). - CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785). - CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). - CVE-2019-2786: Fixed issue inside Component Security (bsc#1141787). ----------------------------------------- Patch: SUSE-2019-2306 Released: Thu Sep 5 14:39:23 2019 Summary: Recommended update for parted Severity: moderate References: 1082318,1136245 Description: This update for parted fixes the following issues: - Included several minor bug fixes - for more details please refer to this rpm's changelog (bsc#1136245) - Installs the license file in the correct directory (bsc#1082318) ----------------------------------------- Patch: SUSE-2019-2326 Released: Fri Sep 6 10:18:05 2019 Summary: Recommended update for ha-cluster-bootstrap Severity: moderate References: 1138353 Description: This update for ha-cluster-bootstrap fixes the following issues: - use help2man to generate init/join/remove man page (bsc#1138353) ----------------------------------------- Patch: SUSE-2019-2331 Released: Mon Sep 9 10:17:00 2019 Summary: Security update for python-urllib3 Severity: moderate References: 1119376,1129071,1132663,1132900,CVE-2018-20060,CVE-2019-11236,CVE-2019-11324,CVE-2019-9740 Description: This update for python-urllib3 fixes the following issues: Security issues fixed: - CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071). - CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900). - CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663). - CVE-2018-20060: Remove Authorization header when redirecting cross-host (bsc#1119376). ----------------------------------------- Patch: SUSE-2019-2349 Released: Tue Sep 10 14:52:10 2019 Summary: Security update for libgcrypt Severity: moderate References: 1148987,CVE-2019-13627 Description: This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigated ECDSA timing attack. (bsc#1148987) ----------------------------------------- Patch: SUSE-2019-2360 Released: Thu Sep 12 07:54:14 2019 Summary: Recommended update for desktop-file-utils Severity: moderate References: 1094774,1148080 Description: This update for desktop-file-utils fixes the following issues: - Added Pantheon to desktop env list (bsc#1094774) - Fix for update-desktop-database to recognize font media types. (bsc#1148080) ----------------------------------------- Patch: SUSE-2019-2363 Released: Thu Sep 12 07:55:41 2019 Summary: Recommended update for krb5 Severity: moderate References: 1081947,1144047 Description: This update for krb5 contains the following fixes: - Integrate pam_keyinit PAM module, ksu-pam.d. (bsc#1081947) ----------------------------------------- Patch: SUSE-2019-2373 Released: Thu Sep 12 14:18:53 2019 Summary: Security update for curl Severity: important References: 1149495,1149496,CVE-2019-5481,CVE-2019-5482 Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495). - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). ----------------------------------------- Patch: SUSE-2019-2375 Released: Thu Sep 12 17:36:46 2019 Summary: Recommended update for polkit-default-privs Severity: moderate References: 1144077 Description: This update for polkit-default-privs fixes the following issues: - whitelist the checkpoint action for libvirt (bsc#1144077) ----------------------------------------- Patch: SUSE-2019-2392 Released: Tue Sep 17 15:46:35 2019 Summary: Security update for util-linux and shadow Severity: moderate References: 1081947,1082293,1085196,1106214,1121197,1122417,1125886,1135534,1135708,353876 Description: This update for util-linux and shadow fixes the following issues: util-linux: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Prevent outdated pam files (bsc#1082293). - Do not trim read-only volumes (bsc#1106214). - Integrate pam_keyinit pam module to login (bsc#1081947). - Perform one-time reset of /etc/default/su (bsc#1121197). - Fix problems in reading of login.defs values (bsc#1121197) - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417). - raw.service: Add RemainAfterExit=yes (bsc#1135534). - agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886) - Fix /etc/default/su comments and create /etc/default/runuser (bsc#1121197). shadow: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Hardening for su wrappers (bsc#353876) ----------------------------------------- Patch: SUSE-2019-2395 Released: Wed Sep 18 08:31:38 2019 Summary: Security update for openldap2 Severity: moderate References: 1073313,1111388,1114845,1143194,1143273,CVE-2017-17740,CVE-2019-13057,CVE-2019-13565 Description: This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194). - CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273). - CVE-2017-17740: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313) Non-security issues fixed: - Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845). - Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388) - Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388). ----------------------------------------- Patch: SUSE-2019-2405 Released: Thu Sep 19 08:49:58 2019 Summary: Recommended update for pacemaker Severity: moderate References: 1032511,1127716,1130122,1131353,1131356,1133866,1136712 Description: This update for pacemaker fixes the following issues: - scheduler: Wait for probe actions to complete preventing unnecessary restart/re-promote of dependent resources. (bsc#1130122, bsc#1032511) - controller: Confirm cancel of failed monitors. (bsc#1133866) - controller: Improve failed recurring action messages in the logs and improve SAPHanaSR transition efficiency. (bsc#1133866) - libcrmcommon: Return error when applying XML diffs containing unknown operations. (bsc#1127716) - libcrmcommon: Avoid possible use of NULL when applying XML diffs and apply them correctly with multiple move/create changes. (bsc#1127716) - libcrmcommon: Return proper code if testing PID is denied and avoid NULL by returning active process ID. (bsc#1131353, bsc#1131356) - contoller,scheduler: Guarding hash table of deleting. (bsc#1136712) ----------------------------------------- Patch: SUSE-2019-2410 Released: Fri Sep 20 09:51:53 2019 Summary: Security update for openssl-1_1 Severity: moderate References: 1150003,1150250,CVE-2019-1547,CVE-2019-1563 Description: This update for openssl-1_1 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) ----------------------------------------- Patch: SUSE-2019-2414 Released: Fri Sep 20 11:37:23 2019 Summary: Security update for the Linux Kernel Severity: important References: 1047238,1050911,1051510,1054914,1055117,1056686,1060662,1061840,1061843,1064597,1064701,1065600,1065729,1066369,1071009,1071306,1078248,1082555,1085030,1085536,1085539,1086103,1087092,1090734,1091171,1093205,1102097,1104902,1106061,1106284,1106434,1108382,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113722,1114279,1114542,1118689,1119086,1120876,1120902,1120937,1123105,1123959,1124370,1129424,1129519,1129664,1131107,1131281,1131565,1133021,1134291,1134881,1134882,1135219,1135642,1135897,1136261,1137811,1137884,1138539,1139020,1139021,1139101,1139500,1140012,1140426,1140487,1141450,1141543,1141554,1142019,1142076,1142109,1142117,1142118,1142119,1142496,1142541,1142635,1142685,1142701,1142857,1143300,1143466,1143765,1143841,1143843,1144123,1144333,1144474,1144518,1144718,1144813,1144880,1144886,1144912,1144920,1144979,1145010,1145051,1145059,1145189,1145235,1145300,1145302,1145388,1145389,1145390,1145391,1145392,1145393,1145394,1145395,1145396,1145397,1145408,1145409,1145661,1145678,1145687,1145920,1145922,1145934,1145937,1145940,1145941,1145942,1146074,1146084,1146163,1146285,1146346,1146351,1146352,1146361,1146376,1146378,1146381,1146391,1146399,1146413,1146425,1146512,1146514,1146516,1146519,1146524,1146526,1146529,1146531,1146543,1146547,1146550,1146575,1146589,1146678,1146938,1148031,1148032,1148033,1148034,1148035,1148093,1148133,1148192,1148196,1148198,1148202,1148303,1148363,1148379,1148394,1148527,1148574,1148616,1148617,1148619,1148859,1148868,1149053,1149083,1149104,1149105,1149106,1149197,1149214,1149224,1149325,1149376,1149413,1149418,1149424,1149522,1149527,1149539,1149552,1149591,1149602,1149612,1149626,1149652,1149713,1149940,1149976,1150025,1150033,1150112,1150562,1150727,1150860,1150861,1150933,CVE-2017-18551,CVE-2018-20976,CVE-2018-21008,CVE-2019-10207,CVE-2019-14814,CVE-2019-14815,CVE-2019-14816,CVE-2019-14835,CVE-2019-15030,CVE-2019-15031,CVE-2019-15090,CVE-2019-15098,CVE-2019-15117,CVE-2019-15118,CVE-2019-15211,CVE-2019-15212,CVE-2019-15214,CVE-2019-15215,CVE-2019-15216,CVE-2019-15217,CVE-2019-15218,CVE-2019-15219,CVE-2019-15220,CVE-2019-15221,CVE-2019-15222,CVE-2019-15239,CVE-2019-15290,CVE-2019-15292,CVE-2019-15538,CVE-2019-15666,CVE-2019-15902,CVE-2019-15917,CVE-2019-15919,CVE-2019-15920,CVE-2019-15921,CVE-2019-15924,CVE-2019-15926,CVE-2019-15927,CVE-2019-9456 Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following new features were implemented: - jsc#SLE-4875: [CML] New device IDs for CML - jsc#SLE-7294: Add cpufreq driver for Raspberry Pi - fate#321840: Reduce memory required to boot capture kernel while using fadump - fate#326869: perf: pmu mem_load/store event support - fate:327775: vpmem: DRAM backed persistent volumes for improved SAP HANA on POWER restart times The following security bugs were fixed: - CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516) - CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bsc#1146361). - CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112). - CVE-2019-15924: Fix a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure. (bsc#1149612). - CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456). - CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users' processes via an interrupt. (bsc#1149713) - CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149626) - CVE-2019-15921: There was a memory leak issue when idr_alloc() failed (bsc#1149602) - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach (bsc#1149591). - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149552) - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() failed in hci_uart_set_proto() (bsc#1149539) - CVE-2019-15926: Out of bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx (bsc#1149527) - CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit (bsc#1149522) - CVE-2019-15902: A backporting error reintroduced the Spectre vulnerability that it aimed to eliminate. (bnc#1149376) - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which would cause denial of service, because verify_newpolicy_info mishandled directory validation. (bsc#1148394). - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (bsc#1146524) - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. (bsc#1146526) - CVE-2019-15538: XFS partially wedged when a chgrp failed on account of being out of disk quota. This was primarily a local DoS attack vector, but it could result as well in remote DoS if the XFS filesystem was exported for instance via NFS. (bsc#1148032, bsc#1148093) - CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543). - CVE-2019-15098: USB driver net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146378). - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. (bsc#1051510 bsc#1146391). - CVE-2019-15292: There was a use-after-free in atalk_proc_exit (bsc#1146678) - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (bsc#1146547). - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory. (bsc#1146519). - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. (bsc#1146550) - CVE-2019-15221, CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. (bsc#1146529, bsc#1146531) - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. (bsc#1051510 bsc#1146413) - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. (bsc#1135642 bsc#1146425) - CVE-2019-15090: In the qedi_dbg_* family of functions, there was an out-of-bounds read. (bsc#1146399) - CVE-2018-20976: A use after free existed, related to xfs_fs_fill_super failure. (bsc#1146285) - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated. (bsc#1146163). - CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux kernel mishandled recursion, leading to kernel stack exhaustion. (bsc#1145922). - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access. (bsc#1145920). - CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth driver (bsc#1142857 bsc#1123959). - CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589) The following non-security bugs were fixed: - 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510). - 9p/rdma: remove useless check in cm_event_handler (bsc#1051510). - 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510). - 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510). - 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510). - 9p: acl: fix uninitialized iattr access (bsc#1051510). - 9p: p9dirent_read: check network-provided name length (bsc#1051510). - 9p: pass the correct prototype to read_cache_page (bsc#1051510). - acpi/IORT: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510). - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510). - acpi: PM: Fix regression in acpi_device_set_power() (bsc#1051510). - acpi: fix false-positive -Wuninitialized warning (bsc#1051510). - acpica: Increase total number of possible Owner IDs (bsc#1148859). - af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510). - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02). - alsa: firewire: fix a memory leak bug (bsc#1051510). - alsa: hda - Add a generic reboot_notify (bsc#1051510). - alsa: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510). - alsa: hda - Do not override global PCM hw info flag (bsc#1051510). - alsa: hda - Fix a memory leak bug (bsc#1051510). - alsa: hda - Fix potential endless loop at applying quirks (bsc#1051510). - alsa: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510). - alsa: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510). - alsa: hda/realtek - Fix overridden device-specific initialization (bsc#1051510). - alsa: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510). - alsa: hda: kabi workaround for generic parser flag (bsc#1051510). - alsa: hiface: fix multiple memory leak bugs (bsc#1051510). - alsa: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510). - alsa: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510). - alsa: seq: Fix potential concurrent access to the deleted pool (bsc#1051510). - alsa: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510). - arm64: kvm: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021). - arm: kvm: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021). - arm: kvm: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021). - asoC: Fail card instantiation if DAI format setup fails (bsc#1051510). - asoC: dapm: Fix handling of custom_stop_condition on DApm graph walks (bsc#1051510). - ata: libahci: do not complain in case of deferred probe (bsc#1051510). - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510). - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510). - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510). - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes). - bcache: kernel oops on reading sysfs cache_mode file (bsc#1144979). - bio: fix improper use of smp_mb__before_atomic() (git fixes). - blk-mq: Fix spelling in a source code comment (git fixes). - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661). - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - block, documentation: Fix wbt_lat_usec documentation (git fixes). - bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510). - bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510). - bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510). - bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510). - bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510). - bluetooth: validate BLE connection interval updates (bsc#1051510). - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25). - bonding: Always enable vlan tx offload (networking-stable-19_07_02). - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25). - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911). - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911). - btrfs: add a helper to retrive extent inline ref type (bsc#1149325). - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911). - btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487). - btrfs: add one more sanity check for shared ref type (bsc#1149325). - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911). - btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325). - btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933). - btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562). - btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941). - btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942). - btrfs: fix incremental send failure after deduplication (bsc#1145940). - btrfs: fix pinned underflow after transaction aborted (bsc#1050911). - btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059). - btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937). - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911). - btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059). - btrfs: remove BUG() in add_data_reference (bsc#1149325). - btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325). - btrfs: remove BUG() in print_extent_item (bsc#1149325). - btrfs: remove BUG_ON in __add_tree_block (bsc#1149325). - btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103). - btrfs: start readahead also in seed devices (bsc#1144886). - btrfs: track running balance in a simpler way (bsc#1145059). - btrfs: use GFP_KERNEL in init_ipath (bsc#1086103). - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25). - can: m_can: implement errata 'Needless activation of MRAF irq' (bsc#1051510). - can: mcp251x: add support for mcp25625 (bsc#1051510). - can: peak_usb: fix potential double kfree_skb() (bsc#1051510). - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510). - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510). - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510). - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510). - can: sja1000: force the string buffer NULL-terminated (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1142635). - ceph: always get rstat from auth mds (bsc#1146346). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: decode feature bits in session message (bsc#1146346). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: fix 'ceph.dir.rctime' vxattr value (bsc#1148133 bsc#1135219). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133 bsc#1138539). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: support cephfs' own feature bits (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: use bit flags to define vxattr attributes (bsc#1146346). - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333). - cifs: Add DFS cache routines (bsc#1144333). - cifs: Add direct I/O functions to file_operations (bsc#1144333). - cifs: Add minor debug message during negprot (bsc#1144333). - cifs: Add smb2_send_recv (bsc#1144333). - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333). - cifs: Add support for direct I/O read (bsc#1144333). - cifs: Add support for direct I/O write (bsc#1144333). - cifs: Add support for direct pages in rdata (bsc#1144333). - cifs: Add support for direct pages in wdata (bsc#1144333). - cifs: Add support for failover in cifs_mount() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333). - cifs: Add support for failover in smb2_reconnect() (bsc#1144333). - cifs: Add support for reading attributes on smb2+ (bsc#1051510, bsc#1144333). - cifs: Add support for writing attributes on smb2+ (bsc#1051510, bsc#1144333). - cifs: Adds information-level logging function (bsc#1144333). - cifs: Adjust MTU credits before reopening a file (bsc#1144333). - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333). - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333). - cifs: Always reset read error to -EIO if no response (bsc#1144333). - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333). - cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333). - cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333). - cifs: Call MID callback before destroying transport (bsc#1144333). - cifs: Change smb2_open to return an iov for the error parameter (bsc#1144333). - cifs: Check for reconnects before sending async requests (bsc#1144333). - cifs: Check for reconnects before sending compound requests (bsc#1144333). - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333). - cifs: Count smb3 credits for malformed pending responses (bsc#1144333). - cifs: Display smb2 error codes in the hex format (bsc#1144333). - cifs: Do not assume one credit for async responses (bsc#1144333). - cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333). - cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333). - cifs: Do not log credits when unmounting a share (bsc#1144333). - cifs: Do not match port on smbDirect transport (bsc#1144333). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333). - cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333). - cifs: Do not skip smb2 message IDs on send failures (bsc#1144333). - cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333). - cifs: Fix DFS cache refresher for DFS links (bsc#1144333). - cifs: Fix NULL pointer deref on smb2_tcon() failure (bsc#1071009, bsc#1144333). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: Fix NULL ptr deref (bsc#1144333). - cifs: Fix a debug message (bsc#1144333). - cifs: Fix a race condition with cifs_echo_request (bsc#1144333). - cifs: Fix a tiny potential memory leak (bsc#1144333). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333). - cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333). - cifs: Fix check for matching with existing mount (bsc#1144333). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix credit calculations in compound mid callback (bsc#1144333). - cifs: Fix credit computation for compounded requests (bsc#1144333). - cifs: Fix credits calculation for cancelled requests (bsc#1144333). - cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix encryption/signing (bsc#1144333). - cifs: Fix error mapping for smb2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333). - cifs: Fix error paths in writeback code (bsc#1144333). - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333). - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333). - cifs: Fix kernel oops when tracesmb is enabled (bsc#1144333). - cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333). - cifs: Fix lease buffer length error (bsc#1144333). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333). - cifs: Fix module dependency (bsc#1144333). - cifs: Fix mounts if the client is low on credits (bsc#1144333). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333). - cifs: Fix possible oops and memory leaks in async IO (bsc#1144333). - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333). - cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333). - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333). - cifs: Fix signing for smb2/3 (bsc#1144333). - cifs: Fix slab-out-of-bounds in send_set_info() on smb2 ACE setting (bsc#1144333). - cifs: Fix slab-out-of-bounds when tracing smb tcon (bsc#1144333). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333). - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333). - cifs: Fix trace command logging for smb2 reads and writes (bsc#1144333). - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333). - cifs: Fix use-after-free in smb2_read (bsc#1144333). - cifs: Fix use-after-free in smb2_write (bsc#1144333). - cifs: Fix validation of signed data in smb2 (bsc#1144333). - cifs: Fix validation of signed data in smb3+ (bsc#1144333). - cifs: For smb2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333). - cifs: In Kconfig CONFIG_cifs_POSIX needs depends on legacy (insecure cifs) (bsc#1144333). - cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333). - cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333). - cifs: Limit memory used by lock request calls to a page (bsc#1144333). - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333). - cifs: Make sure all data pages are signed correctly (bsc#1144333). - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333). - cifs: Mask off signals when sending smb packets (bsc#1144333). - cifs: Minor Kconfig clarification (bsc#1144333). - cifs: Move credit processing to mid callbacks for smb3 (bsc#1144333). - cifs: Move open file handling to writepages (bsc#1144333). - cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333). - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333). - cifs: Only free DFS target list if we actually got one (bsc#1144333). - cifs: Only send smb2_NEGOTIATE command on new TCP connections (bsc#1144333). - cifs: Pass page offset for calculating signature (bsc#1144333). - cifs: Pass page offset for encrypting (bsc#1144333). - cifs: Print message when attempting a mount (bsc#1144333). - cifs: Properly handle auto disabling of serverino option (bsc#1144333). - cifs: Reconnect expired smb sessions (bnc#1060662). - cifs: Refactor out cifs_mount() (bsc#1144333). - cifs: Remove custom credit adjustments for smb2 async IO (bsc#1144333). - cifs: Reopen file before get smb2 MTU credits for async IO (bsc#1144333). - cifs: Respect reconnect in MTU credits calculations (bsc#1144333). - cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333). - cifs: Respect smb2 hdr preamble size in read responses (bsc#1144333). - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333). - cifs: Return error code when getting file handle for writeback (bsc#1144333). - cifs: Save TTL value when parsing DFS referrals (bsc#1144333). - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333). - cifs: Set reconnect instance to one initially (bsc#1144333). - cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333). - cifs: Silence uninitialized variable warning (bsc#1144333). - cifs: Skip any trailing backslashes from UNC (bsc#1144333). - cifs: Try to acquire credits at once for compound requests (bsc#1144333). - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333). - cifs: Use correct packet length in smb2_TRANSFORM header (bsc#1144333). - cifs: Use kmemdup in smb2_ioctl_init() (bsc#1144333). - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333). - cifs: Use kzfree() to free password (bsc#1144333). - cifs: Use offset when reading pages (bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333). - cifs: When sending data on socket, pass the correct page offset (bsc#1144333). - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333). - cifs: add .splice_write (bsc#1144333). - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333). - cifs: add ONCE flag for cifs_dbg type (bsc#1144333). - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333). - cifs: add a new smb2_close_flags function (bsc#1144333). - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333). - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333). - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333). - cifs: add compound_send_recv() (bsc#1144333). - cifs: add credits from unmatched responses/messages (bsc#1144333). - cifs: add debug output to show nocase mount option (bsc#1144333). - cifs: add fiemap support (bsc#1144333). - cifs: add iface info to struct cifs_ses (bsc#1144333). - cifs: add lease tracking to the cached root fid (bsc#1144333). - cifs: add missing GCM module dependency (bsc#1144333). - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333). - cifs: add missing support for ACLs in smb 3.11 (bsc#1051510, bsc#1144333). - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333). - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333). - cifs: add server argument to the dump_detail method (bsc#1144333). - cifs: add server->vals->header_preamble_size (bsc#1144333). - cifs: add sha512 secmech (bsc#1051510, bsc#1144333). - cifs: add smb2_close_init()/smb2_close_free() (bsc#1144333). - cifs: add smb2_ioctl_init/free helpers to be used with compounding (bsc#1144333). - cifs: add smb2_query_info_[init|free]() (bsc#1144333). - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333). - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333). - cifs: add support for ioctl on directories (bsc#1144333). - cifs: address trivial coverity warning (bsc#1144333). - cifs: allow calling smb2_xxx_free(NULL) (bsc#1144333). - cifs: allow disabling less secure legacy dialects (bsc#1144333). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333). - cifs: always add credits back for unsolicited PDUs (bsc#1144333). - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333). - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333). - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333). - cifs: change mkdir to use a compound (bsc#1144333). - cifs: change smb2_OP_RENAME and smb2_OP_HARDLINK to use compounding (bsc#1144333). - cifs: change smb2_OP_SET_EOF to use compounding (bsc#1144333). - cifs: change smb2_OP_SET_INFO to use compounding (bsc#1144333). - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333). - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333). - cifs: change unlink to use a compound (bsc#1144333). - cifs: change validate_buf to validate_iov (bsc#1144333). - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333). - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333). - cifs: check cifs_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333). - cifs: check if smb2 PDU size has been padded and suppress the warning (bsc#1144333). - cifs: check kmalloc before use (bsc#1051510, bsc#1144333). - cifs: check kzalloc return (bsc#1144333). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333). - cifs: check rsp for NULL before dereferencing in smb2_open (bsc#1085536, bsc#1144333). - cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333). - cifs: clean up indentation, replace spaces with tab (bsc#1144333). - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333). - cifs: complete PDU definitions for interface queries (bsc#1144333). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333). - cifs: create a define for how many iovs we need for an smb2_open() (bsc#1144333). - cifs: create a define for the max number of iov we need for a smb2 set_info (bsc#1144333). - cifs: create a helper function for compound query_info (bsc#1144333). - cifs: create helpers for smb2_set_info_init/free() (bsc#1144333). - cifs: create smb2_open_init()/smb2_open_free() helpers (bsc#1144333). - cifs: do not allow creating sockets except with smb1 posix exensions (bsc#1102097, bsc#1144333). - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333). - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333). - cifs: do not return atime less than mtime (bsc#1144333). - cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333). - cifs: do not show domain= in mount output when domain is empty (bsc#1144333). - cifs: do not use __constant_cpu_to_le32() (bsc#1144333). - cifs: document tcon/ses/server refcount dance (bsc#1144333). - cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333). - cifs: dump every session iface info (bsc#1144333). - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333). - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333). - cifs: fix NULL deref in smb2_read (bsc#1085539, bsc#1144333). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333). - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333). - cifs: fix a credits leak for compund commands (bsc#1144333). - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333). - cifs: fix build break when CONFIG_cifs_DEBUG2 enabled (bsc#1144333). - cifs: fix build errors for smb_DIRECT (bsc#1144333). - cifs: fix circular locking dependency (bsc#1064701, bsc#1144333). - cifs: fix computation for MAX_smb2_hidR_SIZE (bsc#1144333). - cifs: fix confusing warning message on reconnect (bsc#1144333). - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333). - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333). - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333). - cifs: fix credits leak for smb1 oplock breaks (bsc#1144333). - cifs: fix deadlock in cached root handling (bsc#1144333). - cifs: fix encryption in smb3.1.1 (bsc#1144333). - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333). - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333). - cifs: fix kref underflow in close_shroot() (bsc#1144333). - cifs: fix memory leak and remove dead code (bsc#1144333). - cifs: fix memory leak in smb2_open() (bsc#1112894, bsc#1144333). - cifs: fix memory leak in smb2_read (bsc#1144333). - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333). - cifs: fix page reference leak with readv/writev (bsc#1144333). - cifs: fix panic in smb2_reconnect (bsc#1144333). - cifs: fix parsing of symbolic link error response (bsc#1144333). - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333). - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333). - cifs: fix signed/unsigned mismatch on aio_read patch (bsc#1144333). - cifs: fix smb1 breakage (bsc#1144333). - cifs: fix smb3_zero_range for Azure (bsc#1144333). - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333). - cifs: fix sparse warning on previous patch in a few printks (bsc#1144333). - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333). - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333). - cifs: fix typo in cifs_dbg (bsc#1144333). - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333). - cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333). - cifs: fix use-after-free of the lease keys (bsc#1144333). - cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333). - cifs: flush before set-info if we have writeable handles (bsc#1144333). - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333). - cifs: handle netapp error codes (bsc#1136261). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333). - cifs: integer overflow in in smb2_ioctl() (bsc#1051510, bsc#1144333). - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333). - cifs: limit amount of data we request for xattrs to cifsMaxBufSize (bsc#1144333). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333). - cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333). - cifs: make arrays static const, reduces object code size (bsc#1144333). - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333). - cifs: make mknod() an smb_version_op (bsc#1144333). - cifs: make rmdir() use compounding (bsc#1144333). - cifs: make smb_send_rqst take an array of requests (bsc#1144333). - cifs: minor clarification in comments (bsc#1144333). - cifs: minor updates to module description for cifs.ko (bsc#1144333). - cifs: move default port definitions to cifsglob.h (bsc#1144333). - cifs: move large array from stack to heap (bsc#1144333). - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333). - cifs: parse and store info on iface queries (bsc#1144333). - cifs: pass flags down into wait_for_free_credits() (bsc#1144333). - cifs: pass page offsets on smb1 read/write (bsc#1144333). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333). - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333). - cifs: print cifsMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333). - cifs: protect against server returning invalid file system block size (bsc#1144333). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: push rfc1002 generation down the stack (bsc#1144333). - cifs: read overflow in is_valid_oplock_break() (bsc#1144333). - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333). - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333). - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333). - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333). - cifs: remove header_preamble_size where it is always 0 (bsc#1144333). - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333). - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333). - cifs: remove rfc1002 header from all smb2 response structures (bsc#1144333). - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333). - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333). - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333). - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333). - cifs: remove set but not used variable 'sep' (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variable 'smb_buf' (bsc#1144333). - cifs: remove small_smb2_init (bsc#1144333). - cifs: remove smb2_send_recv() (bsc#1144333). - cifs: remove struct smb2_hdr (bsc#1144333). - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333). - cifs: remove the is_falloc argument to smb2_set_eof (bsc#1144333). - cifs: remove unused stats (bsc#1144333). - cifs: remove unused value pointed out by Coverity (bsc#1144333). - cifs: remove unused variable from smb2_read (bsc#1144333). - cifs: rename and clarify cifs_ASYNC_OP and cifs_NO_RESP (bsc#1144333). - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - cifs: replace snprintf with scnprintf (bsc#1144333). - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333). - cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333). - cifs: return error on invalid value written to cifsFYI (bsc#1144333). - cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333). - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333). - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333). - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333). - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333). - cifs: simple stats should always be enabled (bsc#1144333). - cifs: simplify code by removing CONFIG_cifs_ACL ifdef (bsc#1144333). - Update config files. - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333). - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333). - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333). - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333). - cifs: smbD: Add parameter rdata to smb2_new_read_req (bsc#1144333). - cifs: smbD: Add rdma mount option (bsc#1144333). - cifs: smbD: Add smb Direct debug counters (bsc#1144333). - cifs: smbD: Add smb Direct protocol initial values and constants (bsc#1144333). - cifs: smbD: Disable signing on smb direct transport (bsc#1144333). - cifs: smbD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333). - cifs: smbD: Establish smb Direct connection (bsc#1144333). - cifs: smbD: Fix the definition for smb2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333). - cifs: smbD: Implement RDMA memory registration (bsc#1144333). - cifs: smbD: Implement function to create a smb Direct connection (bsc#1144333). - cifs: smbD: Implement function to destroy a smb Direct connection (bsc#1144333). - cifs: smbD: Implement function to receive data via RDMA receive (bsc#1144333). - cifs: smbD: Implement function to reconnect to a smb Direct transport (bsc#1144333). - cifs: smbD: Implement function to send data via RDMA send (bsc#1144333). - cifs: smbD: Read correct returned data length for RDMA write (smb read) I/O (bsc#1144333). - cifs: smbD: Set smb Direct maximum read or write size for I/O (bsc#1144333). - cifs: smbD: Support page offset in RDMA recv (bsc#1144333). - cifs: smbD: Support page offset in RDMA send (bsc#1144333). - cifs: smbD: Support page offset in memory registration (bsc#1144333). - cifs: smbD: Upper layer connects to smbDirect session (bsc#1144333). - cifs: smbD: Upper layer destroys smb Direct session on shutdown or umount (bsc#1144333). - cifs: smbD: Upper layer performs smb read via RDMA write through memory registration (bsc#1144333). - cifs: smbD: Upper layer performs smb write via RDMA read through memory registration (bsc#1144333). - cifs: smbD: Upper layer receives data via RDMA receive (bsc#1144333). - cifs: smbD: Upper layer reconnects to smb Direct session (bsc#1144333). - cifs: smbD: Upper layer sends data via RDMA send (bsc#1144333). - cifs: smbD: _smbd_get_connection() can be static (bsc#1144333). - cifs: smbD: export protocol initial values (bsc#1144333). - cifs: smbD: fix spelling mistake: faield and legnth (bsc#1144333). - cifs: smbD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333). - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333). - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333). - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333). - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333). - cifs: smbd: Dump smb packet when configured (bsc#1144333). - cifs: smbd: Enable signing with smbdirect (bsc#1144333). - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333). - cifs: smbd: Retry on memory registration failure (bsc#1144333). - cifs: smbd: Return EINTR when interrupted (bsc#1144333). - cifs: smbd: avoid reconnect lockup (bsc#1144333). - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333). - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333). - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333). - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333). - cifs: store the leaseKey in the fid on smb2_open (bsc#1051510, bsc#1144333). - cifs: suppress some implicit-fallthrough warnings (bsc#1144333). - cifs: track writepages in vfs operation counters (bsc#1144333). - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333). - cifs: update calc_size to take a server argument (bsc#1144333). - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333). - cifs: update internal module number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333). - cifs: update module internal version number (bsc#1144333). - cifs: update multiplex loop to handle compounded responses (bsc#1144333). - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333). - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333). - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333). - cifs: update smb2_queryfs() to use compounding (bsc#1144333). - cifs: use a compound for setting an xattr (bsc#1144333). - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333). - cifs: use correct format characters (bsc#1144333). - cifs: use tcon_ipc instead of use_ipc parameter of smb2_ioctl (bsc#1071306, bsc#1144333). - cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333). - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333). - cifs: we can not use small padding iovs together with encryption (bsc#1144333). - cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333). - cifs: zero-range does not require the file is sparse (bsc#1144333). - cifs:smbd Use the correct DMA direction when sending data (bsc#1144333). - cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333). - cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333). - cifs_lookup(): switch to d_splice_alias() (bsc#1144333). - clk: Export clk_bulk_prepare() (bsc#1144813). - clk: add clk_bulk_get accessories (bsc#1144813). - clk: bcm2835: remove pllb (jsc#SLE-7294). - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294). - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813). - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294). - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510). - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813). - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510). - coredump: split pipe command whitespace before expanding template (bsc#1051510). - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279). - cpufreq: add driver for Raspberry Pi (jsc#SLE-7294). - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294). - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510). - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510). - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934). - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510). - crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510). - cx82310_eth: fix a memory leak bug (bsc#1051510). - devres: always use dev_name() in devm_ioremap_resource() (git fixes). - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333). - dm btree: fix order of block initialization in btree_split_beneath (git fixes). - dm bufio: fix deadlock with loop device (git fixes). - dm cache metadata: Fix loading discard bitset (git fixes). - dm crypt: do not overallocate the integrity tag space (git fixes). - dm crypt: fix parsing of extended IV arguments (git fixes). - dm delay: fix a crash when invalid device is specified (git fixes). - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes). - dm integrity: limit the rate of error messages (git fixes). - dm kcopyd: always complete failed jobs (git fixes). - dm log writes: make sure super sector log updates are written in order (git fixes). - dm raid: add missing cleanup in raid_ctr() (git fixes). - dm space map metadata: fix missing store of apply_bops() return value (git fixes). - dm table: fix invalid memory accesses with too high sector number (git fixes). - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes). - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes). - dm thin: fix passdown_double_checking_shared_status() (git fixes). - dm zoned: Fix zone report handling (git fixes). - dm zoned: Silence a static checker warning (git fixes). - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes). - dm zoned: fix zone state management race (git fixes). - dm zoned: improve error handling in i/o map code (git fixes). - dm zoned: improve error handling in reclaim (git fixes). - dm zoned: properly handle backing device failure (git fixes). - dm: fix to_sector() for 32bit (git fixes). - dm: revert 8f50e358153d ('dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE') (git fixes). - dma-buf: balance refcount inbalance (bsc#1051510). - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510). - documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510). - documentation: Add nospectre_v1 parameter (bsc#1051510). - driver core: Fix use-after-free and double free on glue directory (bsc#1131281). - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510). - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642) - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510). - drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510). - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642) - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635) - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510). - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635) - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635) - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635) - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642) - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642) - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642) - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642) - drm/mediatek: fix unbind functions (bsc#1135642) - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635) - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642) - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635) - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635) - drm/msm: Depopulate platform on probe failure (bsc#1051510). - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635) - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510). - drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1142635) - drm/udl: introduce a macro to convert dev to udl. (bsc#1113722) - drm/udl: move to embedding drm device inside udl device. (bsc#1113722) - drm/virtio: Add memory barriers for capset cache (bsc#1051510). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642) - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642) - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510). - drm: msm: Fix add_gpu_components (bsc#1051510). - drm: silence variable 'conn' set but not used (bsc#1051510). - eCryptfs: fix a couple type promotion bugs (bsc#1051510). - edac: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279). - efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510). - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510). - ext4: use jbd2_inode dirty range scoping (bsc#1148616). - firmware: raspberrypi: register clk device (jsc#SLE-7294). - firmware: ti_sci: Always request response from firmware (bsc#1051510). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333). - fix struct ufs_req removal of unused field (git-fixes). - fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333). - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333). - fs/cifs/smb2pdu.c: fix buffer free in smb2_ioctl_free (bsc#1144333). - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333). - fs/cifs: fix uninitialised variable warnings (bsc#1144333). - fs/cifs: require sha512 (bsc#1051510, bsc#1144333). - fs/cifs: suppress a string overflow warning (bsc#1144333). - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031). - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333). - fs: cifs: Kconfig: pedantic formatting (bsc#1144333). - fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333). - fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333). - fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033). - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510). - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418). - ftrace: Check for successful allocation of hash (bsc#1149424). - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413). - gpio: Fix build error of function redefinition (bsc#1051510). - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510). - gpio: mxs: Get rid of external API call (bsc#1051510). - gpio: omap: ensure irq is enabled before wakeup (bsc#1051510). - gpio: pxa: handle corner case of unprobed device (bsc#1051510). - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510). - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635) - hid: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510). - hid: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510). - hid: cp2112: prevent sleeping function called from invalid context (bsc#1051510). - hid: hiddev: avoid opening a disconnected device (bsc#1051510). - hid: hiddev: do cleanup in failure of opening a device (bsc#1051510). - hid: holtek: test for sanity of intfdata (bsc#1051510). - hid: sony: Fix race condition between rumble and device remove (bsc#1051510). - hid: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635). - hid: wacom: correct misreported EKR ring values (bsc#1142635). - hid: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510). - hpet: Fix division by zero in hpet_time_div() (bsc#1051510). - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510). - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510). - i2c: emev2: avoid race when unregistering slave client (bsc#1051510). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510). - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510). - ib/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678). - ibmveth: Convert multicast list size for little-endian system (bsc#1061843). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25). - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510). - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510). - iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510). - include/linux/bitops.h: sanitize rotate primitives (git fixes). - input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510). - input: alps - fix a mismatch between a condition check and its comment (bsc#1051510). - input: iforce - add sanity checks (bsc#1051510). - input: kbtab - sanity check for endpoint type (bsc#1051510). - input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510). - input: synaptics - whitelist Lenovo T580 smbus intertouch (bsc#1051510). - input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510). - intel_th: pci: Add Ice Lake NNPI support (bsc#1051510). - intel_th: pci: Add Tiger Lake support (bsc#1051510). - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510). - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010). - iommu/amd: Fix race in increase_address_space() (bsc#1150860). - iommu/amd: Flush old domains in kdump kernel (bsc#1150861). - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105). - iommu/dma: Handle SG length overflow better (bsc#1146084). - ipip: validate header length in ipip_tunnel_xmit (git-fixes). - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25). - irqchip/gic-v3-its: fix build warnings (bsc#1144880). - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510). - isdn: hfcsusb: checking idx of ep configuration (bsc#1051510). - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510). - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086). - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510). - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902). - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). Patch needed to be adjusted, because our tree does not have the global variable IWL_FW_ERROR_DUMP_PAGING - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version < 41 (bsc#1142635). - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510). - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635). - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843). - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616). - kABI: Fix kABI for 'struct amd_iommu' (bsc#1145010). - kasan: remove redundant initialization of variable 'real_size' (git fixes). - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510). - keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510). - kvm/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021). - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882). - kvm: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021). - kvm: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388). - kvm: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408). - kvm: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840). - kvm: Reject device ioctls from processes other than the VM's creator (bsc#1133021). - kvm: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393). - kvm: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395). - kvm: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: arm/arm64: Close VMID generation race (bsc#1133021). - kvm: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1133021). - kvm: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021). - kvm: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021). - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021). - kvm: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021). - kvm: arm/arm64: Skip updating PMD entry if no change (bsc#1133021). - kvm: arm/arm64: Skip updating PTE entry if no change (bsc#1133021). - kvm: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021). - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021). - kvm: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021). - kvm: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021). - kvm: mmu: Fix overlap between public and private memslots (bsc#1133021). - kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391). - kvm: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392). - kvm: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389). - kvm: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390). - kvm: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397). - kvm: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104). - kvm: x86: Unconditionally enable irqs in guest context (bsc#1145396). - kvm: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409). - kvm: x86: fix backward migration with async_PF (bsc#1146074). - lan78xx: Fix memory leaks (bsc#1051510). - libata: add SG safety checks in SFF pio transfers (bsc#1051510). - libata: do not request sense data on !ZAC ATA devices (bsc#1051510). - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510). - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450). - libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: handle zero-length data items (bsc#1141450). - libceph: introduce BVECS data type (bsc#1141450). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph: use single request data item for cmp/setxattr (bsc#1139101). - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720). - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510). - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes). - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510). - mac80211: do not warn about CW params when not using them (bsc#1051510). - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635). - mac80211: fix possible sta leak (bsc#1051510). - macsec: fix checksumming after decryption (bsc#1051510). - macsec: fix use-after-free of skb during RX (bsc#1051510). - macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510). - macsec: update operstate when lower device changes (bsc#1051510). - mailbox: handle failed named mailbox channel request (bsc#1051510). - md/raid: fix invalid stored role for a disk (bsc#1143765). - md/raid: raid5 preserve the writeback action after the parity check (git fixes). - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes). - media: au0828: fix null dereference in error path (bsc#1051510). - media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510). - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510). - media: coda: fix mpeg2 sequence number handling (bsc#1051510). - media: coda: increment sequence offset for the last returned frame (bsc#1051510). - media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510). - media: hdpvr: fix locking and a missing msleep (bsc#1051510). - media: media_device_enum_links32: clean a reserved field (bsc#1051510). - media: pvrusb2: use a different format for warnings (bsc#1051510). - media: spi: IR LED: add missing of table registration (bsc#1051510). - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510). - media: vpss: fix a potential NULL pointer dereference (bsc#1051510). - media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510). - mfd: arizona: Fix undefined behavior (bsc#1051510). - mfd: core: Set fwnode for created devices (bsc#1051510). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510). - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875). - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality). - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality). - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality). - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality). - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality). - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality). - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality). - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality). - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality). - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality). - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689). - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality). - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616). - mm: do not stall register_shrinker() (bsc#1104902, VM Performance). - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality). - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510). - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510). - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510). - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510). - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875). - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875). - move a few externs to smbdirect.h to eliminate warning (bsc#1144333). - move core networking kabi patches to the end of the section - move irq_data_get_effective_affinity_mask prior the sorted section - mpls: fix warning with multi-label encap (bsc#1051510). - nbd: replace kill_bdev() with __invalidate_device() again (git fixes). - net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25). - net: Fix netdev_WARN_ONCE macro (git-fixes). - net: Introduce netdev_*_once functions (networking-stable-19_07_25). - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25). - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25). - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021). - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021). - net: ena: add good checksum counter (bsc#1139020 bsc#1139021). - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021). - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021). - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021). - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021). - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021). - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021). - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021). - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021). - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021). - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021). - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021). - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25). - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25). - net: openvswitch: fix csum updates for MPLS actions (networking-stable-19_07_25). - net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02). - net: sched: verify that q!=NULL before setting q->flags (git-fixes). - net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02). - net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02). - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25). - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25). - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25). - nfc: fix potential illegal memory access (bsc#1051510). - nfs: Cleanup if nfs_match_client is interrupted (bsc#1134291). - nfs: Fix a double unlock from nfs_match,get_client (bsc#1134291). - nfs: Fix the inode request accounting when pages have subrequests (bsc#1140012). - nfs: make nfs_match_client killable (bsc#1134291). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes). - nvme-core: Fix extra device_put() call on error path (bsc#1142541). - nvme-fc: fix module unloads while lports still pending (bsc#1150033). - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554). - nvme-multipath: relax ANA state check (bsc#1123105). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876). - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076). - nvme: cancel request synchronously (bsc#1145661). - nvme: change locking for the per-subsystem controller list (bsc#1142541). - nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426) - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938). - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302). - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300). - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510). - pci: PM/acpi: Refresh all stale power state data in pci_pm_complete() (bsc#1149106). - pci: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841). - pci: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701). - pci: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635). - pci: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635). - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510). - pinctrl: pistachio: fix leaked of_node references (bsc#1051510). - pinctrl: rockchip: fix leaked of_node references (bsc#1051510). - pm / OPP: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294). - pm / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813). - pm / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813). - power: xive support (bsc#1085030, bsc#1144518, LTC#178833). - powerpc/64s: Include cpu header (bsc#1065729). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes). - powerpc/fadump: Do not allow hot-remove memory from fadump reserved area (bsc#1120937). - powerpc/fadump: Reservationless firmware assisted dump (bsc#1120937). - powerpc/fadump: Throw proper error message on fadump registration failure (bsc#1120937). - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376). - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600). - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729). - powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509). - powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509). - powerpc/mm: Handle page table allocation failures (bsc#1065729). - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686). - powerpc/perf: Add mem access events to sysfs (bsc#1124370). - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686). - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686). - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686). - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729). - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes). - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958). - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958). - powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes). - powerpc/pseries: add missing cpumask.h include file (bsc#1065729). - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925). - powerpc/rtas: use device model APIs and serialization during Lpm (bsc#1144123 ltc#178840). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762). - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019). - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019). - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764). - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958). - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len & size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450). - rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450). - rbd: get rid of img_req->copyup_pages (bsc#1141450). - rbd: move from raw pages to bvec data descriptors (bsc#1141450). - rbd: remove bio cloning helpers (bsc#1141450). - rbd: start enums at 1 instead of 0 (bsc#1141450). - rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450). - regmap: fix bulk writes on paged registers (bsc#1051510). - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510). - rpm/kernel-binary.spec.in: Enable missing modules check. - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510). - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510). - rpmsg: smd: fix memory leak on channel create (bsc#1051510). - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510). - rslib: Fix decoding of shortened codes (bsc#1051510). - rslib: Fix handling of of caller provided syndrome (bsc#1051510). - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510). - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25). - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339). - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331). - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339). - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339). - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339). - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339). - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339). - s390/zcrypt: Fix wrong dispatching for control domain CPRBs (bsc#1137811 LTC#178088). - samples, bpf: fix to change the buffer size for read() (bsc#1051510). - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510). - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510). - scripts/gdb: fix lx-version string output (bsc#1051510). - scripts/git_sort/git_sort.py: - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes). - scsi: aacraid: Fix missing break in switch statement (git-fixes). - scsi: aacraid: Fix performance issue on logical drives (git-fixes). - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes). - scsi: aic94xx: fix module loading (git-fixes). - scsi: bfa: convert to strlcpy/strlcat (git-fixes). - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes). - scsi: core: Fix race on creating sense cache (git-fixes). - scsi: core: Synchronize request queue pm status only on successful resume (git-fixes). - scsi: core: set result when the command cannot be dispatched (git-fixes). - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868). - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes). - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes. - scsi: fas216: fix sense buffer initialization (git-fixes). - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes). - scsi: libfc: fix null pointer dereference on a null lport (git-fixes). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes). - scsi: libsas: delete sas port if expander discover failed (git-fixes). - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes). - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes). - scsi: megaraid: fix out-of-bound array accesses (git-fixes). - scsi: megaraid_sas: Fix calculation of target ID (git-fixes). - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976). - scsi: qedf: Add shutdown callback handler (bsc#1149976). - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976). - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976). - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976). - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976). - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976). - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976). - scsi: qedf: Print message during bailout conditions (bsc#1149976). - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976). - scsi: qedf: Update module description string (bsc#1149976). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976). - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976). - scsi: qedf: Use discovery list to traverse rports (bsc#1149976). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes). - scsi: qedf: remove set but not used variables (bsc#1149976). - scsi: qedi: remove declaration of nvm_image from stack (git-fixes). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes). - scsi: qla2xxx: Fix a format specifier (git-fixes). - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes). - scsi: qla2xxx: Fix device staying in blocked state (git-fixes). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes). - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes). - scsi: qla2xxx: Update two source code comments (git-fixes). - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes). - scsi: raid_attrs: fix unused variable warning (git-fixes). - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes). - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes). - scsi: sd: Fix cache_type_store() (git-fixes). - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes). - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes). - scsi: sd: use mempool for discard special page (git-fixes). - scsi: sd_zbc: Fix potential memory leak (git-fixes). - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes). - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes). - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes). - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes). - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes). - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes). - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes). - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes). - sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02). - serial: 8250: Fix TX interrupt handling condition (bsc#1051510). - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333). - sis900: fix TX completion (bsc#1051510). - sky2: Disable MSI on ASUS P6T (bsc#1142496). - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333). - smb2: fix typo in definition of a few error flags (bsc#1144333). - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333). - smb3 - clean up debug output displaying network interfaces (bsc#1144333). - smb3.1.1 dialect is no longer experimental (bsc#1051510, bsc#1144333). - smb3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333). - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - smb311: Fix reconnect (bsc#1051510, bsc#1144333). - smb311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333). - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333). - smb3: Add defines for new negotiate contexts (bsc#1144333). - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333). - smb3: Add ftrace tracepoints for improved smb3 debugging (bsc#1144333). - smb3: Add handling for different FSCTL access flags (bsc#1144333). - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333). - smb3: Add protocol structs for change notify support (bsc#1144333). - smb3: Add smb3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333). - smb3: Add support for multidialect negotiate (smb2.1 and later) (bsc#1051510, bsc#1144333). - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333). - smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333). - smb3: Allow query of symlinks stored as reparse points (bsc#1144333). - smb3: Allow smb3 FSCTL queries to be sent to server from tools (bsc#1144333). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing from compounded ops (bsc#1144333). - smb3: Clean up query symlink when reparse point (bsc#1144333). - smb3: Cleanup license mess (bsc#1144333). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333). - smb3: Do not send smb3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333). - smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333). - smb3: Fix endian warning (bsc#1144333, bsc#1137884). - smb3: Fix enumerating snapshots to Azure (bsc#1144333). - smb3: Fix length checking of smb3.11 negotiate request (bsc#1051510, bsc#1144333). - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333). - smb3: Fix potential memory leak when processing compound chain (bsc#1144333). - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333). - smb3: Fix smb3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333). - smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333). - smb3: Log at least once if tree connect fails during reconnect (bsc#1144333). - smb3: Number of requests sent should be displayed for smb3 not just cifs (bsc#1144333). - smb3: Send netname context during negotiate protocol (bsc#1144333). - smb3: Track total time spent on roundtrips for each smb3 command (bsc#1144333). - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333). - smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333). - smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333). - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333). - smb3: add credits we receive from oplock/break PDUs (bsc#1144333). - smb3: add debug for unexpected mid cancellation (bsc#1144333). - smb3: add define for id for posix create context and corresponding struct (bsc#1144333). - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333). - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333). - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333). - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333). - smb3: add missing read completion trace point (bsc#1144333). - smb3: add module alias for smb3 to cifs.ko (bsc#1144333). - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333). - smb3: add reconnect tracepoints (bsc#1144333). - smb3: add smb3.1.1 to default dialect list (bsc#1144333). - smb3: add support for posix negotiate context (bsc#1144333). - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333). - smb3: add trace point for tree connection (bsc#1144333). - smb3: add tracepoint for sending lease break responses to server (bsc#1144333). - smb3: add tracepoint for session expired or deleted (bsc#1144333). - smb3: add tracepoint for slow responses (bsc#1144333). - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333). - smb3: add tracepoints for query dir (bsc#1144333). - smb3: add tracepoints for smb2/smb3 open (bsc#1144333). - smb3: add way to control slow response threshold for logging and stats (bsc#1144333). - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333). - smb3: allow posix mount option to enable new smb311 protocol extensions (bsc#1144333). - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333). - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333). - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333). - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333). - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333). - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333). - smb3: display session id in debug data (bsc#1144333). - smb3: display stats counters for number of slow commands (bsc#1144333). - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333). - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333). - smb3: do not display confusing message on mount to Azure servers (bsc#1144333). - smb3: do not display empty interface list (bsc#1144333). - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333). - smb3: do not send compression info by default (bsc#1144333). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333). - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333). - smb3: fix bytes_read statistics (bsc#1144333). - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333). - smb3: fix large reads on encrypted connections (bsc#1144333). - smb3: fix lease break problem introduced by compounding (bsc#1144333). - smb3: fix minor debug output for CONFIG_cifs_STATS (bsc#1144333). - smb3: fix redundant opens on root (bsc#1144333). - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333). - smb3: fix various xid leaks (bsc#1051510, bsc#1144333). - smb3: for kerberos mounts display the credential uid used (bsc#1144333). - smb3: handle new statx fields (bsc#1085536, bsc#1144333). - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333). - smb3: if server does not support posix do not allow posix mount option (bsc#1144333). - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333). - smb3: increase initial number of credits requested to allow write (bsc#1144333). - smb3: make default i/o size for smb3 mounts larger (bsc#1144333). - smb3: minor cleanup of compound_send_recv (bsc#1144333). - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333). - smb3: minor missing defines relating to reparse points (bsc#1144333). - smb3: missing defines and structs for reparse point handling (bsc#1144333). - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333). - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333). - smb3: optimize open to not send query file internal info (bsc#1144333). - smb3: passthru query info does not check for smb3 FSCTL passthru (bsc#1144333). - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333). - smb3: query inode number on open via create context (bsc#1144333). - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333). - smb3: remove per-session operations from per-tree connection stats (bsc#1144333). - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333). - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333). - smb3: request more credits on tree connect (bsc#1144333). - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333). - smb3: send CAP_DFS capability during session setup (bsc#1144333). - smb3: send backup intent on compounded query info (bsc#1144333). - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333). - smb3: simplify code by removing CONFIG_cifs_smb311 (bsc#1051510, bsc#1144333). - smb3: smbdirect no longer experimental (bsc#1144333). - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333). - smb3: track the instance of each session for debugging (bsc#1144333). - smb3: trivial cleanup to smb2ops.c (bsc#1144333). - smb3: update comment to clarify enumerating snapshots (bsc#1144333). - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333). - smb: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333). - smb: address lock imbalance warnings in smbdirect.c (bsc#1144333). - smb: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333). - smb: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333). - smbd: Make upper layer decide when to destroy the transport (bsc#1144333). - smpboot: Place the __percpu annotation correctly (git fixes). - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813). - sound: fix a memory leak bug (bsc#1051510). - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510). - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510). - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510). - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510). - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510). - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510). - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Remove duplicate drivers/ata/libahci_platform - supported.conf: Sort alphabetically, align comments. - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25). - test_firmware: fix a memory leak bug (bsc#1051510). - tipc: change to use register_pernet_device (networking-stable-19_07_02). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555). - tpm: Fix Tpm 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555). - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555). - tpm: Unify the send callback behaviour (bsc#1082555). - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555). - tracing: Fix header include guards in trace event headers (bsc#1144474). - treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333). - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510). - tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510). - tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510). - tty: serial: msm_serial: avoid system lockup condition (bsc#1051510). - tua6100: Avoid build warnings (bsc#1051510). - tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02). - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617). - update internal version number for cifs.ko (bsc#1144333). - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510). - usb: CDC: fix sanity checks in CDC union parser (bsc#1142635). - usb: Handle USB3 remote wakeup for Lpm enabled devices correctly (bsc#1051510). - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635). - usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510). - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510). - usb: core: Fix races in character device registration and deregistraion (bsc#1051510). - usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510). - usb: gadget: composite: Clear 'suspended' on reset/disconnect (bsc#1051510). - usb: gadget: udc: renesas_usb3: Fix sysfs interface of 'role' (bsc#1142635). - usb: host: fotg2: restart hcd after port reset (bsc#1051510). - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510). - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510). - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510). - usb: iowarrior: fix deadlock on disconnect (bsc#1051510). - usb: serial: option: Add Motorola modem UARTs (bsc#1051510). - usb: serial: option: Add support for ZTE MF871A (bsc#1051510). - usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510). - usb: serial: option: add the BroadMobi BM818 card (bsc#1051510). - usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510). - usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510). - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510). - usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510). - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510). - vfs: fix page locking deadlocks when deduping files (bsc#1148619). - vmci: Release resource if the work is already queued (bsc#1051510). - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25). - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510). - watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510). - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510). - watchdog: fix compile time error of pretimeout governors (bsc#1051510). - wimax/i2400m: fix a memory leak bug (bsc#1051510). - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279). - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689). - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279). - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279). - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279). - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279). - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600). - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix bucket count reported to userspace (bsc#1143300). - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300). - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035). - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053). - xfs: dump transaction usage details on log reservation overrun (bsc#1145235). - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235). - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032). - xfs: fix semicolon.cocci warnings (bsc#1145235). - xfs: fix up agi unlinked list reservations (bsc#1145235). - xfs: include an allocfree res for inobt modifications (bsc#1145235). - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235). - xfs: print transaction log reservation on overrun (bsc#1145235). - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235). - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235). - xfs: remove more ondisk directory corruption asserts (bsc#1148034). - xfs: separate shutdown from ticket reservation print helper (bsc#1145235). - xfs: truncate transaction does not modify the inobt (bsc#1145235). ----------------------------------------- Patch: SUSE-2019-2421 Released: Fri Sep 20 16:36:29 2019 Summary: Recommended update for python-urllib3 Severity: moderate References: 1150895 Description: This update for python-urllib3 fixes the following issues: - Add missing dependency on python-six (bsc#1150895) ----------------------------------------- Patch: SUSE-2019-2423 Released: Fri Sep 20 16:41:45 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1146866,SLE-9132 Description: This update for aaa_base fixes the following issues: Added sysctl.d/51-network.conf to tighten network security (bsc#1146866) (jira#SLE-9132) Following settings have been tightened (and set to 0): - net.ipv4.conf.all.accept_redirects - net.ipv4.conf.default.accept_redirects - net.ipv4.conf.default.accept_source_route - net.ipv6.conf.all.accept_redirects - net.ipv6.conf.default.accept_redirects ----------------------------------------- Patch: SUSE-2019-2429 Released: Mon Sep 23 09:28:40 2019 Summary: Security update for expat Severity: moderate References: 1149429,CVE-2019-15903 Description: This update for expat fixes the following issues: Security issues fixed: - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. (bsc#1149429) ----------------------------------------- Patch: SUSE-2019-2433 Released: Mon Sep 23 11:33:59 2019 Summary: Recommended update for crmsh Severity: moderate References: 1093564,1116559,1120554,1120555,1120587,1123187,1129380,1129383,1129719,1130715,1135696 Description: This update for crmsh contains the following fixes: Specific hb_report issues fixed: - Collect output of 'sbd dump' and 'sbd list'. (bsc#1129383) - Using Tempfile class to manage tempfiles. - Handle UnicodeDecodeError on special position. (bsc#1130715) - Analysis.txt includes warning, error, critical messages. (bsc#1135696) Update from 4.0.0+git.1542103310.dd114188 to version 4.0.0+git.1553262403.5da14dfa5 includes: * Add timestamp for DEBUG messages. (bsc#1129380) * Check if command and related files exists. (bsc#1129719) * Add 'promotable', 'promoted-max' and 'promoted-node-max' constants in clone meta attributes. * Fix #425 The ID attribute is not required for select and select_attributes. * Set kind for order constraints, not score. (bsc#1123187) * low: utils: add support for dpkg. * low: utils: add support for apt-get. * low: utils: convert string contstants to bytes. * Warning messages start with like 'WARNING:' instead of '!'. (bsc#1120587, bsc#1120586) * crmsh crashed when using configure->template->apply. (bsc#1120554, bsc#1120555) * Increase log level for verification. (bsc#1116559) * Fix UnicodeEncodeError while print. (bsc#1093564) ----------------------------------------- Patch: SUSE-2019-2434 Released: Mon Sep 23 11:34:07 2019 Summary: Recommended update for sbd Severity: moderate References: 1128059,1134496,1140065,SOC-8774 Description: This update for sbd fixes the following issues: - sbd-cluster: Fix 100% CPU usage when CMAP connection is lost. (bsc#1140065, SOC-8774) - Update to version 1.4.0+20190514.e9be8d9: - sbd-inquisitor: Avoid flooding logs with messages that hint the default/configured timeout action. (bsc#1134496) - Update to version 1.4.0+20190416.5e3283c: - sbd-inquisitor: Overhaul device-list-parser. - sbd-inquisitor: Free timeout action on bail out. - sbd-md: Prevent unrealistic overflow on sector io calc. - Update to version 1.4.0+20190326.c38c5e6: - sbd-pacemaker: Bail out of status earlier. - sbd-pacemaker: Make handling of cib-connection loss more robust. - Update to version 1.4.0+20190311.0159a3c: - sbd-cluster: Finalize CMAP connection if disconnected from cluster. (bsc#1128059) - Update from 1.4.0+20190123.1829c40 to version 1.4.0+20190201.f949aa8: - Fail earlier on invalid servants. ----------------------------------------- Patch: SUSE-2019-2466 Released: Wed Sep 25 23:24:08 2019 Summary: Recommended update for SAPHanaSR Severity: important References: 1082974,1101373,1133024,1133866,1134106,1139715,1149829 Description: This update for SAPHanaSR fixes the following issues: - Fixes a bug where an attribute was not correctly set for remoteNode (bsc#1082974) - Does no longer set attributes to prevent unlogged failovers because of empty or unknown attributes (bsc#1134106, bsc#1133024, bsc#1101373) - Will now return $OCF_RUNNING_MASTER (8) instead of $OCF_SUCCESS (0) when probing a promoted node (bsc#1133866) - Using crm-attributes written by a SAP HANA SR provider hook does improve the data integrity in special error conditions with multiple errors coming in a short time frame (bsc#1139715) - Fix a typo in a condition statement that was breaking SAPHanaSR-monitor output. (bnc#1149829) ----------------------------------------- Patch: SUSE-2019-2473 Released: Thu Sep 26 10:02:03 2019 Summary: Security update for nghttp2 Severity: moderate References: 1112438,1125689,1134616,1146182,1146184,CVE-2019-9511,CVE-2019-9513 Description: This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#11461). Bug fixes and enhancements: - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Feature: Add W&S module (FATE#326776, bsc#1112438) ----------------------------------------- Patch: SUSE-2019-2476 Released: Thu Sep 26 12:09:30 2019 Summary: Recommended update for pacemaker Severity: important References: 1140519 Description: This update for pacemaker fixes the following issues: - Run main loop for crm_resource clean-up with resource. (bsc#1140519) ----------------------------------------- Patch: SUSE-2019-2486 Released: Sat Sep 28 10:06:09 2019 Summary: Recommended update for ucode-intel Severity: moderate References: 1138185,1151232 Description: This update for ucode-intel fixes the following issues: The Intel CPU Microcode was updated to the 20190918 bugfix release (bsc#1151232 bsc#1138185): Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ BDW-U/Y E0/F0 6-3d-4/c0 0000002d->0000002e Core Gen5 HSX-EX E0 6-3f-4/80 00000014->00000016 Xeon E7 v3 BDW-H/E3 E0/G0 6-47-1/22 00000020->00000021 Core Gen5 BDX-ML B0/M0/R0 6-4f-1/ef 0b000036->0b000038 Xeon E5/E7 v4; Core i7-69xx/68xx BDX-DE V1 6-56-2/10 0000001a->0000001c Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000017->07000019 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000015->0f000017 Xeon D-1557/59/67/71/77/81/87 BDX-NS A0 6-56-5/10 0e00000d->0e00000f Xeon D-1513N/23/33/43/53 SKX-SP H0/M0/U0 6-55-4/b7 0200005e->00000064 Xeon Scalable SKX-D M1 6-55-4/b7 0200005e->00000064 Xeon D-21xx CLX-SP B1 6-55-7/bf 05000021->0500002b Xeon Scalable Gen2 ----------------------------------------- Patch: SUSE-2019-2517 Released: Wed Oct 2 10:49:20 2019 Summary: Security update for libseccomp Severity: moderate References: 1082318,1128828,1142614,CVE-2019-9893 Description: This update for libseccomp fixes the following issues: Security issues fixed: - CVE-2019-9893: An incorrect generation of syscall filters in libseccomp was fixed (bsc#1128828) libseccomp was updated to new upstream release 2.4.1: - Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. libseccomp was updated to 2.4.0 (bsc#1128828 CVE-2019-9893): - Update the syscall table for Linux v5.0-rc5 - Added support for the SCMP_ACT_KILL_PROCESS action - Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute - Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension - Added support for the parisc and parisc64 architectures - Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) - Return -EDOM on an endian mismatch when adding an architecture to a filter - Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() - Fix PFC generation when a syscall is prioritized, but no rule exists - Numerous fixes to the seccomp-bpf filter generation code - Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 - Numerous tests added to the included test suite, coverage now at ~92% - Update our Travis CI configuration to use Ubuntu 16.04 - Numerous documentation fixes and updates libseccomp was updated to release 2.3.3: - Updated the syscall table for Linux v4.15-rc7 ----------------------------------------- Patch: SUSE-2019-2518 Released: Wed Oct 2 12:21:56 2019 Summary: Recommended update for shim Severity: moderate References: 1118363,1145676 Description: This update for shim fixes the following issues: - Update shim-install to specify the target for grub2-install and change the boot efi file name according to the architecture (FATE#325971, bsc#1145676) ----------------------------------------- Patch: SUSE-2019-2526 Released: Wed Oct 2 17:36:34 2019 Summary: Recommended update for SUSEConnect Severity: moderate References: 1143635 Description: This update for SUSEConnect provides the following fix: - Fix getting the list of installed products when zypper plugins are present. (bsc#1143635) ----------------------------------------- Patch: SUSE-2019-2533 Released: Thu Oct 3 15:02:50 2019 Summary: Security update for sqlite3 Severity: moderate References: 1150137,CVE-2019-16168 Description: This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). ----------------------------------------- Patch: SUSE-2019-2545 Released: Thu Oct 3 17:21:49 2019 Summary: Security update for MozillaFirefox Severity: important References: 1109465,1117473,1123482,1124525,1133810,1138688,1140868,1141322,1145665,1149292,1149293,1149294,1149295,1149296,1149297,1149298,1149299,1149302,1149303,1149304,1149323,CVE-2019-11710,CVE-2019-11714,CVE-2019-11716,CVE-2019-11718,CVE-2019-11720,CVE-2019-11721,CVE-2019-11723,CVE-2019-11724,CVE-2019-11725,CVE-2019-11727,CVE-2019-11728,CVE-2019-11733,CVE-2019-11735,CVE-2019-11736,CVE-2019-11738,CVE-2019-11740,CVE-2019-11742,CVE-2019-11743,CVE-2019-11744,CVE-2019-11746,CVE-2019-11747,CVE-2019-11748,CVE-2019-11749,CVE-2019-11750,CVE-2019-11751,CVE-2019-11752,CVE-2019-11753,CVE-2019-9811,CVE-2019-9812 Description: This update for MozillaFirefox to 68.1 fixes the following issues: Security issues fixed: - CVE-2019-9811: Fixed a sandbox escape via installation of malicious language pack. (bsc#1140868) - CVE-2019-9812: Fixed a sandbox escape through Firefox Sync. (bsc#1149294) - CVE-2019-11710: Fixed several memory safety bugs. (bsc#1140868) - CVE-2019-11714: Fixed a potentially exploitable crash in Necko. (bsc#1140868) - CVE-2019-11716: Fixed a sandbox bypass. (bsc#1140868) - CVE-2019-11718: Fixed inadequate sanitation in the Activity Stream component. (bsc#1140868) - CVE-2019-11720: Fixed a character encoding XSS vulnerability. (bsc#1140868) - CVE-2019-11721: Fixed a homograph domain spoofing issue through unicode latin 'kra' character. (bsc#1140868) - CVE-2019-11723: Fixed a cookie leakage during add-on fetching across private browsing boundaries. (bsc#1140868) - CVE-2019-11724: Fixed an outdated permission, granting access to retired site input.mozilla.org. (bsc#1140868) - CVE-2019-11725: Fixed a Safebrowsing bypass involving WebSockets. (bsc#1140868) - CVE-2019-11727: Fixed a vulnerability where it possible to force NSS to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. (bsc#1141322) - CVE-2019-11728: Fixed an improper handling of the Alt-Svc header that allowed remote port scans. (bsc#1140868) - CVE-2019-11733: Fixed an insufficient protection of stored passwords in 'Saved Logins'. (bnc#1145665) - CVE-2019-11735: Fixed several memory safety bugs. (bnc#1149293) - CVE-2019-11736: Fixed a file manipulation and privilege escalation in Mozilla Maintenance Service. (bnc#1149292) - CVE-2019-11738: Fixed a content security policy bypass through hash-based sources in directives. (bnc#1149302) - CVE-2019-11740: Fixed several memory safety bugs. (bsc#1149299) - CVE-2019-11742: Fixed a same-origin policy violation involving SVG filters and canvas to steal cross-origin images. (bsc#1149303) - CVE-2019-11743: Fixed a timing side-channel attack on cross-origin information, utilizing unload event attributes. (bsc#1149298) - CVE-2019-11744: Fixed an XSS caused by breaking out of title and textarea elements using innerHTML. (bsc#1149304) - CVE-2019-11746: Fixed a use-after-free while manipulating video. (bsc#1149297) - CVE-2019-11752: Fixed a use-after-free while extracting a key value in IndexedDB. (bsc#1149296) - CVE-2019-11753: Fixed a privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (bsc#1149295) Non-security issues fixed: - Latest update now also released for s390x. (bsc#1109465) - Fixed a segmentation fault on s390vsl082. (bsc#1117473) - Fixed a crash on SLES15 s390x. (bsc#1124525) - Fixed a segmentation fault. (bsc#1133810) ----------------------------------------- Patch: SUSE-2019-2550 Released: Fri Oct 4 13:17:15 2019 Summary: Security update for bind Severity: important References: 1118367,1118368,1138687,CVE-2019-6471 Description: This update for bind fixes the following issues: Security issue fixed: - CVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687) Non-security issue fixed: - bind will no longer rely on /etc/insserv.conf (bsc#1118367, bsc#1118368) ----------------------------------------- Patch: SUSE-2019-2561 Released: Fri Oct 4 14:09:56 2019 Summary: Security update for openssl-1_0_0 Severity: moderate References: 1131291,1150003,1150250,CVE-2019-1547,CVE-2019-1563 Description: This update for openssl-1_0_0 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) In addition fixed invalid curve attacks by validating that an EC point lies on the curve (bsc#1131291). ----------------------------------------- Patch: SUSE-2019-2629 Released: Fri Oct 11 16:11:06 2019 Summary: Recommended update for multipath-tools Severity: moderate References: 1149313,1149319,1151502 Description: This update for multipath-tools fixes the following issues: - Fix premature path reinstantiation with san_path_err_XX. (bsc#1149319) - Make lazy tpgs probing work again. (bsc#1149313) - libmultipath: Fix logic in should_multipath (bsc#1151502) ----------------------------------------- Patch: SUSE-2019-2631 Released: Fri Oct 11 17:05:27 2019 Summary: Recommended update for drbd-utils Severity: moderate References: 1037109,1064402,1115606,1145296 Description: This update for drbd-utils contains the following fixes: - Fix the wrong return code with cib_apply_diff. (bsc#1145296) - Update to new upstream release 9.6.0. (bsc#1115606) * usage-count: also count notty users if possible. * drbd-overview: remove it, we have drbdtop/drbdmon. saves all the Perl deps. * drbdmon: update frequency limiting, debug log for drbdevents, use altbuffer,... * drbdsetup show: on 9 allow json output. mainly used in our CI, don't expect a stable field names yet. * drbdsetup status: on 9 fix json output to not include NaN/Infinity * allow higher resync rates: first customers hit a limit. this requires an updated kernel module as well (e.g., 9.0.16) * init: fix some 8-only leftovers (sh-b-pri), sanitize the retry logic * doc: document various 9 features that got forgotten (e.g., quorum-lost) * build: various small fixes that popped up while playing with meson - Update to 9.5.0 * drbdmon: allow to start in problems view (--problems) * drbdadm,v9: fix always failing stacked handlers from kernel * drbdadm,v9: adjust now hands over the information that a diskfull->diskless change was intentional. * drbdadm,v9: adjust verifies now IPs - Update to 9.4.0 * drbdmeta: don't exit with negative return codes * usage counts: only register if we know driver version * drbdsetup,v9: expose detailed verify/resync statistics * drbdsetup,v9,json: saner types for client/peer-client/quorum on --json * drbdsetup,v9: expose client/peer-client in status if !isatty() - Including fix for SLE12SP3: * Remove hardcoded local5 of logfacility. (bsc#1064402) * drbdmeta does not propagate full bitmap. (bsc#1037109) ----------------------------------------- Patch: SUSE-2019-2632 Released: Fri Oct 11 17:07:49 2019 Summary: Recommended update for libzypp, zypper Severity: moderate References: 1049825,1116995,1139795,1140039,1145521,1146027 Description: This update for libzypp, zypper fixes the following issues: - Fix leaking filedescriptors in MediaCurl. (bsc#1116995) - Run file conflict check on dry-run. (bsc#1140039) - Do not remove orphan products if the .prod file is owned by a package. (bsc#1139795) - Rephrase file conflict check summary. (bsc#1140039) - Fix bash completions option detection. (bsc#1049825) - Fixes a bug where zypper exited on SIGPIPE when downloading packages (bsc#1145521) - Fixes an issue where zypper exited with a segmentation fault when updating via YaST2 (bsc#1146027) ----------------------------------------- Patch: SUSE-2019-2639 Released: Fri Oct 11 17:09:37 2019 Summary: Recommended update for NetworkManager Severity: moderate References: 1074074,1146935 Description: This update for NetworkManager fixes the following issues: - Modify nfs script: Only mount/unmount when the file type is nfs. (bsc#1074074) ----------------------------------------- Patch: SUSE-2019-2644 Released: Fri Oct 11 17:11:09 2019 Summary: Recommended update for yast2-cluster Severity: moderate References: 1151687 Description: This update for yast2-cluster fixes the following issues: - Update the open ports to support pacemaker-remote, booth and corosync-qnetd. (bsc#1151687) ----------------------------------------- Patch: SUSE-2019-2652 Released: Mon Oct 14 13:53:03 2019 Summary: Recommended update for drbd Severity: moderate References: 1146117 Description: This update for drbd provides the following fixes: - Disallow dual primaries when not configured. (bsc#1146117) ----------------------------------------- Patch: SUSE-2019-2656 Released: Mon Oct 14 17:02:24 2019 Summary: Security update for sudo Severity: important References: 1153674,CVE-2019-14287 Description: This update for sudo fixes the following issue: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). ----------------------------------------- Patch: SUSE-2019-2657 Released: Mon Oct 14 17:04:07 2019 Summary: Security update for dhcp Severity: moderate References: 1089524,1134078,1136572,CVE-2019-6470 Description: This update for dhcp fixes the following issues: Secuirty issue fixed: - CVE-2019-6470: Fixed DHCPv6 server crashes (bsc#1134078). Bug fixes: - Add compile option --enable-secs-byteorder to avoid duplicate lease warnings (bsc#1089524). - Use IPv6 when called as dhclient6, dhcpd6, and dhcrelay6 (bsc#1136572). ----------------------------------------- Patch: SUSE-2019-2673 Released: Tue Oct 15 16:53:08 2019 Summary: Security update for libpcap Severity: important References: 1153332,CVE-2018-16301,CVE-2019-15165 Description: This update for libpcap fixes the following issues: - CVE-2019-15165: Added sanity checks for PHB header length before allocating memory (bsc#1153332). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332). ----------------------------------------- Patch: SUSE-2019-2674 Released: Tue Oct 15 16:53:28 2019 Summary: Security update for tcpdump Severity: important References: 1068716,1153098,1153332,CVE-2017-16808,CVE-2018-10103,CVE-2018-10105,CVE-2018-14461,CVE-2018-14462,CVE-2018-14463,CVE-2018-14464,CVE-2018-14465,CVE-2018-14466,CVE-2018-14467,CVE-2018-14468,CVE-2018-14469,CVE-2018-14470,CVE-2018-14879,CVE-2018-14880,CVE-2018-14881,CVE-2018-14882,CVE-2018-16227,CVE-2018-16228,CVE-2018-16229,CVE-2018-16230,CVE-2018-16300,CVE-2018-16301,CVE-2018-16451,CVE-2018-16452,CVE-2019-1010220,CVE-2019-15166,CVE-2019-15167 Description: This update for tcpdump fixes the following issues: - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098). - CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098). - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098). - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098). - CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098). - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098). - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098). - CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098). - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098). - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098). - CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098). - CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098). - CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098). - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098). - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098). - CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098). - CVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098). - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098). - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098). - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098). - CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN (bsc#1153098). - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098). - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098). - CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098). ----------------------------------------- Patch: SUSE-2019-2676 Released: Tue Oct 15 21:06:54 2019 Summary: Recommended update for e2fsprogs Severity: moderate References: 1145716,1152101,CVE-2019-5094 Description: This update for e2fsprogs fixes the following issues: Security issue fixed: - CVE-2019-5094: Fixed an arbitrary code execution via specially crafted ext4 file systems. (bsc#1152101) Non-security issue fixed: - libext2fs: Call fsync(2) to clear stale errors for a new a unix I/O channel. (bsc#1145716) ----------------------------------------- Patch: SUSE-2019-2681 Released: Tue Oct 15 22:01:40 2019 Summary: Recommended update for libdb-4_8 Severity: moderate References: 1148244 Description: This update for libdb-4_8 fixes the following issues: - Add off-page deadlock patch as found and documented by Red Hat. (bsc#1148244) ----------------------------------------- Patch: SUSE-2019-2685 Released: Wed Oct 16 14:49:27 2019 Summary: Recommended update for shim Severity: important References: 1153440 Description: This update for shim fixes the following issue: - The secure boot signature was incorrect in the previous update, this restores the secure boot signature. (bsc#1153440) ----------------------------------------- Patch: SUSE-2019-2690 Released: Wed Oct 16 16:42:23 2019 Summary: Recommended update for SUSEConnect Severity: moderate References: 1124318,1130864 Description: This update for SUSEConnect fixes the following issues: - Fixes an error when trying to activate the PackageHub extension the first time (bsc#1124318) ----------------------------------------- Patch: SUSE-2019-2693 Released: Wed Oct 16 16:43:30 2019 Summary: Recommended update for rpcbind Severity: moderate References: 1142343 Description: This update for rpcbind fixes the following issues: - Return correct IP address with multiple ip addresses in the same subnet. (bsc#1142343) ----------------------------------------- Patch: SUSE-2019-2699 Released: Wed Oct 16 16:47:25 2019 Summary: Recommended update for mdadm Severity: moderate References: 1139709 Description: This update for mdadm fixes the following issues: - Add '--no-devices' option to mdadm to avoid component devices detail information. (bsc#1139709) - Add '--no-devices' option to the udev for calling 'mdadm --detail'. (bsc#1139709) ----------------------------------------- Patch: SUSE-2019-2700 Released: Wed Oct 16 16:47:42 2019 Summary: Recommended update for yast2-packager Severity: moderate References: 1148536 Description: This update for yast2-packager provides the following fixes: - Avoid error when generating some warnings. (bsc#1148536) ----------------------------------------- Patch: SUSE-2019-2702 Released: Wed Oct 16 18:41:30 2019 Summary: Security update for gcc7 Severity: moderate References: 1071995,1141897,1142649,1148517,1149145,CVE-2019-14250,CVE-2019-15847 Description: This update for gcc7 to r275405 fixes the following issues: Security issues fixed: - CVE-2019-14250: Fixed an integer overflow in binutils (bsc#1142649). - CVE-2019-15847: Fixed an optimization in the POWER9 backend of gcc that could reduce the entropy of the random number generator (bsc#1149145). Non-security issue fixed: - Move Live Patching technology stack from kGraft to upstream klp (bsc#1071995, fate#323487). ----------------------------------------- Patch: SUSE-2019-2705 Released: Thu Oct 17 13:05:45 2019 Summary: Recommended update for yast2-hana-firewall and for yast2-sap-ha Severity: moderate References: 1117765,1146220 Description: This update for yast2-hana-firewall provides the following fix: - Fix the following crash in Yast2 HA Setup for SAP Products: 'cannot import namespace 'SystemdService'. (bsc#1146220) This update for yast2-sap-ha fixes the following issues: - Fix break caused by systemd service library reorganization. (bsc#1146220) - Fix bug stopping the non-productive HANA system in the cost-optimized scenario. (bsc#1117765) - Enhanced the module to be used on Azure with unattended mode support. (fate#324542, fate#325956) - Fix the rpc server error when Y2DIR variable is set. (fate#325957) - Fix the copy_ssfs_keys method to not fail when no password is informed but there is passwordless ssh access between the nodes. (fate#325957) - Enhanced the module to be used in hands-free WF on Bare Metal. (fate#325957) ----------------------------------------- Patch: SUSE-2019-2706 Released: Thu Oct 17 13:07:07 2019 Summary: Security update for the Linux Kernel Severity: important References: 1051510,1054914,1055117,1061840,1065600,1065729,1071995,1082555,1104967,1109158,1113722,1114279,1119086,1123034,1127988,1131304,1137069,1137865,1137959,1140155,1141013,1142076,1142635,1146042,1146519,1146540,1146664,1148133,1148712,1148868,1149313,1149446,1149555,1149651,1150381,1150423,1151350,1151610,1151667,1151680,1151891,1151955,1152024,1152025,1152026,1152161,1152325,1152457,1152460,1152466,1152972,1152974,1152975,CVE-2017-18595,CVE-2019-14821,CVE-2019-15291,CVE-2019-9506 Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-15291: There was a NULL pointer dereference, caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). - CVE-2019-14821: An out-of-bounds access issue was found in the way the KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042). The following non-security bugs were fixed: - ACPI: custom_method: fix memory leaks (bsc#1051510). - ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510). - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510). - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680). - ALSA: aoa: onyx: always initialize register read value (bsc#1051510). - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510). - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510). - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510). - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510). - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510). - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510). - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510). - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510). - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08). - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510). - blk-flush: do not run queue for requests bypassing flush (bsc#1137959). - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959). - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959). - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610). - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959). - blk-mq: kABI fixes for blk-mq.h (bsc#1137959). - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959). - blk-mq: punt failed direct issue to dispatch list (bsc#1137959). - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959). - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959). - block: fix timeout changes for legacy request drivers (bsc#1149446). - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076). - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076). - bnx2x: Disable multi-cos feature (networking-stable-19_08_08). - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013). - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013). - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013). - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013). - btrfs: fix use-after-free when using the tree modification log (bsc#1151891). - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975). - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972). - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133). - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510). - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510). - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510). - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510). - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510). - crypto: cavium/zip - Add missing single_release() (bsc#1051510). - crypto: ccp - Reduce maximum stack usage (bsc#1051510). - crypto: qat - Silence smp_processor_id() warning (bsc#1051510). - crypto: skcipher - Unmap pages after an external error (bsc#1051510). - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510). - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510). - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510). - drm/i915: Fix various tracepoints for gen2 (bsc#1113722) - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722) - EDAC/amd64: Decode syndrome before translating address (bsc#1114279). - eeprom: at24: make spd world-readable again (git-fixes). - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025). - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024). - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes). - gpio: fix line flag validation in lineevent_create (bsc#1051510). - gpio: fix line flag validation in linehandle_create (bsc#1051510). - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510). - gpiolib: only check line handle flags once (bsc#1051510). - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510). - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510). - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510). - ife: error out when nla attributes are empty (networking-stable-19_08_08). - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510). - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510). - iommu/dma: Fix for dereferencing before null checking (bsc#1151667). - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08). - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28). - isdn/capi: check message length in capi_write() (bsc#1051510). - kabi: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kabi - kabi: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kabi - KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840). - KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840). - KVM: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840). - KVM: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840). - KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840). - KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840). - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510). - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510). - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510). - libiscsi: do not try to bypass SCSI EH (bsc#1142076). - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995). - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510). - md: do not report active array_state until after revalidate_disk() completes (git-fixes). - md: only call set_in_sync() when it is expected to succeed (git-fixes). - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes). - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510). - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510). - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). - media: em28xx: stop rewriting device's struct (bsc#1051510). - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510). - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510). - media: mc-device.c: do not memset __user pointer contents (bsc#1051510). - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510). - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510). - media: replace strcpy() by strscpy() (bsc#1051510). - media: Revert '[media] marvell-ccic: reset ccic phy when stop streaming for stability' (bsc#1051510). - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510). - media: tm6000: double free if usb disconnect while streaming (bsc#1051510). - media: vb2: Fix videobuf2 to map correct area (bsc#1051510). - mic: avoid statically declaring a 'struct device' (bsc#1051510). - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635). - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086). - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510). - mvpp2: refactor MTU change code (networking-stable-19_08_08). - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08). - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08). - net: fix ifindex collision during namespace removal (networking-stable-19_08_08). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21). - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08). - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21). - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08). - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21). - net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08). - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28). - NFS4: Fix v4.0 client state corruption when mount (git-fixes). - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381). - nfsd: Do not release the callback slot unless it was actually held (git-fixes). - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381). - nfsd: fix performance-limiting session calculation (bsc#1150381). - nfsd: give out fewer session slots as limit approaches (bsc#1150381). - nfsd: handle drc over-allocation gracefully (bsc#1150381). - nfsd: increase DRC cache limit (bsc#1150381). - NFS: Do not interrupt file writeout due to fatal errors (git-fixes). - NFS: Do not open code clearing of delegation state (git-fixes). - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes). - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes). - NFS: Forbid setting AF_INET6 to 'struct sockaddr_in'->sin_family (git-fixes). - NFS: Refactor nfs_lookup_revalidate() (git-fixes). - NFS: Remove redundant semicolon (git-fixes). - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes). - NFSv4.1: Fix open stateid recovery (git-fixes). - NFSv4.1: Only reap expired delegations (git-fixes). - NFSv4: Check the return value of update_open_stateid() (git-fixes). - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes). - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes). - NFSv4: Fix delegation state recovery (git-fixes). - NFSv4: Fix lookup revalidate of regular files (git-fixes). - NFSv4: Fix OPEN / CLOSE race (git-fixes). - NFSv4: Handle the special Linux file open access mode (git-fixes). - NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes). - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - null_blk: complete requests from ->timeout (bsc#1149446). - null_blk: wire up timeouts (bsc#1149446). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes). - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,). - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076). - nvme-rdma: centralize controller setup sequence (bsc#1142076). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: stop admin queue before freeing it (bsc#1140155). - nvme-rdma: support up to 4 segments of inline data (bsc#1142076). - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076). - nvme: remove ns sibling before clearing path (bsc#1140155). - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076). - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423). - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510). - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510). - pNFS fallback to MDS if no deviceid found (git-fixes). - pNFS/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes). - pNFS/flexfiles: Turn off soft RPC calls (git-fixes). - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729). - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664). - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729). - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729). - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664). - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664). - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664). - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664). - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664). - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729). - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729). - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729). - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729). - powerpc/irq: drop arch_early_irq_init() (bsc#1065729). - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664). - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664). - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664). - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729). - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729). - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729). - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729). - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840). - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840). - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729). - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729). - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158). - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729). - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729). - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158). - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868). - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729). - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729). - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729). - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510). - power: supply: Init device wakeup after device_add() (bsc#1051510). - ppp: Fix memory leak in ppp_write (git-fixes). - printk: Do not lose last line in kmsg buffer dump (bsc#1152460). - printk: fix printk_time race (bsc#1152466). - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712). - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988). - quota: fix wrong condition in is_quota_modification() (bsc#1152026). - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510). - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510). - Revert 'mwifiex: fix system hang problem after resume' (bsc#1051510). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs. - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake 'initializatin' -> 'initialization' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Include the header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the include directive (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi_transport_fc: complete requests from ->timeout (bsc#1142076). - sctp: fix the transport error_count check (networking-stable-19_08_21). - secure boot lockdown: Fix-up backport of /dev/mem access restriction. The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned. - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510). - slip: make slhc_free() silently accept an error pointer (bsc#1051510). - slip: sl_alloc(): remove unused parameter 'dev_t line' (bsc#1051510). - SUNRPC fix regression in umount of a secure mount (git-fixes). - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes). - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes). - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28). - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555). - USB: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510). - video: ssd1307fb: Start page range at page_offset (bsc#1113722) - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279). - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955). - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279). - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21). - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600). - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600). - xen/xenbus: fix self-deadlock after killing user process (bsc#1065600). ----------------------------------------- Patch: SUSE-2019-2717 Released: Fri Oct 18 16:21:53 2019 Summary: Recommended update for dracut Severity: moderate References: 1121238,1140872,1142775,1150343,1151552,1152006,1152650 Description: This update for dracut contains the following fixes: - Several fixes for dhcp calls with multiple nics. (bsc#1150343) - Only login to one target at a time. (bsc#1152650) - Only skip waiting for interfaces if netroot is set. (bsc#1152006) - Support xz compressed firmware files. (bsc#1151552) - Only login to one target at a time. (bsc#1121238) - Fix keymaps not getting included sometimes. (bsc#1140872) - Fix merge error for arm/aarch64. (bsc#1142775) ----------------------------------------- Patch: SUSE-2019-2722 Released: Mon Oct 21 11:14:20 2019 Summary: Recommended update for pciutils-ids Severity: moderate References: 1127840,1133581 Description: This is a version update for pciutils-ids to version 20190830 (bsc#1133581, bsc#1127840) ----------------------------------------- Patch: SUSE-2019-2729 Released: Mon Oct 21 15:49:18 2019 Summary: Recommended update for yast2-security Severity: moderate References: 1147173 Description: This update for yast2-security fixes the following issues: - Supporting user defined permission files like '/etc/permissions.ultra'. (bsc#1147173) ----------------------------------------- Patch: SUSE-2019-2730 Released: Mon Oct 21 16:04:57 2019 Summary: Security update for procps Severity: important References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 Description: This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences ----------------------------------------- Patch: SUSE-2019-2732 Released: Mon Oct 21 17:38:37 2019 Summary: Recommended update for cifs-utils Severity: moderate References: 1130528,1132087,1136031,1149164 Description: This update for cifs-utils fixes the following issues: Update cifs-utils 6.9; (bsc#1132087); (bsc#1136031). * follow SMB default version changes in the kernel. * adds fixes for Azure * new smbinfo utility - Fix double-free in mount.cifs; (bsc#1149164). ----------------------------------------- Patch: SUSE-2019-2734 Released: Tue Oct 22 11:00:58 2019 Summary: Recommended update for tcsh Severity: moderate References: 1151630 Description: This update for tcsh fixes the following issues: - Restore cleanup routines in case of an error (bsc#1151630) ----------------------------------------- Patch: SUSE-2019-2735 Released: Tue Oct 22 11:01:35 2019 Summary: Recommended update for postfix Severity: moderate References: 1142881,1149724 Description: This update for postfix fixes the following issues: - Fixed build on Linux kernel 5.x by handling LINUX5 define (bsc#1149724) - Switch from md5 to sha256 for mkpostfixcert (bsc#1142881) ----------------------------------------- Patch: SUSE-2019-2743 Released: Tue Oct 22 15:50:02 2019 Summary: Security update for python Severity: moderate References: 1130840,1149955,1153238,CVE-2019-16056,CVE-2019-16935,CVE-2019-9947 Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-9947: Fixed an insufficient validation of URL paths with embedded whitespace or control characters that could allow HTTP header injections. (bsc#1130840) - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). ----------------------------------------- Patch: SUSE-2019-2746 Released: Tue Oct 22 16:50:50 2019 Summary: Recommended update for yast2-sap-ha Severity: important References: 1146220 Description: This update for yast2-sap-ha fixes the following issues: - Update yast2-sap-ha to version 1.0.8. - Fix a regression that was introduced in a previous update. Under certain circumstances, HA Setup for SAP Products used to crash with the error message 'cannot import namespace 'SystemdService''. [bsc#1146220] ----------------------------------------- Patch: SUSE-2019-2747 Released: Tue Oct 22 16:50:57 2019 Summary: Recommended update for yast2-hana-firewall Severity: important References: 1146220 Description: This update for yast2-hana-firewall fixes the following issues: - Update to version 2.0.2 - Fix another scenario where Yast2 HA Setup for SAP Products crashes with 'cannot import namespace 'SystemdService'' (bsc#1146220) ----------------------------------------- Patch: SUSE-2019-2749 Released: Wed Oct 23 09:08:41 2019 Summary: Security update for sysstat Severity: moderate References: 1150114,CVE-2019-16167 Description: This update for sysstat fixes the following issue: - CVE-2019-16167: Fixed a memory corruption due to an integer overflow. (bsc#1150114) ----------------------------------------- Patch: SUSE-2019-2757 Released: Wed Oct 23 17:21:17 2019 Summary: Security update for lz4 Severity: moderate References: 1153936,CVE-2019-17543 Description: This update for lz4 fixes the following issues: - CVE-2019-17543: Fixed a heap-based buffer overflow in LZ4_write32 (bsc#1153936). ----------------------------------------- Patch: SUSE-2019-2762 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Severity: moderate References: 1150451 Description: This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------- Patch: SUSE-2019-2764 Released: Thu Oct 24 07:09:00 2019 Summary: Recommended update for yast2-services-manager Severity: moderate References: 1140735 Description: This update for yast2-services-manager fixes the following issues: - Set BaseTargets::GRAPHICAL and Target::GRAPHICAL if package 'xdm' will be installed (instead of xorg-x11-server) (bsc#1140735). ----------------------------------------- Patch: SUSE-2019-2774 Released: Thu Oct 24 13:57:16 2019 Summary: Recommended update for xrdp Severity: moderate References: 1100453,1138954,1144327 Description: This update for xrdp provides the following fixes: - Enables systemd to handle the daemons, fix daemon start failures. (bsc#1138954, bsc#1144327). - Fixed an issue with delayed X KeyRelease events. (bsc#1100453) ----------------------------------------- Patch: SUSE-2019-2776 Released: Thu Oct 24 15:55:19 2019 Summary: Security update for nfs-utils Severity: moderate References: 1150733,CVE-2019-3689 Description: This update for nfs-utils fixes the following issues: - CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733) ----------------------------------------- Patch: SUSE-2019-2777 Released: Thu Oct 24 16:13:20 2019 Summary: Recommended update for fipscheck Severity: moderate References: 1149792 Description: This update for fipscheck fixes the following issues: - Remove #include of unused fips.h to fix build with OpenSSL 1.1.1 (bsc#1149792) ----------------------------------------- Patch: SUSE-2019-2780 Released: Fri Oct 25 14:25:41 2019 Summary: Security update for binutils Severity: moderate References: 1109412,1109413,1109414,1111996,1112534,1112535,1113247,1113252,1113255,1116827,1118644,1118830,1118831,1120640,1121034,1121035,1121056,1133131,1133232,1141913,1142772,1152590,1154016,1154025,CVE-2018-1000876,CVE-2018-17358,CVE-2018-17359,CVE-2018-17360,CVE-2018-17985,CVE-2018-18309,CVE-2018-18483,CVE-2018-18484,CVE-2018-18605,CVE-2018-18606,CVE-2018-18607,CVE-2018-19931,CVE-2018-19932,CVE-2018-20623,CVE-2018-20651,CVE-2018-20671,CVE-2018-6323,CVE-2018-6543,CVE-2018-6759,CVE-2018-6872,CVE-2018-7208,CVE-2018-7568,CVE-2018-7569,CVE-2018-7570,CVE-2018-7642,CVE-2018-7643,CVE-2018-8945,CVE-2019-1010180,ECO-368,SLE-6206 Description: This update for binutils fixes the following issues: binutils was updated to current 2.32 branch [jsc#ECO-368]. Includes following security fixes: - CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412) - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413) - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414) - CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827) - CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996) - CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535) - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534) - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255) - CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252) - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247) - CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831) - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830) - CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035) - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034) - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056) - CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640) - CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772) - enable xtensa architecture (Tensilica lc6 and related) - Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913). - Fixed some LTO build issues (bsc#1133131 bsc#1133232). - riscv: Don't check ABI flags if no code section - Fixed a segfault in ld when building some versions of pacemaker (bsc#1154025, bsc#1154016). - Add avr, epiphany and rx to target_list so that the common binutils can handle all objects we can create with crosses (bsc#1152590). Update to binutils 2.32: * The binutils now support for the C-SKY processor series. * The x86 assembler now supports a -mvexwig=[0|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property notes. * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE. * The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary. * Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly. Disassembly will continue from this symbol up to the next symbol or the end of the function. * The BFD linker will now report property change in linker map file when merging GNU properties. * The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report. * The GOLD linker has improved warning messages for relocations that refer to discarded sections. - Improve relro support on s390 [fate#326356] - Fix broken debug symbols (bsc#1118644) - Handle ELF compressed header alignment correctly. ----------------------------------------- Patch: SUSE-2019-2790 Released: Mon Oct 28 14:54:13 2019 Summary: Recommended update for java-1_8_0-ibm Severity: moderate References: 1143080 Description: This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 41 [bsc#1143080]: * JIT compiler crash: Remove implicit sign extension assumptions from iRegStore evaluator (https://github.com/eclipse/omr/pull/4103) ----------------------------------------- Patch: SUSE-2019-2793 Released: Mon Oct 28 16:18:54 2019 Summary: Recommended update for crmsh Severity: moderate References: 1127716,1129210,1129317,1129383,1129702,1130715,1135585,1135586,1135696,1138115,1138405,1145823,1146922 Description: This update for crmsh contains the following fixes: - Update to version 4.1.0+git.1569593061.35f57072: * Fix: utils: fix logic for process non comments line. (bsc#1145823) * High: cibconfig: Correctly sanitize the original CIB as patch base. (bsc#1127716, bsc#1138405) * Revert 'High: cibconfig: Use correct CIB as patch base'. (bsc#1127716) * Partially revert 'Medium: cibconfig: Sanitize CIB for patching'. (bsc#1127716) * Update changelog from 3.0.0 to 4.1.0 * Fix: utils: issue in to_ascii. (bsc#1138115) * Fix: bootstrap: bindnetaddr should accept both network and specific IP. (bsc#1135585, bsc#1135586) * Fix: hb_report: analysis.txt should includes warning, error, critical messages. (bsc#1135696) * Medium: ui_node: Check corosync state before clearstate. (bsc#1129702) * Fix: hb_report: handle UnicodeDecodeError: (bsc#1130715) * setting error='replace' to replace invalid utf-8 characters * try to catch UnicodeDecodeError and print traceback * Medium: cibconfig: Sanitize CIB for patching. (bsc#1127716) * High: cibconfig: Use correct CIB as patch base. (bsc#1127716) * Medium: parse: Detect and error on illegal ordering of op attributes. (bsc#1129210) * Medium: utils: Handle sysconfig values containing. (bsc#1129317) * Low: hb_report: collect output of 'sbd dump' and 'sbd list'. (bsc#1129383) * High: hbreport: fix UnicodeEncodeError while print. (bsc#1146922) - Drop merged patches. ----------------------------------------- Patch: SUSE-2019-2799 Released: Mon Oct 28 17:11:16 2019 Summary: Recommended update for tcsh Severity: important References: 1153839,1154877 Description: This update for tcsh fixes the following issues: - Avoid breakage in sourcing standard system files (bsc#1153839) - A regression has been fixed where glob expansion would not work properly. (bsc#1154877) ----------------------------------------- Patch: SUSE-2019-2802 Released: Tue Oct 29 11:39:05 2019 Summary: Security update for python3 Severity: moderate References: 1149121,1149792,1149955,1151490,1153238,CVE-2019-16056,CVE-2019-16935,PM-1350,SLE-9426 Description: This update for python3 to 3.6.9 fixes the following issues: Security issues fixed: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). Non-security issues fixed: - Fixed regression of OpenSSL 1.1.1b-1 in EVP_PBE_scrypt() with salt=NULL. (bsc#1151490) - Improved locale handling by implementing PEP 538. ----------------------------------------- Patch: SUSE-2019-2812 Released: Tue Oct 29 14:57:55 2019 Summary: Recommended update for systemd Severity: moderate References: 1139459,1140631,1145023,1150595,SLE-7687 Description: This update for systemd provides the following fixes: - Fix a problem that would cause invoking try-restart to an inactive service to hang when a daemon-reload is invoked before the try-restart returned. (bsc#1139459) - man: Add a note about _netdev usage. - units: Replace remote-cryptsetup-pre.target with remote-fs-pre.target. - units: Add [Install] section to remote-cryptsetup.target. - cryptsetup: Ignore _netdev, since it is used in generator. - cryptsetup-generator: Use remote-cryptsetup.target when _netdev is present. (jsc#SLE-7687) - cryptsetup-generator: Add a helper utility to create symlinks. - units: Add remote-cryptsetup.target and remote-cryptsetup-pre.target. - man: Add an explicit description of _netdev to systemd.mount(5). - man: Order fields alphabetically in crypttab(5). - man: Make crypttab(5) a bit easier to read. - units: Order cryptsetup-pre.target before cryptsetup.target. - Fix reporting of enabled-runtime units. - sd-bus: Deal with cookie overruns. (bsc#1150595) - rules: Add by-id symlinks for persistent memory. (bsc#1140631) - Buildrequire polkit so /usr/share/polkit-1/rules.d subdir can be only owned by polkit. (bsc#1145023) ----------------------------------------- Patch: SUSE-2019-2868 Released: Wed Oct 30 17:58:42 2019 Summary: Security update for samba Severity: important References: 1125601,1127153,1130245,1134452,1144902,1154289,1154598,CVE-2019-10218,CVE-2019-14833,CVE-2019-14847 Description: This update for samba fixes the following issues: Security issues fixed: - CVE-2019-14847: User with 'get changes' permission can crash AD DC LDAP server via dirsync (bsc#1154598). - CVE-2019-10218: Client code can return filenames containing path separators (bsc#1144902). - CVE-2019-14833: Fixed Accent with 'check script password' where the Samba AD DC check password script does not receive the full password (bsc#1154289). Other issues fixed: - Fix vfs_ceph realpath (bsc#1134452). - MacOS credit accounting breaks with async SESSION SETUP (bsc#1125601). - Mac OS X SMB2 implmenetation sees Input/output error or Resource temporarily unavailable and drops connection - Explicitly enable libcephfs POSIX ACL support (bsc#1130245). - Fix vfs_ceph ftruncate and fallocate handling (bsc#1127153). ----------------------------------------- Patch: SUSE-2019-2870 Released: Thu Oct 31 08:09:14 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1051143,1138869,1151023 Description: This update for aaa_base provides the following fixes: - Check if variables can be set before modifying them to avoid warnings on login with a restricted shell. (bsc#1138869) - Add s390x compressed kernel support. (bsc#1151023) - service: Check if there is a second argument before using it. (bsc#1051143) ----------------------------------------- Patch: SUSE-2019-2871 Released: Thu Oct 31 08:49:32 2019 Summary: Security update for MozillaFirefox, MozillaFirefox-branding-SLE Severity: important References: 1104841,1129528,1137990,1149429,1151186,1153423,1153869,1154738,CVE-2019-11757,CVE-2019-11758,CVE-2019-11759,CVE-2019-11760,CVE-2019-11761,CVE-2019-11762,CVE-2019-11763,CVE-2019-11764,CVE-2019-15903 Description: This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: Changes in MozillaFirefox: Security issues fixed: - CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429). - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738). - CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738). - CVE-2019-11759: Fixed a stack buffer overflow in HKDF output (bsc#1154738). - CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking (bsc#1154738). - CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738). - CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738). - CVE-2019-11763: Fixed an XSS bypass (bsc#1154738). - CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738). Non-security issues fixed: - Added Provides-line for translations-common (bsc#1153423) . - Moved some settings from branding-package here (bsc#1153869). - Disabled DoH by default. Changes in MozillaFirefox-branding-SLE: - Moved extensions preferences to core package (bsc#1153869). ----------------------------------------- Patch: SUSE-2019-2874 Released: Thu Oct 31 12:40:25 2019 Summary: Recommended update for dracut Severity: important References: 1153944 Description: This update for dracut contains the following fix: - iscsiroot.sh: Clean up obsolete case statement fragments. (bsc#1153944) ----------------------------------------- Patch: SUSE-2019-2882 Released: Mon Nov 4 17:24:35 2019 Summary: Recommended update for resource-agents Severity: moderate References: 1114855,1125138,1131793,1132853,1133337,1133962,1137038,1137231,1138281,1140874 Description: This update for resource-agents fixes the following issues: - Apache resource agent is not working when 'statusurl' value is being set. (bsc#1138281) - Allow empty password for 'check_passwd' parameter. (bsc#1132853, bsc#1131793) - Change message log level for the non-action messages. (bsc#1137038, bsc#1137231) - Fix implicit bytes conversion that breaks Python 3 and reduce the amount of errors messages by default. (bsc#1137038, bsc#1137231) - Fix version string with vendor trailer comparison in CTDB. (bsc#1133337) - Fix updating routing tables on virtual machines with multiple network interfaces. (bsc#1133962) - Fix LVM on initial probe. (bsc#1114855) - Setting multiple VPC routing tables. (bsc#1125138) - Created the symlink for the AWS resource agent due to backward compatibility reasons. (fate#326697) ----------------------------------------- Patch: SUSE-2019-2900 Released: Wed Nov 6 11:20:51 2019 Summary: Security update for libssh2_org Severity: moderate References: 1154862,CVE-2019-17498 Description: This update for libssh2_org fixes the following issue: - CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862). ----------------------------------------- Patch: SUSE-2019-2943 Released: Tue Nov 12 15:00:58 2019 Summary: Recommended update for kernel-firmware Severity: moderate References: 1155307,SLE-8379 Description: This update for kernel-firmware fixes the following issues: - Upgrade for SLE15-SP2 / Leap 15.2 (jsc#SLE-8379,bsc#1155307) - Chelsio driver loads firmware configuration file to allow firmware to distribute resources before chip bring up. Chelsio NIC driver, cxgb4 searches for firmware config file at /lib/firmware/cxgb4/ directory. - Add symlinks for Tegra VIC firmware binaries - Update the following firmwares: - amdgpu: update vega20 ucode for 19.30 - amdgpu: update vega12 ucode for 19.30 - amdgpu: update vega10 ucode for 19.30 - amdgpu: update picasso ucode for 19.30 - amdgpu: update raven2 ucode for 19.30 - amdgpu: update raven ucode for 19.30 - amdgpu: add new raven rlc firmware - amdgpu: update vega10 VCE firmware - amdgpu: update picasso vcn firmware - amdgpu: update raven vcn firmware - amdgpu: update tonga to latest 19.20 firmware - amdgpu: update vega12 to latest 19.20 firmware - amdgpu: update polaris12 to latest 19.20 firmware - amdgpu: update raven2 to latest 19.20 firmware - amdgpu: update raven to latest 19.20 firmware - amdgpu: add initial navi14 firmware form 19.30 - amdgpu: add initial navi10 firmware - ath10k: QCA9984 hw1.0: update board-2.bin - ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00046 - ath10k: QCA988X hw2.0: update firmware-5.bin to 10.2.4-1.0-00045 - ath10k: QCA9888 hw2.0: update board-2.bin - ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00040 - ath10k: QCA9887 hw1.0: update firmware-5.bin to 10.2.4-1.0-00045 - ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00140-QCARMSWPZ-1 - ath10k: QCA4019 hw1.0: update board-2.bin - bnx2x: Add FW 7.13.15.0. - brcm: Add 43455 based AP6255 NVRAM for the Minix Neo Z83-4 Mini PC - brcm: Add 43340 based AP6234 NVRAM for the PoV TAB-P1006W-232 tablet - cxgb4: update firmware to revision 1.24.3.0 - drm/i915/firmware: Add v9.0.0 of HuC for Icelake - drm/i915/firmware: Add v4.0.0 of HuC for Cometlake - drm/i915/firmware: Add v4.0.0 of HuC for Geminilake - drm/i915/firmware: Add v2.0.0 of HuC for Broxton - drm/i915/firmware: Add v4.0.0 of HuC for Kabylake - drm/i915/firmware: Add v2.0.0 of HuC for Skylake - drm/i915/firmware: Add v33 of GuC for CML - drm/i915/firmware: Add v2.04 of DMC for TGL - drm/i915/firmware: Add v1.09 of DMC for ICL - drm/i915/firmware: Add v33 of GuC for ICL - drm/i915/firmware: Add v33 of GuC for KBL - drm/i915/firmware: Add v33 of GuC for SKL - drm/i915/firmware: Add v33 of GuC for GLK - drm/i915/firmware: Add v33 of GuC for BXT - ice: Fix up WHENCE entry and symlink - ice: Add package file for Intel E800 series driver - iwlwifi: add new firmwares for integrated 22000 series - iwlwifi: update FW for 22000 to Core45-96 - iwlwifi: update FWs for 9000 series to Core45-96 - iwlwifi: update Core45 FWs for 22260, 9000 and 9260 - iwlwifi: udpate -36 firmware for 8000 series - iwlwifi: update -48 FWs for Qu and cc - iwlwifi: update FWs for 3168, 7265D, 9000, 9260, 8000, 8265 and cc - iwlwifi: update FWs to core45-152 release - linux-firmware: Update firmware file for Intel Bluetooth AX201 - linux-firmware: Update firmware file for Intel Bluetooth 22161 - linux-firmware: Update firmware file for Intel Bluetooth 9560 - linux-firmware: Update firmware file for Intel Bluetooth 9260 - linux-firmware: Update firmware file for Intel Bluetooth AX200 - linux-firmware: Update firmware file for Intel Bluetooth AX201 - linux-firmware: Update firmware file for Intel Bluetooth 9560 - linux-firmware: Update firmware file for Intel Bluetooth 9260 - linux-firmware: Update AMD cpu microcode - linux-firmware: Update firmware file for Intel Bluetooth AX200 - linux-firmware: Update firmware file for Intel Bluetooth AX201 - linux-firmware: Update firmware file for Intel Bluetooth 9560 - linux-firmware: Update firmware file for Intel Bluetooth 9260 - linux-firmware: Update NXP Management Complex firmware to version 10.16.2 - linux-firmware: rsi: add firmware image for redpine 9116 chipset - Mellanox: Add new mlxsw_spectrum firmware 13.2000.1886 - Mellanox: Add new mlxsw_spectrum firmware 13.2000.1886 - Mellanox: Add new mlxsw_spectrum2 firmware 29.2000.2308 - Mellanox: Add new mlxsw_spectrum firmware 13.2000.2308 - nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.10.A.38 - nvidia: Add XUSB firmware for Tegra186 - nvidia: add missing entries in WHENCE - nvidia: Update Tegra210 XUSB firmware to v50.24 - nvidia: Add XUSB firmware for Tegra194 - qcom: add firmware files for Adreno a630 - rtl_bt: Update configuration file for BT part of RTL8822CU - rtl_bt: Update RTL8822C BT FW to V0x098A_94A4 - rtl_bt: Update RTL8723D BT FW to 0x828A_96F1 - rtl_nic: add firmware rtl8125a-3 - rtl_nic: add firmware files for RTL8153 - rtlwifi: rtl8821ae: Add firmware for the RTL8812AE variant. - rtw88: add a README file - rtw88: RTL8822C: add WoW firmware v7.3 - rtw88: RTL8822C: update rtw8822c_fw.bin to v7.3 ----------------------------------------- Patch: SUSE-2019-2945 Released: Tue Nov 12 18:15:06 2019 Summary: Recommended update for zypper, libzypp, and libsolv Severity: moderate References: 1145554,1146415,1146947,1149511,1153351,1153557,SLE-9171 Description: This update for zypper, libzypp, and libsolv fixes the following issues: Package: zypper - Fixes an issue where 'zypper lu' didn't list all available package updates (bsc#1153351) - Added a new --repo option to the 'download' command to allow to specify a repository (jsc#SLE-9171) - Improved the documentation of $releasever and --releasever usescases (bsc#1149511) - zypper will now ask only once when multiple packages share the same license text (bsc#1145554) Package: libzypp - Added a new 'solver.focus' option for /etc/zypp/zypp.conf to define systemwide focus mode when resolving jobs (bsc#1146415) - Fixed an issue where YaST2 was not able to find base products via libzypp (bsc#1153557) - Added a new 'solver.focus' option for /etc/zypp/zypp.conf to define systemwide focus mode when resolving jobs (bsc#1146415) - Improved the way how containers are detected when running 'zypper ps' (bsc#1146947) Package: libsolv - Fixes issues when updating too many packages in focusbest mode - Fixes the handling of disabled and installed packages in distupgrade ----------------------------------------- Patch: SUSE-2019-2957 Released: Tue Nov 12 19:15:46 2019 Summary: Security update for ucode-intel Severity: important References: 1139073,1141035,1155988,CVE-2019-11135,CVE-2019-11139 Description: This update for ucode-intel fixes the following issues: - Updated to 20191112 security release (bsc#1155988) - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile - ---- updated platforms ------------------------------------ - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6 - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8 - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8 - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) ----------------------------------------- Patch: SUSE-2019-2418 Released: Thu Nov 14 11:53:03 2019 Summary: Recommended update for bash Severity: moderate References: 1133773,1143055 Description: This update for bash fixes the following issues: - Rework patch readline-7.0-screen (bsc#1143055): map all 'screen(-xxx)?.yyy(-zzz)?' to 'screen' as well as map 'konsole(-xxx)?' and 'gnome(-xxx)?' to 'xterm' - Add a backport from bash 5.0 to perform better with large numbers of sub processes. (bsc#1133773) ----------------------------------------- Patch: SUSE-2019-2971 Released: Thu Nov 14 12:02:26 2019 Summary: Security update for libjpeg-turbo Severity: important References: 1156402,CVE-2019-2201 Description: This update for libjpeg-turbo fixes the following issues: - CVE-2019-2201: Several integer overflow issues and subsequent segfaults occurred in libjpeg-turbo, when attempting to compress or decompress gigapixel images. [bsc#1156402] ----------------------------------------- Patch: SUSE-2019-2980 Released: Thu Nov 14 22:45:33 2019 Summary: Optional update for curl Severity: low References: 1154019 Description: This update for curl doesn't address any user visible issues. ----------------------------------------- Patch: SUSE-2019-2986 Released: Fri Nov 15 13:09:15 2019 Summary: Security update for ucode-intel Severity: important References: 1139073,1141035,1155988,CVE-2019-11135,CVE-2019-11139 Description: This update for ucode-intel fixes the following issues: - Updated to 20191112 official security release (bsc#1155988) - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) ----------------------------------------- Patch: SUSE-2019-2992 Released: Mon Nov 18 11:52:10 2019 Summary: Recommended update for supportutils Severity: moderate References: 1111029,1127734,1137336 Description: This update for supportutils fixes the following issues: - Removed LPM/DLPAR data for POWER. (bsc#1111029) - Prevent running 'systool -vb memory' by default on systems with 16TB or more. (bsc#1127734) - Added sed and gawk to spec requirements (bsc#1137336) ----------------------------------------- Patch: SUSE-2019-2997 Released: Mon Nov 18 15:16:38 2019 Summary: Security update for ncurses Severity: moderate References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595 Description: This update for ncurses fixes the following issues: Security issues fixed: - CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037). Non-security issue fixed: - Removed screen.xterm from terminfo database (bsc#1103320). ----------------------------------------- Patch: SUSE-2019-3015 Released: Wed Nov 20 12:45:47 2019 Summary: Recommended update for resource-agents Severity: low References: 1150046,1154465 Description: This update for resource-agents fixes the following issues: - Netcat multiple connections causing issues with pacemaker. (bsc#1150046) - Pickup latest changes for aws-vpc-route53. (bsc#1154465) ----------------------------------------- Patch: SUSE-2019-3017 Released: Wed Nov 20 12:47:27 2019 Summary: Recommended update for open-iscsi Severity: moderate References: 1152774 Description: This update for open-iscsi fixes the following issues: - Set timeout value when querying info for a single session. (bsc#1152774) ----------------------------------------- Patch: SUSE-2019-3018 Released: Wed Nov 20 12:48:21 2019 Summary: Recommended update for xkeyboard-config Severity: moderate References: 1153774 Description: This update for xkeyboard-config fixes the following issues: - Fix capslock in Old Hungarian layout (bsc#1153774) ----------------------------------------- Patch: SUSE-2019-3030 Released: Thu Nov 21 19:11:25 2019 Summary: Security update for cups Severity: important References: 1146358,1146359,CVE-2019-8675,CVE-2019-8696 Description: This update for cups fixes the following issues: - CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358). - CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359). ----------------------------------------- Patch: SUSE-2019-3053 Released: Mon Nov 25 17:28:17 2019 Summary: Security update for clamav Severity: moderate References: 1144504,1149458,1151839,CVE-2019-12625,CVE-2019-12900 Description: This update for clamav fixes the following issues: Security issue fixed: - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issues fixed: - Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504). - Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839). ----------------------------------------- Patch: SUSE-2019-3059 Released: Mon Nov 25 17:33:07 2019 Summary: Security update for cpio Severity: moderate References: 1155199,CVE-2019-14866 Description: This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct() function which could have led to unexpected TAR generation (bsc#1155199). ----------------------------------------- Patch: SUSE-2019-3061 Released: Mon Nov 25 17:34:22 2019 Summary: Security update for gcc9 Severity: moderate References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536 Description: This update includes the GNU Compiler Collection 9. A full changelog is provided by the GCC team on: https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages. To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) ----------------------------------------- Patch: SUSE-2019-3070 Released: Tue Nov 26 12:39:29 2019 Summary: Recommended update for gpg2 Severity: low References: 1152755 Description: This update for gpg2 provides the following fix: - Remove a build requirement on self. This is causing Leap 15.2 bootstrap to fail. (bsc#1152755) ----------------------------------------- Patch: SUSE-2019-3086 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 Description: This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------- Patch: SUSE-2019-3087 Released: Thu Nov 28 10:03:00 2019 Summary: Security update for libxml2 Severity: low References: 1123919 Description: This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past. ----------------------------------------- Patch: SUSE-2019-3088 Released: Thu Nov 28 15:34:16 2019 Summary: Recommended update for man-pages Severity: moderate References: 1154701 Description: This update for man-pages fixes the following issues: - Correct documentation of 'tcp_fack'. (bsc#1154701) - Add documentation 'tcp_recovery'. (bsc#1154701) ----------------------------------------- Patch: SUSE-2019-3090 Released: Thu Nov 28 15:44:07 2019 Summary: Security update for ucode-intel Severity: important References: 1157004 Description: This update for ucode-intel fixes the following issues: - Updated to 20191115 official security release (bsc#1157004) ----------------------------------------- Patch: SUSE-2019-2946 Released: Thu Nov 28 20:49:35 2019 Summary: Security update for the Linux Kernel Severity: important References: 1046299,1046303,1046305,1050244,1050536,1050545,1051510,1055186,1061840,1064802,1065600,1066129,1073513,1082635,1083647,1086323,1087092,1089644,1090631,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1109158,1114279,1117665,1119461,1119465,1123034,1123080,1133140,1134303,1135642,1135854,1135873,1135966,1135967,1137040,1137799,1138190,1139073,1140090,1140729,1140845,1140883,1141600,1142635,1142667,1143706,1144338,1144375,1144449,1144903,1145099,1146612,1148410,1149119,1150452,1150457,1150465,1150875,1151508,1152624,1152685,1152788,1152791,1153112,1153158,1153236,1153263,1153476,1153509,1153646,1153713,1153717,1153718,1153719,1153811,1153969,1154108,1154189,1154354,1154372,1154578,1154607,1154608,1154610,1154611,1154651,1154737,1154747,1154848,1154858,1154905,1155178,1155179,1155184,1155186,1155671,CVE-2018-12207,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16995,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666 Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW). The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 - CVE-2019-0154: Fix a local denial of service via read of unprotected i915 registers. (bsc#1135966) - CVE-2019-0155: Fix privilege escalation in the i915 driver. Batch buffers from usermode could have escalated privileges via blitter command stream. (bsc#1135967) - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457). - CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903). - CVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port failed to add a port, which may have caused denial of service (bsc#1152685). - CVE-2019-17666: rtlwifi: Fix potential overflow in P2P code (bsc#1154372). - CVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell libertas driver (bsc#1150465) - CVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150452). - CVE-2019-17133: cfg80211 wireless extension did not reject a long SSID IE, leading to a Buffer Overflow (bsc#1153158). - CVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bsc#1152788). The following non-security bugs were fixed: - 9p: avoid attaching writeback_fid on mmap with type PRIVATE (bsc#1051510). - acpi / CPPC: do not require the _PSD method (bsc#1051510). - acpi / processor: do not print errors for processorIDs == 0xff (bsc#1051510). - acpi: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bsc#1051510). - act_mirred: Fix mirred_init_module error handling (bsc#1051510). - alsa: bebob: Fix prototype of helper function to return negative value (bsc#1051510). - alsa: hda - Add laptop imic fixup for ASUS M9V laptop (bsc#1051510). - alsa: hda - Apply AMD controller workaround for Raven platform (bsc#1051510). - alsa: hda - Define a fallback_pin_fixup_tbl for alc269 family (bsc#1051510). - alsa: hda - Drop unsol event handler for Intel HDMI codecs (bsc#1051510). - alsa: hda - Expand pin_match function to match upcoming new tbls (bsc#1051510). - alsa: hda - Inform too slow responses (bsc#1051510). - alsa: hda - Show the fatal CORB/RIRB error more clearly (bsc#1051510). - alsa: hda/hdmi: remove redundant assignment to variable pcm_idx (bsc#1051510). - alsa: hda/realtek - Add support for ALC623 (bsc#1051510). - alsa: hda/realtek - Add support for ALC711 (bsc#1051510). - alsa: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 (bsc#1051510). - alsa: hda/realtek - Check beep whitelist before assigning in all codecs (bsc#1051510). - alsa: hda/realtek - Fix 2 front mics of codec 0x623 (bsc#1051510). - alsa: hda/realtek - Fix alienware headset mic (bsc#1051510). - alsa: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 (bsc#1051510). - alsa: hda/sigmatel - remove unused variable 'stac9200_core_init' (bsc#1051510). - alsa: hda: Add Elkhart Lake pci ID (bsc#1051510). - alsa: hda: Add Tigerlake/Jasperlake pci ID (bsc#1051510). - alsa: hda: Add support of Zhaoxin controller (bsc#1051510). - alsa: hda: Flush interrupts on disabling (bsc#1051510). - alsa: hda: Set fifo_size for both playback and capture streams (bsc#1051510). - alsa: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() (bsc#1051510). - alsa: line6: sizeof (byte) is always 1, use that fact (bsc#1051510). - alsa: timer: Fix mutex deadlock at releasing card (bsc#1051510). - alsa: usb-audio: Add Pioneer DDJ-SX3 PCM quirck (bsc#1051510). - alsa: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1051510). - alsa: usb-audio: Skip bSynchAddress endpoint check if it is invalid (bsc#1051510). - appletalk: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - arcnet: provide a buffer big enough to actually receive packets (networking-stable-19_09_30). - asoc: Define a set of DAPM pre/post-up events (bsc#1051510). - asoc: Intel: Fix use of potentially uninitialized variable (bsc#1051510). - asoc: Intel: NHLT: Fix debug print format (bsc#1051510). - asoc: dmaengine: Make the pcm->name equal to pcm->id if the name is not set (bsc#1051510). - asoc: rockchip: i2s: Fix RPM imbalance (bsc#1051510). - asoc: rsnd: Reinitialize bit clock inversion flag for every format setting (bsc#1051510). - asoc: sgtl5000: Fix charge pump source assignment (bsc#1051510). - auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach (bsc#1051510). - ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - blk-wbt: abstract out end IO completion handler (bsc#1135873). - blk-wbt: fix has-sleeper queueing check (bsc#1135873). - blk-wbt: improve waking of tasks (bsc#1135873). - blk-wbt: move disable check into get_limit() (bsc#1135873). - blk-wbt: use wq_has_sleeper() for wq active check (bsc#1135873). - block: add io timeout to sysfs (bsc#1148410). - block: do not show io_timeout if driver has no timeout handler (bsc#1148410). - bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices (bsc#1051510). - bnx2x: Fix VF's VLAN reconfiguration in reload (bsc#1086323 ). - boot: Sign non-x86 kernels when possible (boo#1134303) - bpf: fix use after free in prog symbol exposure (bsc#1083647). - bridge/mdb: remove wrong use of NLM_F_MULTI (networking-stable-19_09_15). - btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to date values (bsc#1154651). - btrfs: Ensure replaced device does not have pending chunk allocation (bsc#1154607). - btrfs: bail out gracefully rather than BUG_ON (bsc#1153646). - btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() (bsc#1155178). - btrfs: check for the full sync flag while holding the inode lock during fsync (bsc#1153713). - btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() (bsc#1155179). - btrfs: remove wrong use of volume_mutex from btrfs_dev_replace_start (bsc#1154651). - btrfs: tracepoints: Fix bad entry members of qgroup events (bsc#1155186). - btrfs: tracepoints: Fix wrong parameter order for qgroup events (bsc#1155184). - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset (bsc#1051510). - can: xilinx_can: xcan_probe(): skip error message on deferred probe (bsc#1051510). - cdc_ether: fix rndis support for Mediatek based smartphones (networking-stable-19_09_15). - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize (bsc#1051510). - ceph: fix directories inode i_blkbits initialization (bsc#1153717). - ceph: reconnect connection if session hang in opening state (bsc#1153718). - ceph: update the mtime when truncating up (bsc#1153719). - cfg80211: Purge frame registrations on iftype change (bsc#1051510). - cfg80211: add and use strongly typed element iteration macros (bsc#1051510). - clk: at91: select parent if main oscillator or bypass is enabled (bsc#1051510). - clk: qoriq: Fix -Wunused-const-variable (bsc#1051510). - clk: sirf: Do not reference clk_init_data after registration (bsc#1051510). - clk: zx296718: Do not reference clk_init_data after registration (bsc#1051510). - crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t (bsc#1154737). - crypto: af_alg - Initialize sg_num_bytes in error code path (bsc#1051510). - crypto: af_alg - consolidation of duplicate code (bsc#1154737). - crypto: af_alg - fix race accessing cipher request (bsc#1154737). - crypto: af_alg - remove locking in async callback (bsc#1154737). - crypto: af_alg - update correct dst SGL entry (bsc#1051510). - crypto: af_alg - wait for data at beginning of recvmsg (bsc#1154737). - crypto: algif - return error code when no data was processed (bsc#1154737). - crypto: algif_aead - copy AAD from src to dst (bsc#1154737). - crypto: algif_aead - fix reference counting of null skcipher (bsc#1154737). - crypto: algif_aead - overhaul memory management (bsc#1154737). - crypto: algif_aead - skip SGL entries with NULL page (bsc#1154737). - crypto: algif_skcipher - overhaul memory management (bsc#1154737). - crypto: talitos - fix missing break in switch statement (bsc#1142635). - cxgb4: Signedness bug in init_one() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: fix endianness for vlan value in cxgb4_tc_flower (bsc#1064802 bsc#1066129). - cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1064802 bsc#1066129). - cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() (bsc#1073513). - cxgb4: smt: Add lock for atomic_dec_and_test (bsc#1064802 bsc#1066129). - cxgb4:Fix out-of-bounds MSI-X info array access (networking-stable-19_10_05). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) (bsc#1051510). - drm/amdgpu/si: fix ASIC tests (git-fixes). - drm/amdgpu: Check for valid number of registers to read (bsc#1051510). - drm/ast: Fixed reboot test may cause system hanged (bsc#1051510). - drm/bridge: tc358767: Increase AUX transfer length limit (bsc#1051510). - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 (bsc#1051510). - drm/i915/cmdparser: Add support for backward jumps (bsc#1135967) - drm/i915/cmdparser: Ignore Length operands during command matching (bsc#1135967) - drm/i915/cmdparser: Use explicit goto for error paths (bsc#1135967) - drm/i915/gen8+: Add RC6 CTX corruption WA (bsc#1135967) - drm/i915/gtt: Add read only pages to gen8_pte_encode (bsc#1135967) - drm/i915/gtt: Disable read-only support under GVT (bsc#1135967) - drm/i915/gtt: Read-only pages for insert_entries on bdw (bsc#1135967) - drm/i915: Add gen9 BCS cmdparsing (bsc#1135967) - drm/i915: Add support for mandatory cmdparsing (bsc#1135967) - drm/i915: Allow parsing of unsized batches (bsc#1135967) - drm/i915: Disable Secure Batches for gen6+ - drm/i915: Lower RM timeout to avoid DSI hard hangs (bsc#1135967) - drm/i915: Prevent writing into a read-only object via a GGTT mmap (bsc#1135967) - drm/i915: Remove Master tables from cmdparser - drm/i915: Rename gen7 cmdparser tables (bsc#1135967) - drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (bsc#1135967) - drm/msm/dsi: Implement reset correctly (bsc#1051510). - drm/panel: simple: fix AUO g185han01 horizontal blanking (bsc#1051510). - drm/radeon: Fix EEH during kexec (bsc#1051510). - drm/tilcdc: Register cpufreq notifier after we have initialized crtc (bsc#1051510). - drm/vmwgfx: Fix double free in vmw_recv_msg() (bsc#1051510). - drm: Flush output polling on shutdown (bsc#1051510). - e1000e: add workaround for possible stalled packet (bsc#1051510). - efi/memattr: Do not bail on zero VA if it equals the region's PA (bsc#1051510). - efi: cper: print AER info of pcie fatal error (bsc#1051510). - efivar/ssdt: Do not iterate over EFI vars if no SSDT override was specified (bsc#1051510). - firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices (git-fixes). - gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() (bsc#1051510). - hid: apple: Fix stuck function keys when using FN (bsc#1051510). - hid: fix error message in hid_open_report() (bsc#1051510). - hid: hidraw: Fix invalid read in hidraw_ioctl (bsc#1051510). - hid: logitech-hidpp: do all FF cleanup in hidpp_ff_destroy() (bsc#1051510). - hid: logitech: Fix general protection fault caused by Logitech driver (bsc#1051510). - hid: prodikeys: Fix general protection fault during probe (bsc#1051510). - hid: sony: Fix memory corruption issue on cleanup (bsc#1051510). - hso: fix NULL-deref on tty open (bsc#1051510). - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' (bsc#1051510). - hwrng: core - do not wait on add_early_randomness() (git-fixes). - hyperv: set nvme msi interrupts to unmanaged (jsc#SLE-8953, jsc#SLE-9221, jsc#SLE-4941, bsc#1119461, bsc#1119465, bsc#1138190, bsc#1154905). - i2c: riic: Clear NACK in tend isr (bsc#1051510). - ib/core, ipoib: Do not overreact to SM LID change event (bsc#1154108) - ib/core: Add mitigation for Spectre V1 (bsc#1155671) - ib/hfi1: Remove overly conservative VM_EXEC flag check (bsc#1144449). - ib/mlx5: Consolidate use_umr checks into single function (bsc#1093205). - ib/mlx5: Fix MR re-registration flow to use UMR properly (bsc#1093205). - ib/mlx5: Report correctly tag matching rendezvous capability (bsc#1046305). - ieee802154: atusb: fix use-after-free at disconnect (bsc#1051510). - ieee802154: ca8210: prevent memory leak (bsc#1051510). - ieee802154: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - iio: adc: ad799x: fix probe error handling (bsc#1051510). - iio: light: opt3001: fix mutex unlock race (bsc#1051510). - ima: always return negative code for error (bsc#1051510). - input: da9063 - fix capability and drop KEY_SLEEP (bsc#1051510). - input: synaptics-rmi4 - avoid processing unknown IRQs (bsc#1051510). - integrity: prevent deadlock during digsig verification (bsc#1090631). - iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41 (bsc#1137799). - iommu/amd: Check PM_LEVEL_SIZE() condition in locked section (bsc#1154608). - iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems (bsc#1137799). - iommu/amd: Remove domain->updated (bsc#1154610). - iommu/amd: Wait for completion of IOTLB flush in attach_device (bsc#1154611). - ipmi_si: Only schedule continuously in the thread in maintenance mode (bsc#1051510). - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' (networking-stable-19_09_15). - ipv6: Handle missing host route in __ipv6_ifa_notify (networking-stable-19_10_05). - ipv6: drop incoming packets having a v4mapped source address (networking-stable-19_10_05). - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us (bsc#1101674). - ixgbe: sync the first fragment unconditionally (bsc#1133140). - kABI workaround for crypto/af_alg changes (bsc#1154737). - kABI workaround for drm_vma_offset_node readonly field addition (bsc#1135967) - kABI workaround for snd_hda_pick_pin_fixup() changes (bsc#1051510). - kabi/severities: Whitelist functions internal to radix mm. To call these functions you have to first detect if you are running in radix mm mode which can't be expected of OOT code. - kabi: net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - kernel-binary: Drop .kernel-binary.spec.buildenv (boo#1154578). - kernel-binary: check also bzImage on s390/s390x Starting with 4.19-rc1, uncompressed image is no longer built on s390x. - kernel-subpackage-build: create zero size ghost for uncompressed vmlinux (bsc#1154354). It is not strictly necessary to uncompress it so maybe the ghost file can be 0 size in this case. - kernel/sysctl.c: do not override max_threads provided by userspace (bnc#1150875). - ksm: cleanup stable_node chain collapse case (bnc#1144338). - ksm: fix use after free with merge_across_nodes = 0 (bnc#1144338). - ksm: introduce ksm_max_page_sharing per page deduplication limit (bnc#1144338). - ksm: optimize refile of stable_node_dup at the head of the chain (bnc#1144338). - ksm: swap the two output parameters of chain/chain_prune (bnc#1144338). - kvm: Convert kvm_lock to a mutex (bsc#1117665). - kvm: MMU: drop vcpu param in gpte_access (bsc#1117665). - kvm: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag (bsc#1061840). - kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (bsc#1117665). - kvm: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665). - kvm: x86: Do not release the page inside mmu_set_spte() (bsc#1117665). - kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665). - kvm: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665). - kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665). - kvm: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665). - kvm: x86: mmu: Recovery of shattered NX large pages (bsc#1117665, CVE-2018-12207). - kvm: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665). - lib/mpi: Fix karactx leak in mpi_powm (bsc#1051510). - libertas: Add missing sentinel at end of if_usb.c fw_table (bsc#1051510). - mISDN: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - mac80211: Reject malformed SSID elements (bsc#1051510). - mac80211: accept deauth frames in ibSS mode (bsc#1051510). - mac80211: fix txq null pointer dereference (bsc#1051510). - macsec: drop skb sk before calling gro_cells_receive (bsc#1051510). - md/raid0: avoid RAID0 data corruption due to layout confusion (bsc#1140090). - md/raid0: fix warning message for parameter default_layout (bsc#1140090). - media: atmel: atmel-isc: fix asd memory allocation (bsc#1135642). - media: cpia2_usb: fix memory leaks (bsc#1051510). - media: dvb-core: fix a memory leak bug (bsc#1051510). - media: exynos4-is: fix leaked of_node references (bsc#1051510). - media: gspca: zero usb_buf on error (bsc#1051510). - media: hdpvr: Add device num check and handling (bsc#1051510). - media: hdpvr: add terminating 0 at end of string (bsc#1051510). - media: i2c: ov5645: Fix power sequence (bsc#1051510). - media: iguanair: add sanity checks (bsc#1051510). - media: omap3isp: Do not set streaming state on random subdevs (bsc#1051510). - media: omap3isp: Set device on omap3isp subdevs (bsc#1051510). - media: ov9650: add a sanity check (bsc#1051510). - media: radio/si470x: kill urb on error (bsc#1051510). - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() (bsc#1051510). - media: saa7146: add cleanup in hexium_attach() (bsc#1051510). - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table (bsc#1051510). - media: stkwebcam: fix runtime PM after driver unbind (bsc#1051510). - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (bsc#1051510). - mem: /dev/mem: Bail out upon SIGKILL (git-fixes). - memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' (bsc#1051510). - mfd: intel-lpss: Remove D3cold delay (bsc#1051510). - mld: fix memory leak in mld_del_delrec() (networking-stable-19_09_05). - mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence (bsc#1051510). - mmc: sdhci: Fix incorrect switch to HS mode (bsc#1051510). - mmc: sdhci: improve ADMA error reporting (bsc#1051510). - net/ibmvnic: Fix EOI when running in XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/mlx4_en: fix a memory leak bug (bsc#1046299). - net/mlx5: Add device ID of upcoming BlueField-2 (bsc#1046303 ). - net/mlx5: Fix error handling in mlx5_load() (bsc#1046305 ). - net/phy: fix DP83865 10 Mbps HDX loopback disable function (networking-stable-19_09_30). - net/rds: Fix error handling in rds_ib_add_one() (networking-stable-19_10_05). - net/rds: fix warn in rds_message_alloc_sgs (bsc#1154848). - net/rds: remove user triggered WARN_ON in rds_sendmsg (bsc#1154848). - net/sched: act_sample: do not push mac header on ip6gre ingress (networking-stable-19_09_30). - net: Fix null de-reference of device refcount (networking-stable-19_09_15). - net: Replace NF_CT_ASSERT() with WARN_ON() (bsc#1146612). - net: Unpublish sk from sk_reuseport_cb before call_rcu (networking-stable-19_10_05). - net: fix skb use after free in netpoll (networking-stable-19_09_05). - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list (networking-stable-19_09_15). - net: openvswitch: free vport unless register_netdevice() succeeds (git-fixes). - net: qlogic: Fix memory leak in ql_alloc_large_buffers (networking-stable-19_10_05). - net: qrtr: Stop rx_worker before freeing node (networking-stable-19_09_30). - net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - net: stmmac: dwmac-rk: Do not fail if phy regulator is absent (networking-stable-19_09_05). - net_sched: add policy validation for action attributes (networking-stable-19_09_30). - net_sched: fix backward compatibility for TCA_ACT_KIND (git-fixes). - netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612). - nfc: enforce CAP_NET_RAW for raw sockets (bsc#1152788 CVE-2019-17056). - nfc: fix attrs checks in netlink interface (bsc#1051510). - nfc: fix memory leak in llcp_sock_bind() (bsc#1051510). - nfc: pn533: fix use-after-free and memleaks (bsc#1051510). - nfs: NFSv4 Check the return value of update_open_stateid (boo#1154189 bsc#1154747). - nfsv4.1 - backchannel request should hold ref on xprt (bsc#1152624). - nl80211: fix null pointer dereference (bsc#1051510). - objtool: Clobber user CFLAGS variable (bsc#1153236). - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC (networking-stable-19_09_30). - packaging: add support for riscv64 - pci: Correct pci=resource_alignment parameter example (bsc#1051510). - pci: PM: Fix pci_power_up() (bsc#1051510). - pci: dra7xx: Fix legacy INTD IRQ handling (bsc#1087092). - pci: hv: Use bytes 4 and 5 from instance ID as the pci domain numbers (bsc#1153263). - pinctrl: tegra: Fix write barrier placement in pmx_writel (bsc#1051510). - platform/x86: classmate-laptop: remove unused variable (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC277E to critclk_systems DMI table (bsc#1051510). - power: supply: sysfs: ratelimit property read error message (bsc#1051510). - powerpc/64s/pseries: radix flush translations before MMU is enabled at boot (bsc#1055186). - powerpc/64s/radix: keep kernel ERAT over local process/guest invalidates (bsc#1055186). - powerpc/64s/radix: tidy up TLB flushing code (bsc#1055186). - powerpc/64s: Rename PPC_INVALIDATE_ERAT to PPC_ISA_3_0_INVALIDATE_ERAT (bsc#1055186). - powerpc/mm/book3s64: Move book3s64 code to pgtable-book3s64 (bsc#1055186). - powerpc/mm/radix: mark __radix__flush_tlb_range_psize() as __always_inline (bsc#1055186). - powerpc/mm/radix: mark as __tlbie_pid() and friends as__always_inline (bsc#1055186). - powerpc/mm: Properly invalidate when setting process table base (bsc#1055186). - powerpc/mm: mark more tlb functions as __always_inline (bsc#1055186). - powerpc/pseries/mobility: use cond_resched when updating device tree (bsc#1153112 ltc#181778). - powerpc/pseries: Remove confusing warning message (bsc#1109158). - powerpc/rtas: allow rescheduling while changing cpu states (bsc#1153112 ltc#181778). - qed: iWARP - Fix default window size to be based on chip (bsc#1050536 bsc#1050545). - qed: iWARP - Fix tc for MPA ll2 connection (bsc#1050536 bsc#1050545). - qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state (bsc#1050536 bsc#1050545). - qed: iWARP - fix uninitialized callback (bsc#1050536 bsc#1050545). - qmi_wwan: add support for Cinterion CLS8 devices (networking-stable-19_10_05). - r8152: Set macpassthru in reset_resume callback (bsc#1051510). - rdma/bnxt_re: Fix spelling mistake 'missin_resp' -> 'missing_resp' (bsc#1050244). - rdma: Fix goto target to release the allocated memory (bsc#1050244). - rds: Fix warning (bsc#1154848). - rpm/config.sh: Enable livepatch. - rpm/constraints.in: lower disk space required for ARM With a requirement of 35GB, only 2 slow workers are usable for ARM. Current aarch64 build requires 27G and armv6/7 requires 14G. Set requirements respectively to 30GB and 20GB. - rpm/dtb.spec.in.in: do not make dtb directory inaccessible There is no reason to lock down the dtb directory for ordinary users. - rpm/kernel-binary.spec.in: Fix kernel-livepatch description typo. - rpm/kernel-binary.spec.in: build kernel-*-kgraft only for default SLE kernel RT and Azure variants are excluded for the moment. (bsc#1141600) - rpm/kernel-binary.spec.in: handle modules.builtin.modinfo It was added in 5.2. - rpm/kernel-binary.spec.in: support partial rt debug config. - rpm/kernel-subpackage-spec: Mention debuginfo in the subpackage description (bsc#1149119). - rpm/macros.kernel-source: KMPs should depend on kmod-compat to build. kmod-compat links are used in find-provides.ksyms, find-requires.ksyms, and find-supplements.ksyms in rpm-config-SUSE. - rpm/mkspec: Correct tarball URL for rc kernels. - rpm/mkspec: Make building DTBs optional. - rpm/modflist: Simplify compression support. - rpm: raise required disk space for binary packages Current disk space constraints (10 GB on s390x, 25 GB on other architectures) no longer suffice for 5.3 kernel builds. The statistics show ~30 GB of disk consumption on x86_64 and ~11 GB on s390x so raise the constraints to 35 GB in general and 14 GB on s390x. - rpm: support compressed modules Some of our scripts and scriptlets in rpm/ do not expect module files not ending with '.ko' which currently leads to failure in preuninstall scriptlet of cluster-md-kmp-default (and probably also other subpackages). Let those which could be run on compressed module files recognize '.ko.xz' in addition to '.ko'. - rtlwifi: rtl8192cu: Fix value set in descriptor (bsc#1142635). - s390/cmf: set_schib_wait add timeout (bsc#1153509, bsc#1153476). - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash (networking-stable-19_10_05). - sch_dsmark: fix potential NULL deref in dsmark_init() (networking-stable-19_10_05). - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (networking-stable-19_09_15). - sch_netem: fix a divide by zero in tabledist() (networking-stable-19_09_30). - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - scripts/arch-symbols: add missing link. - scsi: lpfc: Fix devices that do not return after devloss followed by rediscovery (bsc#1137040). - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs attribute (bsc#1140845). - scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1140883). - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375). - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1098291). - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1098291). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link reset (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link up fail (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix partial flash write of MBI (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix wait condition in loop (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Improve logging for scan thread (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Initialized mailbox to prevent driver load failure (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Set remove flag for all VP (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Silence fwdump template message (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: fix a potential NULL pointer dereference (bsc#1150457 CVE-2019-16233). - scsi: qla2xxx: fixup incorrect usage of host_byte (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: remove redundant assignment to pointer host (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: stop timer in shutdown path (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue (bsc#1140729). - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (networking-stable-19_09_15). - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike (networking-stable-19_09_15). - skge: fix checksum byte order (networking-stable-19_09_30). - sock_diag: fix autoloading of the raw_diag module (bsc#1152791). - sock_diag: request _diag module only when the family or proto has been registered (bsc#1152791). - staging: vt6655: Fix memory leak in vt6655_probe (bsc#1051510). - staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS (bsc#1051510). - supporte.conf: add efivarfs to kernel-default-base (bsc#1154858). - tcp: Do not dequeue SYN/FIN-segments from write-queue (git-gixes). - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR (networking-stable-19_09_15). - tcp: inherit timestamp on mtu probe (networking-stable-19_09_05). - tcp: remove empty skb from write queue in error cases (networking-stable-19_09_05). - thermal: Fix use-after-free when unregistering thermal zone device (bsc#1051510). - thermal_hwmon: Sanitize thermal_zone type (bsc#1051510). - tipc: add NULL pointer check before calling kfree_rcu (networking-stable-19_09_15). - tipc: fix unlimited bundling of small messages (networking-stable-19_10_05). - tracing: Initialize iter->seq after zeroing in tracing_read_pipe() (bsc#1151508). - tun: fix use-after-free when register netdev failed (networking-stable-19_09_15). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - usb: adutux: fix NULL-derefs on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on release (bsc#1051510). - usb: chaoskey: fix use-after-free on release (bsc#1051510). - usb: dummy-hcd: fix power budget for SuperSpeed mode (bsc#1051510). - usb: iowarrior: fix use-after-free after driver unbind (bsc#1051510). - usb: iowarrior: fix use-after-free on disconnect (bsc#1051510). - usb: iowarrior: fix use-after-free on release (bsc#1051510). - usb: ldusb: fix NULL-derefs on driver unbind (bsc#1051510). - usb: ldusb: fix memleak on disconnect (bsc#1051510). - usb: ldusb: fix read info leaks (bsc#1051510). - usb: legousbtower: fix a signedness bug in tower_probe() (bsc#1051510). - usb: legousbtower: fix deadlock on disconnect (bsc#1142635). - usb: legousbtower: fix memleak on disconnect (bsc#1051510). - usb: legousbtower: fix open after failed reset request (bsc#1142635). - usb: legousbtower: fix potential NULL-deref on disconnect (bsc#1142635). - usb: legousbtower: fix slab info leak at probe (bsc#1142635). - usb: legousbtower: fix use-after-free on release (bsc#1051510). - usb: microtek: fix info-leak at probe (bsc#1142635). - usb: serial: fix runtime PM after driver unbind (bsc#1051510). - usb: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20 (bsc#1051510). - usb: serial: keyspan: fix NULL-derefs on open() and write() (bsc#1051510). - usb: serial: option: add Telit FN980 compositions (bsc#1051510). - usb: serial: option: add support for Cinterion CLS8 devices (bsc#1051510). - usb: serial: ti_usb_3410_5052: fix port-close races (bsc#1051510). - usb: udc: lpc32xx: fix bad bit shift operation (bsc#1051510). - usb: usb-skeleton: fix NULL-deref on disconnect (bsc#1051510). - usb: usb-skeleton: fix runtime PM after driver unbind (bsc#1051510). - usb: usb-skeleton: fix use-after-free after driver unbind (bsc#1051510). - usb: usblcd: fix I/O after disconnect (bsc#1142635). - usb: usblp: fix runtime PM after driver unbind (bsc#1051510). - usb: usblp: fix use-after-free on disconnect (bsc#1051510). - usb: xhci: wait for CNR controller not ready bit in xhci resume (bsc#1051510). - usb: yurex: Do not retry on unexpected errors (bsc#1051510). - usb: yurex: fix NULL-derefs on disconnect (bsc#1051510). - usbnet: ignore endpoints with invalid wMaxPacketSize (bsc#1051510). - usbnet: sanity checking of packet sizes and device mtu (bsc#1051510). - vfio_pci: Restore original state on release (bsc#1051510). - vfs: Make filldir[64]() verify the directory entry filename is valid (bsc#1144903). - vhost_net: conditionally enable tx polling (bsc#1145099). - video: of: display_timing: Add of_node_put() in of_get_display_timing() (bsc#1051510). - vsock: Fix a lockdep warning in __vsock_release() (networking-stable-19_10_05). - watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout (bsc#1051510). - x86/asm: Fix MWAITX C-state hint value (bsc#1114279). - x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (bnc#1153969). - x86/boot/64: Round memory hole size up to next PMD page (bnc#1153969). - x86/mm: Use WRITE_ONCE() when setting PTEs (bsc#1114279). - x86/tsx: Add config options to set tsx=on|off|auto (bsc#1139073, CVE-2019-11135). - xen/netback: fix error path of xenvif_connect_data() (bsc#1065600). - xen/pv: Fix Xen PV guest int3 handling (bsc#1153811). - xhci: Check all endpoints for LPM timeout (bsc#1051510). - xhci: Fix false warning message about wrong bounce buffer write length (bsc#1051510). - xhci: Increase STS_SAVE timeout in xhci_suspend() (bsc#1051510). - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long (bsc#1051510). ----------------------------------------- Patch: SUSE-2019-3101 Released: Fri Nov 29 06:45:22 2019 Summary: Recommended update for pacemaker Severity: moderate References: 1151007 Description: This update for pacemaker fixes the following issues: - Fixes and improvements for fencer. (bsc#1151007) - Indicate fencing target in the logs when scheduling and executing fencing command and improved log messages. - Make sure concurrent fencing commands get triggered to execute. - Other commands and actions cannot be blocked by pending on the fencing. - No need to check the length of a non-empty list for pending fencing actions. ----------------------------------------- Patch: SUSE-2019-3102 Released: Fri Nov 29 06:45:44 2019 Summary: Recommended update for csync2 Severity: moderate References: 1145032 Description: This update for csync2 fixes the following issues: - Fix for the wrong/false TLS key generation on installation, and show the output during generetion sequence. (bsc#1145032) ----------------------------------------- Patch: SUSE-2019-3104 Released: Fri Nov 29 06:47:08 2019 Summary: Recommended update for sysstat Severity: moderate References: 1144923,SLE-5958 Description: This update for sysstat fixes the following issues: - Enable log information of starting/stoping services. (bsc#1144923, jsc#SLE-5958) ----------------------------------------- Patch: SUSE-2019-3114 Released: Fri Nov 29 11:20:57 2019 Summary: Recommended update for wicked Severity: moderate References: 1042123,1129631,1129986,1132280,1132326,1132774,1132977,1136034,1140117,1142214,1142670,1143182,1150183,1150972,SLE-5936 Description: This update for wicked fixes the following issues: - dhcp6: Add an address-length (DHCLIENT6_ADDRESS_LENGTH) ifcfg option, which allows to specify an explicit prefix-length to use for the DHCPv6 address and override detection using RA prefix info and a default to /128. Previously the default value was set to a /64 address prefix-length. (bsc#1132280) - time: Use boot time for timer instead of real time to avoid getting stuck when bringing up the network. (bsc#1129986) - systemd: Change the service to depend on udev settle service as calling udevadm settle directly caused systemd to kill wicked services. (bsc#1136034, bsc#1132774) - bridge: Honor ifcfg LLADDR and set link address. (bsc#1042123, bsc#1142670) - rfkill: Fix an issue where wicked was unable to set up the Wifi module. (bsc#1140117) - dhcp4: Fix an intermittent hang during network setup by cleaning up the defer timer pointer when timeout. (bsc#1142214) - dhcp4: Make sure custom routing options are respected. (bsc#1132326) - dhcp6: Initial support to request prefix for delegations. (jsc#SLE-5936) - dhcp6: Set the noprefixroute address option. (bsc#1132280) - dhcp6: Omit noprefixroute with address-length. Allow to assume that the address prefix-length override specified in the config is a valid on-link prefix length, to let the kernel create a route for this prefix. (bsc#1150972) - dhcp6: Differentiated mode=auto resolving from RA. Fix to not trigger n error when ipv6 RA is not available or the received RA disables dhcp while mode is set to auto, but to deliver a 'deferred' result. (bsc#1150183) - libwicked: Fix versioning and packaging by shipping the internal helper library inside the wicked package itself. (bsc#1143182, bsc#1132977) ----------------------------------------- Patch: SUSE-2019-3118 Released: Fri Nov 29 14:41:35 2019 Summary: Recommended update for e2fsprogs Severity: moderate References: 1154295 Description: This update for e2fsprogs fixes the following issues: - Make minimum size estimates more reliable for mounted filesystem. (bsc#1154295) ----------------------------------------- Patch: SUSE-2019-3120 Released: Fri Nov 29 14:43:42 2019 Summary: Recommended update for python Severity: moderate References: 1149792 Description: This update for python fixes the following issues: - Skipping tests for failing build with OpenSSL 1.1.1c. (bpo#36576, bsc#1149792) ----------------------------------------- Patch: SUSE-2019-3165 Released: Wed Dec 4 11:23:21 2019 Summary: Recommended update for cronie Severity: moderate References: 1155114,1155929 Description: This update for cronie fixes the following issues: - Update crontab so it doesn't print the headers of crontab with the 'crontab -l' command. (bsc#1155114) - Remove 'checkproc' from the run-crons script as the usage is bogus and has a potential of risks. (bsc#1155929) ----------------------------------------- Patch: SUSE-2019-3166 Released: Wed Dec 4 11:24:42 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1007715,1084934,1157278 Description: This update for aaa_base fixes the following issues: - Use official key binding functions in inputrc that is replace up-history with previous-history, down-history with next-history and backward-delete-word with backward-kill-word. (bsc#1084934) - Add some missed key escape sequences for urxvt-unicode terminal as well. (bsc#1007715) - Clear broken ghost entry in patch which breaks 'readline'. (bsc#1157278) ----------------------------------------- Patch: SUSE-2019-3176 Released: Thu Dec 5 11:41:01 2019 Summary: Security update for clamav Severity: important References: 1157763,CVE-2019-15961 Description: This update for clamav fixes the following issues: - CVE-2019-15961: Fixed a denial of service which might occur when scanning a specially crafted email file as (bsc#1157763). ----------------------------------------- Patch: SUSE-2019-3182 Released: Thu Dec 5 11:43:14 2019 Summary: Security update for permissions Severity: moderate References: 1093414,1150734,1157198,CVE-2019-3688,CVE-2019-3690 Description: This update for permissions fixes the following issues: - CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid which could have allowed a squid user to gain persistence by changing the binary (bsc#1093414). - CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic links (bsc#1150734). - Fixed a regression which caused sagmentation fault (bsc#1157198). ----------------------------------------- Patch: SUSE-2019-3190 Released: Thu Dec 5 11:45:31 2019 Summary: Security update for munge Severity: moderate References: 1155075,CVE-2019-3691 Description: This update for munge fixes the following issues: Security issue fixed: - CVE-2019-3691: Fixed a Local privilege escalation vulnerability which allowed escalation from munge to root (bsc#1155075). ----------------------------------------- Patch: SUSE-2019-3205 Released: Mon Dec 9 13:48:28 2019 Summary: Recommended update for insserv-compat Severity: moderate References: 1052837,1133306 Description: This update for insserv-compat fixes the following issues: - Fix handling of start parameters. (bsc#1133306) - Remove unnecessary entry from configuration file. (bsc#1052837) ----------------------------------------- Patch: SUSE-2019-3206 Released: Mon Dec 9 14:18:53 2019 Summary: Recommended update for drbd Severity: moderate References: 1154084 Description: This update for drbd fixes the following issues: - Fix for potential double call of drbd backing device. (bsc#1154084) ----------------------------------------- Patch: SUSE-2019-3210 Released: Tue Dec 10 08:54:15 2019 Summary: Recommended update for rubygem-mail Severity: moderate References: 1156721 Description: This update for rubygem-mail fixes the following issues: Compatibility fixes: - Restore conversions for properly encoded non-binary emails. - Gracefully parse certain invalid Content-Type headers. (rafbm) Bug fixes: - Fix transfer encoding when message encoding is blank. (bsc#1156721) - Fix 7bit/base64 content transfer encoding mismatch. (bsc#1156721) - Fix UTF-8 attachment filename quoting. (bsc#1156721) - Fix 'delete_all' using a readonly IMAP connection. (bsc#1156721) ----------------------------------------- Patch: SUSE-2019-3240 Released: Tue Dec 10 10:40:19 2019 Summary: Recommended update for ca-certificates-mozilla, p11-kit Severity: moderate References: 1154871 Description: This update for ca-certificates-mozilla, p11-kit fixes the following issues: Changes in ca-certificates-mozilla: - export correct p11kit trust attributes so Firefox detects built in certificates (bsc#1154871). Changes in p11-kit: - support loading NSS attribute CKA_NSS_MOZILLA_CA_POLICY so Firefox detects built in certificates (bsc#1154871) ----------------------------------------- Patch: SUSE-2019-3245 Released: Wed Dec 11 10:12:19 2019 Summary: Recommended update for azure-li-services Severity: moderate References: 1157040,1157041 Description: This update for azure-li-services fixes the following issues: - Bump version: 1.2.3 to 1.2.4 - Reference commit for SUSE maintenance This submission creates a reference to bsc#1157041 - Reference commit for SUSE maintenance This submission creates a reference to bsc#1157040 - Bump version: 1.2.2 to 1.2.3 - Right name for vli sp2 folder - Add folder for SLES15 SP2 VLI images - Fixed VLI package list for sle15 cpp48 does not exist on sle15, instead the cpp package by its name provides is used. On sle15 this resolved to cpp7. This is related to Issue #186 - Bump version: 1.2.1 to 1.2.2 - Added Microsoft requested packages to VLI images This Fixes #186 - Add retry loop to setup sbd device There is no deterministic way to know when the iSCSI device is ready to be processed by sbd. Thus the calls to setup the sbd device has been placed into a retry loop that runs max 3 times with a 2sec wait period in between. This Fixes #188 - Add directory for SLES15-SP2 - Saptune setup As pointed before, saptune supersedes sapconf. This is the right path to setup saptune. Update image descriptions not to install sapconf. This Fixes #185 - Update LI image versions For the refresh of the images in the SUSE namespace the version number has been increased - Bump version: 1.2.0 to 1.2.1 - Right sequence saptune One of the issues is that `saptune` is a different tool that supersedes `sapconf`. Then the `saptune daemon restart` command will always overwrite the profile with `saptune`. Two different tools that can't be mixed. Only one should be used. In case of SLES (not SLES for SAP), the sequence should be For SLES 12 ``` tuned-adm profile sap-hana systemctl enable --now sapconf.service ``` and for SLES15 ``` tuned-adm profile sapconf systemctl enable --now sapconf.service ``` For SLES for SAP, the sequence is the same for 12 and 15: ``` saptune daemon start saptune solution apply HANA ``` This Fixes #172 - Bump version: 1.1.39 to 1.2.0 - Change the setup of the login shell The login shell was setup based on assumption regarding other user attributes set. This way caused some negative side effects which lets us change the behavior. This patch does the following * Adds a new attribute named: loginshell * If loginshell is present the value for loginshell will be used, if not the default /sbin/nologin applies * All implicit assumptions for setting up the login shell got deleted This Fixes #178 - sbd device to wait for udev to finish This Fixes #179 - Bump version: 1.1.38 to 1.1.39 - Consolidate all image descriptions in git Instead of maintaining image descriptions in obs we want to maintain them in git. With this change only a service and multibuild configuration applies in obs but the data to build the image will live in git. This allows for real development and review regarding changes to the kiwi image descriptions. - Restart iscsi subsystem after device discovery Only after restart of the iscsi subsystem the device nodes from a previous device discovery gets created properly. This Fixes #170 - Bump version: 1.1.37 to 1.1.38 - Added more logging to the process Add a log file /var/log/azure-li-services.log which adds logging information from the service process. Usually error log information is present on the systemd level but for checking the process, it's calls and potential further information it's also useful to have a processing log file. The log file will be created on the host and gets also copied to the config lun in the same way as the systemd workload log - Bump version: 1.1.36 to 1.1.37 - Delete ineffective startup.nsh code startup.nsh is read by the firmware in an early boot phase. It doesn't make sense to write that file as part of the boot services because it's too late in the process. startup.nsh if required needs to be provided by the image itself - Extend storage service dependencies The storage service can be used for remote storage like NFS storage to be attached to the machine. This requires the network to be online. Having the network only configured is not enough it must also be online. Thus the storage service unit is extended to wait for the network-online.target - Bump version: 1.1.35 to 1.1.36 - Fixed network setup for bonding on vlan vlan network definitions that uses bonding etherdevices were missing a switch to correctly assign the ip configuration This Fixes #164 - Bump version: 1.1.34 to 1.1.35 - Apply saptune startup sequence suggested by $MS Implementing startup sequence as suggested in SAP Note 1275776. This Fixes #149 - Log command calls on the console Implements a simple logging facility for the Command classes and write the commands called to the console. This will lead to more detailed information about the command calls in the systemd status information - Load yaml in safe mode The default yaml loader is unsafe, thus we should switch to the safe_load method. For details see: https://msg.pyyaml.org/load - Bump version: 1.1.33 to 1.1.34 - Start saptune daemon after applying profile For some reason the saptune daemon needs to restart if a profile has been set through the tuned-adm profile command. This Fixes #149 - Revert fix for service order of saptune daemon It has turned out that the simple change in order did not solve the problem. In fact the daemon needs to be restarted on profile setup - Allow ssh access with shell Allow access through ssh without shadow hash and with shell. Fixes #151 - Bump version: 1.1.32 to 1.1.33 - Fix service order on startup of saptune daemon The tuned profile must be applied prior to the start of the saptune daemon. This Fixes #149 - Bump version: 1.1.31 to 1.1.32 - Fixed travis badge link - Mount LUN in sync mode Per request from Microsoft the location that holds the config file and is also used for the status flag and log should be mounted with the sync option. This Fixes #144 - Activate SAP Hana profile via tuned-adm Check for the presence of the sap-hana profile and switch to sapconf if not found. Activate the selected profile via the tuned-adm control command. This Fixes #142 ----------------------------------------- Patch: SUSE-2019-3293 Released: Fri Dec 13 18:28:36 2019 Summary: Security update for libssh Severity: important References: 1158095,CVE-2019-14889 Description: This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095). ----------------------------------------- Patch: SUSE-2019-3314 Released: Tue Dec 17 09:46:37 2019 Summary: Recommended update for python-kiwi Severity: moderate References: 1112357,1124885,1127173,1129566,1132455,1136444,1142899,1143033,1149686,1150190,1155285 Description: This update for python-kiwi fixes the following issues: - Update SLE15-GA to align with SLE15-SP1. (bsc#1155285) - Fix rpmdb compat link setup. (bsc#1150190) - Add '--add-bootstrap-packages' option allowing to specify additional packages. (bsc#1149686) - Avoid default installation of dracut kiwi modules in the initrd. (bsc#1142899, bsc#1136444) - Add support for custom fstab script extension. (bsc#1129566) - Add crypt dependency to kiwi-lib dracut modulehe kiwi-lib dracut module to include crypt module. (bsc#1142899) - Install rmdir according to requirements of dracut. (bsc#1143033) - Avoid not to crash on missing 'HOME' directory. (bsc#1149686) - Extend spare partition setup. (bsc#1129566) - Preserve licenses and other text files by 'baseStripFirmware'. (bsc#1132455) - Delete firmware 'check_grub_efi_installed_for_efi_firmware' to prevent checking static list during runtime check. (bsc#1149686) - In addition to the support for fstab.append, users can provide a patch file to change the contents of the fstab file. (bsc#1129566) - Change the output format of the bundler shasum file to be compatible with a 'sha256sum --check' call. (bsc#1127173) - Fixed import of signing keys make accessible for zypper. (bsc#1112357) - Fix location of grub unicode font. (bsc#1124885) - Handle location of the rpm DB on the macro level. (bsc#1112357) ----------------------------------------- Patch: SUSE-2019-3318 Released: Tue Dec 17 13:10:43 2019 Summary: Security update for samba Severity: important References: 1158108,1158109,CVE-2019-14861,CVE-2019-14870 Description: This update for samba fixes the following issues: - CVE-2019-14861: Fixed a DNSServer RPC server crash, that allowed an authenticated user to crash the DCE/RPC DNS management server by creating records with matching the zone name (bsc#1158108). - CVE-2019-14870: Fixed a DelegationNotAllowed not being enforced (bsc#1158109). ----------------------------------------- Patch: SUSE-2019-3324 Released: Tue Dec 17 15:44:20 2019 Summary: Recommended update for grub2 Severity: moderate References: 1136970,1154783 Description: This update for grub2 fixes the following issues: - Fix 'grub2.sleep' to load old kernel after hibernation. (bsc#1154783) - Consistently find btrfs snapshots on s390x to boot from. (bsc#1136970) ----------------------------------------- Patch: SUSE-2019-3337 Released: Wed Dec 18 18:17:09 2019 Summary: Security update for MozillaFirefox Severity: important References: 1157652,1158328,CVE-2019-11745,CVE-2019-13722,CVE-2019-17005,CVE-2019-17008,CVE-2019-17009,CVE-2019-17010,CVE-2019-17011,CVE-2019-17012 Description: This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328) Security issues fixed: - CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331) - CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156) - CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176) - CVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494) - CVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084) - CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170) - CVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334) - CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502) ----------------------------------------- Patch: SUSE-2019-3368 Released: Thu Dec 19 19:21:58 2019 Summary: Recommended update for irqbalance Severity: moderate References: 1119461,1138190,1154905 Description: This update for irqbalance fixes the following issues: - Irqbalanced is supposed to spread the load for NVMe. (bsc#1119461, bsc#1154905, bsc#1138190) ----------------------------------------- Patch: SUSE-2019-3381 Released: Mon Dec 23 10:52:50 2019 Summary: Security update for the Linux Kernel Severity: important References: 1046303,1048942,1051510,1065600,1071995,1078248,1082635,1083647,1089644,1090888,1091041,1104427,1108043,1113722,1114279,1115026,1117169,1120853,1127371,1131107,1138039,1140948,1142095,1143706,1143959,1144333,1146519,1146544,1149448,1150466,1151548,1151900,1152631,1152782,1153628,1153681,1153811,1154043,1154058,1154124,1154355,1154526,1154956,1155021,1155331,1155334,1155689,1155692,1155836,1155897,1155921,1156187,1156258,1156259,1156429,1156462,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1157038,1157042,1157070,1157143,1157145,1157158,1157162,1157169,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157303,1157307,1157324,1157333,1157424,1157463,1157499,1157678,1157698,1157778,1157853,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158082,1158094,1158132,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,1158533,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159297,CVE-2019-14895,CVE-2019-14901,CVE-2019-15213,CVE-2019-15916,CVE-2019-16231,CVE-2019-17055,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18808,CVE-2019-18809,CVE-2019-19049,CVE-2019-19051,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19066,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19227,CVE-2019-19332,CVE-2019-19338,CVE-2019-19523,CVE-2019-19524,CVE-2019-19525,CVE-2019-19526,CVE-2019-19527,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19532,CVE-2019-19533,CVE-2019-19534,CVE-2019-19535,CVE-2019-19536,CVE-2019-19537,CVE-2019-19543,CVE-2019-19767 Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-19767: Fixed ext4_expand_extra_isize mishandles, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c (bnc#1159297). - CVE-2019-18808: Fixed a memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of service (memory consumption) (bnc#1156259). - CVE-2019-19066: Fixed memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c that allowed attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures (bnc#1157303). - CVE-2019-19051: Fixed memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c that allowed attackers to cause a denial of service (memory consumption) (bnc#1159024). - CVE-2019-19338: There was an incomplete fix for Transaction Asynchronous Abort (TAA) (bsc#1158954). - CVE-2019-19332: There was an OOB memory write via kvm_dev_ioctl_get_cpuid (bsc#1158827). - CVE-2019-19537: There was a race condition bug that could have been caused by a malicious USB device in the USB character device driver layer (bnc#1158904). - CVE-2019-19535: There was an info-leak bug that could have been caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver (bnc#1158903). - CVE-2019-19527: There was a use-after-free bug that could have been caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (bnc#1158900). - CVE-2019-19526: There was a use-after-free bug that could have been caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver (bnc#1158893). - CVE-2019-19533: There was an info-leak bug that could have been caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver (bnc#1158834). - CVE-2019-19532: There were multiple out-of-bounds write bugs that could have been caused by a malicious USB device in the Linux kernel HID drivers (bnc#1158824). - CVE-2019-19523: There was a use-after-free bug that could have been caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (bnc#1158823). - CVE-2019-15213: An issue was discovered in the Linux kernel, there was a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544). - CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1158445). - CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427). - CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver (bnc#1158417). - CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (bnc#1158410). - CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394). - CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver (bnc#1158413). - CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (bnc#1158407). - CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398). - CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver (bnc#1158381). - CVE-2019-14901: A heap overflow flaw was found in the Linux kernel in Marvell WiFi chip driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system (bnc#1157042). - CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158). - CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038). - CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897). - CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1156258). - CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333). - CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). - CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). - CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157307). - CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157298). - CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client (bnc#1157678). - CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures (bnc#1157191). - CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171). - CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324). - CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures (bsc#1157180). - CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157178). - CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures (bsc#1157173). - CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures (bnc#1157162). - CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures (bnc#1157145). - CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157143). - CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function (bnc#1157070). - CVE-2019-15916: An issue was discovered in the Linux kernel There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448). - CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466). - CVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel There was a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact (bnc#1156187). - CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket (bnc#1152782). The following non-security bugs were fixed: - ACPI / APEI: Do not wait to serialise with oops messages when panic()ing (bsc#1051510). - ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask (bsc#1051510). - ACPI / LPSS: Ignore acpi_device_fix_up_power() return value (bsc#1051510). - ACPI / SBS: Fix rare oops when removing modules (bsc#1051510). - ACPI: OSL: only free map once in osl.c (bsc#1051510). - ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100 (bsc#1051510). - ACPICA: Never run _REG on system_memory and system_IO (bsc#1051510). - ACPICA: Use %d for signed int print formatting instead of %u (bsc#1051510). - ALSA: 6fire: Drop the dead code (git-fixes). - ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series (git-fixes). - ALSA: cs4236: fix error return comparison of an unsigned integer (git-fixes). - ALSA: echoaudio: simplify get_audio_levels (bsc#1051510). - ALSA: fireface: fix return value in error path of isochronous resources reservation (bsc#1051510). - ALSA: firewire-motu: Correct a typo in the clock proc string (git-fixes). - ALSA: hda - Add mute led support for HP ProBook 645 G4 (git-fixes). - ALSA: hda - Fix pending unsol events at shutdown (git-fixes). - ALSA: hda/ca0132 - Fix possible workqueue stall (bsc#1155836). - ALSA: hda/hdmi - Add new pci ids for AMD GPU display audio (git-fixes). - ALSA: hda/hdmi - Fix duplicate unref of pci_dev (bsc#1051510). - ALSA: hda/hdmi - fix vgaswitcheroo detection for AMD (git-fixes). - ALSA: hda/intel: add CometLake PCI IDs (bsc#1156729). - ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 (git-fixes). - ALSA: hda/realtek - Line-out jack does not work on a Dell AIO (bsc#1051510). - ALSA: hda/realtek - Move some alc236 pintbls to fallback table (git-fixes). - ALSA: hda/realtek - Move some alc256 pintbls to fallback table (git-fixes). - ALSA: hda: Add Cometlake-S PCI ID (git-fixes). - ALSA: i2c/cs8427: Fix int to char conversion (bsc#1051510). - ALSA: intel8x0m: Register irq handler after register initializations (bsc#1051510). - ALSA: oxfw: fix return value in error path of isochronous resources reservation (bsc#1051510). - ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() (git-fixes). - ALSA: pcm: oss: Avoid potential buffer overflows (git-fixes). - ALSA: pcm: signedness bug in snd_pcm_plug_alloc() (bsc#1051510). - ALSA: seq: Do error checks at creating system ports (bsc#1051510). - ALSA: timer: Fix incorrectly assigned timer instance (git-fixes). - ALSA: usb-audio: Fix Focusrite Scarlett 6i6 gen1 - input handling (git-fixes). - ALSA: usb-audio: Fix missing error check at mixer resolution test (git-fixes). - ALSA: usb-audio: not submit urb for stopped endpoint (git-fixes). - ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation (bsc#1051510). - ASoC: compress: fix unsigned integer overflow check (bsc#1051510). - ASoC: davinci-mcasp: Handle return value of devm_kasprintf (stable 4.14.y). - ASoC: davinci: Kill BUG_ON() usage (stable 4.14.y). - ASoC: dpcm: Properly initialise hw->rate_max (bsc#1051510). - ASoC: kirkwood: fix external clock probe defer (git-fixes). - ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX (git-fixes). - ASoC: sgtl5000: avoid division by zero if lo_vag is zero (bsc#1051510). - ASoC: tegra_sgtl5000: fix device_node refcounting (bsc#1051510). - ASoC: tlv320aic31xx: Handle inverted BCLK in non-DSP modes (stable 4.14.y). - ASoC: tlv320dac31xx: mark expected switch fall-through (stable 4.14.y). - Bluetooth: Fix invalid-free in bcsp_close() (git-fixes). - Bluetooth: Fix memory leak in hci_connect_le_scan (bsc#1051510). - Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS (bsc#1051510). - Bluetooth: btusb: fix PM leak in error case of setup (bsc#1051510). - Bluetooth: delete a stray unlock (bsc#1051510). - Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading (bsc#1051510). - Bluetooth: hci_core: fix init for HCI_USER_CHANNEL (bsc#1051510). - Btrfs: fix log context list corruption after rename exchange operation (bsc#1156494). - CDC-NCM: handle incomplete transfer of MTU (networking-stable-19_11_10). - CIFS: Fix SMB2 oplock break processing (bsc#1144333, bsc#1154355). - CIFS: Fix oplock handling for SMB 2.1+ protocols (bsc#1144333, bsc#1154355). - CIFS: Fix retry mid list corruption on reconnects (bsc#1144333, bsc#1154355). - CIFS: Fix use after free of file info structures (bsc#1144333, bsc#1154355). - CIFS: Force reval dentry if LOOKUP_REVAL flag is set (bsc#1144333, bsc#1154355). - CIFS: Force revalidate inode when dentry is stale (bsc#1144333, bsc#1154355). - CIFS: Gracefully handle QueryInfo errors during open (bsc#1144333, bsc#1154355). - CIFS: avoid using MID 0xFFFF (bsc#1144333, bsc#1154355). - CIFS: fix max ea value size (bsc#1144333, bsc#1154355). - Cover up kABI breakage due to DH key verification (bsc#1155331). - Documentation: debugfs: Document debugfs helper for unsigned long values (git-fixes). - Documentation: x86: convert protection-keys.txt to reST (bsc#1078248). - EDAC/ghes: Fix Use after free in ghes_edac remove path (bsc#1114279). - EDAC/ghes: Fix locking and memory barrier issues (bsc#1114279). EDAC/ghes: Do not warn when incrementing refcount on 0 (bsc#1114279). - HID: Add ASUS T100CHI keyboard dock battery quirks (bsc#1051510). - HID: Add quirk for Microsoft PIXART OEM mouse (bsc#1051510). - HID: Fix assumption that devices have inputs (git-fixes). - HID: asus: Add T100CHI bluetooth keyboard dock special keys mapping (bsc#1051510). - HID: doc: fix wrong data structure reference for UHID_OUTPUT (bsc#1051510). - HID: intel-ish-hid: fixes incorrect error handling (bsc#1051510). - HID: wacom: generic: Treat serial number and related fields as unsigned (git-fixes). - Input: ff-memless - kill timer in destroy() (bsc#1051510). - Input: silead - try firmware reload after unsuccessful resume (bsc#1051510). - Input: st1232 - set INPUT_PROP_DIRECT property (bsc#1051510). - Input: synaptics-rmi4 - clear IRQ enables for F54 (bsc#1051510). - Input: synaptics-rmi4 - destroy F54 poller workqueue when removing (bsc#1051510). - Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver (bsc#1051510). - Input: synaptics-rmi4 - do not consume more data than we have (F11, F12) (bsc#1051510). - Input: synaptics-rmi4 - fix video buffer size (git-fixes). - KVM: SVM: Guard against DEACTIVATE when performing WBINVD/DF_FLUSH (bsc#1114279). - KVM: SVM: Serialize access to the SEV ASID bitmap (bsc#1114279). - KVM: VMX: Consider PID.PIR to determine if vCPU has pending interrupts (bsc#1158064). - KVM: VMX: Fix conditions for guest IA32_XSS support (bsc#1158065). - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl (git-fixes). - KVM: s390: Test for bad access register and size at the start of S390_MEM_OP (git-fixes). - KVM: x86/mmu: Take slots_lock when using kvm_mmu_zap_all_fast() (bsc#1158067). - KVM: x86: Introduce vcpu->arch.xsaves_enabled (bsc#1158066). - KVM: x86: Remove a spurious export of a static function (bsc#1158954). - NFC: fdp: fix incorrect free object (networking-stable-19_11_10). - NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error (git-fixes). - NFC: st21nfca: fix double free (networking-stable-19_11_10). - PCI/ACPI: Correct error message for ASPM disabling (bsc#1051510). - PCI/MSI: Fix incorrect MSI-X masking on resume (bsc#1051510). - PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() (bsc#1051510). - PCI/PME: Fix possible use-after-free on remove (git-fixes). - PCI/PTM: Remove spurious 'd' from granularity message (bsc#1051510). - PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3 (bsc#1051510). - PCI: Fix Intel ACS quirk UPDCR register address (bsc#1051510). - PCI: dwc: Fix find_next_bit() usage (bsc#1051510). - PCI: rcar: Fix missing MACCTLR register setting in initialization sequence (bsc#1051510). - PCI: sysfs: Ignore lockdep for remove attribute (git-fixes). - PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 (git-fixes). - PM / AVS: SmartReflex: NULL check before some freeing functions is not needed (bsc#1051510). - PM / Domains: Deal with multiple states but no governor in genpd (bsc#1051510). - PM / devfreq: Check NULL governor in available_governors_show (git-fixes). - PM / devfreq: Lock devfreq in trans_stat_show (git-fixes). - PM / devfreq: exynos-bus: Correct clock enable sequence (bsc#1051510). - PM / devfreq: passive: Use non-devm notifiers (bsc#1051510). - PM / devfreq: passive: fix compiler warning (bsc#1051510). - PM / hibernate: Check the success of generating md5 digest before hibernation (bsc#1051510). - RDMA/hns: Prevent memory leaks of eq->buf_list (bsc#1104427 ). - UAS: Revert commit 3ae62a42090f ('UAS: fix alignment of scatter/gather segments'). - USB: adutux: fix interface sanity check (bsc#1051510). - USB: chaoskey: fix error case of a timeout (git-fixes). - USB: gadget: Reject endpoints with 0 maxpacket value (bsc#1051510). - USB: idmouse: fix interface sanity checks (bsc#1051510). - USB: ldusb: fix control-message timeout (bsc#1051510). - USB: ldusb: fix ring-buffer locking (bsc#1051510). - USB: misc: appledisplay: fix backlight update_status return code (bsc#1051510). - USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P (bsc#1051510). - USB: serial: io_edgeport: fix epic endpoint lookup (bsc#1051510). - USB: serial: mos7720: fix remote wakeup (git-fixes). - USB: serial: mos7840: add USB ID to support Moxa UPort 2210 (bsc#1051510). - USB: serial: mos7840: fix remote wakeup (git-fixes). - USB: serial: option: add support for DW5821e with eSIM support (bsc#1051510). - USB: serial: option: add support for Foxconn T77W968 LTE modules (bsc#1051510). - USB: serial: whiteheat: fix line-speed endianness (bsc#1051510). - USB: serial: whiteheat: fix potential slab corruption (bsc#1051510). - USBIP: add config dependency for SGL_ALLOC (git-fixes). - apparmor: fix unsigned len comparison with less than zero (git-fixes). - appledisplay: fix error handling in the scheduled work (git-fixes). - arm64: Update config files. (bsc#1156466) Enable HW_RANDOM_OMAP driver and mark driver omap-rng as supported. - ata: ep93xx: Use proper enums for directions (bsc#1051510). - ath10k: fix kernel panic by moving pci flush after napi_disable (bsc#1051510). - ath10k: fix vdev-start timeout on error (bsc#1051510). - ath10k: limit available channels via DT ieee80211-freq-limit (bsc#1051510). - ath10k: wmi: disable softirq's while calling ieee80211_rx (bsc#1051510). - ath6kl: Fix off by one error in scan completion (bsc#1051510). - ath9k: Fix a locking bug in ath9k_add_interface() (bsc#1051510). - ath9k: add back support for using active monitor interfaces for tx99 (bsc#1051510). - ath9k: fix reporting calculated new FFT upper max (bsc#1051510). - ath9k: fix tx99 with monitor mode interface (bsc#1051510). - ath9k_hw: fix uninitialized variable data (bsc#1051510). - atl1e: checking the status of atl1e_write_phy_reg (bsc#1051510). - audit: Allow auditd to set pid to 0 to end auditing (bsc#1158094). - ax88172a: fix information leak on short answers (bsc#1051510). - backlight: lm3639: Unconditionally call led_classdev_unregister (bsc#1051510). - bonding: fix slave stuck in BOND_LINK_FAIL state (networking-stable-19_11_10). - bonding: fix state transition issue in link monitoring (networking-stable-19_11_10). - bpf: Make use of probe_user_write in probe write helper (bsc#1083647). - brcmfmac: fix full timeout waiting for action frame on-channel tx (bsc#1051510). - brcmfmac: reduce timeout for action frame scan (bsc#1051510). - brcmsmac: AP mode: update beacon when TIM changes (bsc#1051510). - brcmsmac: never log 'tid x is not agg'able' by default (bsc#1051510). - btrfs: simplify inode locking for RWF_NOWAIT (git-fixes). - can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open (bsc#1051510). - can: c_can: c_can_poll(): only read status register after status IRQ (git-fixes). - can: dev: call netif_carrier_off() in register_candev() (bsc#1051510). - can: mcba_usb: fix use-after-free on disconnect (git-fixes). - can: peak_usb: fix a potential out-of-sync while decoding packets (git-fixes). - can: peak_usb: fix slab info leak (git-fixes). - can: peak_usb: report bus recovery as well (bsc#1051510). - can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error (bsc#1051510). - can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error (bsc#1051510). - can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max (git-fixes). - can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM (bsc#1051510). - can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors (bsc#1051510). - can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak (git-fixes). - can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak (git-fixes). - can: slcan: Fix use-after-free Read in slcan_open (bsc#1051510). - can: usb_8dev: fix use-after-free on disconnect (git-fixes). - ceph: add missing check in d_revalidate snapdir handling (bsc#1157183). - ceph: do not try to handle hashed dentries in non-O_CREAT atomic_open (bsc#1157184). - ceph: fix use-after-free in __ceph_remove_cap() (bsc#1154058). - ceph: just skip unrecognized info in ceph_reply_info_extra (bsc#1157182). - cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set (bsc#1051510). - cfg80211: Prevent regulatory restore during STA disconnect in concurrent interfaces (bsc#1051510). - cfg80211: call disconnect_wk when AP stops (bsc#1051510). - cgroup,writeback: do not switch wbs immediately on dead wbs if the memcg is dead (bsc#1158645). - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bsc#1144333, bsc#1154355). - cifs: Fix missed free operations (bsc#1144333, bsc#1154355). - cifs: Use kzfree() to zero out the password (bsc#1144333, bsc#1154355). - cifs: add a helper to find an existing readable handle to a file (bsc#1144333, bsc#1154355). - cifs: create a helper to find a writeable handle by path name (bsc#1144333, bsc#1154355). - cifs: move cifsFileInfo_put logic into a work-queue (bsc#1144333, bsc#1154355). - cifs: prepare SMB2_Flush to be usable in compounds (bsc#1144333, bsc#1154355). - cifs: set domainName when a domain-key is used in multiuser (bsc#1144333, bsc#1154355). - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bsc#1144333, bsc#1154355). - cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1144333, bsc#1154355). - clk: at91: avoid sleeping early (git-fixes). - clk: pxa: fix one of the pxa RTC clocks (bsc#1051510). - clk: samsung: Use clk_hw API for calling clk framework from clk notifiers (bsc#1051510). - clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume (bsc#1051510). - clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume (git-fixes). - clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 (git-fixes). - clocksource/drivers/sh_cmt: Fix clocksource width for 32-bit machines (bsc#1051510). - clocksource/drivers/sh_cmt: Fixup for 64-bit machines (bsc#1051510). - compat_ioctl: handle SIOCOUTQNSD (bsc#1051510). - component: fix loop condition to call unbind() if bind() fails (bsc#1051510). - configfs_register_group() shouldn't be (and isn't) called in rmdirable parts (bsc#1051510). - cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() (bsc#1051510). - cpufreq: Skip cpufreq resume if it's not suspended (bsc#1051510). - cpufreq: intel_pstate: Register when ACPI PCCH is present (bsc#1051510). - cpufreq: powernv: fix stack bloat and hard limit on number of CPUs (bsc#1051510). - cpufreq: ti-cpufreq: add missing of_node_put() (bsc#1051510). - cpupower : Fix cpupower working when cpu0 is offline (bsc#1051510). - cpupower : frequency-set -r option misses the last cpu in related cpu list (bsc#1051510). - cpupower: Fix coredump on VMWare (bsc#1051510). - crypto: DRBG - add FIPS 140-2 CTRNG for noise source (bsc#1155334). - crypto: af_alg - cast ki_complete ternary op to int (bsc#1051510). - crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr (bsc#1051510). - crypto: dh - add public key verification test (bsc#1155331). - crypto: dh - fix calculating encoded key size (bsc#1155331). - crypto: dh - fix memory leak (bsc#1155331). - crypto: dh - update test for public key verification (bsc#1155331). - crypto: ecdh - add public key verification test (bsc#1155331). - crypto: ecdh - fix big endian bug in ECC library (bsc#1051510). - crypto: ecdh - fix typo of P-192 b value (bsc#1155331). - crypto: fix a memory leak in rsa-kcs1pad's encryption mode (bsc#1051510). - crypto: geode-aes - switch to skcipher for cbc(aes) fallback (bsc#1051510). - crypto: mxc-scc - fix build warnings on ARM64 (bsc#1051510). - crypto: mxs-dcp - Fix AES issues (bsc#1051510). - crypto: mxs-dcp - Fix SHA null hashes and output length (bsc#1051510). - crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static (bsc#1051510). - crypto: s5p-sss: Fix Fix argument list alignment (bsc#1051510). - crypto: tgr192 - remove unneeded semicolon (bsc#1051510). - cw1200: Fix a signedness bug in cw1200_load_firmware() (bsc#1051510). - cxgb4: fix panic when attaching to ULD fail (networking-stable-19_11_05). - cxgb4: request the TX CIDX updates to status page (bsc#1127371). - dccp: do not leak jiffies on the wire (networking-stable-19_11_05). - dlm: do not leak kernel pointer to userspace (bsc#1051510). - dlm: fix invalid free (bsc#1051510). - dma-buf: Fix memory leak in sync_file_merge() (git-fixes). - dmaengine: bcm2835: Print error in case setting DMA mask fails (bsc#1051510). - dmaengine: dma-jz4780: Do not depend on MACH_JZ4780 (bsc#1051510). - dmaengine: dma-jz4780: Further residue status fix (bsc#1051510). - dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction (bsc#1051510). - dmaengine: imx-sdma: fix size check for sdma script_number (bsc#1051510). - dmaengine: imx-sdma: fix use-after-free on probe error path (bsc#1051510). - dmaengine: rcar-dmac: set scatter/gather max segment size (bsc#1051510). - dmaengine: timb_dma: Use proper enum in td_prep_slave_sg (bsc#1051510). - docs: move protection-keys.rst to the core-api book (bsc#1078248). - drivers/base/platform.c: kmemleak ignore a known leak (bsc#1051510). - drivers/regulator: fix a missing check of return value (bsc#1051510). - drm/amdgpu: fix bad DMA from INTERRUPT_CNTL2 (bsc#1114279) - drm/etnaviv: fix dumping of iommuv2 (bsc#1113722) - drm/omap: fix max fclk divider for omap36xx (bsc#1113722) - drm/radeon: fix bad DMA from INTERRUPT_CNTL2 (git-fixes). - drm/radeon: fix si_enable_smc_cac() failed issue (bsc#1113722) - drm/rockchip: Round up _before_ giving to the clock framework (bsc#1114279) - drm: meson: venc: cvbs: fix CVBS mode matching (bsc#1051510). - drm: panel-lvds: Potential Oops in probe error handling (bsc#1114279) - e1000e: Add support for Comet Lake (bsc#1158533). - e1000e: Add support for Tiger Lake (bsc#1158533). - e1000e: Drop unnecessary __E1000_DOWN bit twiddling (bsc#1158049). - e1000e: Increase pause and refresh time (bsc#1158533). - e1000e: Use dev_get_drvdata where possible (bsc#1158049). - e1000e: Use rtnl_lock to prevent race conditions between net and pci/pm (bsc#1158049). - ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable (bsc#1158646). - ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either (bsc#1158647). - ext4: fix punch hole for inline_data file systems (bsc#1158640). - ext4: update direct I/O read lock pattern for IOCB_NOWAIT (bsc#1158639). - extcon: cht-wc: Return from default case to avoid warnings (bsc#1051510). - fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper() (bsc#1051510). - fbdev: sbuslib: use checked version of put_user() (bsc#1051510). - sctp: Fix regression (bsc#1158082). - ftrace: Introduce PERMANENT ftrace_ops flag (bsc#1120853). - genirq: Prevent NULL pointer dereference in resend_irqs() (bsc#1051510). - genirq: Properly pair kobject_del() with kobject_add() (bsc#1051510). - gpio: mpc8xxx: Do not overwrite default irq_set_type callback (bsc#1051510). - gpio: syscon: Fix possible NULL ptr usage (bsc#1051510). - gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist (bsc#1051510). - gsmi: Fix bug in append_to_eventlog sysfs handler (bsc#1051510). - hwmon: (ina3221) Fix INA3221_CONFIG_MODE macros (bsc#1051510). - hwmon: (pwm-fan) Silence error on probe deferral (bsc#1051510). - hwrng: omap - Fix RNG wait loop timeout (bsc#1051510). - hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled (bsc#1051510). - hwrng: stm32 - fix unbalanced pm_runtime_enable (bsc#1051510). - hypfs: Fix error number left in struct pointer member (bsc#1051510). - ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047). - ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047). - ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047). - ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047). - ibmvnic: Serialize device queries (bsc#1155689 ltc#182047). - ibmvnic: Serialize device queries (bsc#1155689 ltc#182047). - ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047). - ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047). - idr: Fix idr_alloc_u32 on 32-bit systems (bsc#1051510). - iio: adc: max9611: explicitly cast gain_selectors (bsc#1051510). - iio: adc: stm32-adc: fix stopping dma (git-fixes). - iio: dac: mcp4922: fix error handling in mcp4922_write_raw (bsc#1051510). - iio: imu: adis16480: assign bias value only if operation succeeded (git-fixes). - iio: imu: adis16480: make sure provided frequency is positive (git-fixes). - iio: imu: adis: assign read val in debugfs hook only if op successful (git-fixes). - iio: imu: adis: assign value only if return code zero in read funcs (git-fixes). - include/linux/bitrev.h: fix constant bitrev (bsc#1114279). - inet: stop leaking jiffies on the wire (networking-stable-19_11_05). - intel_th: Fix a double put_device() in error path (git-fixes). - iomap: Fix pipe page leakage during splicing (bsc#1158651). - iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros (bsc#1158063). - ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address (bsc#1051510). - ipv4: Fix table id reference in fib_sync_down_addr (networking-stable-19_11_10). - ipv4: Return -ENETUNREACH if we can't create route but saddr is valid (networking-stable-19_10_24). - iwlwifi: api: annotate compressed BA notif array sizes (bsc#1051510). - iwlwifi: check kasprintf() return value (bsc#1051510). - iwlwifi: do not panic in error path on non-msix systems (bsc#1155692). - iwlwifi: exclude GEO SAR support for 3168 (git-fixes). - iwlwifi: mvm: avoid sending too many BARs (bsc#1051510). - iwlwifi: mvm: do not send keys when entering D3 (bsc#1051510). - kABI workaround for ath10k last_wmi_vdev_start_status field (bsc#1051510). - kABI workaround for struct mwifiex_power_cfg change (bsc#1051510). - kABI: Fix for 'KVM: x86: Introduce vcpu->arch.xsaves_enabled' (bsc#1158066). - kABI: add _q suffix to exports that take struct dh (bsc#1155331). - kernfs: Fix range checks in kernfs_get_target_path (bsc#1051510). - kexec: bail out upon SIGKILL when allocating memory (git-fixes). - lib/scatterlist: Fix chaining support in sgl_alloc_order() (git-fixes). - lib/scatterlist: Introduce sgl_alloc() and sgl_free() (git-fixes). - liquidio: fix race condition in instruction completion processing (bsc#1051510). - livepatch: Allow to distinguish different version of system state changes (bsc#1071995). - livepatch: Basic API to track system state changes (bsc#1071995 ). - livepatch: Keep replaced patches until post_patch callback is called (bsc#1071995). - livepatch: Selftests of the API for tracking system state changes (bsc#1071995). - loop: add ioctl for changing logical block size (bsc#1108043). - loop: fix no-unmap write-zeroes request behavior (bsc#1158637). - mISDN: Fix type of switch control variable in ctrl_teimanager (bsc#1051510). - mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED (bsc#1051510). - mac80211: fix station inactive_time shortly after boot (bsc#1051510). - mac80211: minstrel: fix CCK rate group streams value (bsc#1051510). - mac80211: minstrel: fix sampling/reporting of CCK rates in HT mode (bsc#1051510). - macvlan: schedule bc_work even if error (bsc#1051510). - mailbox: mailbox-test: fix null pointer if no mmio (bsc#1051510). - mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone (git-fixes). - media: au0828: Fix incorrect error messages (bsc#1051510). - media: bdisp: fix memleak on release (git-fixes). - media: cxusb: detect cxusb_ctrl_msg error in query (bsc#1051510). - media: davinci: Fix implicit enum conversion warning (bsc#1051510). - media: exynos4-is: Fix recursive locking in isp_video_release() (git-fixes). - media: fix: media: pci: meye: validate offset to avoid arbitrary access (bsc#1051510). - media: flexcop-usb: ensure -EIO is returned on error condition (git-fixes). - media: imon: invalid dereference in imon_touch_event (bsc#1051510). - media: isif: fix a NULL pointer dereference bug (bsc#1051510). - media: ov6650: Fix control handler not freed on init error (git-fixes). - media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() (bsc#1051510). - media: pxa_camera: Fix check for pdev->dev.of_node (bsc#1051510). - media: radio: wl1273: fix interrupt masking on release (git-fixes). - media: ti-vpe: vpe: Fix Motion Vector vpdma stride (git-fixes). - media: usbvision: Fix races among open, close, and disconnect (bsc#1051510). - media: uvcvideo: Fix error path in control parsing failure (git-fixes). - media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE (bsc#1051510). - media: vim2m: Fix abort issue (git-fixes). - media: vivid: Set vid_cap_streaming and vid_out_streaming to true (bsc#1051510). - mei: bus: prefix device names on bus with the bus name (bsc#1051510). - mei: fix modalias documentation (git-fixes). - mei: samples: fix a signedness bug in amt_host_if_call() (bsc#1051510). - mfd: intel-lpss: Add default I2C device properties for Gemini Lake (bsc#1051510). - mfd: max8997: Enale irq-wakeup unconditionally (bsc#1051510). - mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values (bsc#1051510). - mfd: palmas: Assign the right powerhold mask for tps65917 (git-fixes). - mfd: ti_am335x_tscadc: Keep ADC interface on if child is wakeup capable (bsc#1051510). - mlx5: add parameter to disable enhanced IPoIB (bsc#1142095) - mm, memory_hotplug: do not clear numa_node association after hot_remove (bnc#1115026). - mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() (git fixes (mm/gup)). - mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone (git fixes (mm/compaction)). - mm/debug.c: PageAnon() is true for PageKsm() pages (git fixes (mm/debug)). - mmc: core: fix wl1251 sdio quirks (git-fixes). - mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card (git-fixes). - mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail (bsc#1051510). - mmc: sdhci-esdhc-imx: correct the fix of ERR004536 (git-fixes). - mmc: sdhci-of-at91: fix quirk2 overwrite (git-fixes). - mmc: sdio: fix wl1251 vendor id (git-fixes). - moduleparam: fix parameter description mismatch (bsc#1051510). - mt7601u: fix bbp version check in mt7601u_wait_bbp_ready (bsc#1051510). - mtd: nand: mtk: fix incorrect register setting order about ecc irq. - mtd: spear_smi: Fix Write Burst mode (bsc#1051510). - mtd: spi-nor: fix silent truncation in spi_nor_read() (bsc#1051510). - mwifiex: Fix NL80211_TX_POWER_LIMITED (bsc#1051510). - mwifiex: debugfs: correct histogram spacing, formatting (bsc#1051510). - mwifiex: fix potential NULL dereference and use after free (bsc#1051510). - nbd: prevent memory leak (bsc#1158638). - net/ibmvnic: Fix typo in retry check (bsc#1155689 ltc#182047). - net/ibmvnic: Ignore H_FUNCTION return from H_EOI to tolerate XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/mlx4_core: Dynamically set guaranteed amount of counters per VF (networking-stable-19_11_05). - net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq (bsc#1046303). - net/mlx5e: Fix SFF 8472 eeprom length (git-fixes). - net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget (networking-stable-19_11_05). - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() (networking-stable-19_11_05). - net: add READ_ONCE() annotation in __skb_wait_for_more_packets() (networking-stable-19_11_05). - net: add skb_queue_empty_lockless() (networking-stable-19_11_05). - net: annotate accesses to sk->sk_incoming_cpu (networking-stable-19_11_05). - net: annotate lockless accesses to sk->sk_napi_id (networking-stable-19_11_05). - net: avoid potential infinite loop in tc_ctl_action() (networking-stable-19_10_24). - net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3 (networking-stable-19_10_24). - net: bcmgenet: Set phydev->dev_flags only for internal PHYs (networking-stable-19_10_24). - net: bcmgenet: reset 40nm EPHY on energy detect (networking-stable-19_11_05). - net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size() (git-fixes). - net: dsa: b53: Do not clear existing mirrored port mask (networking-stable-19_11_05). - net: dsa: bcm_sf2: Fix IMP setup for port different than 8 (networking-stable-19_11_05). - net: dsa: fix switch tree list (networking-stable-19_11_05). - net: ethernet: ftgmac100: Fix DMA coherency issue with SW checksum (networking-stable-19_11_05). - net: ethernet: octeon_mgmt: Account for second possible VLAN header (networking-stable-19_11_10). - net: fix data-race in neigh_event_send() (networking-stable-19_11_10). - net: fix sk_page_frag() recursion from memory reclaim (networking-stable-19_11_05). - net: hisilicon: Fix ping latency when deal with high throughput (networking-stable-19_11_05). - net: phy: Check against net_device being NULL (bsc#1051510). - net: phy: Fix not to call phy_resume() if PHY is not attached (bsc#1051510). - net: phy: Fix the register offsets in Broadcom iProc mdio mux driver (bsc#1051510). - net: phy: at803x: Change error to EINVAL for invalid MAC (bsc#1051510). - net: phy: broadcom: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: dp83867: Set up RGMII TX delay (bsc#1051510). - net: phy: fixed_phy: Fix fixed_phy not checking GPIO (bsc#1051510). - net: phy: marvell: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: marvell: clear wol event before setting it (bsc#1051510). - net: phy: meson-gxl: check phy_write return value (bsc#1051510). - net: phy: micrel: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32 (bsc#1051510). - net: phy: mscc: read 'vsc8531,vddmac' as an u32 (bsc#1051510). - net: phy: xgene: disable clk on error paths (bsc#1051510). - net: phy: xgmiitorgmii: Check phy_driver ready before accessing (bsc#1051510). - net: phy: xgmiitorgmii: Check read_status results (bsc#1051510). - net: phy: xgmiitorgmii: Support generic PHY status read (bsc#1051510). - net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow (networking-stable-19_10_24). - net: usb: qmi_wwan: add support for DW5821e with eSIM support (networking-stable-19_11_10). - net: use skb_queue_empty_lockless() in busy poll contexts (networking-stable-19_11_05). - net: use skb_queue_empty_lockless() in poll() handlers (networking-stable-19_11_05). - net: wireless: ti: remove local VENDOR_ID and DEVICE_ID definitions (git-fixes). - net: wireless: ti: wl1251 use new SDIO_VENDOR_ID_TI_WL1251 definition (git-fixes). - netns: fix GFP flags in rtnl_net_notifyid() (networking-stable-19_11_05). - nfc: netlink: fix double device reference drop (git-fixes). - nfc: port100: handle command failure cleanly (git-fixes). - nl80211: Fix a GET_KEY reply attribute (bsc#1051510). - ocfs2: fix panic due to ocfs2_wq is null (bsc#1158644). - ocfs2: fix passing zero to 'PTR_ERR' warning (bsc#1158649). - openvswitch: fix flow command message size (git-fixes). - padata: use smp_mb in padata_reorder to avoid orphaned padata jobs (git-fixes). - phy: phy-twl4030-usb: fix denied runtime access (git-fixes). - pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call (git-fixes). - pinctrl: at91: do not use the same irqchip with multiple gpiochips (git-fixes). - pinctrl: cherryview: Allocate IRQ chip dynamic (git-fixes). - pinctrl: lewisburg: Update pin list according to v1.1v6 (bsc#1051510). - pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT (bsc#1051510). - pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in init code (bsc#1051510). - pinctrl: sunxi: Fix a memory leak in 'sunxi_pinctrl_build_state()' (bsc#1051510). - pinctrl: xway: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD (bsc#1051510). - pktcdvd: remove warning on attempting to register non-passthrough dev (bsc#1051510). - platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size (bsc#1051510). - platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer (bsc#1051510). - power: reset: at91-poweroff: do not procede if at91_shdwc is allocated (bsc#1051510). - power: supply: ab8500_fg: silence uninitialized variable warnings (bsc#1051510). - power: supply: max14656: fix potential use-after-free (bsc#1051510). - power: supply: twl4030_charger: disable eoc interrupt on linear charge (bsc#1051510). - power: supply: twl4030_charger: fix charging current out-of-bounds (bsc#1051510). - powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041). - powerpc/book3s64/hash: Use secondary hash for bolted mapping if the primary is full (bsc#1157778 ltc#182520). - powerpc/bpf: Fix tail call implementation (bsc#1157698). - powerpc/pseries/mobility: notify network peers after migration (bsc#1152631 ltc#181798). - powerpc/pseries: Do not fail hash page table insert for bolted mapping (bsc#1157778 ltc#182520). - powerpc/pseries: Do not opencode HPTE_V_BOLTED (bsc#1157778 ltc#182520). - powerpc/pseries: address checkpatch warnings in dlpar_offline_cpu (bsc#1156700 ltc#182459). - powerpc/pseries: safely roll back failed DLPAR cpu add (bsc#1156700 ltc#182459). - powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041). - powerpc/security: Fix wrong message when RFI Flush is disable (bsc#1131107). - powerpc/xive: Prevent page fault issues in the machine crash handler (bsc#1156882 ltc#182435). - ppdev: fix PPGETTIME/PPSETTIME ioctls (bsc#1051510). - printk: Export console_printk (bsc#1071995). - pwm: Clear chip_data in pwm_put() (bsc#1051510). - pwm: bcm-iproc: Prevent unloading the driver module while in use (git-fixes). - pwm: clps711x: Fix period calculation (bsc#1051510). - pwm: lpss: Only set update bit if we are actually changing the settings (bsc#1051510). - qede: fix NULL pointer deref in __qede_remove() (networking-stable-19_11_10). - r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2 (networking-stable-19_11_05). - random: move FIPS continuous test to output functions (bsc#1155334). - regulator: ab8500: Remove AB8505 USB regulator (bsc#1051510). - regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id (bsc#1051510). - regulator: tps65910: fix a missing check of return value (bsc#1051510). - remoteproc: Check for NULL firmwares in sysfs interface (git-fixes). - reset: Fix potential use-after-free in __of_reset_control_get() (bsc#1051510). - reset: fix of_reset_simple_xlate kerneldoc comment (bsc#1051510). - reset: fix reset_control_get_exclusive kerneldoc comment (bsc#1051510). - reset: fix reset_control_ops kerneldoc comment (bsc#1051510). - resource: fix locking in find_next_iomem_res() (bsc#1114279). - rpm/kernel-binary.spec.in: add COMPRESS_VMLINUX (bnc#1155921) Let COMPRESS_VMLINUX determine the compression used for vmlinux. By default (historically), it is gz. - rpm/kernel-source.spec.in: Fix dependency of kernel-devel (bsc#1154043) - rpm/kernel-subpackage-spec: Exclude kernel-firmware recommends (bsc#1143959) For reducing the dependency on kernel-firmware in sub packages - rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959) - rpm/kernel-subpackage-spec: Unify dependency handling. - rpm/modules.fips: update module list (bsc#1157853) - rt2800: remove errornous duplicate condition (git-fixes). - rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument (bsc#1051510). - rtl818x: fix potential use after free (bsc#1051510). - rtlwifi: Remove unnecessary NULL check in rtl_regd_init (bsc#1051510). - rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information (bsc#1051510). - rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address (bsc#1051510). - rtlwifi: rtl8192de: Fix missing enable interrupt flag (bsc#1051510). - s390/bpf: fix lcgr instruction encoding (bsc#1051510). - s390/bpf: use 32-bit index for tail calls (bsc#1051510). - s390/cio: avoid calling strlen on null pointer (bsc#1051510). - s390/cio: exclude subchannels with no parent from pseudo check (bsc#1051510). - s390/cmm: fix information leak in cmm_timeout_handler() (bsc#1051510). - s390/cpumsf: Check for CPU Measurement sampling (bsc#1153681 LTC#181855). - s390/idle: fix cpu idle time calculation (bsc#1051510). - s390/mm: properly clear _PAGE_NOEXEC bit when it is not supported (bsc#1051510). - s390/process: avoid potential reading of freed stack (bsc#1051510). - s390/qdio: (re-)initialize tiqdio list entries (bsc#1051510). - s390/qdio: do not touch the dsci in tiqdio_add_input_queues() (bsc#1051510). - s390/qeth: clean up page frag creation (git-fixes). - s390/qeth: consolidate skb allocation (git-fixes). - s390/qeth: ensure linear access to packet headers (git-fixes). - s390/qeth: guard against runt packets (git-fixes). - s390/qeth: return proper errno on IO error (bsc#1051510). - s390/setup: fix boot crash for machine without EDAT-1 (bsc#1051510 bsc#1140948). - s390/setup: fix early warning messages (bsc#1051510 bsc#1140948). - s390/topology: avoid firing events before kobjs are created (bsc#1051510). - s390: fix stfle zero padding (bsc#1051510). - sc16is7xx: Fix for 'Unexpected interrupt: 8' (bsc#1051510). - sched/fair: Add tmp_alone_branch assertion (bnc#1156462). - sched/fair: Fix O(nr_cgroups) in the load balancing path (bnc#1156462). - sched/fair: Fix insertion in rq->leaf_cfs_rq_list (bnc#1156462). - sched/fair: Optimize update_blocked_averages() (bnc#1156462). - sched/fair: WARN() and refuse to set buddy when !se->on_rq (bsc#1158132). - scsi: lpfc: Fix Oops in nvme_register with target logout/login (bsc#1151900). - scsi: lpfc: Honor module parameter lpfc_use_adisc (bsc#1153628). - scsi: lpfc: Limit xri count for kdump environment (bsc#1154124). - scsi: qla2xxx: Add debug dump of LOGO payload and ELS IOCB (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Allow PLOGI in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Change discovery state before PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Configure local loop for N2N target (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Correctly retrieve and interpret active flash region (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Do command completion on abort timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Do not call qlt_async_event twice (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Do not defer relogin unconditonally (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Drop superfluous INIT_WORK of del_work (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix SRB leak on switch command timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix a dma_pool_free() call (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix device connect issues in P2P configuration (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix double scsi_done for abort path (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix driver unload hang (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Fix memory leak when sending I/O fails (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Ignore NULL pointer in tcm_qla2xxx_free_mcmd (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Initialize free_work before flushing it (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Remove an include directive (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Send Notify ACK after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Update driver version to 10.01.00.21-k (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Use explicit LOGO in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: do not use zero for FC4_PRIORITY_NVME (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan (bsc#1138039). - scsi: qla2xxx: initialize fc4_type_priority (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: unregister ports after GPN_FT failure (bsc#1138039). - scsi: sd: Ignore a failure to sync cache due to lack of authorization (git-fixes). - scsi: storvsc: Add ability to change scsi queue depth (bsc#1155021). - scsi: zfcp: fix reaction on bit error threshold notification (bsc#1154956 LTC#182054). - scsi: zfcp: fix request object use-after-free in send path causing wrong traces (bsc#1051510). - scsi: zfcp: trace channel log even for FCP command responses (git-fixes). - sctp: change sctp_prot .no_autobind with true (networking-stable-19_10_24). - selftests: net: reuseport_dualstack: fix uninitalized parameter (networking-stable-19_11_05). - serial: fix kernel-doc warning in comments (bsc#1051510). - serial: max310x: Fix tx_empty() callback (bsc#1051510). - serial: mctrl_gpio: Check for NULL pointer (bsc#1051510). - serial: mxs-auart: Fix potential infinite loop (bsc#1051510). - serial: samsung: Enable baud clock for UART reset procedure in resume (bsc#1051510). - serial: uartlite: fix exit path null pointer (bsc#1051510). - serial: uartps: Fix suspend functionality (bsc#1051510). - signal: Properly set TRACE_SIGNAL_LOSE_INFO in __send_signal (bsc#1157463). - slcan: Fix memory leak in error path (bsc#1051510). - slip: Fix memory leak in slip_open error path (bsc#1051510). - slip: Fix use-after-free Read in slip_open (bsc#1051510). - smb3: Incorrect size for netname negotiate context (bsc#1144333, bsc#1154355). - smb3: fix leak in 'open on server' perf counter (bsc#1144333, bsc#1154355). - smb3: fix signing verification of large reads (bsc#1144333, bsc#1154355). - smb3: fix unmount hang in open_shroot (bsc#1144333, bsc#1154355). - smb3: improve handling of share deleted (and share recreated) (bsc#1144333, bsc#1154355). - soc: imx: gpc: fix PDN delay (bsc#1051510). - soc: qcom: wcnss_ctrl: Avoid string overflow (bsc#1051510). - spi: atmel: Fix CS high support (bsc#1051510). - spi: atmel: fix handling of cs_change set on non-last xfer (bsc#1051510). - spi: fsl-lpspi: Prevent FIFO under/overrun by default (bsc#1051510). - spi: mediatek: Do not modify spi_transfer when transfer (bsc#1051510). - spi: mediatek: use correct mata->xfer_len when in fifo transfer (bsc#1051510). - spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch (bsc#1051510). - spi: omap2-mcspi: Set FIFO DMA trigger level to word length (bsc#1051510). - spi: pic32: Use proper enum in dmaengine_prep_slave_rg (bsc#1051510). - spi: rockchip: initialize dma_slave_config properly (bsc#1051510). - spi: spidev: Fix OF tree warning logic (bsc#1051510). - staging: rtl8188eu: fix null dereference when kzalloc fails (bsc#1051510). - staging: rtl8192e: fix potential use after free (bsc#1051510). - staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids (bsc#1051510). - staging: rtl8723bs: Drop ACPI device ids (bsc#1051510). - stm class: Fix a double free of stm_source_device (bsc#1051510). - supported.conf: - synclink_gt(): fix compat_ioctl() (bsc#1051510). - tcp_nv: fix potential integer overflow in tcpnv_acked (bsc#1051510). - thermal: Fix deadlock in thermal thermal_zone_device_check (bsc#1051510). - thunderbolt: Fix lockdep circular locking depedency warning (git-fixes). - tipc: Avoid copying bytes beyond the supplied data (bsc#1051510). - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable (bsc#1051510). - tipc: check link name with right length in tipc_nl_compat_link_set (bsc#1051510). - tipc: check msg->req data len in tipc_nl_compat_bearer_disable (bsc#1051510). - tipc: compat: allow tipc commands without arguments (bsc#1051510). - tipc: fix a missing check of genlmsg_put (bsc#1051510). - tipc: fix link name length check (bsc#1051510). - tipc: fix memory leak in tipc_nl_compat_publ_dump (bsc#1051510). - tipc: fix skb may be leaky in tipc_link_input (bsc#1051510). - tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path (bsc#1051510). - tipc: fix wrong timeout input for tipc_wait_for_cond() (bsc#1051510). - tipc: handle the err returned from cmd header function (bsc#1051510). - tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb (bsc#1051510). - tipc: tipc clang warning (bsc#1051510). - tpm: add check after commands attribs tab allocation (bsc#1051510). - tracing: Get trace_array reference for available_tracers files (bsc#1156429). - tty: serial: fsl_lpuart: use the sg count from dma_map_sg (bsc#1051510). - tty: serial: imx: use the sg count from dma_map_sg (bsc#1051510). - tty: serial: msm_serial: Fix flow control (bsc#1051510). - tty: serial: pch_uart: correct usage of dma_unmap_sg (bsc#1051510). - uaccess: Add non-pagefault user-space write function (bsc#1083647). - ubifs: Correctly initialize c->min_log_bytes (bsc#1158641). - ubifs: Limit the number of pages in shrink_liability (bsc#1158643). - udp: use skb_queue_empty_lockless() (networking-stable-19_11_05). - usb-serial: cp201x: support Mark-10 digital force gauge (bsc#1051510). - usb-storage: Revert commit 747668dbc061 ('usb-storage: Set virt_boundary_mask to avoid SG overflows') (bsc#1051510). - usb: chipidea: Fix otg event handler (bsc#1051510). - usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started (bsc#1051510). - usb: dwc3: gadget: Check ENBLSLPM before sending ep command (bsc#1051510). - usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode (bsc#1051510). - usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status() (bsc#1051510). - usb: gadget: uvc: Factor out video USB request queueing (bsc#1051510). - usb: gadget: uvc: Only halt video streaming endpoint in bulk mode (bsc#1051510). - usb: gadget: uvc: configfs: Drop leaked references to config items (bsc#1051510). - usb: gadget: uvc: configfs: Prevent format changes after linking header (bsc#1051510). - usb: handle warm-reset port requests on hub resume (bsc#1051510). - usb: mon: Fix a deadlock in usbmon between mmap and read (bsc#1051510). - usb: xhci-mtk: fix ISOC error when interval is zero (bsc#1051510). - usb: xhci: only set D3hot for pci device (bsc#1051510). - usbip: Fix free of unallocated memory in vhci tx (git-fixes). - usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path (git-fixes). - usbip: Implement SG support to vhci-hcd and stub driver (git-fixes). - usbip: tools: fix fd leakage in the function of read_attr_usbip_status (git-fixes). - vfio-ccw: Fix misleading comment when setting orb.cmd.c64 (bsc#1051510). - vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn (bsc#1051510). - vfio: ccw: push down unsupported IDA check (bsc#1156471 LTC#182362). - vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 (bsc#1051510). - video/hdmi: Fix AVI bar unpack (git-fixes). - video: backlight: Add devres versions of of_find_backlight (bsc#1090888) Taken for 6010831dde5. - video: backlight: Add of_find_backlight helper in backlight.c (bsc#1090888) Taken for 6010831dde5. - virtio/s390: fix race on airq_areas (bsc#1051510). - virtio_console: allocate inbufs in add_port() only if it is needed (git-fixes). - virtio_ring: fix return code on DMA mapping fails (git-fixes). - vmxnet3: turn off lro when rxcsum is disabled (bsc#1157499). - vsock/virtio: fix sock refcnt holding during the shutdown (git-fixes). - watchdog: meson: Fix the wrong value of left time (bsc#1051510). - watchdog: sama5d4: fix WDD value to be always set to max (bsc#1051510). - x86/alternatives: Add int3_emulate_call() selftest (bsc#1153811). - x86/alternatives: Fix int3_emulate_call() selftest stack corruption (bsc#1153811). - x86/mm/pkeys: Fix typo in Documentation/x86/protection-keys.txt (bsc#1078248). - x86/pkeys: Update documentation about availability (bsc#1078248). - x86/resctrl: Fix potential lockdep warning (bsc#1114279). - x86/resctrl: Prevent NULL pointer dereference when reading mondata (bsc#1114279). - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (bsc#1158068). - x86/speculation: Fix incorrect MDS/TAA mitigation status (bsc#1114279). - x86/speculation: Fix redundant MDS mitigation message (bsc#1114279). - xen/blkback: Avoid unmapping unmapped grant pages (bsc#1065600). - xfrm: Fix xfrm sel prefix length validation (git-fixes). - xfrm: fix sa selector validation (bsc#1156609). - xfs: Sanity check flags of Q_XQUOTARM call (bsc#1158652). - xhci: Increase STS_HALT timeout in xhci_suspend() (bsc#1051510). ----------------------------------------- Patch: SUSE-2019-3395 Released: Mon Dec 30 14:05:06 2019 Summary: Security update for mozilla-nspr, mozilla-nss Severity: moderate References: 1141322,1158527,1159819,CVE-2018-18508,CVE-2019-11745,CVE-2019-17006 Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.47.1: Security issues fixed: - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). - CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23: - Whitespace in C files was cleaned up and no longer uses tab characters for indenting. ----------------------------------------- Patch: SUSE-2020-1 Released: Thu Jan 2 09:47:04 2020 Summary: Security update for java-1_8_0-ibm Severity: moderate References: 1154212,1158442,CVE-2019-17631,CVE-2019-2933,CVE-2019-2945,CVE-2019-2958,CVE-2019-2962,CVE-2019-2964,CVE-2019-2973,CVE-2019-2975,CVE-2019-2978,CVE-2019-2981,CVE-2019-2983,CVE-2019-2988,CVE-2019-2989,CVE-2019-2992,CVE-2019-2996,CVE-2019-2999 Description: This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 [bsc#1158442, bsc#1154212] * Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2975 CVE-2019-2978 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 CVE-2019-17631 ----------------------------------------- Patch: SUSE-2020-2 Released: Thu Jan 2 09:50:04 2020 Summary: Security update for openssl-1_1 Severity: moderate References: 1155346,1157775,1158101,1158809,CVE-2019-1551,SLE-8789 Description: This update for openssl-1_1 fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Various FIPS related improvements were done: - FIPS: Backport SSH KDF to openssl (jsc#SLE-8789, bsc#1157775). - Port FIPS patches from SLE-12 (bsc#1158101) - Use SHA-2 in the RSA pairwise consistency check (bsc#1155346) ----------------------------------------- Patch: SUSE-2020-5 Released: Thu Jan 2 12:33:02 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1155337,1155338,1155339 Description: This update for libgcrypt fixes the following issues: Various FIPS related improvements were done: - FIPS: RSA/DSA/ECDSA are missing hashing operation (bsc#1155337) - Fix the following FIPS tests: basic benchmark bench-slope pubkey t-cv25519 t-secmem - Fix test dsa-rfc6979 in FIPS mode: Disabled tests in elliptic curves with 192 bits which are not recommended in FIPS mode - Added CMAC AES and TDES FIPS self-tests: (bsc#1155339, bsc#1155338) ----------------------------------------- Patch: SUSE-2020-9 Released: Thu Jan 2 12:33:47 2020 Summary: Recommended update for xfsprogs Severity: moderate References: 1157438 Description: This update for xfsprogs fixes the following issues: - Remove the 'xfs_scrub_all' script from the package, and the corresponding dependency of python. (bsc#1157438) ----------------------------------------- Patch: SUSE-2020-10 Released: Thu Jan 2 12:35:06 2020 Summary: Recommended update for gcc7 Severity: moderate References: 1146475 Description: This update for gcc7 fixes the following issues: - Fix miscompilation with thread-safe localstatic initialization (gcc#85887). - Fix debug info created for array definitions that complete an earlier declaration (bsc#1146475). ----------------------------------------- Patch: SUSE-2020-37 Released: Wed Jan 8 10:42:00 2020 Summary: - Fix test getdate [bsc#1159990] Severity: low References: Description: - Fix test getdate [bsc#1159990] - Add perl-TimeDate-getdate.patch ----------------------------------------- Patch: SUSE-2020-38 Released: Wed Jan 8 13:05:11 2020 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1158499,1160158 Description: This update for openssl-1_1 fixes the following issues: - Obsoleted libopenssl-1_0_0-hmac for a clean upgrade from SLE-12 (bsc#1158499) - Fixed a regression where EVP_PBE_scrypt() behavior changed (bsc#1160158). ----------------------------------------- Patch: SUSE-2020-52 Released: Thu Jan 9 10:09:11 2020 Summary: Optional update for openslp Severity: low References: 1149792 Description: This update for openslp doesn't fix any user visible bugs. ----------------------------------------- Patch: SUSE-2020-64 Released: Fri Jan 10 11:02:19 2020 Summary: Security update for openssl-1_0_0 Severity: moderate References: 1158809,CVE-2019-1551 Description: This update for openssl-1_0_0 fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). ----------------------------------------- Patch: SUSE-2020-74 Released: Fri Jan 10 12:52:33 2020 Summary: Optional update for yast2-dhcp-server Severity: low References: 1103691,1104644 Description: This update for yast2-dhcp-server doesn't fix any user visible issues. ----------------------------------------- Patch: SUSE-2020-78 Released: Mon Jan 13 10:25:04 2020 Summary: Security update for MozillaFirefox Severity: important References: 1160305,1160498,CVE-2019-17015,CVE-2019-17016,CVE-2019-17017,CVE-2019-17021,CVE-2019-17022,CVE-2019-17024,CVE-2019-17026 Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.4.1 ESR * Fixed: Security fix MFSA 2020-03 (bsc#1160498) * CVE-2019-17026 (bmo#1607443) IonMonkey type confusion with StoreElementHole and FallibleStoreElement - Firefox Extended Support Release 68.4.0 ESR * Fixed: Various security fixes MFSA 2020-02 (bsc#1160305) * CVE-2019-17015 (bmo#1599005) Memory corruption in parent process during new content process initialization on Windows * CVE-2019-17016 (bmo#1599181) Bypass of @namespace CSS sanitization during pasting * CVE-2019-17017 (bmo#1603055) Type Confusion in XPCVariant.cpp * CVE-2019-17021 (bmo#1599008) Heap address disclosure in parent process during content process initialization on Windows * CVE-2019-17022 (bmo#1602843) CSS sanitization does not escape HTML tags * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826) Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 ----------------------------------------- Patch: SUSE-2020-87 Released: Mon Jan 13 14:12:32 2020 Summary: Security update for libsolv, libzypp, zypper Severity: moderate References: 1135114,1154804,1154805,1155198,1155205,1155298,1155678,1155819,1156158,1157377,1158763,CVE-2019-18900 Description: This update for libsolv, libzypp, zypper fixes the following issues: Security issue fixed: - CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763). Bug fixes - Fixed removing orphaned packages dropped by to-be-installed products (bsc#1155819). - Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules (bsc#1155198). - Do not enforce 'en' being in RequestedLocales If the user decides to have a system without explicit language support he may do so (bsc#1155678). - Load only target resolvables for zypper rm (bsc#1157377). - Fix broken search by filelist (bsc#1135114). - Replace python by a bash script in zypper-log (fixes#304, fixes#306, bsc#1156158). - Do not sort out requested locales which are not available (bsc#1155678). - Prevent listing duplicate matches in tables. XML result is provided within the new list-patches-byissue element (bsc#1154805). - XML add patch issue-date and issue-list (bsc#1154805). - Fix zypper lp --cve/bugzilla/issue options (bsc#1155298). - Always execute commit when adding/removing locales (fixes bsc#1155205). - Fix description of --table-style,-s in man page (bsc#1154804). ----------------------------------------- Patch: SUSE-2020-94 Released: Tue Jan 14 12:28:26 2020 Summary: Recommended update for icu Severity: important References: 1103893,1146907 Description: This update for icu fixes the following issues: - Porting upstream's Japanese new era name support. (bsc#1103893, fate#325570, fate#325419) - Remove old obsoletes/provides for migration from very old products, as they break our shared library policy. (bsc#1146907) - IMPORTANT: Please force this update to install with 'zypper -f' to override the major version if you already installed the version 64. ----------------------------------------- Patch: SUSE-2020-97 Released: Tue Jan 14 13:40:50 2020 Summary: Optional update for yast2-samba-server Severity: low References: 1103691,1104644 Description: This update for yast2-samba-server doesn't fix any user visible issues. ----------------------------------------- Patch: SUSE-2020-107 Released: Wed Jan 15 14:18:39 2020 Summary: Recommended update for yast2-storage-ng Severity: moderate References: 1141006,1154070 Description: This update for yast2-storage-ng fixes the following issues: - Initial: consider only up to ten disks. (bsc#1154070) - Add execute permissions to test files. (bsc#1141006) ----------------------------------------- Patch: SUSE-2020-109 Released: Wed Jan 15 14:19:28 2020 Summary: Recommended update for hawk2 Severity: moderate References: 1158681 Description: This update for hawk2 fixes the following issues: - Fix the 'acl_version' method when parsing the cib.xml avoid hanging of HAWK2 (bsc#1158681) ----------------------------------------- Patch: SUSE-2020-112 Released: Thu Jan 16 10:10:53 2020 Summary: Security update for tigervnc Severity: important References: 1159856,1159858,1159860,1160250,1160251,CVE-2019-15691,CVE-2019-15692,CVE-2019-15693,CVE-2019-15694,CVE-2019-15695 Description: This update for tigervnc fixes the following issues: - CVE-2019-15691: Fixed a use-after-return due to incorrect usage of stack memory in ZRLEDecoder (bsc#1159856). - CVE-2019-15692: Fixed a heap-based buffer overflow in CopyRectDecode (bsc#1160250). - CVE-2019-15693: Fixed a heap-based buffer overflow in TightDecoder::FilterGradient (bsc#1159858). - CVE-2019-15694: Fixed a heap-based buffer overflow, caused by improper error handling in processing MemOutStream (bsc#1160251). - CVE-2019-15695: Fixed a stack-based buffer overflow, which could be triggered from CMsgReader::readSetCursor (bsc#1159860). ----------------------------------------- Patch: SUSE-2020-114 Released: Thu Jan 16 10:11:52 2020 Summary: Security update for python3 Severity: important References: 1027282,1029377,1029902,1040164,1042670,1070853,1079761,1081750,1083507,1086001,1088004,1088009,1088573,1094814,1107030,1109663,1109847,1120644,1122191,1129346,1130840,1133452,1137942,1138459,1141853,1149121,1149792,1149955,1151490,1153238,1159035,1159622,637176,658604,673071,709442,743787,747125,751718,754447,754677,787526,809831,831629,834601,871152,885662,885882,917607,942751,951166,983582,984751,985177,985348,989523,CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2014-2667,CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20406,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947 Description: This update for python3 to version 3.6.10 fixes the following issues: - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). ----------------------------------------- Patch: SUSE-2020-125 Released: Fri Jan 17 12:27:07 2020 Summary: Recommended update for icu Severity: important References: 1161007 Description: This update for icu provides the following fix: - Re-add the libicu provides to the spec file to fix installation of SAP HANA on SLE-15 and SLE-15-SP1. (bsc#1161007) ----------------------------------------- Patch: SUSE-2020-126 Released: Fri Jan 17 17:12:10 2020 Summary: Recommended update for kernel-firmware Severity: moderate References: 1154395 Description: This update for kernel-firmware fixes the following issues: - Update to version 20191118 (git commit e8a0f4c93147): * rtl_nic: add firmware rtl8168fp-3 * linux-firmware: Update NXP Management Complex firmware to version 10.18.0 Update to version 20191113 (git commit c62c3c26a5e7): * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * amdgpu: update navi14 vcn firmware * amdgpu: update navi10 vcn firmware Update to version 20191108 (git commit f1100ddf581f): (bsc#1154395): * i915: Add HuC firmware v7.0.3 for TGL * i915: Add GuC firmware v35.2.0 for TGL * i915: Add HuC firmware v9.0.0 for EHL * i915: Add GuC firmware v33.0.4 for EHL * rtw88: RTL8723D: add firmware file v48 * qed: Add firmware 8.40.33.0 * amdgpu: add new navi14 wks gfx firmware for 19.30 * amdgpu: update navi14 firmware for 19.30 * amdgpu: update raven firmware for 19.30 * linux-firmware: Add firmware file for Intel Bluetooth AX201 ----------------------------------------- Patch: SUSE-2020-130 Released: Mon Jan 20 09:21:21 2020 Summary: Security update for libssh Severity: important References: 1158095,CVE-2019-14889 Description: This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095). ----------------------------------------- Patch: SUSE-2020-132 Released: Mon Jan 20 09:22:12 2020 Summary: Security update for Mesa Severity: moderate References: 1156015,CVE-2019-5068 Description: This update for Mesa fixes the following issues: Security issue fixed: - CVE-2019-5068: Fixed exploitable shared memory permissions vulnerability (bsc#1156015). ----------------------------------------- Patch: SUSE-2020-156 Released: Wed Jan 22 08:02:11 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1161215,1161216,1161218,1161219,1161220 Description: This update for libgcrypt fixes the following issues: - ECDSA: Check range of coordinates (bsc#1161216) - FIPS: libgcrypt DSA PQG parameter generation: Missing value (bsc#1161219) - FIPS: libgcrypt DSA PQG verification incorrect results (bsc#1161215) - FIPS: libgcrypt RSA siggen/keygen: 4k not supported (bsc#1161220) - FIPS: keywrap gives incorrect results (bsc#1161218) ----------------------------------------- Patch: SUSE-2020-157 Released: Wed Jan 22 08:02:51 2020 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1161198,1161203 Description: This update for openssl-1_1 fixes the following issues: - Fix FIPS DRBG without derivation function (bsc#1161198) - Allow md5_sha1 in FIPS mode to enable TLS 1.0 (bsc#1161203) ----------------------------------------- Patch: SUSE-2020-218 Released: Thu Jan 23 07:59:02 2020 Summary: Recommended update for yast2-installation Severity: moderate References: 1138117 Description: This update for yast2-installation fixes the following issues: - Downloading files: Remounting CD with bind option correctly if the CD has already been mounted (bsc#1138117). ----------------------------------------- Patch: SUSE-2020-220 Released: Thu Jan 23 15:07:49 2020 Summary: Recommended update for ucode-intel Severity: moderate References: 1160478 Description: This update for ucode-intel fixes the following issues: Reverted the Skylake Server Intel CPU Microcode below to 0x02000064 due to occasional faults during warm-boot (bsc#1160478): - SKX-SP H0/M0/U0 6-55-4/b7 02000064->02000065 Xeon Scalable ----------------------------------------- Patch: SUSE-2020-224 Released: Thu Jan 23 17:05:02 2020 Summary: Security update for samba Severity: moderate References: 1160850,1160888,CVE-2019-14902,CVE-2019-14907 Description: This update for samba fixes the following issues: - CVE-2019-14902: Fixed an issue where automatic replication of ACLs down subtree on AD Directory is not working (bsc#1160850). - CVE-2019-14907: Fixed a Server-side crash after charset conversion failure during NTLMSSP processing (bsc#1160888). ----------------------------------------- Patch: SUSE-2020-225 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Severity: moderate References: 1158830 Description: This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------- Patch: SUSE-2020-232 Released: Fri Jan 24 15:32:30 2020 Summary: Recommended update for brotli Severity: low References: 1161104 Description: This update for brotli fixes the following issues: - Added missing libbrotlicommon1 and libbrotlidec1 Requires to devel subpackage (bsc#1161104). ----------------------------------------- Patch: SUSE-2020-234 Released: Fri Jan 24 16:33:52 2020 Summary: Security update for python Severity: important References: 1027282,1041090,1042670,1068664,1073269,1073748,1078326,1078485,1079300,1081750,1083507,1084650,1086001,1088004,1088009,1109847,1111793,1113755,1122191,1129346,1130840,1130847,1138459,1141853,1149792,1149955,1153238,1153830,1159035,214983,298378,346490,367853,379534,380942,399190,406051,425138,426563,430761,432677,436966,437293,441088,462375,525295,534721,551715,572673,577032,581765,603255,617751,637176,638233,658604,673071,682554,697251,707667,718009,747125,747794,751718,754447,766778,794139,804978,827982,831442,834601,836739,856835,856836,857470,863741,885882,898572,901715,935856,945401,964182,984751,985177,985348,989523,997436,CVE-2007-2052,CVE-2008-1721,CVE-2008-2315,CVE-2008-2316,CVE-2008-3142,CVE-2008-3143,CVE-2008-3144,CVE-2011-1521,CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-1753,CVE-2013-4238,CVE-2014-1912,CVE-2014-4650,CVE-2014-7185,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-1000158,CVE-2017-18207,CVE-2018-1000030,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20852,CVE-2019-10160,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947,CVE-2019-9948 Description: This update for python fixes the following issues: Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions (bsc#1159035). ----------------------------------------- Patch: SUSE-2020-235 Released: Mon Jan 27 07:22:26 2020 Summary: Recommended update for crmsh Severity: moderate References: 1127095,1127096,1129462,1144241,1145520,1154163 Description: This update for crmsh fixes the following issues: - Fix for corosync: Reject appending ipaddress to config file if it already has one. (bsc#1127095, bsc#1127096) - Fix for ui_cluster: Refactoring function 'list_cluster_nodes' and handle the 'None' situation properly to avoid possible crash. (bsc#1145520) - Fixes an issue where the resource failcount was not set correctly (bsc#1144241) - Fixes an issue where the VM resource doesn't get started properly by pacemaker (bsc#1129462) ----------------------------------------- Patch: SUSE-2020-238 Released: Mon Jan 27 10:16:59 2020 Summary: Recommended update for saptune Severity: moderate References: 1142467,1142526,1149002,1152598,1159671 Description: This update for saptune fixes the following issues: - Add function 'delete' and 'rename' to the 'note' operation to manipulate a customer or vendor specific note, with confirmation. (jsc#SLE-9283) - Inform the customer that the command 'saptune note customise [NoteID]' does not apply changes immediately but writes the changes into a configuration file that can be applied in a second step. (bsc#1142467) - Add warning to man page, not to rename/remove/modify active configurations. (bsc#1149002) - Implement support of multi-queue I/O scheduler for block devices. (bsc#1152598) - Add missing search pattern to the update helper script to find all old and superfluous notes during upgrade from SLE12 to SLE15. (bsc#1142526) - If a parameter is not supported by the system, the note action 'verify' will no longer report this as an error even if the value is not compliant. (bsc#1159671) ----------------------------------------- Patch: SUSE-2020-256 Released: Wed Jan 29 09:39:17 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1157794,1160970 Description: This update for aaa_base fixes the following issues: - Improves the way how the Java path is created to fix an issue with sapjvm. (bsc#1157794) - Drop 'dev.cdrom.autoclose' = 0 from sysctl config. (bsc#1160970) ----------------------------------------- Patch: SUSE-2020-258 Released: Thu Jan 30 07:22:08 2020 Summary: Recommended update for munge Severity: moderate References: 1160075 Description: This update for munge fixes the following issues: - Add Provides for 'munge-libs' to package libmunge for compatibility with the upstream spec file (bsc#1160075). ----------------------------------------- Patch: SUSE-2020-262 Released: Thu Jan 30 11:02:42 2020 Summary: Security update for glibc Severity: moderate References: 1149332,1151582,1157292,1157893,1158996,CVE-2019-19126 Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2019-19126: Fixed to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition (bsc#1157292). Bug fixes: - Fixed z15 (s390x) strstr implementation that can return incorrect results if search string cross page boundary (bsc#1157893). - Fixed Hardware support in toolchain (bsc#1151582). - Fixed syscalls during early process initialization (SLE-8348). - Fixed an array overflow in backtrace for PowerPC (bsc#1158996). - Moved to posix_spawn on popen (bsc#1149332). ----------------------------------------- Patch: SUSE-2020-263 Released: Thu Jan 30 13:59:09 2020 Summary: Security update for wicked Severity: important References: 1160903,1160905,CVE-2019-18902,CVE-2020-7216 Description: This update for wicked fixes the following issues: - CVE-2019-18902: Fixed a use-after-free when receiving invalid DHCP6 client options (bsc#1160903). - CVE-2020-7216: Fixed a potential denial of service via a memory leak when processing packets with missing message type option in DHCP4 (bsc#1160905). ----------------------------------------- Patch: SUSE-2020-265 Released: Thu Jan 30 14:05:34 2020 Summary: Security update for e2fsprogs Severity: moderate References: 1160571,CVE-2019-5188 Description: This update for e2fsprogs fixes the following issues: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). ----------------------------------------- Patch: SUSE-2020-270 Released: Thu Jan 30 16:14:27 2020 Summary: Recommended update for ldb Severity: moderate References: 1161417 Description: This update for ldb fixes the following issue: - ship the ldb-tools package. (bsc#1161417) ----------------------------------------- Patch: SUSE-2020-274 Released: Thu Jan 30 17:59:55 2020 Summary: Recommended update for MozillaFirefox Severity: moderate References: 1161799 Description: This update for MozillaFirefox fixes the following issues: Mozilla Firefox Extended Support Release 68.4.2 ESR: * Fixed: Fixed various issues opening files with spaces in their path (bmo#1601905, bmo#1602726) ----------------------------------------- Patch: SUSE-2020-279 Released: Fri Jan 31 12:01:39 2020 Summary: Recommended update for p11-kit Severity: moderate References: 1013125 Description: This update for p11-kit fixes the following issues: - Also build documentation (bsc#1013125) ----------------------------------------- Patch: SUSE-2020-316 Released: Tue Feb 4 14:38:55 2020 Summary: Recommended update for python-kiwi Severity: moderate References: 1139915,1155815,1156694,1156908,1157104,1157354,1159235,1159538 Description: This update for python-kiwi fixes the following issues: - Update libyui-ncurses-pkg10 to libyui-ncurses-pkg11 Tumbleweed there is no longer the libyui-ncurses-pkg10 its been superseded by libyui-ncurses-pkg11. (bsc#1159538) - Fix grub2 configuration for shim fallback setup if shim fallback setup is enabled the grub.cfg is copied to the EFI partition. (bsc#1159235, bsc#1155815) - No swap volume is added on btrfs as the volume manager is not LVM, so swap has its own volume. (bsc#1156908) - Fixed setup of default grub config preventing grub2-mkconfig to place the root device information twice. (bsc#1156908) - Include 'grub.cfg' inside the efi partition the vfat. (bsc#1157354) - Fix for kiwi relative path in repository element. (bsc#1157104) - Fixed 'zipl' bootloader setup for 's390' images. (bsc#1156694) - Fix the sha256 generated file content in a 'kiwi result bundle' call includes the filename with the correct extension. (bsc#1139915) - Fixed rpmdb compat link setup removing the hardcoded path '/var/lib/rpm' and use the rpm macro definition instead. (bsc#1150190) ----------------------------------------- Patch: SUSE-2020-330 Released: Wed Feb 5 17:33:24 2020 Summary: Recommended update for yast2-firstboot Severity: moderate References: 1094307,1123091,1134501,1143106,1154708,1156905,1159157 Description: This update for yast2-firstboot fixes the following issues: yast2-firstboot received the following fixes: - Improve the 'firstboot_licenses' client to give precedence to the directory argument, allowing to use it multiple times to show different licenses (bsc#1154708). - Add firstboot.rnc to the desktop file (bsc#1156905). - Remove the references to the already dropped automatic configuration feature (FATE#314695). autoyast received the following fixes: - Fixed conflicting items in rule dialogs (bsc#1123091). - Semi-automatic with partition: Do not use the common AY partition workflow (bsc#1134501). - Do not reset Base-Product while registration. Do not call registration in the second installation stage again. (bsc#1143106). - Fix profile validation for scripts elements (bsc#1156905). - UI: Report XML parsing errors instead of just crashing (bsc#1159157). yast2-schema received the following fixes: - Fix 'firstboot' and 'scripts' elements validation (bsc#1156905). - Add create_subvolumes element (bsc#1094307) ----------------------------------------- Patch: SUSE-2020-335 Released: Thu Feb 6 11:37:24 2020 Summary: Security update for systemd Severity: important References: 1084671,1092920,1106383,1133495,1151377,1154256,1155207,1155574,1156213,1156482,1158485,1159814,1161436,1162108,CVE-2019-20386,CVE-2020-1712 Description: This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) - bus_open leak sd_event_source when udevadm trigger。 (bsc#1161436 CVE-2019-20386) - fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814) - fileio: initialize errno to zero before we do fread() - fileio: try to read one byte too much in read_full_stream() - logind: consider 'greeter' sessions suitable as 'display' sessions of a user (bsc#1158485) - logind: never elect a session that is stopping as display - journal: include kmsg lines from the systemd process which exec()d us (#8078) - udevd: don't use monitor after manager_exit() - udevd: capitalize log messages in on_sigchld() - udevd: merge conditions to decrease indentation - Revert 'udevd: fix crash when workers time out after exit is signal caught' - core: fragments of masked units ought not be considered for NeedDaemonReload (#7060) (bsc#1156482) - udevd: fix crash when workers time out after exit is signal caught - udevd: wait for workers to finish when exiting (bsc#1106383) - Improve bash completion support (bsc#1155207) * shell-completion: systemctl: do not list template units in {re,}start * shell-completion: systemctl: pass current word to all list_unit* * bash-completion: systemctl: pass current partial unit to list-unit* (bsc#1155207) * bash-completion: systemctl: use systemctl --no-pager * bash-completion: also suggest template unit files * bash-completion: systemctl: add missing options and verbs * bash-completion: use the first argument instead of the global variable (#6457) - networkd: VXLan Make group and remote variable separate (bsc#1156213) - networkd: vxlan require Remote= to be a non multicast address (#8117) (bsc#1156213) - fs-util: let's avoid unnecessary strerror() - fs-util: introduce inotify_add_watch_and_warn() helper - ask-password: improve log message when inotify limit is reached (bsc#1155574) - shared/install: failing with -ELOOP can be due to the use of an alias in install_error() (bsc#1151377) - man: alias names can't be used with enable command (bsc#1151377) - Add boot option to not use swap at system start (jsc#SLE-7689) - Allow YaST to select Iranian (Persian, Farsi) keyboard layout (bsc#1092920) ----------------------------------------- Patch: SUSE-2020-339 Released: Thu Feb 6 13:03:22 2020 Summary: Recommended update for openldap2 Severity: low References: 1158921 Description: This update for openldap2 provides the following fix: - Add libldap-data to the product (as it contains ldap.conf). (bsc#1158921) ----------------------------------------- Patch: SUSE-2020-340 Released: Thu Feb 6 13:03:56 2020 Summary: Recommended update for python-rpm-macros Severity: moderate References: 1161770 Description: This update for python-rpm-macros fixes the following issues: - Add macros related to the Python dist metadata dependency generator. (bsc#1161770) ----------------------------------------- Patch: SUSE-2020-343 Released: Thu Feb 6 13:08:13 2020 Summary: Recommended update for SAPHanaSR Severity: moderate References: 1155423,1156067,1156150,1157453 Description: This update for SAPHanaSR fixes the following issues: - Restart sapstartsrv service on master nameserver node during monitor action, if needed. But NOT during probes. (bsc#1157453, bsc#1156150) - The SAPHana resource agent must not down-score a SAP HANA Database site, but keep high scoring during recovery of the master name server. (bsc#1156067) - Change HAWK2 templates to python3. (bsc#1155423) ----------------------------------------- Patch: SUSE-2020-349 Released: Thu Feb 6 14:12:17 2020 Summary: Security update for libqt5-qtbase Severity: important References: 1161167,CVE-2020-0569 Description: This update for libqt5-qtbase fixes the following issues: - CVE-2020-0569: Fixed a potential local code execution by loading plugins from CWD (bsc#1161167). ----------------------------------------- Patch: SUSE-2020-359 Released: Fri Feb 7 10:39:59 2020 Summary: Security update for rubygem-rack Severity: moderate References: 1114828,1116600,1159548,CVE-2018-16471,CVE-2019-16782 Description: This update for rubygem-rack to version 2.0.8 fixes the following issues: - CVE-2018-16471: Fixed a cross-site scripting (XSS) flaw via the scheme method on Rack::Request (bsc#1116600). - CVE-2019-16782: Fixed a possible information leak and session hijack vulnerability (bsc#1159548). ----------------------------------------- Patch: SUSE-2020-362 Released: Fri Feb 7 11:14:20 2020 Summary: Recommended update for libXi Severity: moderate References: 1153311 Description: This update for libXi fixes the following issue: - The libXi6-32bit library on x86_64 are now shipped in the Basesystem module. (bsc#1153311) ----------------------------------------- Patch: SUSE-2020-370 Released: Fri Feb 7 13:57:23 2020 Summary: Security update for wicked Severity: important References: 1160904,1160906,CVE-2019-18903,CVE-2020-7217 Description: This update for wicked fixes the following issues: - CVE-2019-18903: Fixed a use-after-free when receiving invalid DHCP6 IA_PD option (bsc#1160904). - CVE-2020-7217: Fixed a memory leak in DHCP4 fsm when processing packets for other client ids (bsc#1160906). ----------------------------------------- Patch: SUSE-2020-383 Released: Mon Feb 17 08:47:49 2020 Summary: Security update for MozillaFirefox Severity: important References: 1163368,CVE-2020-6796,CVE-2020-6797,CVE-2020-6798,CVE-2020-6799,CVE-2020-6800 Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.5.0 ESR * Fixed: Various stability and security fixes - Mozilla Firefox ESR68.5 MFSA 2020-06 (bsc#1163368) * CVE-2020-6796 (bmo#1610426) Missing bounds check on shared memory read in the parent process * CVE-2020-6797 (bmo#1596668) Extensions granted downloads.open permission could open arbitrary applications on Mac OSX * CVE-2020-6798 (bmo#1602944) Incorrect parsing of template tag could result in JavaScript injection * CVE-2020-6799 (bmo#1606596) Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543, bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785) Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 ----------------------------------------- Patch: SUSE-2020-395 Released: Tue Feb 18 14:16:48 2020 Summary: Recommended update for gcc7 Severity: moderate References: 1160086 Description: This update for gcc7 fixes the following issue: - Fixed a miscompilation in zSeries code (bsc#1160086) ----------------------------------------- Patch: SUSE-2020-408 Released: Wed Feb 19 09:32:46 2020 Summary: Security update for sudo Severity: important References: 1162202,1162675,CVE-2019-18634 Description: This update for sudo fixes the following issues: Security issue fixed: - CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers (bsc#1162202). Non-security issue fixed: - Fixed an issue where sudo -l would ask for a password even though `listpw` was set to `never` (bsc#1162675). ----------------------------------------- Patch: SUSE-2020-417 Released: Wed Feb 19 11:40:02 2020 Summary: Recommended update for chrony Severity: moderate References: 1159840 Description: This update for chrony fixes the following issues: - Fix 'make check' builds made after 2019-12-20. Existing installations do not need to be updated as the bug only affects the test, but not chrony itself (bsc#1159840). ----------------------------------------- Patch: SUSE-2020-418 Released: Wed Feb 19 13:23:13 2020 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1163569 Description: This update for openssl-1_1 fixes the following issues: - FIPS: Fixed wrong return values of FIPS DSA and ECDH selftests (bsc#1163569) ----------------------------------------- Patch: SUSE-2020-462 Released: Tue Feb 25 11:49:30 2020 Summary: Recommended update for xfsprogs Severity: moderate References: 1158504,1158509,1158630,1158758 Description: This update for xfsprogs fixes the following issues: - Allow the filesystem utility xfs_io to suffix sizes with k,m,g for kilobytes, megabytes or gigabytes respectively. (bsc#1158630) - Validate extent size hint parameters through libxfs to avoid output mismatch. (bsc#1158509) - Fix for 'xfs_repair' not to fail recovery of orphaned shortform directories. (bsc#1158504) - Fix for 'xfs_quota' to avoid false error reporting of project inheritance flag is not set. (bsc#1158758) ----------------------------------------- Patch: SUSE-2020-466 Released: Tue Feb 25 11:59:19 2020 Summary: Security update for java-1_8_0-ibm Severity: important References: 1160968,1162972,CVE-2019-4732,CVE-2020-2583,CVE-2020-2593,CVE-2020-2604,CVE-2020-2659 Description: This update for java-1_8_0-ibm fixes the following issues: Java 8.0 was updated to Service Refresh 6 Fix Pack 5 (bsc#1162972, bsc#1160968) - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2019-4732: Untrusted DLL search path vulnerability - CVE-2020-2593: Normalize normalization for all - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support ----------------------------------------- Patch: SUSE-2020-467 Released: Tue Feb 25 12:00:39 2020 Summary: Security update for python3 Severity: moderate References: 1162224,1162367,1162423,1162825,CVE-2019-9674,CVE-2020-8492 Description: This update for python3 fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP (bsc#1162367). Non-security issue fixed: - If the locale is 'C', coerce it to C.UTF-8 (bsc#1162423). ----------------------------------------- Patch: SUSE-2020-471 Released: Tue Feb 25 12:07:30 2020 Summary: Recommended update for crmsh Severity: moderate References: 1141976,1158060 Description: This update for crmsh fixes the following issues: - Fixes a bug where a space was not allowed in cluster names and therefore produced a parser error (bsc#1141976) - Fixes a bug where running hb_report flushed dmesg and /var/log/messages (bsc#1158060) ----------------------------------------- Patch: SUSE-2020-476 Released: Tue Feb 25 14:23:14 2020 Summary: Recommended update for perl Severity: moderate References: 1102840,1160039 Description: This update for perl fixes the following issues: - Some packages make assumptions about the date and time they are built. This update will solve the issues caused by calling the perl function timelocal expressing the year with two digit only instead of four digits. (bsc#1102840) (bsc#1160039) ----------------------------------------- Patch: SUSE-2020-480 Released: Tue Feb 25 17:38:22 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1160735 Description: This update for aaa_base fixes the following issues: - Change 'rp_filter' to increase the default priority to ethernet over the wifi. (bsc#1160735) ----------------------------------------- Patch: SUSE-2020-481 Released: Tue Feb 25 17:39:22 2020 Summary: Recommended update for perl-TimeDate Severity: moderate References: 1162433 Description: This update for perl-TimeDate fixes the following issues: - Fix for issues parsing date strings into time values correctly. (bsc#1162433) ----------------------------------------- Patch: SUSE-2020-492 Released: Wed Feb 26 13:16:03 2020 Summary: Recommended update for yast2-sudo Severity: moderate References: 1156929 Description: This update for yast2-sudo fixes the following issues: - Prevent truncating the sudoers file after writing the changes. (bsc#1156929) ----------------------------------------- Patch: SUSE-2020-510 Released: Thu Feb 27 12:46:10 2020 Summary: Security update for python Severity: moderate References: 1162224,1162367,1162825,CVE-2019-9674,CVE-2020-8492 Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation, warning about dangers of zip-bombs (bsc#1162825). - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP (bsc#1162367). ----------------------------------------- Patch: SUSE-2020-521 Released: Thu Feb 27 18:08:56 2020 Summary: Recommended update for c-ares Severity: moderate References: 1125306,1159006 Description: This update for c-ares fixes the following issues: c-ares version update to 1.15.0: * Add ares_init_options() configurability for path to resolv.conf file * Ability to exclude building of tools (adig, ahost, acountry) in CMake * Report ARES_ENOTFOUND for .onion domain names as per RFC7686 (bsc#1125306) * Apply the IPv6 server blacklist to all nameserver sources * Prevent changing name servers while queries are outstanding * ares_set_servers_csv() on failure should not leave channel in a bad state * getaddrinfo - avoid infinite loop in case of NXDOMAIN * ares_getenv - return NULL in all cases * implement ares_getaddrinfo - Fixed a regression in DNS results that contain both A and AAAA answers. - Add netcfg as the build requirement and runtime requirement. ----------------------------------------- Patch: SUSE-2020-525 Released: Fri Feb 28 11:49:36 2020 Summary: Recommended update for pam Severity: moderate References: 1164562 Description: This update for pam fixes the following issues: - Add libdb as build-time dependency to enable pam_userdb module. Enable pam_userdb.so (jsc#sle-7258, bsc#1164562) ----------------------------------------- Patch: SUSE-2020-549 Released: Sat Feb 29 11:09:17 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1155439,1164950 Description: This update for libgcrypt fixes the following issues: - Run the FIPS self-tests from the constructor (bsc#1164950) ----------------------------------------- Patch: SUSE-2020-566 Released: Tue Mar 3 09:14:05 2020 Summary: Recommended update for supportutils Severity: important References: 1023308,1089877,1145233,1154482,1156837,1162357,1162539 Description: This update for supportutils fixes the following issues: - Exclude /proc/pagetypeinfo as it can be an expensive operation on some systems (bsc#1162357). - Readded LPM/DLPAR data for power (bsc#1162539). - Strip trailing commas from process names #64 (bsc#1156837). - Dynamically select compression method (bsc#1145233). - Updated detailed unit information fix in systemd.txt (bsc#1023308). - Include IPv6 routes (bsc#1089877). - Removed root .snapshots directory from full file list (bsc#1154482). ----------------------------------------- Patch: SUSE-2020-567 Released: Tue Mar 3 10:46:37 2020 Summary: Recommended update for sendmail Severity: moderate References: 1164084 Description: This update for sendmail fixes the following issues: - If sendmail tried to reuse an SMTP session which had already been closed by the server, then the connection cache could have invalid information about the session, possibly STARTTLS was not used even if it was offered. (bsc#1164084) ----------------------------------------- Patch: SUSE-2020-572 Released: Tue Mar 3 13:25:41 2020 Summary: Recommended update for cyrus-sasl Severity: moderate References: 1162518 Description: This update for cyrus-sasl fixes the following issues: - Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518) - Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518) ----------------------------------------- Patch: SUSE-2020-573 Released: Tue Mar 3 13:37:28 2020 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1160160 Description: This update for ca-certificates-mozilla to 2.40 fixes the following issues: Updated to 2.40 state of the Mozilla NSS Certificate store (bsc#1160160): Removed certificates: - Certplus Class 2 Primary CA - Deutsche Telekom Root CA 2 - CN=Swisscom Root CA 2 - UTN-USERFirst-Client Authentication and Email added certificates: - Entrust Root Certification Authority - G4 ----------------------------------------- Patch: SUSE-2020-581 Released: Wed Mar 4 10:18:28 2020 Summary: Recommended update for openssh Severity: moderate References: 1161997 Description: This update for openssh fixes the following issues: - Switch to use the openssl 'SSH' Key Derivation Function (SSH KDF) (jsc#SLE-9443 bsc#1161997). This performs key derivation using OpenSSL's SSHKDF facility, which allows OpenSSH to benefit from the former's FIPS certification status. This key derivation function uses FIPS 140-2 certified algorithms. ----------------------------------------- Patch: SUSE-2020-582 Released: Wed Mar 4 11:07:27 2020 Summary: Recommended update for ebtables Severity: moderate References: 1126094 Description: This update for ebtables fixes the following issues: - firewalld hangs because of stale lock file for ebtables. (bsc#1126094) ----------------------------------------- Patch: SUSE-2020-594 Released: Thu Mar 5 15:16:48 2020 Summary: Security update for gd Severity: moderate References: 1140120,1165471,CVE-2018-14553,CVE-2019-11038 Description: This update for gd fixes the following issues: Security issue fixed: - CVE-2018-14553: Fixed a null pointer dereference in gdImageClone (bsc#1165471). - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120). ----------------------------------------- Patch: SUSE-2020-617 Released: Mon Mar 9 13:00:24 2020 Summary: Security update for ipmitool Severity: important References: 1085469,1163026,CVE-2020-5208 Description: This update for ipmitool fixes the following issues: - CVE-2020-5208: Fixed multiple remote code executtion vulnerabilities (bsc#1163026). - picmg discover messages are now DEBUG and not INFO messages (bsc#1085469). ----------------------------------------- Patch: SUSE-2020-629 Released: Tue Mar 10 13:11:38 2020 Summary: Security update for librsvg Severity: moderate References: 1162501,CVE-2019-20446 Description: This update for librsvg to version 2.42.8 fixes the following issues: librsvg was updated to version 2.42.8 fixing the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service (bsc#1162501). NOTE: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. - Fixed a stack exhaustion with circular references in elements. - Fixed a denial-of-service condition from exponential explosion of rendered elements, through nested use of SVG 'use' elements in malicious SVGs. ----------------------------------------- Patch: SUSE-2020-633 Released: Tue Mar 10 16:23:08 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1139939,1151023 Description: This update for aaa_base fixes the following issues: - get_kernel_version: fix for current kernel on s390x (bsc#1151023, bsc#1139939) - added '-h'/'--help' to the command old - change feedback url from http://www.suse.de/feedback to https://github.com/openSUSE/aaa_base/issues ----------------------------------------- Patch: SUSE-2020-662 Released: Thu Mar 12 17:30:22 2020 Summary: Recommended update for dracut Severity: moderate References: 1154043,1157795,1160318,1164076 Description: This update for dracut fixes the following issues: - Suppress error in '%post' when 'vconsole.conf' is not present. (bsc#1154043) - Fix 'DM_MULTIPATH_DEVICE_PATH' in udev rules. (bsc#1157795) - 01fips: Use correct kernel image name for more platforms (bsc#1164076) - 01fips: handle SHA1 on machines without AVX (bsc#1160318) ----------------------------------------- Patch: SUSE-2020-668 Released: Fri Mar 13 10:48:58 2020 Summary: Security update for glibc Severity: moderate References: 1163184,1164505,1165784,CVE-2020-10029 Description: This update for glibc fixes the following issues: - CVE-2020-10029: Fixed a potential overflow in on-stack buffer during range reduction (bsc#1165784). - Fixed an issue where pthread were not always locked correctly (bsc#1164505). - Document mprotect and introduce section on memory protection (bsc#1163184). ----------------------------------------- Patch: SUSE-2020-669 Released: Fri Mar 13 12:14:08 2020 Summary: Recommended update for icewm-theme-branding Severity: moderate References: 1157930 Description: This update for icewm-theme-branding fixes the following issue: - icewm can not find default web-browser toolbar icon. (bsc#1157930) This update adds the adwaita legacy path to the IconPath in preferences. adwaita-icon-theme has its main icon updated to symbolic style, while icewm's style is more suitable for legacy-style icons (eg. web-browser). ----------------------------------------- Patch: SUSE-2020-686 Released: Fri Mar 13 14:19:36 2020 Summary: Security update for MozillaFirefox Severity: important References: 1132665,1166238,CVE-2019-20503,CVE-2020-6805,CVE-2020-6806,CVE-2020-6807,CVE-2020-6811,CVE-2020-6812,CVE-2020-6814 Description: This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to 68.6.0 ESR (MFSA 2020-09 bsc#1132665 bsc#1166238) - CVE-2020-6805: Fixed a use-after-free when removing data about origins - CVE-2020-6806: Fixed improper protections against state confusion - CVE-2020-6807: Fixed a use-after-free in cubeb during stream destruction - CVE-2020-6811: Fixed an issue where copy as cURL' feature did not fully escape website-controlled data potentially leading to command injection - CVE-2019-20503: Fixed out of bounds reads in sctp_load_addresses_from_init - CVE-2020-6812: Fixed an issue where the names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission - CVE-2020-6814: Fixed multiple memory safety bugs - Fixed an issue with minimizing a window (bsc#1132665). ----------------------------------------- Patch: SUSE-2020-689 Released: Fri Mar 13 17:09:01 2020 Summary: Recommended update for pam Severity: moderate References: 1166510 Description: This update for PAM fixes the following issue: - The license of libdb linked against pam_userdb is not always wanted, so we temporary disabled pam_userdb again. It will be published in a different package at a later time. (bsc#1166510) ----------------------------------------- Patch: SUSE-2020-690 Released: Fri Mar 13 17:09:28 2020 Summary: Recommended update for suse-build-key Severity: moderate References: 1166334 Description: This update for suse-build-key fixes the following issues: - created a new security@suse.de communication key (bsc#1166334) ----------------------------------------- Patch: SUSE-2020-694 Released: Mon Mar 16 10:56:47 2020 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1165281,1165534 Description: This update for openssl-1_1 fixes the following issues: - Fix a deadlock in the FIPS random generator code (bsc#1165281 bsc#1165534) ----------------------------------------- Patch: SUSE-2020-475 Released: Thu Mar 19 11:00:46 2020 Summary: Recommended update for systemd Severity: moderate References: 1160595 Description: This update for systemd fixes the following issues: - Remove TasksMax limit for both user and system slices (jsc#SLE-10123) - Backport IP filtering feature (jsc#SLE-7743 bsc#1160595) ----------------------------------------- Patch: SUSE-2020-722 Released: Thu Mar 19 11:21:57 2020 Summary: Security update for nghttp2 Severity: moderate References: 1159003,1166481,CVE-2019-18802 Description: This update for nghttp2 fixes the following issues: nghttp2 was update to version 1.40.0 (bsc#1166481) - lib: Add nghttp2_check_authority as public API - lib: Fix the bug that stream is closed with wrong error code - lib: Faster huffman encoding and decoding - build: Avoid filename collision of static and dynamic lib - build: Add new flag ENABLE_STATIC_CRT for Windows - build: cmake: Support building nghttpx with systemd - third-party: Update neverbleed to fix memory leak - nghttpx: Fix bug that mruby is incorrectly shared between backends - nghttpx: Reconnect h1 backend if it lost connection before sending headers - nghttpx: Returns 408 if backend timed out before sending headers - nghttpx: Fix request stal ----------------------------------------- Patch: SUSE-2020-727 Released: Thu Mar 19 13:57:15 2020 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1166848 Description: This update for openssl-1_1 fixes the following issues: - Fix a locking issue uncovered by the python testsuite (bsc#1166848) ----------------------------------------- Patch: SUSE-2020-729 Released: Thu Mar 19 14:44:22 2020 Summary: Recommended update for glibc Severity: moderate References: 1166106 Description: This update for glibc fixes the following issues: - Allow dlopen of filter object to work (bsc#1166106, BZ #16272) ----------------------------------------- Patch: SUSE-2020-737 Released: Fri Mar 20 13:47:16 2020 Summary: Recommended update for ruby2.5 Severity: important References: 1140844,1152990,1152992,1152994,1152995,1162396,1164804,CVE-2012-6708,CVE-2015-9251,CVE-2019-15845,CVE-2019-16201,CVE-2019-16254,CVE-2019-16255,CVE-2020-8130 Description: This update for ruby2.5 toversion 2.5.7 fixes the following issues: ruby 2.5 was updated to version 2.5.7 - CVE-2020-8130: Fixed a command injection in intree copy of rake (bsc#1164804). - CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and Shell#test (bsc#1152990). - CVE-2019-16254: Fixed am HTTP response splitting in WEBrick (bsc#1152992). - CVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch and File.fnmatch? (bsc#1152994). - CVE-2019-16201: Fixed a regular expression denial of service of WEBrick Digest access authentication (bsc#1152995). - CVE-2012-6708: Fixed an XSS in JQuery - CVE-2015-9251: Fixed an XSS in JQuery - Fixed unit tests (bsc#1140844) - Removed some unneeded test files (bsc#1162396). ----------------------------------------- Patch: SUSE-2020-738 Released: Fri Mar 20 13:53:58 2020 Summary: Recommended update for wicked Severity: important References: 1165180 Description: This update for wicked fixes the following issues: - Fix the package using old/wrong pattern for libzypp in package libwicked. (bsc#1165180) ----------------------------------------- Patch: SUSE-2020-748 Released: Mon Mar 23 16:13:57 2020 Summary: Recommended update for grub2 Severity: moderate References: 1161641,1162403 Description: This update for grub2 fixes the following issues: - Fix for minix file system detection using grub2-install. (bsc#1161641, bsc#1162403) ----------------------------------------- Patch: SUSE-2020-777 Released: Tue Mar 24 18:07:52 2020 Summary: Recommended update for python3 Severity: moderate References: 1165894 Description: This update for python3 fixes the following issue: - Rename idle icons to idle3 in order to not conflict with python2 variant of the package (bsc#1165894) ----------------------------------------- Patch: SUSE-2020-783 Released: Wed Mar 25 06:45:43 2020 Summary: Recommended update for resource-agents Severity: moderate References: 1161898 Description: This update for resource-agents fixes the following issues: - Fix for journalctl replacing the obsolete function to 'gcp-vpc-move-route'. (bsc#1161898) ----------------------------------------- Patch: SUSE-2020-793 Released: Wed Mar 25 15:16:00 2020 Summary: Recommended update for systemd Severity: moderate References: 1139459,1161262,1162108,1164717,1165579,CVE-2020-1712 Description: This update for systemd fixes the following issues: - manager: fix job mode when signalled to shutdown etc (bsc#1161262) - remove fallback for user/exit.target - dbus method Manager.Exit() does not start exit.target - do not install rescue.target for alt-↑ - %j/%J unit specifiers Added support for I/O scheduler selection with blk-mq (bsc#1165579, bsc#1164717). Added the udev 60-ssd-scheduler.rules: - This rules file which select the default IO scheduler for SSDs is being moved out from the git repo since this is not related to systemd or udev at all and is maintained by the kernel team. - core: coldplug possible nop_job (bsc#1139459) - Revert 'udev: use 'deadline' IO scheduler for SSD disks' - Fix typo in function name - polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it (bsc#1162108 CVE-2020-1712) - sd-bus: introduce API for re-enqueuing incoming messages - polkit: on async pk requests, re-validate action/details ----------------------------------------- Patch: SUSE-2020-794 Released: Wed Mar 25 17:52:58 2020 Summary: Recommended update for drbd-utils Severity: moderate References: 1166200 Description: This update for drbd-utils fixes the following issue: - Detect Pacemaker 2 'promotable clones' (bsc#1166200) The update solve a regular expression issue with the new xml of Pacemaker 2. ----------------------------------------- Patch: SUSE-2020-814 Released: Mon Mar 30 16:23:40 2020 Summary: Recommended update for QR-Code-generator, boost, libreoffice, myspell-dictionaries, xmlsec1 Severity: moderate References: 1161816,1162152,1167223 Description: This update for QR-Code-generator, boost, libreoffice, myspell-dictionaries, xmlsec1 fixes the following issues: libreoffice was updated to 6.4.2.2 (jsc#SLE-11174 jsc#SLE-11175 jsc#SLE-11176 bsc#1167223): Full Release Notes can be found on: https://wiki.documentfoundation.org/ReleaseNotes/6.4 - Fixed broken handling of non-ASCII characters in the KDE filedialog (bsc#1161816) - Move the animation library to core package bsc#1162152 xmlsec1 was updated to 1.2.28: * Added BoringSSL support (chenbd). * Added gnutls-3.6.x support (alonbl). * Added DSA and ECDSA key size getter for MSCNG (vmiklos). * Added --enable-mans configuration option (alonbl). * Added coninuous build integration for MacOSX (vmiklos). * Several other small fixes (more details). - Make sure to recommend at least one backend when you install just xmlsec1 - Drop the gnutls backend as based on the tests it is quite borked: * We still have nss and openssl backend for people to use Version update to 1.2.27: * Added AES-GCM support for OpenSSL and MSCNG (snargit). * Added DSA-SHA256 and ECDSA-SHA384 support for NSS (vmiklos). * Added RSA-OAEP support for MSCNG (vmiklos). * Continuous build integration in Travis and Appveyor. * Several other small fixes (more details). myspell-dictionaries was updated to 20191219: * Updated the English dictionaries: GB+US+CA+AU * Bring shipped Spanish dictionary up to version 2.5 boost was updated to fix: - add a backport of Boost.Optional::has_value() for LibreOffice The QR-Code-generator is shipped: - Initial commit, needed by libreoffice 6.4 ----------------------------------------- Patch: SUSE-2020-819 Released: Tue Mar 31 13:01:34 2020 Summary: Security update for icu Severity: important References: 1166844,CVE-2020-10531 Description: This update for icu fixes the following issues: - CVE-2020-10531: Fixed a potential integer overflow in UnicodeString:doAppend (bsc#1166844). ----------------------------------------- Patch: SUSE-2020-820 Released: Tue Mar 31 13:02:22 2020 Summary: Security update for glibc Severity: important References: 1167631,CVE-2020-1752 Description: This update for glibc fixes the following issues: - CVE-2020-1752: Fixed a use after free in glob which could have allowed a local attacker to create a specially crafted path that, when processed by the glob function, could potentially have led to arbitrary code execution (bsc#1167631). ----------------------------------------- Patch: SUSE-2020-823 Released: Tue Mar 31 13:28:14 2020 Summary: Recommended update for parted Severity: moderate References: 1161783,1164260 Description: This update for parted fixes the following issue: - Make parted work with pmemXs devices. (bsc#1164260) - Fix for error when parted output size crashing parted in yast. (bsc#1161783) ----------------------------------------- Patch: SUSE-2020-825 Released: Tue Mar 31 13:30:37 2020 Summary: Recommended update for openslp Severity: moderate References: 1165050,1165121 Description: This update for openslp fixes the following issues: - Add missing group prerequisites to the openslp-server package. (bsc#1165050) - Add missing openslp prerequisites to the openslp-server package. (bsc#1165121) ----------------------------------------- Patch: SUSE-2020-826 Released: Tue Mar 31 13:32:12 2020 Summary: Recommended update for alsa-utils Severity: moderate References: 1162182 Description: This update for alsa-utils fixes the following issues: - Fix for dependency as it triggers uninstall of the unrelated 'bat' (cat clone) package. (bsc#1162182) ----------------------------------------- Patch: SUSE-2020-773 Released: Wed Apr 1 11:36:10 2020 Summary: Recommended update for MozillaFirefox Severity: important References: 1167231 Description: This update for MozillaFirefox fixes the following issues: - FIPS: allow /proc/sys/crypto/fips_enabled (bsc#1167231) ----------------------------------------- Patch: SUSE-2020-841 Released: Wed Apr 1 12:11:25 2020 Summary: Recommended update for corosync Severity: important References: 1163460 Description: This update for corosync fixes the following issues: - Fix for corosync to support link-local IPv6 addresses. (bsc#1163460) ----------------------------------------- Patch: SUSE-2020-850 Released: Thu Apr 2 14:37:31 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1155350,1155357,1155360,1166880 Description: This update for mozilla-nss fixes the following issues: Added various fixes related to FIPS certification: * Use getrandom() to obtain entropy where possible. * Make DSA KAT FIPS compliant. * Use FIPS compliant hash when validating keypair. * Enforce FIPS requirements on RSA key generation. * Miscellaneous fixes to CAVS tests. * Enforce FIPS limits on how much data can be processed without rekeying. * Run self tests on library initialization in FIPS mode. * Disable non-compliant algorithms in FIPS mode (hashes and the SEED cipher). * Clear various temporary variables after use. * Allow MD5 to be used in TLS PRF. * Preferentially gather entropy from /dev/random over /dev/urandom. * Allow enabling FIPS mode consistently with NSS_FIPS environment variable. * Fix argument parsing bug in lowhashtest. ----------------------------------------- Patch: SUSE-2020-917 Released: Fri Apr 3 15:02:25 2020 Summary: Recommended update for pam Severity: moderate References: 1166510 Description: This update for pam fixes the following issues: - Moved pam_userdb into a separate package pam-extra. (bsc#1166510) ----------------------------------------- Patch: SUSE-2020-929 Released: Mon Apr 6 15:47:45 2020 Summary: Security update for MozillaFirefox Severity: important References: 1168630,CVE-2020-6819,CVE-2020-6820 Description: This update for MozillaFirefox fixes the following issues: - Mozilla Firefox 68.6.1esr MFSA 2020-11 (bsc#1168630) * CVE-2020-6819 (bmo#1620818) Use-after-free while running the nsDocShell destructor * CVE-2020-6820 (bmo#1626728) Use-after-free when handling a ReadableStream ----------------------------------------- Patch: SUSE-2020-933 Released: Tue Apr 7 03:43:57 2020 Summary: Recommended update for crmsh Severity: moderate References: 1166644,1166684,1166967,1167220 Description: This update for crmsh fixes the following issues: - Update to version 4.1.0+git.1585823743.3acb5567: * corosync: Use with statement to open file * ui_resource: refresh should complete resource first. (bsc#1167220) * doc: Update man page about completion example of crm resource. (bsc#1166644) * ui_context: give warning if using alias command * bootstrap: Change condition to add stonith-sbd resource. (bsc#1166967) * bootstrap: use csync2 '-f' option correctly. (bsc#1166684) ----------------------------------------- Patch: SUSE-2020-934 Released: Tue Apr 7 03:46:20 2020 Summary: Recommended update for wget Severity: moderate References: 1167919 Description: This update for wget fixes the following issues: wget was updated to 1.20.3, fixing various bugs, including: - Fix for wget ignoring domains with leading '.' in environment variable 'no_proxy'. (bsc#1167919) ----------------------------------------- Patch: SUSE-2020-935 Released: Tue Apr 7 03:46:39 2020 Summary: Recommended update for xfsprogs Severity: moderate References: 1158630,1167205,1167206 Description: This update for xfsprogs fixes the following issues: - xfs_quota: reformat commands in the manpage. (bsc#1167206) Reformat commands in the manpage so that fstest can check that each command is actually documented. - xfs_db: document missing commands. (bsc#1167205) Document the commands 'attr_set', 'attr_remove', 'logformat' in the manpage. - xfs_io: allow size suffixes for the copy_range command. (bsc#1158630) Allow the usage of size suffixes k,m,g for kilobytes, megabytes or gigabytes respectively for the copy_range command ----------------------------------------- Patch: SUSE-2020-948 Released: Wed Apr 8 07:44:21 2020 Summary: Security update for gmp, gnutls, libnettle Severity: moderate References: 1152692,1155327,1166881,1168345,CVE-2020-11501 Description: This update for gmp, gnutls, libnettle fixes the following issues: Security issue fixed: - CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345) FIPS related bugfixes: - FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) - FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881) - FIPS: Added Diffie Hellman public key verification test. (bsc#1155327) ----------------------------------------- Patch: SUSE-2020-949 Released: Wed Apr 8 07:45:48 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1168669 Description: This update for mozilla-nss fixes the following issues: - Use secure_getenv() to avoid PR_GetEnvSecure() being called when NSPR is unavailable, resulting in an abort (bsc#1168669). ----------------------------------------- Patch: SUSE-2020-961 Released: Wed Apr 8 13:34:06 2020 Summary: Recommended update for e2fsprogs Severity: moderate References: 1160979 Description: This update for e2fsprogs fixes the following issues: - e2fsck: clarify overflow link count error message (bsc#1160979) - ext2fs: update allocation info earlier in ext2fs_mkdir() (bsc#1160979) - ext2fs: implement dir entry creation in htree directories (bsc#1160979) - tests: add test to excercise indexed directories with metadata_csum (bsc#1160979) - tune2fs: update dir checksums when clearing dir_index feature (bsc#1160979) ----------------------------------------- Patch: SUSE-2020-693 Released: Wed Apr 8 14:11:14 2020 Summary: Security update for wireshark Severity: moderate References: 1093733,1094301,1101776,1101777,1101786,1101788,1101791,1101794,1101800,1101802,1101804,1101810,1106514,1111647,1117740,1121231,1121232,1121233,1121234,1121235,1127367,1127369,1127370,1131941,1131945,1136021,1141980,1150690,1156288,1158505,1161052,1165241,1165710,957624,CVE-2018-11354,CVE-2018-11355,CVE-2018-11356,CVE-2018-11357,CVE-2018-11358,CVE-2018-11359,CVE-2018-11360,CVE-2018-11361,CVE-2018-11362,CVE-2018-12086,CVE-2018-14339,CVE-2018-14340,CVE-2018-14341,CVE-2018-14342,CVE-2018-14343,CVE-2018-14344,CVE-2018-14367,CVE-2018-14368,CVE-2018-14369,CVE-2018-14370,CVE-2018-16056,CVE-2018-16057,CVE-2018-16058,CVE-2018-18225,CVE-2018-18226,CVE-2018-18227,CVE-2018-19622,CVE-2018-19623,CVE-2018-19624,CVE-2018-19625,CVE-2018-19626,CVE-2018-19627,CVE-2018-19628,CVE-2019-10894,CVE-2019-10895,CVE-2019-10896,CVE-2019-10897,CVE-2019-10898,CVE-2019-10899,CVE-2019-10900,CVE-2019-10901,CVE-2019-10902,CVE-2019-10903,CVE-2019-13619,CVE-2019-16319,CVE-2019-19553,CVE-2019-5716,CVE-2019-5717,CVE-2019-5718,CVE-2019-5719,CVE-2019-5721,CVE-2019-9208,CVE-2019-9209,CVE-2019-9214,CVE-2020-7044,CVE-2020-9428,CVE-2020-9429,CVE-2020-9430,CVE-2020-9431 Description: This update for wireshark and libmaxminddb fixes the following issues: Update wireshark to new major version 3.2.2 and introduce libmaxminddb for GeoIP support (bsc#1156288). New features include: - Added support for 111 new protocols, including WireGuard, LoRaWAN, TPM 2.0, 802.11ax and QUIC - Improved support for existing protocols, like HTTP/2 - Improved analytics and usability functionalities ----------------------------------------- Patch: SUSE-2020-965 Released: Thu Apr 9 07:48:34 2020 Summary: Recommended update for saptune Severity: moderate References: 1160564,1161791 Description: This update for saptune fixes the following issues: - Fix for the issue when the display manager does not start after upgrade. (bsc#1161791) - Implement commands for listing enabled Notes/Solutions to saptune. (bsc#1160564) ----------------------------------------- Patch: SUSE-2020-971 Released: Thu Apr 9 13:15:43 2020 Summary: Security update for MozillaFirefox Severity: important References: 1168874,CVE-2020-6821,CVE-2020-6822,CVE-2020-6825,CVE-2020-6827,CVE-2020-6828 Description: This update for MozillaFirefox to version 68.7.0 ESR fixes the following issues: - CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method (bsc#1168874). - CVE-2020-6822: Fixed out of bounds write in GMPDecodeData when processing large images (bsc#1168874). - CVE-2020-6825: Fixed Memory safety bugs (bsc#1168874). - CVE-2020-6827: Custom Tabs could have the URI spoofed (bsc#1168874). - CVE-2020-6828: Preference overwrite via crafted Intent (bsc#1168874). ----------------------------------------- Patch: SUSE-2020-979 Released: Mon Apr 13 15:42:59 2020 Summary: Recommended update for parted Severity: moderate References: 1168756 Description: This update for parted fixes the following issue: - fix null pointer dereference. (bsc#1168756) ----------------------------------------- Patch: SUSE-2020-981 Released: Mon Apr 13 15:43:44 2020 Summary: Recommended update for rpm Severity: moderate References: 1156300 Description: This update for rpm fixes the following issues: - Fix for language package macros to avoid wrong requirement on shared library. (bsc#1156300) ----------------------------------------- Patch: SUSE-2020-993 Released: Wed Apr 15 07:57:07 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1164950,1165539,1166748,1167674 Description: This update for libgcrypt fixes the following issues: - FIPS: Restore the full _gcry_global_constructor function to run the self-test from the constructor (bsc#1164950). - FIPS: Remove an unneeded check in _gcry_global_constructor (bsc#1164950) - FIPS: Fix drbg to be threadsafe (bsc#1167674) - FIPS: Run self-tests from constructor during power-on (bsc#1166748) * Set up global_init as the constructor function: * Relax the entropy requirements on selftest. This is especially important for virtual machines to boot properly before the RNG is available: - FIPS: Switch the PCT to use the new signature operation (bsc#1165539) ----------------------------------------- Patch: SUSE-2020-994 Released: Wed Apr 15 07:57:24 2020 Summary: Recommended update for clamav Severity: moderate References: 1119353 Description: This update for clamav fixes the following issues: - Fix freshclam usage in FIPS mode (bsc#1119353). ----------------------------------------- Patch: SUSE-2020-995 Released: Wed Apr 15 08:30:39 2020 Summary: Security update for ruby2.5 Severity: moderate References: 1167244,1168938,CVE-2020-10663,CVE-2020-10933 Description: This update for ruby2.5 to version 2.5.8 fixes the following issues: - CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (bsc#1167244). - CVE-2020-10933: Heap exposure vulnerability in the socket library (bsc#1168938). ----------------------------------------- Patch: SUSE-2020-1000 Released: Wed Apr 15 14:18:56 2020 Summary: Recommended update for azure-cli tools, python-adal, python-applicationinsights, python-azure modules, python-msrest, python-msrestazure, python-pydocumentdb, python-uamqp, python-vsts-cd-manager Severity: moderate References: 1014478,1054413,1140565,982804,999200 Description: This update for azure-cli tools, python-adal, python-applicationinsights, python-azure modules, python-msrest, python-msrestazure, python-pydocumentdb, python-uamqp, python-vsts-cd-manager fixes the following issues: The Azure python modules and client tool stack was updated to the 2020 state. Various other python modules were added and updated. - python-PyYAML was updated to 5.1.2. - python-humanfriendly was updated 4.16.1. ----------------------------------------- Version 1.0.5-Production-Build1.102 2020-04-20T09:34:49 ----------------------------------------- Patch: SUSE-2020-1030 Released: Mon Apr 20 07:26:11 2020 Summary: Recommended update for yast2-registration Severity: important References: 1167945 Description: This update for yast2-registration fixes the following issues: - Fix for offline upgrade that fails the process at the registration due to a missing function. (bsc#1167945) ----------------------------------------- Version 1.0.5-Production-Build1.104 2020-04-21T19:30:49 ----------------------------------------- Patch: SUSE-2020-1042 Released: Tue Apr 21 08:00:15 2020 Summary: Recommended update for supportutils Severity: important References: 1162539,1165475 Description: This update for supportutils fixes the following issues: - Replaced Novell with SUSE FTP servers (bsc#1165475) - Added missed Power collection (bsc#1162539) - Added core file validation (bsc#1166126) - Changed filename prefixes from nts_ to scc_ referencing the SUSE Customer Center (SLE-8702, SLE-6762) ----------------------------------------- Patch: SUSE-2020-1047 Released: Tue Apr 21 10:33:06 2020 Summary: Recommended update for gnutls Severity: moderate References: 1168835 Description: This update for gnutls fixes the following issues: - Backport AES XTS support (bsc#1168835) ----------------------------------------- Version 1.0.5-Production-Build1.109 2020-04-23T14:47:57 ----------------------------------------- Patch: SUSE-2020-1059 Released: Wed Apr 22 09:41:59 2020 Summary: Recommended update for open-iscsi Severity: moderate References: 1159768,1164607 Description: This update for open-iscsi fixes the following issues: - Avoid logout of iscsi boot session. (bsc#1159768) - Fix iscsi.service so it handles restarts better. (bsc#1164607) ----------------------------------------- Patch: SUSE-2020-1060 Released: Wed Apr 22 09:55:41 2020 Summary: Recommended update for sapconf Severity: moderate References: 1124453,1139176,1148163,1150868,1150870 Description: This update for sapconf fixes the following issues: - Removing SAP configuration from logind during the package update, as it is not needed any longer. (bsc#1148163, jsc#SLE-10123) - Fix for sapconf detecting an improper tuned profile during start, it will write an information to the log file and the start of the sapconf service will fail to guide the administrator to the problem. (bsc#1139176) - Use absolute path to 'script.sh' in 'tuned.conf' file. (bsc#1124453) - Fix for rpm macros in postinstall script replacing invalid commands. (bsc#1150868, bsc#1150870) ----------------------------------------- Patch: SUSE-2020-1061 Released: Wed Apr 22 10:45:41 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1169872 Description: This update for mozilla-nss fixes the following issues: - This implements API mechanisms for performing DSA and ECDSA hash-and-sign in a single call, which will be required in future FIPS cycles (bsc#1169872). - Always perform nssdbm checksumming on softoken load, even if nssdbm itself is not loaded. ----------------------------------------- Patch: SUSE-2020-1062 Released: Wed Apr 22 10:46:27 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1165539,1169569 Description: This update for libgcrypt fixes the following issues: This update for libgcrypt fixes the following issues: - FIPS: Verify that the generated signature and the original input differ in test_keys function for RSA, DSA and ECC (bsc#1165539) - Add zero-padding when qx and qy have different lengths when assembling the Q point from affine coordinates. - Ship the FIPS checksum file in the shared library package and create a separate trigger file for the FIPS selftests (bsc#1169569) ----------------------------------------- Patch: SUSE-2020-1069 Released: Wed Apr 22 16:48:00 2020 Summary: Recommended update for python-six Severity: moderate References: 1166139 Description: This update for python-six fixes the following issues: - Use setuptools for building to support pip 10.x and avoid packages to be unistalled. (bsc#1166139) ----------------------------------------- Patch: SUSE-2020-1071 Released: Wed Apr 22 18:27:23 2020 Summary: Recommended update for munge Severity: moderate References: 1167968 Description: This update for munge fixes the following issues: - Update from version 0.5.13 to version 0.5.14 * Added mungekey command for key generation via HKDF. * Added negative caching of user lookups for processing supplementary groups. * Added munged --origin and --stop cmdline opt. * Added unmunge --numeric cmdline opt. * Added several new configuration options. * Added systemd EnvironmentFile to set sysconfig options. * Added systemd RuntimeDirectory to replace tmpfiles.d conf. * Changed logging of non-existent users to only log once for a given user. * Changed default name of munged seedfile. * Fixed pidfile corruption when starting new daemon while socket still in use. * Fixed munged signal handlers to be async-signal-safe. * Fixed 'Logging stopped due to error' behavior for transient errors. * Fixed misleading 'Lockfile not found' error message. * Fixed conversion-specifier / argument mismatch in error message. * Removed autotools-generated files from version control. ----------------------------------------- Patch: SUSE-2020-1083 Released: Thu Apr 23 11:31:23 2020 Summary: Security update for cups Severity: important References: 1168422,CVE-2020-3898 Description: This update for cups fixes the following issues: - CVE-2020-3898: Fixed a heap buffer overflow in ppdFindOption() (bsc#1168422). ----------------------------------------- Version 1.0.5-Production-Build1.110 2020-04-23T19:07:55 ----------------------------------------- Patch: SUSE-2020-1090 Released: Thu Apr 23 15:32:49 2020 Summary: Security update for resource-agents Severity: important References: 1021689,1146687,1146690,1146691,1146692,1146766,1146776,1146784,1146785,1146787 Description: This update for resource-agents fixes the following issues: - Fixed multiple vulnerabilities related to unsafe tempfile usage. (bsc#1146690, bsc#1146691, bsc#1146692, bsc#1146766, bsc#1146776, bsc#1146784, bsc#1146785, bsc#1146787) - Fixed issues where the ocfmon user was created with a default password (bsc#1021689, bsc#1146687). ----------------------------------------- Patch: SUSE-2020-1093 Released: Thu Apr 23 15:49:21 2020 Summary: Recommended update for corosync Severity: important References: 1168771 Description: This update for corosync fixes the following issues: - Revert the change done for bsc#1163460, which caused interoperability problems between different versions of corosync, such as during a rolling upgrade (bsc#1168771) ----------------------------------------- Version 1.0.5-Production-Build1.111 2020-04-24T19:07:51 ----------------------------------------- Patch: SUSE-2020-1108 Released: Fri Apr 24 16:31:01 2020 Summary: Recommended update for gnutls Severity: moderate References: 1169992 Description: This update for gnutls fixes the following issues: - FIPS: Do not check for /etc/system-fips which we don't have (bsc#1169992) ----------------------------------------- Patch: SUSE-2020-1112 Released: Fri Apr 24 16:44:20 2020 Summary: Recommended update for suse-build-key Severity: moderate References: 1170347 Description: This update for suse-build-key fixes the following issues: - add a /usr/share/container-keys/ directory for GPG based Container verification. - Add the SUSE build key as 'suse-container-key.asc'. (PM-1845 bsc#1170347) ----------------------------------------- Patch: SUSE-2020-1114 Released: Fri Apr 24 16:45:10 2020 Summary: Recommended update for ucode-intel Severity: moderate References: 1169570 Description: This update for ucode-intel fixes the following issues: - updated Intel Skylake microcode to the current version. (bsc#1169570) - 02000064->02006901 ----------------------------------------- Version 1.0.5-Production-Build1.115 2020-04-28T19:59:14 ----------------------------------------- Patch: SUSE-2020-1129 Released: Tue Apr 28 08:51:43 2020 Summary: Recommended update for yast2-installation Severity: important References: 1169017 Description: This update for yast2-installation fixes the following issues: - Fix for detecting and configuring network with firstboot. (bsc#1169017) ----------------------------------------- Patch: SUSE-2020-1131 Released: Tue Apr 28 11:59:17 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1170571,1170572 Description: This update for mozilla-nss fixes the following issues: - FIPS: Add Softoken POSTs for new DSA and ECDSA hash-and-sign update functions. (bsc#1170571) - FIPS: Add pairwise consistency check for CKM_SHA224_RSA_PKCS. Remove ditto checks for CKM_RSA_PKCS, CKM_DSA and CKM_ECDSA, since these are served by the new CKM_SHA224_RSA_PKCS, CKM_DSA_SHA224, CKM_ECDSA_SHA224 checks. - FIPS: Replace bad attempt at unconditional nssdbm checksumming with a dlopen(), so it can be located consistently and perform its own self-tests. - FIPS: This fixes an instance of inverted logic due to a boolean being mistaken for a SECStatus, which caused key derivation to fail when the caller provided a valid subprime. ----------------------------------------- Patch: SUSE-2020-1132 Released: Tue Apr 28 16:38:21 2020 Summary: Security update for samba Severity: important References: 1169851,CVE-2020-10704 Description: This update for samba fixes the following issues: - CVE-2020-10704: Fixed a stack overflow in the AD DC (C)LDAP server (bsc#1169851). ----------------------------------------- Version 1.0.5-Production-Build1.116 2020-04-29T19:11:40 ----------------------------------------- Patch: SUSE-2020-1136 Released: Wed Apr 29 10:54:18 2020 Summary: Recommended update for pacemaker Severity: moderate References: 1154881,1160410,1168771 Description: This update for pacemaker fixes the following issues: - libcrmcluster: use uint64_t type for corosync ringid (membership id) when updating the node state. (bsc#1168771) - get ready for implicit -fno-common with upcoming GCC 10. (bsc#1160410) - attrd: properly declare global variables as extern in header. (bsc#1160410) - scheduler: make sure cluster-wide maintenance-mode=true overrides per-resource settings. (bsc#1154881) ----------------------------------------- Version 1.0.5-Production-Build1.117 2020-05-04T19:11:54 ----------------------------------------- Patch: SUSE-2020-1163 Released: Mon May 4 09:45:01 2020 Summary: Security update for permissions Severity: important References: 1160594,1160764,1161779,1163922,CVE-2019-3688,CVE-2019-3690,CVE-2020-8013 Description: This update for permissions fixes the following issues: Security issue fixed: - CVE-2020-8013: Fixed a local privilege escalation with mrsh and wodim (bsc#1163922). Non-security issues fixed: - Fixed regression where chkstat breaks without /proc available (bsc#1160764, bsc#1160594) - Fixed capability handling when doing multiple permission changes at once (bsc#1161779) - Fixed handling of relative directory symlinks in chkstat ----------------------------------------- Version 1.0.5-Production-Build1.120 2020-05-09T19:11:15 ----------------------------------------- Patch: SUSE-2020-1175 Released: Tue May 5 08:33:43 2020 Summary: Recommended update for systemd Severity: moderate References: 1165011,1168076 Description: This update for systemd fixes the following issues: - Fix check for address to keep interface names stable. (bsc#1168076) - Fix for checking non-normalized WHAT for network FS. (bsc#1165011) - Allow to specify an arbitrary string for when vfs is used. (bsc#1165011) ----------------------------------------- Patch: SUSE-2020-1178 Released: Tue May 5 10:27:30 2020 Summary: Security update for rubygem-actionview-5_1 Severity: moderate References: 1167240,CVE-2020-5267 Description: This update for rubygem-actionview-5_1 fixes the following issues: - CVE-2020-5267: Fixed an XSS vulnerability in ActionView's JavaScript literal escape helpers (bsc#1167240). ----------------------------------------- Patch: SUSE-2020-1181 Released: Tue May 5 12:02:39 2020 Summary: Recommended update for pciutils-ids Severity: moderate References: 1170160 Description: This update for pciutils-ids fixes the following issues: - Update the PCI utilities database to 20200324. (bsc#1170160) ----------------------------------------- Patch: SUSE-2020-1182 Released: Tue May 5 12:06:55 2020 Summary: Recommended update for chrony Severity: moderate References: 1099272,1156884,1161119 Description: This update for chrony fixes the following issues: - Read runtime servers from /var/run/netconfig/chrony.servers (bsc#1099272, bsc#1161119) - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. - Add chrony-pool-suse and chrony-pool-openSUSE subpackages that preconfigure chrony to use NTP servers from the respective pools for SUSE and openSUSE. (bsc#1156884, SLE-11424) - Add chrony-pool-empty to still allow installing chrony without preconfigured servers. ----------------------------------------- Patch: SUSE-2020-1192 Released: Tue May 5 14:35:05 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1169944 Description: This update for libgcrypt fixes the following issues: - FIPS: libgcrypt: Double free in test_keys() on failed signature verification [bsc#1169944] ----------------------------------------- Patch: SUSE-2020-1201 Released: Wed May 6 15:46:46 2020 Summary: Recommended update for cluster-glue Severity: moderate References: 1131545,1169784 Description: This update for cluster-glue fixes the following issues: - Fix for profile parameter handling EC2 stonith plugin to avoid possible cluster resource failures. (bsc#1169784) - Fix for handling in 'stonith' command by creating '/var/run/heartbeat/rsctmp' directory. (bsc#1131545) ----------------------------------------- Patch: SUSE-2020-1206 Released: Wed May 6 15:54:50 2020 Summary: Recommended update for mdadm Severity: moderate References: 1129900 Description: This update for mdadm fixes the following issues: - Fix for issue to avoid unexpected switching from raid0 to raid4 by using option '--grow'. (bsc#1139709) ----------------------------------------- Patch: SUSE-2020-1209 Released: Thu May 7 09:25:05 2020 Summary: Security update for MozillaFirefox Severity: important References: 1171186,CVE-2020-12387,CVE-2020-12388,CVE-2020-12389,CVE-2020-12392,CVE-2020-12393,CVE-2020-12395,CVE-2020-6831 Description: This update for MozillaFirefox fixes the following issues: Update to version 68.8.0 ESR (bsc#1171186): - CVE-2020-12387: Use-after-free during worker shutdown - CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens - CVE-2020-12389: Sandbox escape with improperly separated process types - CVE-2020-6831: Buffer overflow in SCTP chunk input validation - CVE-2020-12392: Arbitrary local file access with 'Copy as cURL' - CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection - CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 ----------------------------------------- Patch: SUSE-2020-1219 Released: Thu May 7 17:10:42 2020 Summary: Security update for openldap2 Severity: important References: 1170771,CVE-2020-12243 Description: This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). ----------------------------------------- Patch: SUSE-2020-1226 Released: Fri May 8 10:51:05 2020 Summary: Recommended update for gcc9 Severity: moderate References: 1149995,1152590,1167898 Description: This update for gcc9 fixes the following issues: This update ships the GCC 9.3 release. - Includes a fix for Internal compiler error when building HepMC (bsc#1167898) - Includes fix for binutils version parsing - Add libstdc++6-pp provides and conflicts to avoid file conflicts with same minor version of libstdc++6-pp from gcc10. - Add gcc9 autodetect -g at lto link (bsc#1149995) - Install go tool buildid for bootstrapping go ----------------------------------------- Version 1.0.5-Production-Build1.121 2020-05-12T19:21:38 ----------------------------------------- Patch: SUSE-2020-1250 Released: Mon May 11 17:49:26 2020 Summary: Security update for libvirt Severity: important References: 1133719,1137137,1138734,1145586,1149100,1168683,CVE-2020-10703 Description: This update for libvirt fixes the following issues: Security issue fixed: - CVE-2020-10703: Fixed a daemon crash caused by pools without target paths (bsc#1168683). Non-security issues fixed: - apparmor: avoid copying empty profile name (bsc#1149100). - logging: ensure virtlogd rollover takes priority over logrotate (bsc#1137137). - qemu: Add support for overriding max threads per process limit (bsc#1133719). - util: fix copying bitmap to larger data buffer (bsc#1138734). - virsh: support for setting precopy bandwidth in migrate (bsc#1145586). - virsh: use upstream name for migration precopy bandwidth parameter (bsc#1145586). ----------------------------------------- Version 1.0.5-Production-Build1.123 2020-05-13T19:20:27 ----------------------------------------- Patch: SUSE-2020-1263 Released: Wed May 13 08:24:14 2020 Summary: Recommended update for hawk2 Severity: moderate References: 1054027,1068942,1069217,1069296,1071481,1074856,1076421,1080439,1085318,1085343,1085515,1089709,1089802,1090562,1090657,1090667,1092108,1092122,1093420,1098637,1137891,1158681,1162221,1165587 Description: This update for hawk2 fixes the following issues: WIP * Implement mechanism to switch binaries in case (bsc#1165587) * Work around the removal of Dir::Tmpname#make_tmpname (bsc#1162221) * Fix cib.xml parsing for acl_version (bsc#1158681) * Fix mime type issue in MS windows (bsc#1098637) * Fix nameless cluster display (bsc#1137891) * High: Set secure flag to enforce https (bsc#1090657) * Medium: Improve hawk-server side cookie handling (bsc#1090667) * Medium: Set Symmetrical to False when score is Serialize (bsc#1085515) * Medium: Make resource stop/start icon dependent on target-role (bsc#1076421) * Api: Add advance resource type(group|clone|master|bundle) in resource route(fate#323437) * Api: return nil if elem is nil(fate#323437) in some case, param in determine_online_status_fencing is nil, this will cause NoMethodError * Medium: Fix acl_version check (bsc#1089802) * High: Fetch correct meta data (bsc#1092122) * Medium: Fix history explorer views (bsc#1093420) * High: Update links to release notes and documentation (bsc#1089709) * High: Return after redirect in reports (bsc#1090562) * Medium: Comply routes' id with resources' ID (bsc#1092108) * Api: Add registration route (fate#323437) * High: Calculate guest node state correctly (bsc#1074856) * Use Promotable etc. (bsc#1085318) (bsc#1085343) * High: Fix remote nodes iteration (bsc#1080439) * High: Support guest nodes (bsc#1074856) * Ensure certificate/key is group readable (bsc#1071481) * Test: Add test suit for (bsc#1069296) * Dev: Fix acl_enabled? (bsc#1069296) * Dev: Dev: Handle redirection correctly after renaming resources (bsc#1068942) * Dev: Handle redirection correctly after renaming constraints (bsc#1068942) * Dev: Dev: split rename action for constraints to edit/update (bsc#1068942) * Dev: Refactor resouces.js (bsc#1068942) * Dev: Change the rename path for resources (#bsc#1068942) * Dev: split rename action to edit/update (bsc#1068942) * Fix node/resource event injection in simulator (bsc#1069217) * Show descriptions in cluster config (bsc#1054027) ----------------------------------------- Patch: SUSE-2020-1267 Released: Wed May 13 11:58:58 2020 Summary: Recommended update for permissions Severity: important References: 1171173 Description: This update for permissions fixes the following issue: - Remove setuid bit for newgidmap and newuidmap in paranoid profile. (bsc#1171173) ----------------------------------------- Patch: SUSE-2020-1268 Released: Wed May 13 12:02:28 2020 Summary: Recommended update for dracut Severity: moderate References: 1165024,1167656,1169030,1169997 Description: This update for dracut fixes the following issues: - Solve bringing up network interface prematurely. (bsc#1169030) - shutdown: guard against read-only /run (bsc#1167656) - dracut-init: when is it not possible to load a module, prompt a warning message for dracut instead of a fatal error. (bsc#1169997) - Backport upstream typo fix in dmsquash-live-root.sh so that FSIMG variable is correctly set. (bsc#1165024) ----------------------------------------- Version 1.0.5-Production-Build1.124 2020-05-15T19:17:46 ----------------------------------------- Patch: SUSE-2020-1290 Released: Fri May 15 16:39:59 2020 Summary: Recommended update for gnutls Severity: moderate References: 1171422 Description: This update for gnutls fixes the following issues: - Add RSA 4096 key generation support in FIPS mode (bsc#1171422) ----------------------------------------- Version 1.0.5-Production-Build1.126 2020-05-18T19:17:38 ----------------------------------------- Patch: SUSE-2020-1294 Released: Mon May 18 07:38:36 2020 Summary: Security update for file Severity: moderate References: 1154661,1169512,CVE-2019-18218 Description: This update for file fixes the following issues: Security issues fixed: - CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661). Non-security issue fixed: - Fixed broken '--help' output (bsc#1169512). ----------------------------------------- Patch: SUSE-2020-1298 Released: Mon May 18 07:42:49 2020 Summary: Security update for libbsd Severity: moderate References: 1160551,CVE-2019-20367 Description: This update for libbsd fixes the following issues: - CVE-2019-20367: Fixed an out-of-bounds read during a comparison for a symbol names from the string table (bsc#1160551). ----------------------------------------- Patch: SUSE-2020-1299 Released: Mon May 18 07:43:21 2020 Summary: Security update for libxml2 Severity: moderate References: 1159928,1161517,1161521,CVE-2019-19956,CVE-2019-20388,CVE-2020-7595 Description: This update for libxml2 fixes the following issues: - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2019-19956: Fixed a memory leak (bsc#1159928). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). ----------------------------------------- Patch: SUSE-2020-1303 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Severity: moderate References: 1169582 Description: This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------- Patch: SUSE-2020-1308 Released: Mon May 18 10:05:46 2020 Summary: Recommended update for psmisc Severity: moderate References: 1170247 Description: This update for psmisc fixes the following issues: - Allow not unique mounts as well as not unique mountpoint. (bsc#1170247) ----------------------------------------- Patch: SUSE-2020-1310 Released: Mon May 18 10:09:22 2020 Summary: Recommended update for icewm, icewm-theme-branding Severity: moderate References: 1170420 Description: This update for icewm, icewm-theme-branding fixes the following issues: Changes in icewm: - Explicitly require icewm-theme-branding on SLE and Leap. (jsc#SLE-11888, bsc#1170420). - Add Conflicts between icewm-config-upstream and icewm-theme-branding. - Improve build tag consistency between SLE and Leap. (jsc#SLE-11888, bsc#1170420). * Recommend polkit-gnome to both Leap and SLE. Changes in icewm-theme-branding: - Improve build tag consistency between SLE and Leap. (jsc#SLE-11888, bsc#1170420). * Build the branding package separately for openSUSE and SLE, like most of other branding packages did. ----------------------------------------- Patch: SUSE-2020-1313 Released: Mon May 18 10:37:18 2020 Summary: Recommended update for resource-agents Severity: moderate References: 1136928,1160121,1169852 Description: This update for resource-agents fixes the following issues: - Disable cache discovery for 'gcp-vpc-move-route' resource agent. (bsc#1169852) - Can not manually call the check operation for a resource. (bsc#1136928) - LVM-activate RA: should report monitor fail when VG disappear upon iscsi disconnected. (bsc#1160121) ----------------------------------------- Patch: SUSE-2020-1319 Released: Mon May 18 11:43:44 2020 Summary: Recommended update for tcsh Severity: moderate References: 1170527 Description: This update for tcsh fixes the following issues: - Fix for an issue when Midnight Commander freezes changing directory using tcsh shell. (bsc#1170527) ----------------------------------------- Patch: SUSE-2020-1326 Released: Mon May 18 11:50:35 2020 Summary: Recommended update for tuned Severity: moderate References: 1126609,1142779,1159296 Description: This update for tuned fixes the following issues: - Fix backtrace/exit when log file gets rotated. (bsc#1126609, bsc#1142779, bsc#1159296): ----------------------------------------- Patch: SUSE-2020-1328 Released: Mon May 18 17:16:04 2020 Summary: Recommended update for grep Severity: moderate References: 1155271 Description: This update for grep fixes the following issues: - Update testsuite expectations, no functional changes (bsc#1155271) ----------------------------------------- Version 1.0.5-Production-Build1.128 2020-05-19T19:17:32 ----------------------------------------- Patch: SUSE-2020-1339 Released: Tue May 19 13:21:40 2020 Summary: Security update for python Severity: moderate References: 1155094,1162825,CVE-2019-18348,CVE-2019-9674 Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). ----------------------------------------- Patch: SUSE-2020-1342 Released: Tue May 19 13:27:31 2020 Summary: Recommended update for python3 Severity: moderate References: 1149955,1165894,CVE-2019-16056 Description: This update for python3 fixes the following issues: - Changed the name of idle3 icons to idle3.png to avoid collision with Python 2 version (bsc#1165894). ----------------------------------------- Version 1.0.5-Production-Build1.131 2020-05-20T19:16:44 ----------------------------------------- Patch: SUSE-2020-1348 Released: Wed May 20 11:37:41 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1170908 Description: This update for mozilla-nss fixes the following issues: The following issues are fixed: - Add AES Keywrap POST. - Accept EACCES in lieu of ENOENT when trying to access /proc/sys/crypto/fips_enabled (bsc#1170908). ----------------------------------------- Patch: SUSE-2020-1349 Released: Wed May 20 11:39:00 2020 Summary: Recommended update for libsolv Severity: moderate References: 1159314 Description: This update for libsolv fixes the following issues: libsolv was updated to version 0.7.11: - fix solv_zchunk decoding error if large chunks are used (bsc#1159314) - treat retracted pathes as irrelevant - made add_update_target work with multiversion installs ----------------------------------------- Patch: SUSE-2020-1353 Released: Wed May 20 13:02:32 2020 Summary: Security update for freetype2 Severity: moderate References: 1079603,1091109,CVE-2018-6942 Description: This update for freetype2 to version 2.10.1 fixes the following issues: Security issue fixed: - CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c (bsc#1079603). Non-security issues fixed: - Update to version 2.10.1 * The bytecode hinting of OpenType variation fonts was flawed, since the data in the `CVAR' table wasn't correctly applied. * Auto-hinter support for Mongolian. * The handling of the default character in PCF fonts as introduced in version 2.10.0 was partially broken, causing premature abortion of charmap iteration for many fonts. * If `FT_Set_Named_Instance' was called with the same arguments twice in a row, the function returned an incorrect error code the second time. * Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug introduced in version 2.10.0). * Increased precision while computing OpenType font variation instances. * The flattening algorithm of cubic Bezier curves was slightly changed to make it faster. This can cause very subtle rendering changes, which aren't noticeable by the eye, however. * The auto-hinter now disables hinting if there are blue zones defined for a `style' (i.e., a certain combination of a script and its related typographic features) but the font doesn't contain any characters needed to set up at least one blue zone. - Add tarball signatures and freetype2.keyring - Update to version 2.10.0 * A bunch of new functions has been added to access and process COLR/CPAL data of OpenType fonts with color-layered glyphs. * As a GSoC 2018 project, Nikhil Ramakrishnan completely overhauled and modernized the API reference. * The logic for computing the global ascender, descender, and height of OpenType fonts has been slightly adjusted for consistency. * `TT_Set_MM_Blend' could fail if called repeatedly with the same arguments. * The precision of handling deltas in Variation Fonts has been increased.The problem did only show up with multidimensional designspaces. * New function `FT_Library_SetLcdGeometry' to set up the geometry of LCD subpixels. * FreeType now uses the `defaultChar' property of PCF fonts to set the glyph for the undefined character at glyph index 0 (as FreeType already does for all other supported font formats). As a consequence, the order of glyphs of a PCF font if accessed with FreeType can be different now compared to previous versions. This change doesn't affect PCF font access with cmaps. * `FT_Select_Charmap' has been changed to allow parameter value `FT_ENCODING_NONE', which is valid for BDF, PCF, and Windows FNT formats to access built-in cmaps that don't have a predefined `FT_Encoding' value. * A previously reserved field in the `FT_GlyphSlotRec' structure now holds the glyph index. * The usual round of fuzzer bug fixes to better reject malformed fonts. * `FT_Outline_New_Internal' and `FT_Outline_Done_Internal' have been removed.These two functions were public by oversight only and were never documented. * A new function `FT_Error_String' returns descriptions of error codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is defined. * `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector' are new functions limited to Adobe MultiMaster fonts to directly set and get the weight vector. - Enable subpixel rendering with infinality config: - Re-enable freetype-config, there is just too many fallouts. - Update to version 2.9.1 * Type 1 fonts containing flex features were not rendered correctly (bug introduced in version 2.9). * CVE-2018-6942: Older FreeType versions can crash with certain malformed variation fonts. * Bug fix: Multiple calls to `FT_Get_MM_Var' returned garbage. * Emboldening of bitmaps didn't work correctly sometimes, showing various artifacts (bug introduced in version 2.8.1). * The auto-hinter script ranges have been updated for Unicode 11. No support for new scripts have been added, however, with the exception of Georgian Mtavruli. - freetype-config is now deprecated by upstream and not enabled by default. - Update to version 2.10.1 * The `ftmulti' demo program now supports multiple hidden axes with the same name tag. * `ftview', `ftstring', and `ftgrid' got a `-k' command line option to emulate a sequence of keystrokes at start-up. * `ftview', `ftstring', and `ftgrid' now support screen dumping to a PNG file. * The bytecode debugger, `ttdebug', now supports variation TrueType fonts; a variation font instance can be selected with the new `-d' command line option. - Add tarball signatures and freetype2.keyring - Update to version 2.10.0 * The `ftdump' demo program has new options `-c' and `-C' to display charmaps in compact and detailed format, respectively. Option `-V' has been removed. * The `ftview', `ftstring', and `ftgrid' demo programs use a new command line option `-d' to specify the program window's width, height, and color depth. * The `ftview' demo program now displays red boxes for zero-width glyphs. * `ftglyph' has limited support to display fonts with color-layered glyphs.This will be improved later on. * `ftgrid' can now display bitmap fonts also. * The `ttdebug' demo program has a new option `-f' to select a member of a TrueType collection (TTC). * Other various improvements to the demo programs. - Remove 'Supplements: fonts-config' to avoid accidentally pulling in Qt dependencies on some non-Qt based desktops.(bsc#1091109) fonts-config is fundamental but ft2demos seldom installs by end users. only fonts-config maintainers/debuggers may use ft2demos along to debug some issues. - Update to version 2.9.1 * No changelog upstream. ----------------------------------------- Patch: SUSE-2020-1359 Released: Wed May 20 16:35:01 2020 Summary: Recommended update for man-pages Severity: moderate References: 1160568 Description: This update for man-pages fixes the following issues: - Move 'man.7' and 'mdoc.7' into separate directories to avoid conflicts with mandoc which is a light-weight man alternative for small systems. (bsc#1160568). ----------------------------------------- Version 1.0.5-Production-Build1.133 2020-05-22T19:16:59 ----------------------------------------- Patch: SUSE-2020-1362 Released: Thu May 21 09:31:43 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1171872 Description: This update for libgcrypt fixes the following issues: - FIPS: RSA/DSA/ECC test_keys() print out debug messages only in debug mode (bsc#1171872) ----------------------------------------- Version 1.0.5-Production-Build1.135 2020-05-25T19:16:55 ----------------------------------------- Patch: SUSE-2020-1400 Released: Mon May 25 14:09:02 2020 Summary: Recommended update for glibc Severity: moderate References: 1162930 Description: This update for glibc fixes the following issues: - nptl: wait for pending setxid request also in detached thread. (bsc#1162930) ----------------------------------------- Patch: SUSE-2020-1402 Released: Mon May 25 14:17:17 2020 Summary: Recommended update for mrsh Severity: moderate References: 1144051 Description: This update for mrsh fixes the following issues: - Use systemd_ordering instead of systemd_requires: systemd is never a strict requirement; but in case the system is scheduled for installation together with systemd, we want systemd to be installed prior to mrsh. - Add pam_keyinit.so to /etc/pam.d/mrsh|mrlogind. (bsc#1144051) To fully support the use of kernel keyrings by systemd the mrsh package must include the pam_keyinit.so module in its mrsh and mrlogin configuration files. - Add README.SUSE: Describe the steps required to set up and run mrshd/mrlogind. - Add missing services in pre/post/preun/postun scripts. ----------------------------------------- Patch: SUSE-2020-1404 Released: Mon May 25 15:32:34 2020 Summary: Recommended update for zlib Severity: moderate References: 1138793,1166260 Description: This update for zlib fixes the following issues: - Including the latest fixes from IBM (bsc#1166260) IBM Z mainframes starting from version z15 provide DFLTCC instruction, which implements deflate algorithm in hardware with estimated compression and decompression performance orders of magnitude faster than the current zlib and ratio comparable with that of level 1. - Add SUSE specific fix to solve bsc#1138793. The fix will avoid to test if the app was linked with exactly same version of zlib like the one that is present on the runtime. ----------------------------------------- Patch: SUSE-2020-1409 Released: Mon May 25 17:01:33 2020 Summary: Security update for libxslt Severity: moderate References: 1140095,1140101,1154609,CVE-2019-13117,CVE-2019-13118,CVE-2019-18197 Description: This update for libxslt fixes the following issues: Security issues fixed: - CVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101). - CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters (bsc#1140095). - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609). ----------------------------------------- Version 1.0.5-Production-Build1.136 2020-05-26T19:17:50 ----------------------------------------- Patch: SUSE-2020-1419 Released: Tue May 26 12:23:30 2020 Summary: Security update for sysstat Severity: low References: 1159104,CVE-2019-19725 Description: This update for sysstat fixes the following issues: - CVE-2019-19725: Fixed double free in check_file_actlst in sa_common.c (bsc#1159104). ----------------------------------------- Patch: SUSE-2020-1422 Released: Tue May 26 12:32:27 2020 Summary: Recommended update for GeoIP Severity: moderate References: 1156194 Description: This update for GeoIP fixes the following issues: - Update README.SUSE with a description how to get the latest Geo IP data after the distribution changes. (jsc#SLE-11184, bsc#1156194, jsc#ECO-1405) ----------------------------------------- Version 1.0.5-Production-Build1.137 2020-05-28T19:17:27 ----------------------------------------- Patch: SUSE-2020-1492 Released: Wed May 27 18:32:41 2020 Summary: Recommended update for python-rpm-macros Severity: moderate References: 1171561 Description: This update for python-rpm-macros fixes the following issue: - Update to version 20200207.5feb6c1 (bsc#1171561) * Do not write .pyc files for tests ----------------------------------------- Version 1.0.5-Production-Build1.138 2020-05-30T19:17:06 ----------------------------------------- Patch: SUSE-2020-1506 Released: Fri May 29 17:22:11 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1087982,1170527 Description: This update for aaa_base fixes the following issues: - Not all XTerm based emulators do have a terminfo entry. (bsc#1087982) - Better support of Midnight Commander. (bsc#1170527) ----------------------------------------- Version 1.0.5-Production-Build1.140 2020-06-04T13:36:06 ----------------------------------------- Patch: SUSE-2020-1532 Released: Thu Jun 4 10:16:12 2020 Summary: Security update for libxml2 Severity: moderate References: 1172021,CVE-2019-19956 Description: This update for libxml2 fixes the following issues: - CVE-2019-19956: Reverted the upstream fix for this memory leak because it introduced other, more severe vulnerabilities (bsc#1172021). ----------------------------------------- Patch: SUSE-2020-1535 Released: Thu Jun 4 10:44:48 2020 Summary: Security update for libcroco Severity: low References: 1043898,1043899,CVE-2017-8834,CVE-2017-8871 Description: This update for libcroco fixes the following issues: Security issues fixed: - CVE-2017-8834: Fixed denial of service (memory allocation error) via a crafted CSS file (bsc#1043898). - CVE-2017-8871: Fixed denial of service (infinite loop and CPU consumption) via a crafted CSS file (bsc#1043899). ----------------------------------------- Version 1.0.5-Production-Build1.141 2020-06-04T16:37:00 ----------------------------------------- Patch: SUSE-2020-1541 Released: Thu Jun 4 13:23:27 2020 Summary: Recommended update for pciutils Severity: moderate References: 1170554 Description: This update for pciutils fixes the following issues: - Fix lspci outputs when few of the VPD data fields are displayed as unknown. (bsc#1170554, ltc#185587) ----------------------------------------- Patch: SUSE-2020-1542 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Severity: moderate References: 1172055 Description: This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------- Version 1.0.6-Production-Build1.4 2020-06-16T17:34:37 ----------------------------------------- Patch: SUSE-2018-1318 Released: Thu Jul 12 11:04:14 2018 Summary: Security update for rsyslog Severity: moderate References: 935393,CVE-2015-3243 Description: This update for rsyslog fixes the following security issue: - CVE-2015-3243: Prevent weak permissions for generated log files, which allowed local users to obtain sensitive information (bsc#935393). ----------------------------------------- Patch: SUSE-2019-172 Released: Fri Jan 25 15:53:28 2019 Summary: Recommended update for rsyslog Severity: moderate References: 1101642,1119429 Description: This update for rsyslog fixes the following issues: - remove references to obsolete SYSLOG_REQUIRES_NETWORK variable in remote.conf (bsc#1101642) - ship the missed out 'rsyslog-module-gtls' sub-package (bsc#1119429) ----------------------------------------- Patch: SUSE-2019-679 Released: Thu Mar 21 11:41:04 2019 Summary: Recommended update for rsyslog Severity: moderate References: 1126233 Description: This update for rsyslog fixes the following issues: - Set default permission for all log files (bsc#1126233) ----------------------------------------- Patch: SUSE-2019-1966 Released: Wed Jul 24 17:33:57 2019 Summary: Recommended update for rsyslog Severity: moderate References: 1137681 Description: This update for rsyslog fixes the following issues: - Suppress error message about missing environment variable TZ. (bsc#1137681) ----------------------------------------- Patch: SUSE-2019-2352 Released: Wed Sep 11 08:26:23 2019 Summary: Recommended update for rsyslog Severity: moderate References: 1146872 Description: This update for rsyslog brings support for the 'mmkubernetes' rsyslog module. (FATE#327800 bsc#1146872) ----------------------------------------- Patch: SUSE-2019-2937 Released: Fri Nov 8 14:08:29 2019 Summary: Security update for rsyslog Severity: moderate References: 1141063,1153451,1153459,CVE-2019-17041,CVE-2019-17042 Description: This update for rsyslog fixes the following issues: Security issues fixed: - CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages (bsc#1153451). - CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log messages (bsc#1153459). Other issue addressed: - Fixed an issue where rsyslog was SEGFAULT due to a mutex double-unlock (bsc#1141063). ----------------------------------------- Patch: SUSE-2020-1547 Released: Mon Jun 8 08:02:02 2020 Summary: Recommended update for fontconfig Severity: moderate References: 1172301 Description: This update for fontconfig fixes the following issues: - fontconfig-devel-32bit needs to require fontconfig-32bit, needed for Wine development (bsc#1172301) ----------------------------------------- Patch: SUSE-2020-1551 Released: Mon Jun 8 09:31:41 2020 Summary: Security update for vim Severity: moderate References: 1172225,CVE-2019-20807 Description: This update for vim fixes the following issues: - CVE-2019-20807: Fixed an issue where escaping from the restrictive mode of vim was possible using interfaces (bsc#1172225). ----------------------------------------- Patch: SUSE-2020-1556 Released: Mon Jun 8 10:32:03 2020 Summary: Security update for MozillaFirefox Severity: important References: 1172402,CVE-2020-12405,CVE-2020-12406,CVE-2020-12410 Description: This update for MozillaFirefox fixes the following issues: - MozillaFirefox was updated to version 68.9.0 Extended Support Release (bsc#1172402). - CVE-2020-12405: Fixed a use-after-free in SharedWorkerService. - CVE-2020-12406: Fixed a JavaScript Type confusion with NativeTypes. - CVE-2020-12410: Fixed multiple memory safety bugs. ----------------------------------------- Patch: SUSE-2020-1558 Released: Mon Jun 8 10:36:32 2020 Summary: Recommended update for chrony Severity: moderate References: 1172113 Description: This update for chrony fixes the following issue: - Use iburst in the default pool statements to speed up initial synchronization. (bsc#1172113) ----------------------------------------- Patch: SUSE-2020-1559 Released: Mon Jun 8 10:38:24 2020 Summary: Recommended update for dracut Severity: moderate References: 1171388,975267 Description: This update for dracut fixes the following issues: - Detect the sysfs attribute 'is_boot_target' (bsc#975267, bsc#1171388) ----------------------------------------- Patch: SUSE-2020-1579 Released: Tue Jun 9 17:05:23 2020 Summary: Recommended update for audit Severity: important References: 1156159,1172295 Description: This update for audit fixes the following issues: - Fix hang on startup. (bsc#1156159) - Fix specfile to require libauparse0 and libaudit1 after splitting audit-libs. (bsc#1172295) ----------------------------------------- Patch: SUSE-2020-1582 Released: Tue Jun 9 18:20:10 2020 Summary: Security update for rubygem-bundler Severity: moderate References: 1143436,CVE-2019-3881 Description: This update for rubygem-bundler fixes the following issue: - CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution (bsc#1143436). ----------------------------------------- Patch: SUSE-2020-1584 Released: Tue Jun 9 18:39:15 2020 Summary: Security update for gnutls Severity: important References: 1172461,1172506,CVE-2020-13777 Description: This update for gnutls fixes the following issues: - CVE-2020-13777: Fixed an insecure session ticket key construction which could have made the TLS server to not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing an attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (bsc#1172506). - Fixed an improper handling of certificate chain with cross-signed intermediate CA certificates (bsc#1172461). ----------------------------------------- Patch: SUSE-2020-1600 Released: Wed Jun 10 12:31:31 2020 Summary: Security update for ucode-intel Severity: moderate References: 1154824,1156353,1172466,CVE-2020-0543,CVE-2020-0548,CVE-2020-0549 Description: This update for ucode-intel fixes the following issues: Updated Intel CPU Microcode to 20200602 (prerelease) (bsc#1172466) This update contains security mitigations for: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-0548,CVE-2020-0549: Additional ucode updates were supplied to mitigate the Vector Register and L1D Eviction Sampling aka 'CacheOutAttack' attacks. (bsc#1156353) Microcode Table: Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- ---- updated platforms ------------------------------------ HSW C0 6-3c-3/32 00000027->00000028 Core Gen4 BDW-U/Y E0/F0 6-3d-4/c0 0000002e->0000002f Core Gen5 HSW-U C0/D0 6-45-1/72 00000025->00000026 Core Gen4 HSW-H C0 6-46-1/32 0000001b->0000001c Core Gen4 BDW-H/E3 E0/G0 6-47-1/22 00000021->00000022 Core Gen5 SKL-U/Y D0 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKL-U23e K1 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKX-SP B1 6-55-3/97 01000151->01000157 Xeon Scalable SKX-SP H0/M0/U0 6-55-4/b7 02000065->02006906 Xeon Scalable SKX-D M1 6-55-4/b7 02000065->02006906 Xeon D-21xx CLX-SP B0 6-55-6/bf 0400002c->04002f01 Xeon Scalable Gen2 CLX-SP B1 6-55-7/bf 0500002c->04002f01 Xeon Scalable Gen2 SKL-H/S R0/N0 6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5 AML-Y22 H0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile KBL-U/Y H0 6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile CFL-U43e D0 6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile WHL-U W0 6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile AML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile CML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile WHL-U V0 6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile KBL-G/H/S/E3 B0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6 CFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8 Desktop, Mobile, Xeon E CFL-S B0 6-9e-b/02 000000ca->000000d6 Core Gen8 CFL-H/S P0 6-9e-c/22 000000ca->000000d6 Core Gen9 CFL-H R0 6-9e-d/22 000000ca->000000d6 Core Gen9 Mobile Also contains the Intel CPU Microcode update to 20200520: Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f->00000621 Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000718->0000071a Xeon E3/E5, Core X ----------------------------------------- Patch: SUSE-2020-1614 Released: Fri Jun 12 09:47:38 2020 Summary: Recommended update for gtk3 Severity: moderate References: 1167951 Description: This update for gtk3 fixes the following issue: - GtkMenu under X11 is it not able to handle touch events properly. (bsc#1167951) ----------------------------------------- Version 1.0.6-Production-Build1.11 2020-06-24T19:26:28 ----------------------------------------- Patch: SUSE-2020-1631 Released: Wed Jun 17 09:53:58 2020 Summary: Recommended update for fonts-config Severity: important References: 1049056,1092737,1101985,1106850,1111791,1172022 Description: This update for fonts-config fixes the following issues: - Update version from 20160921 to version 20200609+git0.42e2b1b * Check if it's required to use some default settings in /etc/sysconfig/fonts-config. (bsc#1172022) * Add variable to allow fonts-config to update default settings * Fix en-US, en-GB font matching. * Allow non-ASCII letters in font names. (bsc#1049056, bsc#1101985). * Update subpixel rendering config * Fix misspelling in configuration file. (bsc#1111791) * Fix wrong visualization for special characters and numbers. (bsc#1092737) * Support color emoji * Modern fonts for symbol * Add configurations for Noto Sans/Serif CJK * No longer create encodings.dir in /usr/share/fonts/encodings/ (bsc#1106850) ----------------------------------------- Patch: SUSE-2020-1640 Released: Wed Jun 17 15:46:04 2020 Summary: Recommended update for grub2 Severity: important References: 1166409,1166513 Description: This update for grub2 fixes the following issues: - Implement support searching for specific config files for netboot. (bsc#1166409) - Skip zfcpdump kernel from the grub boot menu (bsc#1166513) ----------------------------------------- Patch: SUSE-2020-1663 Released: Thu Jun 18 11:17:18 2020 Summary: Security update for the Linux Kernel Severity: important References: 1050244,1051510,1051858,1058115,1061840,1065600,1065729,1071995,1085030,1086301,1086313,1086314,1089895,1109911,1114279,1118338,1120386,1134973,1143959,1144333,1151910,1151927,1153917,1154243,1154824,1156286,1157155,1157157,1157692,1158013,1158021,1158026,1158265,1158819,1159028,1159198,1159271,1159285,1159394,1159483,1159484,1159569,1159588,1159841,1159908,1159909,1159910,1159911,1159955,1160195,1160210,1160211,1160218,1160433,1160442,1160476,1160560,1160755,1160756,1160784,1160787,1160802,1160803,1160804,1160917,1160966,1161087,1161514,1161518,1161522,1161523,1161549,1161552,1161555,1161674,1161931,1161933,1161934,1161935,1161936,1161937,1161951,1162067,1162109,1162139,1162928,1162929,1162931,1163971,1164051,1164069,1164078,1164705,1164712,1164727,1164728,1164729,1164730,1164731,1164732,1164733,1164734,1164735,1164871,1165111,1165741,1165873,1165881,1165984,1165985,1166969,1167421,1167423,1167629,1168075,1168276,1168295,1168424,1168670,1168829,1168854,1169390,1169514,1169625,1170056,1170345,1170617,1170618,1170621,1170778,1170901,1171098,1171189,1171191,1171195,1171202,1171205,1171217,1171218,1171219,1171220,1171689,1171982,1171983,1172221,1172317,1172453,1172458,CVE-2018-1000199,CVE-2019-14615,CVE-2019-14896,CVE-2019-14897,CVE-2019-16994,CVE-2019-19036,CVE-2019-19045,CVE-2019-19054,CVE-2019-19318,CVE-2019-19319,CVE-2019-19447,CVE-2019-19462,CVE-2019-19768,CVE-2019-19770,CVE-2019-19965,CVE-2019-19966,CVE-2019-20054,CVE-2019-20095,CVE-2019-20096,CVE-2019-20810,CVE-2019-20812,CVE-2019-3701,CVE-2019-9455,CVE-2019-9458,CVE-2020-0543,CVE-2020-10690,CVE-2020-10711,CVE-2020-10720,CVE-2020-10732,CVE-2020-10751,CVE-2020-10757,CVE-2020-10942,CVE-2020-11494,CVE-2020-11608,CVE-2020-11609,CVE-2020-11669,CVE-2020-12114,CVE-2020-12464,CVE-2020-12652,CVE-2020-12653,CVE-2020-12654,CVE-2020-12655,CVE-2020-12656,CVE-2020-12657,CVE-2020-12769,CVE-2020-13143,CVE-2020-2732,CVE-2020-7053,CVE-2020-8428,CVE-2020-8647,CVE-2020-8648,CVE-2020-8649,CVE-2020-8834,CVE-2020-8992,CVE-2020-9383 Description: The SUSE Linux Enterprise 15 kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-9383: Fixed an out-of-bounds read due to improper error condition check of FDC index (bsc#1165111). - CVE-2020-8992: Fixed an issue which could have allowed attackers to cause a soft lockup via a crafted journal size (bsc#1164069). - CVE-2020-8834: Fixed a stack corruption which could have lead to kernel panic (bsc#1168276). - CVE-2020-8649: Fixed a use-after-free in the vgacon_invert_region function in drivers/video/console/vgacon.c (bsc#1162931). - CVE-2020-8648: Fixed a use-after-free in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bsc#1162928). - CVE-2020-8647: Fixed a use-after-free in the vc_do_resize function in drivers/tty/vt/vt.c (bsc#1162929). - CVE-2020-8428: Fixed a use-after-free which could have allowed local users to cause a denial of service (bsc#1162109). - CVE-2020-7053: Fixed a use-after-free in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c (bsc#1160966). - CVE-2020-2732: Fixed an issue affecting Intel CPUs where an L2 guest may trick the L0 hypervisor into accessing sensitive L1 resources (bsc#1163971). - CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982). - CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983). - CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205). - CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219). - CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217). - CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202). - CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195). - CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218). - CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901). - CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098). - CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390). - CVE-2020-11609: Fixed a null pointer dereference due to improper handling of descriptors (bsc#1168854). - CVE-2020-11608: Fixed a null pointer dereferences via a crafted USB (bsc#1168829). - CVE-2020-11494: Fixed an issue which could have allowed attackers to read uninitialized can_frame data (bsc#1168424). - CVE-2020-10942: Fixed a kernel stack corruption via crafted system calls (bsc#1167629). - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317). - CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189). - CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220). - CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778). - CVE-2020-10711: Fixed a null pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191). - CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056). - CVE-2019-9458: Fixed a use after free due to a race condition which could have led to privilege escalation of privilege (bsc#1168295). - CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345). - CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bsc#1120386). - CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453). - CVE-2019-20810: Fixed a memory leak in due to not calling of snd_card_free (bsc#1172458). - CVE-2019-20096: Fixed a memory leak in __feat_register_sp() in net/dccp/feat.c, which could have caused denial of service (bsc#1159908). - CVE-2019-20095: Fixed an improper error-handling cases that did not free allocated hostcmd memory which was causing memory leak (bsc#1159909). - CVE-2019-20054: Fixed a null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links (bsc#1159910). - CVE-2019-19966: Fixed a use-after-free in cpia2_exit() which could have caused denial of service (bsc#1159841). - CVE-2019-19965: Fixed a null pointer dereference, due to mishandling of port disconnection during discovery (bsc#1159911). - CVE-2019-19770: Fixed a use-after-free in the debugfs_remove function (bsc#1159198). - CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bsc#1159285). - CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265). - CVE-2019-19447: Fixed a user after free via a crafted ext4 filesystem image (bsc#1158819). - CVE-2019-19319: Fixed a user after free when a large old_size value is used in a memset call (bsc#1158021). - CVE-2019-19318: Fixed a use after free via a crafted btrfs image (bsc#1158026). - CVE-2019-19054: Fixed a memory leak in the cx23888_ir_probe() which could have allowed attackers to cause a denial of service (bsc#1161518). - CVE-2019-19045: Fixed a memory leak in which could have allowed attackers to cause a denial of service (bsc#1161522). - CVE-2019-19036: Fixed a null pointer dereference in btrfs_root_node (bsc#1157692). - CVE-2019-16994: Fixed a memory leak which might have caused denial of service (bsc#1161523). - CVE-2019-14897: Fixed a stack overflow in Marvell Wifi Driver (bsc#1157155). - CVE-2019-14896: Fixed a heap overflow in Marvell Wifi Driver (bsc#1157157). - CVE-2019-14615: Fixed an improper control flow in certain data structures which could have led to information disclosure (bsc#1160195). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895). The following non-security bugs were fixed: - 6pack,mkiss: fix possible deadlock (bsc#1051510). - ACPI / APEI: Switch estatus pool to use vmalloc memory (bsc#1051510). - ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() (bsc#1051510). - ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion() (bsc#1051510). - af_packet: set defaule value for tmo (bsc#1051510). - ALSA: control: remove useless assignment in .info callback of PCM chmap element (git-fixes). - ALSA: hda: Add Clevo W65_67SB the power_save blacklist (git-fixes). - ALSA: hda - Add docking station support for Lenovo Thinkpad T420s (git-fixes). - ALSA: hda/analog - Minor optimization for SPDIF mux connections (git-fixes). - ALSA: hda/ca0132 - Avoid endless loop (git-fixes). - ALSA: hda/ca0132 - Fix work handling in delayed HP detection (git-fixes). - ALSA: hda/ca0132 - Keep power on during processing DSP response (git-fixes). - ALSA: hda - Downgrade error message for single-cmd fallback (git-fixes). - ALSA: hda/hdmi - add retry logic to parse_intel_hdmi() (git-fixes). - ALSA: hda/hdmi - fix atpx_present when CLASS is not VGA (bsc#1051510). - ALSA: hda/realtek - Add headset Mic no shutup for ALC283 (bsc#1051510). - ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code (bsc#1051510). - ALSA: pcm: Avoid possible info leaks from PCM stream buffers (git-fixes). - ALSA: seq: Fix racy access for queue timer in proc read (bsc#1051510). - ALSA: sh: Fix compile warning wrt const (git-fixes). - ALSA: usb-audio: fix set_format altsetting sanity check (bsc#1051510). - ALSA: usb-audio: fix sync-ep altsetting sanity check (bsc#1051510). - ar5523: check NULL before memcpy() in ar5523_cmd() (bsc#1051510). - arm64: Revert support for execute-only user mappings (bsc#1160218). - ASoC: au8540: use 64-bit arithmetic instead of 32-bit (bsc#1051510). - ASoC: cs4349: Use PM ops 'cs4349_runtime_pm' (bsc#1051510). - ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report (bsc#1051510). - ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1 (bsc#1051510). - ASoC: wm8962: fix lambda value (git-fixes). - ath10k: fix fw crash by moving chip reset after napi disabled (bsc#1051510). - ath9k: fix storage endpoint lookup (git-fixes). - a typo in %kernel_base_conflicts macro name - batman-adv: Fix DAT candidate selection on little endian systems (bsc#1051510). - bcma: remove set but not used variable 'sizel' (git-fixes). - blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285). - blktrace: fix dereference after null check (bsc#1159285). - blktrace: fix trace mutex deadlock (bsc#1159285). - bonding: fix active-backup transition after link failure (git-fixes). - bonding: fix potential NULL deref in bond_update_slave_arr (bsc#1051510). - bonding: fix unexpected IFF_BONDING bit unset (bsc#1051510). - brcmfmac: fix interface sanity check (git-fixes). - brcmfmac: Fix memory leak in brcmf_usbdev_qinit (git-fixes). - brcmfmac: Fix use after free in brcmf_sdio_readframes() (git-fixes). - btrfs: abort transaction after failed inode updates in create_subvol (bsc#1161936). - btrfs: add missing extents release on file extent cluster relocation error (bsc#1159483). - btrfs: avoid fallback to transaction commit during fsync of files with holes (bsc#1159569). - btrfs: dev-replace: remove warning for unknown return codes when finished (dependency for bsc#1162067). - btrfs: do not call synchronize_srcu() in inode_tree_del (bsc#1161934). - btrfs: Ensure we trim ranges across block group boundary (bsc#1151910). - btrfs: fix block group remaining RO forever after error during device replace (bsc#1160442). - btrfs: fix btrfs_write_inode vs delayed iput deadlock (bsc#1154243). - btrfs: fix infinite loop during nocow writeback due to race (bsc#1160804). - btrfs: fix integer overflow in calc_reclaim_items_nr (bsc#1160433). - btrfs: fix missing data checksums after replaying a log tree (bsc#1161931). - btrfs: fix negative subv_writers counter and data space leak after buffered write (bsc#1160802). - btrfs: fix removal logic of the tree mod log that leads to use-after-free issues (bsc#1160803). - btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Fix for dependency of bsc#1157692). - btrfs: handle ENOENT in btrfs_uuid_tree_iterate (bsc#1161937). - btrfs: harden agaist duplicate fsid on scanned devices (bsc#1134973). - btrfs: inode: Verify inode mode to avoid NULL pointer dereference (dependency for bsc#1157692). - btrfs: make tree checker detect checksum items with overlapping ranges (bsc#1161931). - btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it (dependency for bsc#1157692). - btrfs: record all roots for rename exchange on a subvol (bsc#1161933). - btrfs: relocation: fix reloc_root lifespan and access (bsc#1159588). - btrfs: scrub: Require mandatory block group RO for dev-replace (bsc#1162067). - btrfs: send, skip backreference walking for extents with many references (bsc#1162139). - btrfs: skip log replay on orphaned roots (bsc#1161935). - btrfs: tree-checker: Check chunk item at tree block read time (dependency for bsc#1157692). - btrfs: tree-checker: Check level for leaves and nodes (dependency for bsc#1157692). - btrfs: tree-checker: Enhance chunk checker to validate chunk profile (dependency for bsc#1157692). - btrfs: tree-checker: Fix wrong check on max devid (fixes for dependency of bsc#1157692). - btrfs: tree-checker: get fs_info from eb in block_group_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_block_group_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_csum_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_dev_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_dir_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_extent_data_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_inode_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_leaf (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_leaf_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in chunk_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in dev_item_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in dir_item_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in file_extent_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in generic_err (dependency for bsc#1157692). - btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO (dependency for bsc#1157692). - btrfs: tree-checker: Make chunk item checker messages more readable (dependency for bsc#1157692). - btrfs: tree-checker: Verify dev item (dependency for bsc#1157692). - btrfs: tree-checker: Verify inode item (dependency for bsc#1157692). - btrfs: volumes: Use more straightforward way to calculate map length (bsc#1151910). - can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs (bsc#1051510). - can: gs_usb: gs_usb_probe(): use descriptors of current altsetting (bsc#1051510). - can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling to irq mode (bsc#1051510). - can, slip: Protect tty->disc_data in write_wakeup and close with RCU (bsc#1051510). - cfg80211: check for set_wiphy_params (bsc#1051510). - cfg80211: fix page refcount issue in A-MSDU decap (bsc#1051510). - cfg80211/mac80211: make ieee80211_send_layer2_update a public function (bsc#1051510). - cgroup: pids: use atomic64_t for pids->limit (bsc#1161514). - CIFS: add support for flock (bsc#1144333). - CIFS: Close cached root handle only if it had a lease (bsc#1144333). - CIFS: Close open handle after interrupted close (bsc#1144333). - CIFS: close the shared root handle on tree disconnect (bsc#1144333). - CIFS: Do not miss cancelled OPEN responses (bsc#1144333). - CIFS: Fix lookup of root ses in DFS referral cache (bsc#1144333). - CIFS: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333). - CIFS: Fix mount options set in automount (bsc#1144333). - CIFS: Fix NULL pointer dereference in mid callback (bsc#1144333). - CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bsc#1144333). - CIFS: Fix potential softlockups while refreshing DFS cache (bsc#1144333). - CIFS: Fix retrieval of DFS referrals in cifs_mount() (bsc#1144333). - CIFS: Fix use-after-free bug in cifs_reconnect() (bsc#1144333). - CIFS: Properly process SMB3 lease breaks (bsc#1144333). - CIFS: remove set but not used variables 'cinode' and 'netfid' (bsc#1144333). - CIFS: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1144333). - clk: Do not try to enable critical clocks if prepare failed (bsc#1051510). - clk: rockchip: fix I2S1 clock gate register for rk3328 (bsc#1051510). - clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 (bsc#1051510). - clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering (bsc#1051510). - clk: rockchip: fix rk3188 sclk_smc gate data (bsc#1051510). - clk: sunxi: sun9i-mmc: Implement reset callback for reset controls (bsc#1051510). - clocksource/drivers/bcm2835_timer: Fix memory leak of timer (bsc#1051510). - clocksource/drivers/hyper-v: Set TSC clocksource as default w/ InvariantTSC (bsc#1170621). - copy/pasted 'Recommends:' instead of 'Provides:', 'Obsoletes:' and 'Conflicts: - crypto: af_alg - Use bh_lock_sock in sk_destruct (bsc#1051510). - crypto: api - Check spawn->alg under lock in crypto_drop_spawn (bsc#1051510). - crypto: api - Fix race condition in crypto_spawn_alg (bsc#1051510). - crypto: atmel-sha - fix error handling when setting hmac key (bsc#1051510). - crypto: ccp - fix uninitialized list head (bsc#1051510). - crypto: chelsio - fix writing tfm flags to wrong place (bsc#1051510). - crypto: pcrypt - Do not clear MAY_SLEEP flag in original request (bsc#1051510). - crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill (bsc#1051510). - crypto: reexport crypto_shoot_alg() (bsc#1051510, kABI fix). - debugfs: add support for more elaborate ->d_fsdata (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: call debugfs_real_fops() only after debugfs_file_get() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: debugfs_real_fops(): drop __must_hold sparse annotation (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: debugfs_use_start/finish do not exist anymore (bsc#1159198). Prerequisite for bsc#1159198. - debugfs: defer debugfs_fsdata allocation to first usage (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: fix debugfs_real_fops() build error (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: implement per-file removal protection (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: purge obsolete SRCU based removal protection (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: simplify __debugfs_remove_file() (bsc#1159198). Prerequisite for bsc#1159198. - dmaengine: coh901318: Fix a double-lock bug (bsc#1051510). - dmaengine: coh901318: Remove unused variable (bsc#1051510). - dmaengine: Fix access to uninitialized dma_slave_caps (bsc#1051510). - dma-mapping: fix return type of dma_set_max_seg_size() (bsc#1051510). - drivers/base/memory.c: cache blocks in radix tree to accelerate lookup (bsc#1159955 ltc#182993). - drivers/base/memory.c: do not access uninitialized memmaps in soft_offline_page_store() (bsc#1051510). - drivers: HV: Send one page worth of kmsg dump over Hyper-V during panic (bsc#1170617). - drivers: hv: vmbus: Fix the issue with freeing up hv_ctl_table_hdr (bsc#1170617). - drivers: hv: vmbus: Get rid of MSR access from vmbus_drv.c (bsc#1170618). - drivers: hv: vmus: Fix the check for return value from kmsg get dump buffer (bsc#1170617). - drm/amdgpu: add function parameter description in 'amdgpu_gart_bind' (bsc#1051510). - drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table (bsc#1051510). - drm/amdgpu: remove always false comparison in 'amdgpu_atombios_i2c_process_i2c_ch' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'amdgpu_connector' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'dig' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'dig_connector' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'mc_shared_chmap' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'mc_shared_chmap' from 'gfx_v6_0.c' and 'gfx_v7_0.c' (bsc#1051510). - drm: bridge: dw-hdmi: constify copied structure (bsc#1051510). - drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ (bsc#1051510). - drm/fb-helper: Round up bits_per_pixel if possible (bsc#1051510). - drm/i810: Prevent underflow in ioctl (bsc#1114279) - drm/i915: Add missing include file (bsc#1051510). - drm/i915: Fix pid leak with banned clients (bsc#1114279) - drm: limit to INT_MAX in create_blob ioctl (bsc#1051510). - drm/mst: Fix MST sideband up-reply failure handling (bsc#1051510). - drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler (bsc#1051510). - drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new() (bsc#1051510). - drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028) - drm/radeon: fix r1xx/r2xx register checker for POT textures (bsc#1114279) - drm/rockchip: lvds: Fix indentation of a #define (bsc#1051510). - drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add (bsc#1051510). - e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait (bsc#1051510). - exit: panic before exit_mm() on global init exit (bsc#1161549). - extcon: max8997: Fix lack of path setting in USB device mode (bsc#1051510). - firestream: fix memory leaks (bsc#1051510). - fix autofs regression caused by follow_managed() changes (bsc#1159271). - fix dget_parent() fastpath race (bsc#1159271). - Fix partial checked out tree build ... so that bisection does not break. - fjes: fix missed check in fjes_acpi_add (bsc#1051510). - fs: cifs: Fix atime update check vs mtime (bsc#1144333). - fs/namei.c: fix missing barriers when checking positivity (bsc#1159271). - fs/namei.c: pull positivity check into follow_managed() (bsc#1159271). - fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#1165985). - ftrace: Avoid potential division by zero in function profiler (bsc#1160784). - futex: Prevent robust futex exit race (bsc#1161555). - gpio: Fix error message on out-of-range GPIO in lookup table (bsc#1051510). - HID: hidraw: Fix returning EPOLLOUT from hidraw_poll (bsc#1051510). - HID: hidraw, uhid: Always report EPOLLOUT (bsc#1051510). - hidraw: Return EPOLLOUT from hidraw_poll (bsc#1051510). - HID: uhid: Fix returning EPOLLOUT from uhid_char_poll (bsc#1051510). - hwmon: (adt7475) Make volt2reg return same reg as reg2volt input (bsc#1051510). - hwmon: (core) Do not use device managed functions for memory allocations (bsc#1051510). - hwmon: (nct7802) Fix voltage limits to wrong registers (bsc#1051510). - i2c: imx: do not print error message on probe defer (bsc#1051510). - IB/hfi1: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - ibmveth: Detect unsupported packets before sending to the hypervisor (bsc#1159484 ltc#182983). - ibmvfc: do not send implicit logouts prior to NPIV login (bsc#1169625 ltc#184611). - iio: adc: max9611: Fix too short conversion time delay (bsc#1051510). - iio: buffer: align the size of scan bytes to size of the largest element (bsc#1051510). - inet: protect against too small mtu values (networking-stable-19_12_16). - Input: add safety guards to input_set_keycode() (bsc#1168075). - Input: aiptek - fix endpoint sanity check (bsc#1051510). - Input: cyttsp4_core - fix use after free bug (bsc#1051510). - Input: goodix - add upside-down quirk for Teclast X89 tablet (bsc#1051510). - Input: gtco - fix endpoint sanity check (bsc#1051510). - Input: keyspan-remote - fix control-message timeouts (bsc#1051510). - Input: pegasus_notetaker - fix endpoint sanity check (bsc#1051510). - Input: pm8xxx-vib - fix handling of separate enable register (bsc#1051510). - Input: rmi_f54 - read from FIFO in 32 byte blocks (bsc#1051510). - Input: sun4i-ts - add a check for devm_thermal_zone_of_sensor_register (bsc#1051510). - Input: sur40 - fix interface sanity checks (bsc#1051510). - Input: synaptics-rmi4 - do not increment rmiaddr for SMBus transfers (bsc#1051510). - Input: synaptics-rmi4 - simplify data read in rmi_f54_work (bsc#1051510). - Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus (bsc#1051510). - iommu: Remove device link to group on failure (bsc#1160755). - iommu/vt-d: Unlink device if failed to add to group (bsc#1160756). - iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop (git-fixes). - iwlwifi: mvm: Send non offchannel traffic via AP sta (bsc#1051510). - iwlwifi: mvm: synchronize TID queue removal (bsc#1051510). - kABI: protect struct sctp_ep_common (kabi). - kABI: restore debugfs_remove_recursive() (bsc#1159198). - kABI workaround for can/skb.h inclusion (bsc#1051510). - kernel/trace: Fix do not unregister tracepoints when register sched_migrate_task fail (bsc#1160787). - KEYS: reaching the keys quotas correctly (bsc#1171689). - KVM: fix spectrev1 gadgets (bsc#1164705). - KVM: x86: Host feature SSBD does not imply guest feature SPEC_CTRL_SSBD (bsc#1160476). - KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks (bsc#1164734). - KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks (bsc#1164728). - KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks (bsc#1164729). - KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks (bsc#1164712). - KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks (bsc#1164730). - KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c (bsc#1164733). - KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks (bsc#1164731). - KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks (bsc#1164732). - KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks (bsc#1164735). - KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks (bsc#1164705). - KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks (bsc#1164727). - leds: Allow to call led_classdev_unregister() unconditionally (bsc#1161674). - leds: class: ensure workqueue is initialized before setting brightness (bsc#1161674). - lib/scatterlist.c: adjust indentation in __sg_alloc_table (bsc#1051510). - lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more() (bsc#1051510). - livepatch/samples/selftest: Use klp_shadow_alloc() API correctly (bsc#1071995). - livepatch/selftest: Clean up shadow variable names and type (bsc#1071995). - mac80211: Do not send Layer 2 Update frame before authorization (bsc#1051510). - macvlan: do not assume mac_header is set in macvlan_broadcast() (bsc#1051510). - macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() (bsc#1051510). - md/raid0: Fix buffer overflow at debug print (bsc#1164051). - media: cec.h: CEC_OP_REC_FLAG_ values were swapped (bsc#1051510). - media: cec: report Vendor ID after initialization (bsc#1051510). - media: iguanair: fix endpoint sanity check (bsc#1051510). - media: ov519: add missing endpoint sanity checks (bsc#1168829). - media: pulse8-cec: return 0 when invalidating the logical address (bsc#1051510). - media: stkwebcam: Bugfix for wrong return values (bsc#1051510). - media: stv06xx: add missing descriptor sanity checks (bsc#1168854). - media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors (bsc#1051510). - media: v4l2-ioctl.c: zero reserved fields for S/TRY_FMT (bsc#1051510). - media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments (bsc#1051510). - missing escaping of backslashes in macro expansions Fixes: f3b74b0ae86b ('rpm/kernel-subpackage-spec: Unify dependency handling.') Fixes: 3fd22e219f77 ('rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959)') - mmc: mediatek: fix CMD_TA to 2 for MT8173 HS200/HS400 mode (bsc#1051510). - mmc: sdhci: fix minimum clock rate for v3 controller (bsc#1051510). - mmc: sdhci-of-esdhc: fix P2020 errata handling (bsc#1051510). - mmc: sdhci-of-esdhc: Revert 'mmc: sdhci-of-esdhc: add erratum A-009204 support' (bsc#1051510). - mmc: tegra: fix SDR50 tuning override (bsc#1051510). - mm: memory_hotplug: use put_device() if device_register fail (bsc#1159955 ltc#182993). - mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock (bsc#1159394). - mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame() (git-fixes). - net: bridge: deny dev_set_mac_address() when unregistering (networking-stable-19_12_16). - net: ena: Add PCI shutdown handler to allow safe kexec (bsc#1167421, bsc#1167423). - net: ethernet: ti: cpsw: fix extra rx interrupt (networking-stable-19_12_16). - netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes). - net/mlx4_en: fix mlx4 ethtool -N insertion (networking-stable-19_11_25). - net/mlx5e: Fix set vf link state error flow (networking-stable-19_11_25). - net/mlxfw: Fix out-of-memory error in mfa2 flash burning (bsc#1051858). - net: psample: fix skb_over_panic (networking-stable-19_12_03). - net: rtnetlink: prevent underflows in do_setvfinfo() (networking-stable-19_11_25). - net/sched: act_pedit: fix WARN() in the traffic path (networking-stable-19_11_25). - net: sched: fix `tc -s class show` no bstats on class with nolock subqueues (networking-stable-19_12_03). - net: usb: lan78xx: limit size of local TSO packets (bsc#1051510). - net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules (networking-stable-19_11_18). - new helper: lookup_positive_unlocked() (bsc#1159271). - NFC: pn533: fix bulk-message timeout (bsc#1051510). - NFC: pn544: Adjust indentation in pn544_hci_check_presence (git-fixes). - objtool: Fix stack offset tracking for indirect CFAs (bsc#1169514). - openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() (networking-stable-19_12_03). - openvswitch: remove another BUG_ON() (networking-stable-19_12_03). - openvswitch: support asymmetric conntrack (networking-stable-19_12_16). - orinoco_usb: fix interface sanity check (git-fixes). - PCI: Do not disable bridge BARs when assigning bus resources (bsc#1051510). - PCI/switchtec: Fix vep_vector_number ioread width (bsc#1051510). - phy: qualcomm: Adjust indentation in read_poll_timeout (bsc#1051510). - pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B (bsc#1051510). - platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 (bsc#1051510). - platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes (bsc#1051510). - platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table (bsc#1051510). - powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB (bnc#1151927 5.3.17). - powerpc: Allow flush_icache_range to work across ranges >4GB (bnc#1151927 5.3.17). - powerpc/archrandom: fix arch_get_random_seed_int() (bsc#1065729). - powerpc: Fix vDSO clock_getres() (bsc#1065729). - powerpc/irq: fix stack overflow verification (bsc#1065729). - powerpc/mm: drop #ifdef CONFIG_MMU in is_ioremap_addr() (bsc#1065729). - powerpc/mm: Remove kvm radix prefetch workaround for Power9 DD2.2 (bsc#1061840). - powerpc/pkeys: remove unused pkey_allows_readwrite (bsc#1065729). - powerpc/powernv: Disable native PCIe port management (bsc#1065729). - powerpc/security: Fix debugfs data leak on 32-bit (bsc#1065729). - powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal delivery (bsc#1118338 ltc#173734). - powerpc/tools: Do not quote $objdump in scripts (bsc#1065729). - powerpc/xive: Discard ESB load value when interrupt is invalid (bsc#1085030). - powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts (bsc#1085030). - powerpc/xmon: do not access ASDR in VMs (bsc#1065729). - ppp: Adjust indentation into ppp_async_input (git-fixes). - prevent active file list thrashing due to refault detection (VM Performance, bsc#1156286). - pstore/ram: Write new dumps to start of recycled zones (bsc#1051510). - qede: Disable hardware gro when xdp prog is installed (bsc#1086314 bsc#1086313 bsc#1086301 ). - r8152: add missing endpoint sanity check (bsc#1051510). - random: always use batched entropy for get_random_u{32,64} (bsc#1164871). - RDMA/bnxt_re: Avoid freeing MR resources if dereg fails (bsc#1050244). - regulator: Fix return value of _set_load() stub (bsc#1051510). - regulator: rk808: Lower log level on optional GPIOs being not available (bsc#1051510). - regulator: rn5t618: fix module aliases (bsc#1051510). - Revert 'Input: synaptics-rmi4 - do not increment rmiaddr for SMBus transfers' (bsc#1051510). - Revert 'ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()' (bsc#1172221). - Revert 'mmc: sdhci: Fix incorrect switch to HS mode' (bsc#1051510). - rtc: dt-binding: abx80x: fix resistance scale (bsc#1051510). - rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()' (bsc#1051510). - rtc: msm6242: Fix reading of 10-hour digit (bsc#1051510). - rtc: pcf8523: set xtal load capacitance from DT (bsc#1051510). - rtc: s35390a: Change buf's type to u8 in s35390a_init (bsc#1051510). - scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (bsc#1161951 ltc#183551). - scsi: ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551). - scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport (bsc#1158013). - scsi: qla2xxx: Add D-Port Diagnostic reason explanation logs (bsc#1158013). - scsi: qla2xxx: Cleanup unused async_logout_done (bsc#1158013). - scsi: qla2xxx: Consolidate fabric scan (bsc#1158013). - scsi: qla2xxx: Correct fcport flags handling (bsc#1158013). - scsi: qla2xxx: Fix fabric scan hang (bsc#1158013). - scsi: qla2xxx: Fix mtcp dump collection failure (bsc#1158013). - scsi: qla2xxx: Fix RIDA Format-2 (bsc#1158013). - scsi: qla2xxx: Fix stuck login session using prli_pend_timer (bsc#1158013). - scsi: qla2xxx: Fix stuck session in GNL (bsc#1158013). - scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type (bsc#1158013). - scsi: qla2xxx: Fix update_fcport for current_topology (bsc#1158013). - scsi: qla2xxx: Improve readability of the code that handles qla_flt_header (bsc#1158013). - scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (bsc#1158013). - scsi: qla2xxx: Update driver version to 10.01.00.22-k (bsc#1158013). - scsi: qla2xxx: Use common routine to free fcport struct (bsc#1158013). - scsi: qla2xxx: Use get_unaligned_*() instead of open-coding these functions (bsc#1158013). - sctp: cache netns in sctp_ep_common (networking-stable-19_12_03). - serial: 8250_bcm2835aux: Fix line mismatch on driver unbind (bsc#1051510). - serial: ifx6x60: add missed pm_runtime_disable (bsc#1051510). - serial: pl011: Fix DMA ->flush_buffer() (bsc#1051510). - serial: serial_core: Perform NULL checks for break_ctl ops (bsc#1051510). - serial: stm32: fix transmit_chars when tx is stopped (bsc#1051510). - sfc: Only cancel the PPS workqueue if it exists (networking-stable-19_11_25). - sh_eth: check sh_eth_cpu_data::dual_port when dumping registers (bsc#1051510). - sh_eth: fix dumping ARSTR (bsc#1051510). - sh_eth: fix invalid context bug while calling auto-negotiation by ethtool (bsc#1051510). - sh_eth: fix invalid context bug while changing link options by ethtool (bsc#1051510). - sh_eth: fix TSU init on SH7734/R8A7740 (bsc#1051510). - sh_eth: fix TXALCR1 offsets (bsc#1051510). - sh_eth: TSU_QTAG0/1 registers the same as TSU_QTAGM0/1 (bsc#1051510). - smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1144333). - smb3: Fix persistent handles reconnect (bsc#1144333). - smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1144333). - smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1144333). - soc: renesas: rcar-sysc: Add goto to of_node_put() before return (bsc#1051510). - spi: tegra114: clear packed bit for unpacked mode (bsc#1051510). - spi: tegra114: configure dma burst size to fifo trig level (bsc#1051510). - spi: tegra114: fix for unpacked mode transfers (bsc#1051510). - spi: tegra114: flush fifos (bsc#1051510). - spi: tegra114: terminate dma and reset on transfer timeout (bsc#1051510). - staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713 (bsc#1051510). - Staging: iio: adt7316: Fix i2c data reading, set the data field (bsc#1051510). - staging: rtl8188eu: fix interface sanity check (bsc#1051510). - staging: wlan-ng: ensure error return is actually returned (bsc#1051510). - tcp: clear tp->packets_out when purging write queue (bsc#1160560). - tcp: exit if nothing to retransmit on RTO timeout (bsc#1160560, stable 4.14.159). - tcp: md5: fix potential overestimation of TCP option space (networking-stable-19_12_16). - tracing: Have the histogram compare functions convert to u64 first (bsc#1160210). - tracing: xen: Ordered comparison of function pointers (git-fixes). - tty: n_hdlc: fix build on SPARC (bsc#1051510). - tty/serial: atmel: Add is_half_duplex helper (bsc#1051510). - tty: serial: msm_serial: Fix lockup for sysrq and oops (bsc#1051510). - tty: vt: keyboard: reject invalid keycodes (bsc#1051510). - USB: Allow USB device to be warm reset in suspended state (bsc#1051510). - USB: atm: ueagle-atm: add missing endpoint check (bsc#1051510). - USB: chipidea: host: Disable port power only if previously enabled (bsc#1051510). - USB: core: hub: Improved device recognition on remote wakeup (bsc#1051510). - USB: core: urb: fix URB structure initialization function (bsc#1051510). - USB: documentation: flags on usb-storage versus UAS (bsc#1051510). - USB: dwc3: debugfs: Properly print/set link state for HS (bsc#1051510). - USB: dwc3: do not log probe deferrals; but do log other error codes (bsc#1051510). - USB: dwc3: ep0: Clear started flag on completion (bsc#1051510). - USB: dwc3: turn off VBUS when leaving host mode (bsc#1051510). - USB: gadget: f_ecm: Use atomic_t to track in-flight request (bsc#1051510). - USB: gadget: f_ncm: Use atomic_t to track in-flight request (bsc#1051510). - USB: gadget: pch_udc: fix use after free (bsc#1051510). - USB: gadget: u_serial: add missing port entry locking (bsc#1051510). - USB: gadget: Zero ffs_io_data (bsc#1051510). - USB: host: xhci-hub: fix extra endianness conversion (bsc#1051510). - usbip: Fix receive error in vhci-hcd when using scatter-gather (bsc#1051510). - USB: mtu3: fix dbginfo in qmu_tx_zlp_error_handler (bsc#1051510). - USB: musb: dma: Correct parameter passed to IRQ handler (bsc#1051510). - USB: musb: fix idling for suspend after disconnect interrupt (bsc#1051510). - USB: serial: ch341: handle unbound port at reset_resume (bsc#1051510). - USB: serial: io_edgeport: add missing active-port sanity check (bsc#1051510). - USB: serial: io_edgeport: handle unbound ports on URB completion (bsc#1051510). - USB: serial: io_edgeport: use irqsave() in USB's complete callback (bsc#1051510). - USB: serial: ir-usb: add missing endpoint sanity check (bsc#1051510). - USB: serial: ir-usb: fix IrLAP framing (bsc#1051510). - USB: serial: ir-usb: fix link-speed handling (bsc#1051510). - USB: serial: keyspan: handle unbound ports (bsc#1051510). - USB: serial: opticon: fix control-message timeouts (bsc#1051510). - USB: serial: option: Add support for Quectel RM500Q (bsc#1051510). - USB: serial: quatech2: handle unbound ports (bsc#1051510). - USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx (bsc#1051510). - USB: serial: suppress driver bind attributes (bsc#1051510). - USB: typec: tcpci: mask event interrupts when remove driver (bsc#1051510). - USB: uas: heed CAPACITY_HEURISTICS (bsc#1051510). - USB: uas: honor flag to avoid CAPACITY16 (bsc#1051510). - USB: xhci: Fix build warning seen with CONFIG_PM=n (bsc#1051510). - workqueue: Fix pwq ref leak in rescuer_thread() (bsc#1160211). - x86/entry/64: Fix unwind hints in kernel exit path (bsc#1058115). - x86/entry/64: Fix unwind hints in register clearing code (bsc#1058115). - x86/entry/64: Fix unwind hints in rewind_stack_do_exit() (bsc#1058115). - x86/entry/64: Fix unwind hints in __switch_to_asm() (bsc#1058115). - x86/Hyper-V: Allow guests to enable InvariantTSC (bsc#1170621). - x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump (bsc#1170617). - x86/Hyper-V: Report crash data in die() when panic_on_oops is set (bsc#1170617). - x86/Hyper-V: Report crash register data or kmsg before running crash kernel (bsc#1170617). - x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is not set (bsc#1170617). - x86/Hyper-V: report value of misc_features (git-fixes). - x86/Hyper-V: Trigger crash enlightenment only once during system crash (bsc#1170617). - x86/Hyper-V: Unload vmbus channel in hv panic callback (bsc#1170617). - x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI (bsc#1114279). - x86/mce/AMD: Allow any CPU to initialize the smca_banks array (bsc#1114279). - x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks (bsc#1114279). - x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure() (bsc#1114279). - x86/mce: Fix possibly incorrect severity calculation on AMD (bsc#1114279). - x86/mm: Split vmalloc_sync_all() (bsc#1165741). - x86/resctrl: Fix an imbalance in domain_remove_cpu() (bsc#1114279). - x86/resctrl: Fix potential memory leak (bsc#1114279). - x86/unwind/orc: Do not skip the first frame for inactive tasks (bsc#1058115). - x86/unwind/orc: Fix error handling in __unwind_start() (bsc#1058115). - x86/unwind/orc: Fix error path for bad ORC entry type (bsc#1058115). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - x86/unwind/orc: Prevent unwinding before ORC initialization (bsc#1058115). - x86/unwind: Prevent false warnings for non-current tasks (bsc#1058115). - x86/xen: fix booting 32-bit pv guest (bsc#1071995). - x86/xen: Make the boot CPU idle task reliable (bsc#1071995). - x86/xen: Make the secondary CPU idle tasks reliable (bsc#1071995). - xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk (bsc#1065600). - xen-blkfront: switch kcalloc to kvcalloc for large array allocation (bsc#1160917). - xfrm: Fix transport mode skb control buffer usage (bsc#1161552). - xfs: also remove cached ACLs when removing the underlying attr (bsc#1165873). - xfs: bulkstat should copy lastip whenever userspace supplies one (bsc#1165984). - xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1161087, bsc#1153917). - xhci: Fix memory leak in xhci_add_in_port() (bsc#1051510). - xhci: fix USB3 device initiated resume race with roothub autosuspend (bsc#1051510). - xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour (bsc#1051510). - xhci: make sure interrupts are restored to correct state (bsc#1051510). - zd1211rw: fix storage endpoint lookup (git-fixes). ----------------------------------------- Patch: SUSE-2020-1677 Released: Thu Jun 18 18:16:39 2020 Summary: Security update for mozilla-nspr, mozilla-nss Severity: important References: 1159819,1169746,1171978,CVE-2019-17006,CVE-2020-12399 Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53 - CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978). - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes mozilla-nspr to version 4.25 ----------------------------------------- Patch: SUSE-2020-1682 Released: Fri Jun 19 09:44:54 2020 Summary: Security update for perl Severity: important References: 1171863,1171864,1171866,1172348,CVE-2020-10543,CVE-2020-10878,CVE-2020-12723 Description: This update for perl fixes the following issues: - CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have allowed overwriting of allocated memory with attacker's data (bsc#1171863). - CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of instructions into the compiled form of Perl regular expression (bsc#1171864). - CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a compiled regular expression (bsc#1171866). - Fixed a bad warning in features.ph (bsc#1172348). ----------------------------------------- Patch: SUSE-2020-1684 Released: Fri Jun 19 09:48:36 2020 Summary: Security update for java-1_8_0-ibm Severity: important References: 1160968,1169511,1171352,1172277,CVE-2019-2949,CVE-2020-2654,CVE-2020-2754,CVE-2020-2755,CVE-2020-2756,CVE-2020-2757,CVE-2020-2781,CVE-2020-2800,CVE-2020-2803,CVE-2020-2805,CVE-2020-2830 Description: This update for java-1_8_0-ibm fixes the following issues: java-1_8_0-ibm was updated to Java 8.0 Service Refresh 6 Fix Pack 10 (bsc#1172277,bsc#1169511,bsc#1160968) - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2754: Forwarded references to Nashorn - CVE-2020-2755: Improved Nashorn matching - CVE-2020-2756: Improved mapping of serial ENUMs - CVE-2020-2757: Less Blocking Array Queues - CVE-2020-2781: Improved TLS session handling - CVE-2020-2800: Improved Headings for HTTP Servers - CVE-2020-2803: Enhanced buffering of byte buffers - CVE-2020-2805: Enhanced typing of methods - CVE-2020-2830: Improved Scanner conversions - CVE-2019-2949: Fixed an issue which could have resulted in unauthorized access to critical data - Added RSA PSS SUPPORT TO IBMPKCS11IMPL - The pack200 and unpack200 alternatives should be slaves of java (bsc#1171352). ----------------------------------------- Patch: SUSE-2020-1702 Released: Mon Jun 22 11:20:53 2020 Summary: Recommended update for ucode-intel Severity: moderate References: 1172466,1172856 Description: This update for ucode-intel fixes the following issues: Updated Intel CPU Microcode to 20200616 official release (bsc#1172856) - revert 06-4e-03 Skylake U/Y, U23e ucode back to 000000d6 release - revert 06-5e-03 Skylake H/S ucode back to 000000d6 release, as both cause stability issues. (bsc#1172856) Updated Intel CPU Microcode to 20200609 official release (bsc#1172466) - no changes to 20200602 prerelease ----------------------------------------- Patch: SUSE-2020-1730 Released: Wed Jun 24 09:41:15 2020 Summary: Security update for libssh2_org Severity: moderate References: 1154862,CVE-2019-17498 Description: This update for libssh2_org fixes the following issue: - CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862). ----------------------------------------- Version 1.0.6-Production-Build1.14 2020-06-26T19:21:42 ----------------------------------------- Patch: SUSE-2020-1760 Released: Thu Jun 25 18:46:13 2020 Summary: Recommended update for systemd Severity: moderate References: 1157315,1162698,1164538,1169488,1171145,1172072 Description: This update for systemd fixes the following issues: - Merge branch 'SUSE/v234' into SLE15 units: starting suspend.target should not fail when suspend is successful (bsc#1172072) core/mount: do not add Before=local-fs.target or remote-fs.target if nofail mount option is set mount: let mount_add_extras() take care of remote-fs.target deps (bsc#1169488) mount: set up local-fs.target/remote-fs.target deps in mount_add_default_dependencies() too udev: rename the persistent link for ATA devices (bsc#1164538) shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) tmpfiles: remove unnecessary assert (bsc#1171145) test-engine: manager_free() was called too early pid1: by default make user units inherit their umask from the user manager (bsc#1162698) ----------------------------------------- Patch: SUSE-2020-1773 Released: Fri Jun 26 08:05:59 2020 Summary: Security update for curl Severity: important References: 1173027,CVE-2020-8177 Description: This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). ----------------------------------------- Patch: SUSE-2020-1785 Released: Fri Jun 26 09:26:09 2020 Summary: Recommended update for perl-TimeDate Severity: moderate References: 1172834 Description: This update for perl-TimeDate fixes the following issue: - Parse out the century if specified (strptime). (bsc#1172834) ----------------------------------------- Version 1.0.6-Production-Build1.20 2020-07-07T08:53:22 ----------------------------------------- Patch: SUSE-2020-1809 Released: Wed Jul 1 04:08:19 2020 Summary: Recommended update for icewm-theme-branding Severity: moderate References: 1170420 Description: This update for icewm-theme-branding fixes the following issues: Fix the 'zypper dup' issue on Leap by explicitly obsoleting icewm-config-upstream. (bsc#1170420) ----------------------------------------- Patch: SUSE-2020-1820 Released: Thu Jul 2 08:38:44 2020 Summary: Recommended update for dracut Severity: moderate References: 1161573 Description: This update for dracut fixes the following issue: - Fix dracut timeout on missing root device (bsc#1161573) ----------------------------------------- Patch: SUSE-2020-1822 Released: Thu Jul 2 11:30:42 2020 Summary: Security update for python3 Severity: important References: 1173274,CVE-2020-14422 Description: This update for python3 fixes the following issues: - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service (bsc#1173274). ----------------------------------------- Patch: SUSE-2020-1824 Released: Thu Jul 2 12:37:30 2020 Summary: Recommended update for resource-agents Severity: moderate References: 1162978,1170270,1172734 Description: This update for resource-agents fixes the following issues: - Fixed a bug where the pulling of images was stuck (bsc#1170270) - Added a fix for defect file /usr/lib/ocf/resource.d/heartbeat/clvm (bsc#1172734) ----------------------------------------- Patch: SUSE-2020-1850 Released: Mon Jul 6 14:44:39 2020 Summary: Security update for mozilla-nss Severity: moderate References: 1168669,1173032,CVE-2020-12402 Description: This update for mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032) - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). ----------------------------------------- Patch: SUSE-2020-1852 Released: Mon Jul 6 16:50:21 2020 Summary: Recommended update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts Severity: moderate References: 1169444 Description: This update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts fixes the following issues: Changes in fontforge: - Support transforming bitmap glyphs from python. (bsc#1169444) - Allow python-Sphinx >= 3 Changes in ttf-converter: - Update from version 1.0 to version 1.0.6: * ftdump is now shipped additionally as new dependency for ttf-converter * Standardize output when converting vector and bitmap fonts * Add more subfamilies fixes (bsc#1169444) * Add --family and --subfamily arguments to force values on those fields * Add parameters to fix glyph unicode values --fix-glyph-unicode : Try to fix unicode points and glyph names based on glyph names containing hexadecimal codes (like '$0C00', 'char12345' or 'uni004F') --replace-unicode-values: When passed 2 comma separated numbers a,b the glyph with an unicode value of a is replaced with the unicode value b. Can be used more than once. --shift-unicode-values: When passed 3 comma separated numbers a,b,c this shifts the unicode values of glyphs between a and b (both included) by adding c. Can be used more than once. * Add --bitmapTransform parameter to transform bitmap glyphs. (bsc#1169444) When used, all glyphs are modified with the transformation function and values passed as parameters. The parameter has three values separated by commas: fliph|flipv|rotate90cw|rotate90ccw|rotate180|skew|transmove,xoff,yoff * Add support to convert bitmap fonts (bsc#1169444) * Rename MediumItalic subfamily to Medium Italic * Show some more information when removing duplicated glyphs * Add a --force-monospaced argument instead of hardcoding font names * Convert `BoldCond` subfamily to `Bold Condensed` * Fixes for Monospaced fonts and force the Nimbus Mono L font to be Monospaced. (bsc#1169444 #c41) * Add a --version argument * Fix subfamily names so the converted font's subfamily match the original ones. (bsc#1169444 #c41) Changes in xorg-x11-fonts: - Use ttf-converter 1.0.6 to build an Italic version of cu12.pcf.gz in the converted subpackage - Include the subfamily in the filename of converted fonts - Use ttf-converter's new bitmap font support to convert Schumacher Clean and Schumacher Clean Wide (bsc#1169444 #c41) - Replace some unicode values in cu-pua12.pcf.gz to fix them - Shift some unicode values in arabic24.pcf.gz and cuarabic12.pcf.gz so glyphs don't pretend to be latin characters when they're not. - Don't distribute converted fonts with wrong unicode values in their glyphs. (bsc#1169444) Bitstream-Charter-*.otb, Cursor.ttf,Sun-OPEN-LOOK-*.otb, MUTT-ClearlyU-Devangari-Extra-Regular, MUTT-ClearlyU-Ligature-Wide-Regular, and MUTT-ClearlyU-Devanagari-Regular Changes in ghostscript-fonts: - Force the converted Nimbus Mono font to be monospaced. (bsc#1169444 #c41) Use the --force-monospaced argument of ttf-converter 1.0.3 ----------------------------------------- Patch: SUSE-2020-1856 Released: Mon Jul 6 17:05:51 2020 Summary: Security update for openldap2 Severity: important References: 1172698,1172704,CVE-2020-8023 Description: This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). ----------------------------------------- Patch: SUSE-2020-1858 Released: Mon Jul 6 17:08:06 2020 Summary: Security update for permissions Severity: moderate References: 1171883 Description: This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) ----------------------------------------- Version 1.0.6-Production-Build1.39 2020-07-30T12:26:31 ----------------------------------------- Patch: SUSE-2020-1611 Released: Fri Jun 12 09:38:03 2020 Summary: Recommended update for libsolv, libzypp, zypper Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990 Description: This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.13 to fix: - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.4 to fix: - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - update translations - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) zypper was updated to version 1.14.36: - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) ----------------------------------------- Patch: SUSE-2020-1396 Released: Fri Jul 3 12:33:05 2020 Summary: Security update for zstd Severity: moderate References: 1082318,1133297 Description: This update for zstd fixes the following issues: - Fix for build error caused by wrong static libraries. (bsc#1133297) - Correction in spec file marking the license as documentation. (bsc#1082318) - Add new package for SLE-15. (jsc#ECO-1886) ----------------------------------------- Patch: SUSE-2020-1869 Released: Tue Jul 7 15:08:12 2020 Summary: Recommended update for libsolv, libzypp, zypper Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990,1169947,1170801,1171224,1172135,1172925 Description: This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.14: - Enable zstd compression support - Support blacklisted packages in solver_findproblemrule() (bnc#1172135) - Support rules with multiple negative literals in choice rule generation - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.7: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Fix core dump with corrupted history file (bsc#1170801) zypper was updated to 1.14.37: - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) ----------------------------------------- Patch: SUSE-2020-1882 Released: Thu Jul 9 10:23:41 2020 Summary: Recommended update for crmsh Severity: moderate References: 1170037,1170999 Description: This update for crmsh fixes the following issues: - Fix for using SBDManager to configure sbd and enable systemd service as it is necessary. (bsc#1170037, bsc#1170999) ----------------------------------------- Patch: SUSE-2020-1898 Released: Mon Jul 13 15:04:35 2020 Summary: Security update for MozillaFirefox Severity: important References: 1166238,1173576,1173613,CVE-2020-12402,CVE-2020-12415,CVE-2020-12416,CVE-2020-12417,CVE-2020-12418,CVE-2020-12419,CVE-2020-12420,CVE-2020-12421,CVE-2020-12422,CVE-2020-12423,CVE-2020-12424,CVE-2020-12425,CVE-2020-12426 Description: This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576). - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576). - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576). - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576). - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576). - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576). - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576). - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231). Non-security issues fixed: - Fixed interaction with freetype6 (bsc#1173613). ----------------------------------------- Patch: SUSE-2020-1919 Released: Wed Jul 15 10:56:06 2020 Summary: Security update for rubygem-puma Severity: moderate References: 1172175,1172176,CVE-2020-11076,CVE-2020-11077 Description: This update for rubygem-puma to version 4.3.5 fixes the following issues: - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage (bsc#1172175). - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid transfer-encoding header (bsc#1172176). - Disabled TLSv1.0 and TLSv1.1 (jsc#SLE-6965). ----------------------------------------- Patch: SUSE-2020-1928 Released: Wed Jul 15 14:49:25 2020 Summary: Recommended update for fence-agents Severity: moderate References: 1150504,1169485,1169852 Description: This update for fence-agents fixes the following issues: - aliyun: Include the latest upstream fixes on the Alibaba Cloud fence-agent. (bsc#1150504) - Disable cache discovery for 'gcp-vpc-move-route' resource agent. (bsc#1169852) - fence_vmware_rest Failed: 'error' object does not support indexing. (bsc#1169485) ----------------------------------------- Patch: SUSE-2020-1933 Released: Wed Jul 15 15:07:08 2020 Summary: Security update for xrdp Severity: important References: 1173580,CVE-2020-4044 Description: This update for xrdp fixes the following issues: - Security fixes (bsc#1173580, CVE-2020-4044): + Add patches: * xrdp-cve-2020-4044-fix-0.patch * xrdp-cve-2020-4044-fix-1.patch + Rebase SLE patch: * xrdp-fate318398-change-expired-password.patch ----------------------------------------- Patch: SUSE-2020-1935 Released: Wed Jul 15 16:25:57 2020 Summary: Recommended update for azure-li-services Severity: moderate References: Description: This update for azure-li-services fixes the following issues: - Update the motd to reflect the new link for the SUSE forums. - Add prometheus monitoring modules. (jsc#SLE-10545, jsc#SLE-10902, jsc#SLE-10903, jsc#ECO-817, jsc#ECO-818. - Added devel package auto submission - Deployment of HANA Scale-up Performance Optimized Scenario from Salt. (jsc#SLE-11453) - Automate setup of DRBD NFS-Share in SALT and Terraform. (jsc#SLE-11454) ----------------------------------------- Patch: SUSE-2020-1937 Released: Wed Jul 15 23:56:27 2020 Summary: Security update for cairo Severity: moderate References: 1049092,CVE-2017-9814 Description: This update for cairo fixes the following issues: - Fix a memory corruption in pango. - Revert 'Correctly decode Adobe CMYK JPEGs in PDF export'. - Add more FreeeType font color conversions to support COLR/CPAL. - Fix crash when rendering Microsoft's Segoe UI Emoji Regular font. - Fix memory leaks found by Coverity. - Fix assertion failure in the freetype backend. (fdo#105746). - Add cairo-CVE-2017-9814.patch: Replace malloc with _cairo_malloc and check cmap size before allocating (bsc#1049092) ----------------------------------------- Patch: SUSE-2020-1942 Released: Fri Jul 17 13:42:09 2020 Summary: Recommended update for python-kiwi Severity: moderate References: 1143454,1156677,1163978,1164310,1165578,1165823,1165960,1167746,1168480,1168973,1172928 Description: This update for python-kiwi fixes the following issues: - Fixed checking for root device in grub config. (bsc#1172928) - Fix for conflicting files of man-pages between different versions. (bsc#1168973, bsc#1156677) - Fix for the issue when the sizing of virtual cylinders with some disks do not multiple of the cylinder size, and the last cylinder is wasted. If this is more than 5MiB, kiwi tries to resize indefinitely. (bsc#1165823) - Implement support for dynamic 'EFI' by extending grub setup. (bsc#1165960, bsc#1168480) - Fixed result map for OEM pxe install. (bsc#1165578) - Add SECURE_BOOT parameter for 'grub2' in 'efi' mode. (bsc#1167746) - Fix order in fstab. Any mount point directly under '/' should be just right after the root mountpoint and before the custom mountpoints based on user's subvolume configuration. (bsc#1164310) - Fixed handling of fillup templates. (bsc#1163978) - Start using tftp system user package. (bsc#1143454) ----------------------------------------- Patch: SUSE-2020-1953 Released: Sat Jul 18 03:06:11 2020 Summary: Recommended update for parted Severity: important References: 1164260 Description: This update for parted fixes the following issue: - fix support of NVDIMM (pmemXs) devices (bsc#1164260) ----------------------------------------- Patch: SUSE-2020-1958 Released: Mon Jul 20 13:48:43 2020 Summary: Security update for MozillaFirefox Severity: moderate References: 1173948 Description: This update for MozillaFirefox fixes the following issues: - Mozilla Firefox 78.0.2 MFSA 2020-28 (bsc#1173948) * MFSA-2020-0003 (bmo#1644076) X-Frame-Options bypass using object or embed tags - Firefox Extended Support Release 78.0.2esr ESR * Fixed: Security fix * Fixed: Fixed an accessibility regression in reader mode (bmo#1650922) * Fixed: Made the address bar more resilient to data corruption in the user profile (bmo#1649981) * Fixed: Fixed a regression opening certain external applications (bmo#1650162) ----------------------------------------- Patch: SUSE-2020-1995 Released: Wed Jul 22 07:01:57 2020 Summary: Recommended update for alsa Severity: moderate References: 1171246 Description: This update for alsa fixes the following issues: - Add UCM profile for ASUS Chromebook C300. (bsc#1171246) ----------------------------------------- Patch: SUSE-2020-1999 Released: Wed Jul 22 09:04:32 2020 Summary: Recommended update for dracut Severity: moderate References: 1172807 Description: This update for dracut fixes the following issues: - PXE boot process times out (bsc#1172807) ----------------------------------------- Patch: SUSE-2020-2021 Released: Thu Jul 23 09:45:45 2020 Summary: Recommended update for pacemaker Severity: moderate References: 1171372 Description: This update for pacemaker fixes the following issues: - Fixes handling of fence-agents through its parameters in pacemaker (bsc#1171372) - Implement priority fencing delay to make a coordinated, successful fencing in case of 'split-brain'. (jsc#ECO-1611, jsc#SLE-12237) ----------------------------------------- Patch: SUSE-2020-2042 Released: Fri Jul 24 13:59:31 2020 Summary: Recommended update for SAPHanaSR Severity: moderate References: 1173581 Description: This update for SAPHanaSR fixes the following issues: - Fix for log empty site names, but do not generate bad formatted cluster attribute name. (bsc#1173581) - Fix for documentation of some parameter defaults. - Adjust start/stop/promote/monitor action timeouts to match official recommendations. ----------------------------------------- Patch: SUSE-2020-2065 Released: Wed Jul 29 11:09:18 2020 Summary: Security update for samba Severity: moderate References: 1173160,CVE-2020-10745 Description: This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). ----------------------------------------- Patch: SUSE-2020-2070 Released: Wed Jul 29 12:45:13 2020 Summary: Recommended update for crmsh Severity: important References: 1166962,1169581,1170037,1170999 Description: This update for crmsh fixes the following issues: - Fix collecting of binary data to avoid CRC errors in 'hb_report'. (bsc#1166962) - Implement ssh key configuration improvement. (bsc#1169581, jsc#ECO-2035) - Implement using class SBDManager for 'sbd' configuration and management. (bsc#1170037, bsc#1170999) ----------------------------------------- Patch: SUSE-2020-2071 Released: Wed Jul 29 12:47:19 2020 Summary: Recommended update for sapconf Severity: moderate References: 1124453,1139176,1150868,1150870,1166925,1168067,1168840 Description: This update for sapconf fixes the following issues: - Check the values of the 'vm.dirty_*' settings to be in a valid range before activating or restoring these system values. (bsc#1168067) - Add a logrotate drop-in file for sapconf to control the size of the logfile. (bsc#1166925) - Implement and use the system wide security limits. (bsc#1168840) - Add support multi-queued scheduler for block devices. (jsc#SLE-11141, jsc#SLE-11144) - Remove usage of tuned from sapconf (jsc#SLE-10986, jsc#SLE-10989): - Only ONE configuration file for sapconf - All parameters of the tuned profile defined in tuned.conf sapconf - Implement Switching a sapconf profile. - Prevent sapconf related tuned error messages by turning off tuned in the preinstall phase and removing the 'active' sapconf profile. - If sapconf detects an improper tuned profile during start notes that the log, fails the start deliberatly and guides the administrator to the problem. (bsc#1139176) - Use absolute path in the configuration file. (bsc#1124453) - Replace the delimiter for a sed command in postinstall script, because of conflicts with rpm macros. (bsc#1150868, bsc#1150870) ----------------------------------------- Patch: SUSE-2020-2073 Released: Wed Jul 29 18:59:25 2020 Summary: Security update for grub2 Severity: important References: 1168994,1173812,1174463,1174570,CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707 Description: This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use grub_calloc for overflow check and return NULL when it would occur - Use gcc-9 compiler for overflow check builtins - Backport gcc-9 build fixes ----------------------------------------- Patch: SUSE-2020-2080 Released: Wed Jul 29 20:09:09 2020 Summary: Recommended update for libtool Severity: moderate References: 1171566 Description: This update for libtool provides missing the libltdl 32bit library. (bsc#1171566) ----------------------------------------- Patch: SUSE-2020-2083 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Severity: moderate References: 1156913 Description: This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) ----------------------------------------- Version 1.0.6-Production-Build1.44 2020-08-07T07:53:47 ----------------------------------------- Patch: SUSE-2020-2099 Released: Fri Jul 31 08:06:40 2020 Summary: Recommended update for systemd Severity: moderate References: 1173227,1173229,1173422 Description: This update for systemd fixes the following issues: - migrate-sysconfig-i18n.sh: fixed marker handling (bsc#1173229) The marker is used to make sure the script is run only once. Instead of storing it in /usr, use /var which is more appropriate for such file. Also make it owned by systemd package. - Fix inconsistent file modes for some ghost files (bsc#1173227) Ghost files are assumed by rpm to have mode 000 by default which is not consistent with file permissions set at runtime. Also /var/lib/systemd/random-seed was tracked wrongly as a directory. Also don't track (ghost) /etc/systemd/system/runlevel*.target aliases since we're not supposed to track units or aliases user might define/override. - Fix build of systemd on openSUSE Leap 15.2 (bsc#1173422) ----------------------------------------- Patch: SUSE-2020-2106 Released: Mon Aug 3 16:43:48 2020 Summary: Security update for the Linux Kernel Severity: important References: 1051510,1065729,1071995,1104967,1152107,1158755,1162002,1170011,1171078,1171673,1171732,1171868,1172257,1172775,1172781,1172782,1172783,1172999,1173265,1173280,1173514,1173567,1173573,1173659,1173999,1174000,1174115,1174462,1174543,CVE-2019-16746,CVE-2019-20908,CVE-2020-0305,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10769,CVE-2020-10773,CVE-2020-12771,CVE-2020-12888,CVE-2020-13974,CVE-2020-14416,CVE-2020-15393,CVE-2020-15780 Description: The SUSE Linux Enterprise 15 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c which did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107 1173659). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059 (bnc#1172775). The following non-security bugs were fixed: - Merge ibmvnic reset fixes (bsc#1158755 ltc#182094). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). - ibmvnic: Do not process device remove during device reset (bsc#1065729). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1051510). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174000). - vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1051510). - vfio/pci: Mask buggy SR-IOV VF INTx support (bsc#1173999). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). ----------------------------------------- Patch: SUSE-2020-2116 Released: Tue Aug 4 15:12:41 2020 Summary: Security update for libX11 Severity: important References: 1174628,CVE-2020-14344 Description: This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628) ----------------------------------------- Patch: SUSE-2020-2118 Released: Tue Aug 4 15:15:52 2020 Summary: Security update for MozillaFirefox Severity: important References: 1174538,CVE-2020-15652,CVE-2020-15653,CVE-2020-15654,CVE-2020-15655,CVE-2020-15656,CVE-2020-15657,CVE-2020-15658,CVE-2020-15659,CVE-2020-6463,CVE-2020-6514 Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.1.0 ESR * Fixed: Various stability, functionality, and security fixes (bsc#1174538) * CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514: WebRTC data channel leaks internal address to peer * CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653: Bypassing iframe sandbox when allowing popups * CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656: Type confusion for special arguments in IonMonkey * CVE-2020-15658: Overriding file type when saving to disk * CVE-2020-15657: DLL hijacking due to incorrect loading path * CVE-2020-15654: Custom cursor can overlay user interface * CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1 ----------------------------------------- Patch: SUSE-2020-2128 Released: Wed Aug 5 10:28:47 2020 Summary: Recommended update for cryptctl Severity: moderate References: Description: cryptctl was updated to fix the following issue - crypto is shipped into the Basesystem module. (ECO-2067) ----------------------------------------- Patch: SUSE-2020-2144 Released: Thu Aug 6 11:07:58 2020 Summary: Security update for wireshark Severity: moderate References: 1169063,1171899,1173606,CVE-2020-11647,CVE-2020-13164,CVE-2020-15466 Description: This update for wireshark fixes the following issues: - Wireshark to 3.2.5: * CVE-2020-15466: GVCP dissector infinite loop (bsc#1173606) * CVE-2020-13164: NFS dissector crash (bsc#1171899) * CVE-2020-11647: The BACapp dissector could crash (bsc#1169063) - Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.2.5.html ----------------------------------------- Version 1.0.6-Production-Build1.45 2020-08-08T07:53:28 ----------------------------------------- Patch: SUSE-2020-2172 Released: Fri Aug 7 16:11:00 2020 Summary: Security update for perl-XML-Twig Severity: moderate References: 1008644,CVE-2016-9180 Description: This update for perl-XML-Twig fixes the following issues: - Security fix [bsc#1008644, CVE-2016-9180] * Setting expand_external_ents to 0 or -1 currently doesn't work as expected; To completely turn off expanding external entities use no_xxe. * Update documentation for XML::Twig to mention problems with expand_external_ents and add information about new no_xxe argument ----------------------------------------- Version 1.0.6-Production-Build1.47 2020-08-11T07:51:45 ----------------------------------------- Patch: SUSE-2020-2185 Released: Mon Aug 10 14:16:58 2020 Summary: Recommended update for drbd Severity: moderate References: 1174543 Description: This update of drbd fixes the following issue: - rebuilt with new signing key. (bsc#1174543) ----------------------------------------- Version 1.0.6-Production-Build1.49 2020-08-12T07:52:55 ----------------------------------------- Patch: SUSE-2020-2197 Released: Tue Aug 11 13:32:49 2020 Summary: Security update for libX11 Severity: important References: 1174628,CVE-2020-14344 Description: This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628). ----------------------------------------- Patch: SUSE-2020-2208 Released: Tue Aug 11 17:25:45 2020 Summary: Recommended update for rsyslog Severity: important References: 1173338 Description: This update for rsyslog fixes the following issues: - Fix for logrotate to avoid unexpected exit with coredump after logrotate. (bsc#1173338) ----------------------------------------- Version 1.0.6-Production-Build1.50 2020-08-13T07:51:48 ----------------------------------------- Patch: SUSE-2020-2219 Released: Wed Aug 12 15:47:42 2020 Summary: Recommended update for supportutils-plugin-suse-public-cloud and python3-azuremetadata Severity: moderate References: 1170475,1170476,1173238,1173240,1173357,1174618,1174847 Description: This update for supportutils-plugin-suse-public-cloud and python3-azuremetadata fixes the following issues: supportutils-plugin-suse-public-cloud: - Fixes an error when supportutils-plugin-suse-public-cloud and supportutils-plugin-salt are installed at the same time (bsc#1174618) - Sensitive information like credentials (such as access keys) will be removed when the metadata is being collected (bsc#1170475, bsc#1170476) python3-azuremetadata: - Added latest support for `--listapis` and `--api` (bsc#1173238, bsc#1173240) - Detects when the VM is running in ASM (Azure Classic) and does now handle the condition to generate the data without requiring access to the full IMDS available, only in ARM instances (bsc#1173357, bsc#1174847) ----------------------------------------- Patch: SUSE-2020-2220 Released: Wed Aug 12 16:23:08 2020 Summary: Recommended update for hawk2 Severity: moderate References: Description: This update for hawk2 fixes the following issue: Update to version 2.1.2+git.1594886920.d00b94aa: - Update puma rubygem requirement to version 4.3.5 for disabling TLSv1.0 and TLSv1.1 (jsc#SLE-6965) ----------------------------------------- Version 1.0.6-Production-Build1.51 2020-08-14T07:51:46 ----------------------------------------- Patch: SUSE-2020-2221 Released: Thu Aug 13 09:06:20 2020 Summary: Recommended update for SUSEConnect Severity: moderate References: 1130864,1155911,1160007 Description: This update for SUSEConnect fixes the following issues: Update from version 0.3.22 to version 0.3.25 - Don't fail de-activation when '-release' package already got removed. - Fix cloud_provider detection on AWS large instances. (bsc#1160007) - Forbid de-registration for on-demand Public Cloud instances. (bsc#1155911) - Setup customer_center on read-only boot system. (bsc#1130864) ----------------------------------------- Patch: SUSE-2020-2223 Released: Thu Aug 13 09:12:03 2020 Summary: Recommended update for zypper-migration-plugin Severity: moderate References: 1100137,1107238,1171652 Description: This update for zypper-migration-plugin fixes the following issues: - Fix for an issue when not all release packages are installed after migration. (bsc#1171652) - Fix for snapper configuration to avoid migration failures. (jira#SLE-7752) - Fix for the issue when zypper migration tool does not provide a proper exit code if it is not mirrored on registration server. (bsc#1107238) - Fix for failing salt migration by check for closed standard input. (bsc#1100137) ----------------------------------------- Patch: SUSE-2020-2224 Released: Thu Aug 13 09:15:47 2020 Summary: Recommended update for glibc Severity: moderate References: 1171878,1172085 Description: This update for glibc fixes the following issues: - Fix concurrent changes on nscd aware files appeared by 'getent' when the NSCD cache was enabled. (bsc#1171878, BZ #23178) - Implement correct locking and cancellation cleanup in syslog functions. (bsc#1172085, BZ #26100) ----------------------------------------- Version 1.0.6-Production-Build1.52 2020-08-15T07:53:14 ----------------------------------------- Patch: SUSE-2020-2243 Released: Fri Aug 14 15:27:12 2020 Summary: Recommended update for grub2 Severity: important References: 1174782,1175036,1175060 Description: This update for grub2 fixes the following issues: - A potential regression has been fixed that would cause systems with an updated 'grub2' to boot no longer due to a missing 'grub-calloc' linker symbol. (bsc#1174782) ----------------------------------------- Version 1.0.6-Production-Build1.53 2020-08-18T07:52:08 ----------------------------------------- Patch: SUSE-2020-2256 Released: Mon Aug 17 15:08:46 2020 Summary: Recommended update for sysfsutils Severity: moderate References: 1155305 Description: This update for sysfsutils fixes the following issue: - Fix cdev name comparison. (bsc#1155305) ----------------------------------------- Version 1.0.6-Production-Build1.56 2020-08-20T07:52:54 ----------------------------------------- Patch: SUSE-2020-2276 Released: Wed Aug 19 13:22:45 2020 Summary: Security update for python Severity: moderate References: 1174091,CVE-2019-20907 Description: This update for python fixes the following issues: - CVE-2019-20907: Avoid a possible infinite loop caused by specifically crafted tarballs (bsc#1174091). ----------------------------------------- Patch: SUSE-2020-2277 Released: Wed Aug 19 13:24:03 2020 Summary: Security update for python3 Severity: moderate References: 1174091,CVE-2019-20907 Description: This update for python3 fixes the following issues: - bsc#1174091, CVE-2019-20907: avoiding possible infinite loop in specifically crafted tarball. ----------------------------------------- Patch: SUSE-2020-2279 Released: Wed Aug 19 21:26:55 2020 Summary: Recommended update for libzypp Severity: moderate References: 1173106,1174011 Description: This update for libzypp fixes the following issues: - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) - Completey rework the purge-kernels algorithm. The new code is closer to the original perl script, grouping the packages by name before applying the keep spec. (bsc#1173106) - Set ZYPP_RPM_DEBUG=1 to capture verbose rpm command output. ----------------------------------------- Patch: SUSE-2020-2281 Released: Wed Aug 19 21:28:12 2020 Summary: Recommended update for openssl-1_0_0 Severity: moderate References: 1174459 Description: This update for openssl-1_0_0 fixes the following issue: - Versioning the exported symbols and avoid failures due to the lack of versioning. (bsc#1174459) ----------------------------------------- Version 1.0.6-Production-Build1.57 2020-08-21T07:54:07 ----------------------------------------- Patch: SUSE-2020-2284 Released: Thu Aug 20 16:04:17 2020 Summary: Recommended update for ca-certificates-mozilla Severity: important References: 1010996,1071152,1071390,1154871,1174673,973042 Description: This update for ca-certificates-mozilla fixes the following issues: update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 - reverted p11-kit nss trust integration as it breaks in fresh installations (bsc#1154871) ----------------------------------------- Version 1.0.6-Production-Build1.58 2020-08-25T07:55:09 ----------------------------------------- Patch: SUSE-2020-2296 Released: Mon Aug 24 10:34:37 2020 Summary: Security update for gettext-runtime Severity: moderate References: 1106843,1113719,941629,CVE-2018-18751 Description: This update for gettext-runtime fixes the following issues: - Fix boo941629-unnessary-rpath-on-standard-path.patch (bsc#941629) - Added msgfmt-double-free.patch to fix a double free error (CVE-2018-18751 bsc#1113719) - Add patch msgfmt-reset-msg-length-after-remove.patch which does reset the length of message string after a line has been removed (bsc#1106843) ----------------------------------------- Version 1.0.6-Production-Build1.59 2020-08-26T07:55:04 ----------------------------------------- Patch: SUSE-2020-2303 Released: Tue Aug 25 14:46:36 2020 Summary: Security update for grub2 Severity: important References: 1172745,1174421,CVE-2020-15705 Description: This update for grub2 fixes the following issues: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). - Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745). ----------------------------------------- Version 1.0.6-Production-Build1.61 2020-08-27T07:55:01 ----------------------------------------- Patch: SUSE-2020-2337 Released: Wed Aug 26 13:00:47 2020 Summary: Recommended update for dracut Severity: moderate References: 1172807 Description: This update for dracut fixes the following issue: - Fix typo in did setup conditional. (bsc#1172807) ----------------------------------------- Patch: SUSE-2020-2346 Released: Wed Aug 26 17:03:06 2020 Summary: Security update for graphviz Severity: low References: 1093447,CVE-2018-10196 Description: This update for graphviz fixes the following issues: - CVE-2018-10196: Fixed a null dereference in rebuild_vlis (bsc#1093447). ----------------------------------------- Patch: SUSE-2020-2350 Released: Wed Aug 26 17:17:02 2020 Summary: Recommended update for hyper-v Severity: moderate References: 1093910,1100758,1174443,1174444 Description: This update for hyper-v fixes the following issues: - Remove dependency to network-online.target now that gethostname is used in kvp_daemon. (bsc#1174443, bsc#1174444) - Reopen the devices if read() or write() returns errors - Use either python2 or python3 for lsvmbus. (bsc#1093910) - Remove sysv init scripts - Enable build on aarch64 - Use gethostname for async name resolution. (bsc#1100758) - Asynchronous name resolution in kvp_daemon. (bsc#1100758) - kvp: eliminate 'may be used uninitialized' warning - Fixed Python pep8/flake8 warnings for lsvmbus - Replace GPLv2 boilerplate/reference with SPDX - Fix a warning of buffer overflow with gcc 8.0.1 - fcopy: set 'error' in case an unknown operation was requested - vss: fix loop device detection. - Fix IP reporting by KVP daemon with SRIOV - Fix a bug in the key delete code - Fix compiler warnings about major/target_fname ----------------------------------------- Version 1.0.6-Production-Build1.63 2020-08-29T07:53:20 ----------------------------------------- Patch: SUSE-2020-2380 Released: Fri Aug 28 14:54:08 2020 Summary: Recommended update for supportutils-plugin-suse-public-cloud Severity: moderate References: 1175250,1175251 Description: This update for supportutils-plugin-suse-public-cloud contains the following fix: - Update to version 1.0.5: (bsc#1175250, bsc#1175251) + Query for new GCE initialization code packages ----------------------------------------- Patch: SUSE-2020-2384 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Severity: low References: 1170964 Description: This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) ----------------------------------------- Version 1.0.6-Production-Build1.67 2020-09-02T07:54:24 ----------------------------------------- Patch: SUSE-2020-2411 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 Description: This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR → WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------- Patch: SUSE-2020-2412 Released: Tue Sep 1 13:31:07 2020 Summary: Recommended update for icewm-theme-branding Severity: moderate References: 1170420,1173441 Description: This update for icewm-theme-branding fixes the following issue: - Fixed obsoletion of *icewm-config-upstream*. (bsc#1173441, bsc#1170420) ----------------------------------------- Patch: SUSE-2020-2420 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Severity: moderate References: 1174551,1174736 Description: This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------- Patch: SUSE-2020-2440 Released: Tue Sep 1 22:14:33 2020 Summary: Recommended update for libmaxminddb Severity: moderate References: 1175006 Description: This update for libmaxminddb fixes the following issues: - update to 1.4.3: * Use of uninitialized memory in dump_entry_data_list() could have cause a heap buffer flow in mmdblookup [bsc#1175006] ----------------------------------------- Version 1.0.6-Production-Build1.70 2020-09-03T07:54:19 ----------------------------------------- Patch: SUSE-2020-2446 Released: Wed Sep 2 09:33:22 2020 Summary: Security update for curl Severity: moderate References: 1175109,CVE-2020-8231 Description: This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------- Patch: SUSE-2020-2453 Released: Wed Sep 2 13:59:21 2020 Summary: Security update for java-1_8_0-ibm Severity: moderate References: 1174157,1175259,CVE-2019-17639,CVE-2020-14556,CVE-2020-14577,CVE-2020-14578,CVE-2020-14579,CVE-2020-14581,CVE-2020-14583,CVE-2020-14593,CVE-2020-14621 Description: This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 15 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - JAVA.UTIL.ZIP.DEFLATER OPERATIONS THROW JAVA.LANG.INTERNALERROR - JAVA 8 DECODER OBJECTS CONSUME A LARGE AMOUNT OF JAVA HEAP - TRANSLATION MESSAGES UPDATE FOR JCL - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Java Virtual Machine: - IBM JAVA REGISTERS A HANDLER BY DEFAULT FOR SIGABRT - LARGE MEMORY FOOTPRINT HELD BY TRACECONTEXT OBJECT * JIT Compiler: - CRASH IN THE INTERPRETER AFTER OSR FROM INLINED SYNCHRONIZED METHOD IN DEBUGGING MODE - INTERMITTENT ASSERTION FAILURE REPORTED - CRASH IN RESOLVECLASSREF() DURING AOT LOAD - JIT CRASH DURING CLASS UNLOADING IN J9METHOD_HT::ONCLASSUNLOADING() - SEGMENTATION FAULT WHILE COMPILING A METHOD - UNEXPECTED CLASSCASTEXCEPTION THROWN IN HIGH LEVEL PARALLEL APPLICATION ON IBM Z PLATFORM * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE - CHANGES TO IBMJCE AND IBMJCEPLUS PROVIDERS - IBMJCEPLUS FAILS, WHEN THE SECURITY MANAGER IS ENABLED, WITH DEFAULT PERMISSIONS, SPECIFIED IN JAVA.POLICY FILE - IN CERTAIN INSTANCES, IBMJCEPLUS PROVIDER THROWS EXCEPTION FROM KEYFACTORY CLASS ----------------------------------------- Patch: SUSE-2020-2458 Released: Wed Sep 2 15:44:30 2020 Summary: Recommended update for iputils Severity: moderate References: 927831 Description: This update for iputils fixes the following issue: - ping: Remove workaround for bug in IP_RECVERR on raw sockets. (bsc#927831) ----------------------------------------- Patch: SUSE-2020-2459 Released: Wed Sep 2 15:49:37 2020 Summary: Recommended update for crmsh Severity: moderate References: 1175057 Description: This update for crmsh fixes the following issues: - Fixes an issue by 'ssh_merge' function for compatibility. (bsc#1175057) - Adjust sbd config process to fix bug on sbd stage. (bsc#1175057) ----------------------------------------- Patch: SUSE-2020-2464 Released: Wed Sep 2 23:25:41 2020 Summary: Recommended update for icewm Severity: moderate References: 1170420,1173441 Description: This update for icewm fixes the following issues: - Fixes an issue where icewm updates could no longer be installed (bsc#1173441, bsc#1170420) ----------------------------------------- Version 1.0.6-Production-Build1.71 2020-09-04T07:54:17 ----------------------------------------- Patch: SUSE-2020-2474 Released: Thu Sep 3 12:10:29 2020 Summary: Security update for libX11 Severity: moderate References: 1175239,CVE-2020-14363 Description: This update for libX11 fixes the following issues: - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239). ----------------------------------------- Version 1.0.6-Production-Build1.72 2020-09-05T07:53:06 ----------------------------------------- Patch: SUSE-2020-2542 Released: Fri Sep 4 18:10:27 2020 Summary: Recommended update for python-kiwi Severity: moderate References: 1096738,1165730,1172908,1173226,1173356,1174009 Description: This update for python-kiwi contains the following fixes: - Bump version up to 9.21.7: This version upgrade includes several fixes: * Skip filesystem check for XFS prior xfs_grow running xfs_repair check isn't strictly necessary before resizing, and in some cases it may even prevent resizing by giving an error that would be cleared through mounting the fs (e.g. when the fs wasn't cleanly umounted, and thus letting xfs recover and replay its journal). Given that xfs can only grow online (while being mounted), this is sufficient to ensure that the fs is in a state where it can be resized. This is related to bsc#1174009. (bsc#1174009) * Fixed grub setup in EFI/BOOT directory kiwi copied the same grub.cfg file as it exists in boot/grub2 to the efi path. This is wrong as the setup in the efi boot directory is used to enable normal grub loading and not providing the user grub configuration. In addition the changes here makes sure that the early grub boot code is placed into the system in any EFI case except for secure boot when shim-install is present. If shim-install is present it also creates the early grub boot setup such that kiwi doesn't have to do it. This Fixes #1491 and Fixes bsc#1172908. (bsc#1172908) * Use rsync in inplace transfer mode Using the --inplace option in rsync helps to save space on syncing the rootfs data and prevents e.g OBS workers from running out of VM space when transfering root filesystem data. Also using --inplace allows to keep hardlinks intact. This is related to bsc#1096738. (bsc#1096738) * Don't keep copy of grub2-install in the system To prevent shim-install from calling grub2-install in uefi mode kiwi temporary replaces the tool by a noop. This acts as a workaround for an issue in shim-install. However the workaround left a file copy of grub2-install in the system which should not happen. This commit Fixes bsc#1173226 and Fixes #1490. (bsc#1173226) * Fixes live ISOs This commit fixes iso images. Due to a change introduced in c7ed1cf live ISOs were no longer booting as the rootfs.img filesystem was copied to the squashfs container while being still mounted. Because of that, at boot time, it refused to mount. This commit adds umount method for the filesystem base class, so it can be umounted before deleting the instance. Fixes #1489 and bsc#1173356. (bsc#1173356) * Support grub timeout_style parameter Grub supports a style setting that influences the display of the menu depending on the configured timeout value. With this patch kiwi allows to specify the style via a new bootloader parameter named timeout_style='hidden|countdown'. If not set the grub default applies which shows the menu in any case. This Fixes bsc#1165730 and Fixes #1404. (bsc#1165730) * Use auto video mode as default for grub An explicit video mode 800x600 was used for grub if no video mode setup exists in the XML description. For grub this should better result in the auto mode. Related to bsc#1165730. (bsc#1165730) ----------------------------------------- Version 1.0.6-Production-Build1.73 2020-09-08T07:53:43 ----------------------------------------- Patch: SUSE-2020-2563 Released: Mon Sep 7 17:10:39 2020 Summary: Security update for MozillaFirefox Severity: moderate References: 1173991,1174284,1175686,CVE-2020-15663,CVE-2020-15664,CVE-2020-15670 Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.2.0 ESR * Fixed: Various stability, functionality, and security fixes - Mozilla Firefox ESR 78.2 MFSA 2020-38 (bsc#1175686) * CVE-2020-15663 (bmo#1643199) Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege * CVE-2020-15664 (bmo#1658214) Attacker-induced prompt for extension installation * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, bmo#1656957) Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 - Fixed Firefox tab crash in FIPS mode (bsc#1174284). - Fix broken translation-loading (bsc#1173991) * allow addon sideloading * mark signatures for langpacks non-mandatory * do not autodisable user profile scopes - Google API key is not usable for geolocation service any more ----------------------------------------- Version 1.0.6-Production-Build1.76 2020-09-09T07:54:28 ----------------------------------------- Patch: SUSE-2020-2567 Released: Tue Sep 8 12:03:33 2020 Summary: Recommended update for azure-li-services Severity: important References: Description: This update for azure-li-services fixes the following issues: - Update prometheus monitoring modules for the LI and VLI images for SLE15-SP1/SP2 and GA. (jsc#SLE-10545, jsc#SLE-10902, jsc#SLE-10903, jsc#ECO-817, jsc#ECO-818) ----------------------------------------- Patch: SUSE-2020-2569 Released: Tue Sep 8 14:58:49 2020 Summary: Security update for libjpeg-turbo Severity: moderate References: 1172491,CVE-2020-13790 Description: This update for libjpeg-turbo fixes the following issues: - CVE-2020-13790: Fixed a heap-based buffer over-read via a malformed PPM input file (bsc#1172491). ----------------------------------------- Patch: SUSE-2020-2572 Released: Tue Sep 8 17:09:48 2020 Summary: Recommended update for resource-agents Severity: moderate References: 1170354,1175101 Description: This update for resource-agents fixes the following issues: - GCP Resource Agents - Support for Multi Alias IP. (bsc#1175101) - OCF version check for pacemaker is incompatible with the SUSE version strings. (bsc#1170354) ----------------------------------------- Version 1.0.7-Production-Build1.3 2020-09-10T07:54:05 ----------------------------------------- Patch: SUSE-2019-1691 Released: Mon Jun 24 16:21:37 2019 Summary: Recommended update for SUSE Manager Client Tools Severity: moderate References: 1095804,1103388,1103696,1104034,1118492,1120242,1125610,1125744,1128529,1128564,1129243,1129300,1130041,1130077,1131677,1132346,1133424,1134876,1136102,1138130,987798 Description: This update fixes the following issues: koan: - Require virt-install only for RHEL6/7. Other distributions accepting Recommends must use it as virt-install is not available sometimes (for example SLED) - Change virt-install from Reccommends to Require because this fixes RHEL 6 & 7 - Fix regex error in the files section - Remove Recursion in python_sitelib and remove non relevant parts of the specfile - Replace python2_sitelib macro with python_sitelib to fix build on older distros. - Remove duplicate file section entrys - Adjust Group Tag to Development/Libraries/Python to satisfy linter prometheus-node_exporter: - Add the package to the SLE Basesytem module. (fate#327287) rhnlib: - Add group to python*-rhnlib to fix building at SLE11 - Read SSL decoded buffer completely when no pending bytes on the underlying connection. - Fix encoding issues after porting to Python 3. - Sync changes from Spacewalk - 1652859 - python3 http.client does not contain _set_hostport() - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacecmd: - Save SSM list on system delete and update cache (bsc#1130077, bsc#1125744) - Replace iteritems with items for python2/3 compat (bsc#1129243) - Fix python 3 bytes issue when handling config channels - Prevent spacecmd crashing when piping the output in Python 3 (bsc#1125610) - Fix compatibility with Python 3 - Add function to merge errata and packages through spacecmd (bsc#987798) - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-backend: - Use new names in code for client tool packages which were renamed (bsc#1134876) - Fix password prompt within mgr-sign-metadata - Fix TypeError for 'errata.getErrataInfo' XMLRPC handler (bsc#1132346) - Fix typo in syncing product extensions (bsc#1118492) - Fix mgr-sign-metadata-ctl checking of exported keys. - Use suseLib.get_proxy to get the HTTP proxy configuration properly on DEB repos (bsc#1133424) - Add support for mirrorlist and metalink on Zypper reposync. - Solve situations where synced packages have epoch 0 but reposync does not find them them on the database. - Fix path to the RPM database used by Zypper at reposync. - Add makefile for python linter and unit/integration tests - Fix linking of packages in reposync (bsc#1131677) - Include arch to distinct latest packages on reposync. - Migrate missing spacewalk-cfg-get script to Python3 - Improve dependency solving algorithm for spacewalk-repo-sync. - Remove apache access_compat module and adapt config files - Add support for getting latest versions from RPM packages when running 'spacewalk-repo-sync' after migration to Zypper. - Include packages dependencies on 'spacewalk-repo-sync' when using filters for RPM packages. - Allow package filtering (name matching) on spacewalk-repo-sync after migrating away from yum. - Fix crash when importing new channel families on 'mgr-inter-sync' (bsc#1129300) - Make Zypper to use the spacewalk GPG keyring in reposync (bsc#1128529) - Fix: handle non-standard filenames for comps.xml (bsc#1120242) - Make reposync use and append token correctly to the URL - Fix invalid mode error when doing spacewalk-repo-sync on Ubuntu official repos. - Fix bootstrapping SLE15 traditional client (bsc#1128564) - Fix reading LOB objects with python3 - Fix 'mgr-inter-sync' problems after Python 3 migration. - Mgr-sign-metadata can optionally clear-sign metadata files - Allow errata import from local repositories. - Fix 'rhnpush' after migration to Python 3. - Fix package import issues when package encoding is ISO8859-1. - Fix issues with HTTP proxy and reposync. - Solve Python 3 problem and allow traditional registration. - Add 'python-urlgrabber' as a new dependency. - Fix Python3 issues on satellite_tools scripts - Use 'Zypper' and 'libsolv' in 'spacewalk-repo-sync'. Replace 'yum'. - Require the correct dependency for python-rpm to allow the Proxy to work with Python3 only - Make rhn-ssl-dbstore compatible with python3 - Take only text files from /srv/salt to make spacewalk-debug smaller (bsc#1103388) - Support mirroring of source packages - Make spacewalk-backend code compatible with Python 3 - Prepare spacewalk-backend packages to build on Python 3 - Replace PyPAM with python-python-pam - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - Disable Oracle support for openSUSE (bsc#1095804) spacewalk-client-tools: - Fix bootstrapping SLE15 traditional client (bsc#1128564) - Sync with Spacewalk - Add ability to work behind http proxies - 1666099 - python3 is picky about bytes and string - Fix testConfig.py - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - The rhnsd service was replaced by rhnsd timer, so registration script and systemd presets are now adapted to this (bsc#1138130) spacewalk-koan: - Fix building on openSUSE 15.0 - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-oscap: - Fix python2 compilation on openSUSE - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-remote-utils: - Sync changes from Spacewalk - 1649374 - Update spacewalk-remote-utils with RHEL 7.6 channel definitions - 1633532 - Use python-gpg instead of python-gpgme where possible - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-usix: - Add compatibility with Python 3 - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) supportutils-plugin-susemanager-client: - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) suseRegisterInfo: - Make suseRegisterInfo compatible with Python 2 and 3 - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) zypp-plugin-spacewalk: - Fix python syntax error in distupgrade (bsc#1136102) mgr-daemon: - rhnsd service was replaced by rhnsd timer (bsc#1138130) ----------------------------------------- Patch: SUSE-2020-1676 Released: Thu Jun 18 14:08:31 2020 Summary: Optional update for 5 packages related to prometheus Severity: low References: 1137989,1164604,1170717 Description: This update adds prometheus-ha_cluster_exporter, prometheus-hanadb_exporter, prometheus-sap_host_exporter, python3-prometheus_client, and python3-shaptools to SUSE Linux Enterprise Server for SAP Applications 15. ----------------------------------------- Patch: SUSE-2020-1980 Released: Tue Jul 21 02:42:11 2020 Summary: Recommended update for golang-github-prometheus-node_exporter Severity: moderate References: 1143913 Description: This update for golang-github-prometheus-node_exporter fixes the following issues: - Update from version 0.17.0 to version 0.18.1 (jsc#ECO-2110) 0.18.1 / 2019-06-04 * [BUGFIX] Fix incorrect sysctl call in BSD meminfo collector, resulting in broken swap metrics on FreeBSD * [BUGFIX] Fix rollover bug in mountstats collector 0.18.0 / 2019-05-09 * Renamed interface label to device in netclass collector for consistency with other network metrics * The cpufreq metrics now separate the cpufreq and scaling data based on what the driver provides * The labels for the network_up metric have changed * Bonding collector now uses mii_status instead of operstatus * Several systemd metrics have been turned off by default to improve performance * These include unit_tasks_current, unit_tasks_max, service_restart_total, and unit_start_time_seconds * The systemd collector blacklist now includes automount, device, mount, and slice units by default. * [CHANGE] Bonding state uses mii_status * [CHANGE] Add a limit to the number of in-flight requests * [CHANGE] Renamed interface label to device in netclass collector * [CHANGE] Add separate cpufreq and scaling metrics * [CHANGE] Several systemd metrics have been turned off by default to improve performance * [CHANGE] Expand systemd collector blacklist * [CHANGE] Split cpufreq metrics into a separate collector * [FEATURE] Add a flag to disable exporter metrics * [FEATURE] Add kstat-based Solaris metrics for boottime, cpu and zfs collectors * [FEATURE] Add uname collector for FreeBSD * [FEATURE] Add diskstats collector for OpenBSD * [FEATURE] Add pressure collector exposing pressure stall information for Linux * [FEATURE] Add perf exporter for Linux * [ENHANCEMENT] Add Infiniband counters * [ENHANCEMENT] Add TCPSynRetrans to netstat default filter * [ENHANCEMENT] Move network_up labels into new metric network_info * [ENHANCEMENT] Use 64-bit counters for Darwin netstat * [BUGFIX] Add fallback for missing /proc/1/mounts * [BUGFIX] Fix node_textfile_mtime_seconds to work properly on symlinks - Add network-online (Wants and After) dependency to systemd unit bsc#1143913 ----------------------------------------- Patch: SUSE-2020-2255 Released: Mon Aug 17 15:07:38 2020 Summary: Recommended update for prometheus-sap_host_exporter and prometheus-ha_cluster_exporter Severity: moderate References: Description: This update for prometheus-sap_host_exporter and prometheus-ha_cluster_exporter fixes the following issues: prometheus-sap_host_exporter: - Added * --version command line parameter - Fixed * Some usage details are now further clarified prometheus-ha_cluster_exporter: - Features * Added support for corosync v3 - Changed * The CLI flag --enable-timestamps and its config option have been marked as deprecated - Fixes * Fixed an issue with `corosync-quorumtool` parsing in Corosync v2.3.6 ----------------------------------------- Patch: SUSE-2020-2581 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Severity: moderate References: 1174154,CVE-2020-15719 Description: This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------- Patch: SUSE-2020-2583 Released: Wed Sep 9 15:27:54 2020 Summary: Security update for avahi Severity: moderate References: 1154063 Description: This update for avahi fixes the following issues: - When changing ownership of /var/lib/autoipd, only change ownership of files owned by avahi, to mitigate against possible exploits (bsc#1154063). ----------------------------------------- Patch: SUSE-2020-2585 Released: Wed Sep 9 22:02:25 2020 Summary: Recommended update for yast2-cluster Severity: moderate References: 1149089,1175648 Description: This update for yast2-cluster fixes the following issues: - Fixes a bug where the csync2 service couldn't be disabled (bsc#1175648) - Added qdevice heuristics support (jsc#SLE-12432) ----------------------------------------- Version 1.0.7-Production-Build1.4 2020-09-12T07:57:13 ----------------------------------------- Patch: SUSE-2020-2610 Released: Fri Sep 11 11:11:50 2020 Summary: Security update for the Linux Kernel Severity: important References: 1058115,1071995,1154366,1165629,1165631,1171988,1172428,1173798,1174205,1174757,1175112,1175122,1175128,1175204,1175213,1175515,1175518,1175691,1175992,1176069,CVE-2020-10135,CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-14386,CVE-2020-16166,CVE-2020-1749,CVE-2020-24394 Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bugs were fixed: - cifs: add support for fallocate mode 0 for non-sparse files (bsc#1175122). - cifs: allow unlock flock and OFD lock across fork (bsc#1175122). - cifs_atomic_open(): fix double-put on late allocation failure (bsc#1175122). - cifs: Avoid doing network I/O while holding cache lock (bsc#1175122). - cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1175122). - cifs: Clean up DFS referral cache (bsc#1175122). - cifs: document and cleanup dfs mount (bsc#1172428 bsc#1175122). - cifs: do not ignore the SYNC flags in getattr (bsc#1175122). - cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1175122). - cifs: do not share tcons with DFS (bsc#1175122). - cifs: ensure correct super block for DFS reconnect (bsc#1175122). - cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1175122). - cifs: fiemap: do not return EINVAL if get nothing (bsc#1175122). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1172428 bsc#1175122). - cifs: fix double free error on share and prefix (bsc#1172428 bsc#1175122). - cifs: fix leaked reference on requeued write (bsc#1175122). - cifs: fix NULL dereference in match_prepath (bsc#1175122). - cifs: Fix null pointer check in cifs_read (bsc#1175122). - cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1175122). - cifs: fix potential mismatch of UNC paths (bsc#1175122). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1175122). - cifs: Fix return value in __update_cache_entry (bsc#1175122). - cifs: fix soft mounts hanging in the reconnect code (bsc#1175122). - cifs: Fix task struct use-after-free on reconnect (bsc#1175122). - cifs: fix uninitialised lease_key in open_shroot() (bsc#1175122). - cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1175122). - cifs: Get rid of kstrdup_const()'d paths (bsc#1175122). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1175122). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1172428 bsc#1175122). - cifs: handle hostnames that resolve to same ip in failover (bsc#1175122). - cifs: handle prefix paths in reconnect (bsc#1175122). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1172428 bsc#1175122). - cifs: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1175122). - cifs: Introduce helpers for finding TCP connection (bsc#1175122). - cifs: make sure we do not overflow the max EA buffer size (bsc#1175122). - cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1175122). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1172428 bsc#1175122). - cifs: Merge is_path_valid() into get_normalized_path() (bsc#1175122). - cifs: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1175122). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1172428 bsc#1175122). - cifs: Optimize readdir on reparse points (bsc#1175122). - cifs: potential unintitliazed error code in cifs_getattr() (bsc#1175122). - cifs: protect updating server->dstaddr with a spinlock (bsc#1175122). - cifs: reduce number of referral requests in DFS link lookups (bsc#1172428 bsc#1175122). - cifs: rename reconn_inval_dfs_target() (bsc#1172428 bsc#1175122). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1175122). - cifs: set up next DFS target before generic_ip_connect() (bsc#1175122). - cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1175122). - cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1175122). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175128). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - scripts/git_sort/git_sort.py: add bluetooth/bluetooth-next.git repository - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - smb3: fix performance regression with setting mtime (bsc#1175122). - smb3: query attributes on file close (bsc#1175122). - smb3: remove unused flag passed into close functions (bsc#1175122). - Update patch reference for a tipc fix patch (bsc#1175515) - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). ----------------------------------------- Patch: SUSE-2020-2612 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Severity: moderate References: 1176179,CVE-2020-24977 Description: This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------- Version 1.0.7-Production-Build1.5 2020-09-15T07:57:31 ----------------------------------------- Patch: SUSE-2020-2626 Released: Mon Sep 14 18:10:52 2020 Summary: Security update for shim Severity: moderate References: 1168994,1175626,1175656,CVE-2020-10713 Description: This update for shim fixes the following issues: - Update to the unified shim binary from SUSE Linux Enterprise 15-SP1 (bsc#1168994) This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting. This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from July / August 2020 are applied. Additional fixes: + shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656) ----------------------------------------- Version 1.0.7-Production-Build1.8 2020-09-18T07:57:53 ----------------------------------------- Patch: SUSE-2020-2651 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Severity: moderate References: 1175811,1175830,1175831 Description: This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------- Patch: SUSE-2020-2667 Released: Thu Sep 17 14:46:50 2020 Summary: Recommended update for openssl-1_0_0 Severity: moderate References: 1175429 Description: This update for openssl-1_0_0 fixes the following issues: - Provide the same symbols as other distros in a compatible package. (bsc#1175429) - Add OPENSSL_1.0.1_EC symbol. (bsc#1175429) ----------------------------------------- Patch: SUSE-2020-2675 Released: Thu Sep 17 23:47:16 2020 Summary: Recommended update for sbd Severity: moderate References: 1108393,1140065,1143064,1148236,1150429,1174915,963674 Description: This update for sbd fixes the following issues: - Add a warning log if failed to open/read device on startup. (bsc#1150429) - agent: log detailed errors for monitor failures (bsc#1148236) - Query if 'rt-budget > 0' otherwise try moving to 'root-slice'. (bsc#1143064) - Rebase fix for SBD cluster in case of exiting disconnected 'cmap'. (bsc#1140065) - sbd-inquisitor: refuse to start if any of the configured device names is invalid. (bsc#1174915) - systemd: make pacemaker wait for sbd-start to complete. (bsc#1108393) - Fix node name parameter in manpage. (bsc#963674) ----------------------------------------- Version 1.0.7-Production-Build1.10 2020-09-19T07:57:53 ----------------------------------------- Patch: SUSE-2020-2680 Released: Fri Sep 18 13:53:09 2020 Summary: Recommended update for crmsh Severity: moderate References: 1176178 Description: This update for crmsh fixes the following issues: - Fixes an issue when parallax shows an error by joining a node. (bsc#1176178) ----------------------------------------- Version 1.0.7-Production-Build1.12 2020-09-23T08:17:55 ----------------------------------------- Patch: SUSE-2020-2705 Released: Tue Sep 22 15:07:38 2020 Summary: Recommended update for drbd Severity: moderate References: 1174783 Description: This update for drbd fixes the following issue: - Fix GFP flags in data path and not cause other IO to start. (bsc#1174783) ----------------------------------------- Patch: SUSE-2020-2710 Released: Tue Sep 22 17:06:19 2020 Summary: Security update for rubygem-actionpack-5_1 Severity: important References: 1172177,CVE-2020-8164 Description: This update for rubygem-actionpack-5_1 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. (bsc#1172177) ----------------------------------------- Patch: SUSE-2020-2712 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Severity: moderate References: 1175568,CVE-2020-8027 Description: This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------- Version 1.0.7-Production-Build1.13 2020-09-23T14:21:20 ----------------------------------------- Patch: SUSE-2020-2719 Released: Wed Sep 23 11:30:21 2020 Summary: Security update for samba Severity: important References: 1172810,1176579,CVE-2020-1472 Description: This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). - Add 'libsmbldap0' to 'libsmbldap2' package to fix upgrades from previous versions. (bsc#1172810) ----------------------------------------- Version 1.0.7-Production-Build1.15 2020-09-25T07:55:45 ----------------------------------------- Patch: SUSE-2020-2744 Released: Thu Sep 24 17:56:23 2020 Summary: Security update for tiff Severity: moderate References: 1146608,CVE-2019-14973 Description: This update for tiff fixes the following issues: - CVE-2019-14973: Fixed an improper check which was depended on the compiler which could have led to integer overflow (bsc#1146608). ----------------------------------------- Version 1.0.7-Production-Build1.17 2020-09-29T07:55:30 ----------------------------------------- Patch: SUSE-2020-2747 Released: Fri Sep 25 10:11:16 2020 Summary: Security update for MozillaFirefox Severity: important References: 1167976,1173986,1174420,1176756,CVE-2020-15673,CVE-2020-15676,CVE-2020-15677,CVE-2020-15678 Description: This update for MozillaFirefox fixes the following issues: -Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43) - CVE-2020-15677: Download origin spoofing via redirect - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a contenteditable element - CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario - CVE-2020-15673: Fixed memory safety bugs - Enhance fix for wayland-detection (bsc#1174420) - Attempt to fix langpack-parallelization by introducing separate obj-dirs for each lang (bsc#1173986, bsc#1167976) ----------------------------------------- Patch: SUSE-2020-2748 Released: Fri Sep 25 10:45:42 2020 Summary: Security update for libqt5-qtbase Severity: important References: 1172515,1176315,CVE-2020-17507 Description: This update for libqt5-qtbase fixes the following issues: - CVE-2020-17507: Fixed a buffer overflow in XBM parser (bsc#1176315) - Made handling of XDG_RUNTIME_DIR more secure (bsc#1172515) ----------------------------------------- Version 1.0.7-Production-Build1.19 2020-09-30T07:55:58 ----------------------------------------- Patch: SUSE-2020-2780 Released: Tue Sep 29 11:27:51 2020 Summary: Recommended update for rsyslog Severity: moderate References: 1173433 Description: This update for rsyslog fixes the following issues: - Fix the URL for bug reporting. (bsc#1173433) ----------------------------------------- Patch: SUSE-2020-2795 Released: Tue Sep 29 14:29:33 2020 Summary: Recommended update for hyper-v Severity: moderate References: 1116957 Description: This update for hyper-v fixes the following issues: - Fixes an issue when hyper-v services not running after booting from SLES12SP3 ISO. (bsc#1116957) ----------------------------------------- Patch: SUSE-2020-2798 Released: Wed Sep 30 06:13:49 2020 Summary: Recommended update for python-shaptools, salt-shaptools, habootstrap-formula, saphanabootstrap-formula, sapnwbootstrap-formula Severity: moderate References: 1174994,1175709 Description: This update for python-shaptools fixes the following issues: - Fix how HANA database is started and stopped to work in multi host environment. sapcontrol commands are used instead of HDB now. (jsc#SLE-4047) - Fix issue when secondary registration fails after a successful 'SSFS' files copy process. Now the registration return code will be checked in the new call. (bsc#1175709) This update for salt-shaptools fixes the following issues: - Fix how HANA database is started and stopped to work in multi host environment. sapcontrol commands are used instead of HDB now. (jsc#SLE-4047) This update for habootstrap-formula fixes the following issues: - Include the pillar example file in package. (bsc#1174994) - Fix how HANA database is started and stopped to work in multi host environment. sapcontrol commands are used instead of HDB now. (jsc#SLE-4047) This update for saphanabootstrap-formula fixes the following issues: - Include the pillar example file in package. (bsc#1174994) - Fix how HANA database is started and stopped to work in multi host environment. sapcontrol commands are used instead of HDB now. (jsc#SLE-4047) This update for sapnwbootstrap-formula fixes the following issues: - Include the pillar example file in package. (bsc#1174994) - Fix how HANA database is started and stopped to work in multi host environment. sapcontrol commands are used instead of HDB now. (jsc#SLE-4047) ----------------------------------------- Version 1.0.7-Production-Build1.22 2020-10-02T07:58:23 ----------------------------------------- Patch: SUSE-2020-2814 Released: Thu Oct 1 09:55:30 2020 Summary: Security update for permissions Severity: moderate References: 1161335,1176625 Description: This update for permissions fixes the following issues: - whitelist WMP (bsc#1161335, bsc#1176625) ----------------------------------------- Patch: SUSE-2020-2817 Released: Thu Oct 1 10:38:37 2020 Summary: Recommended update for libzypp, zypper Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 Description: This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------- Patch: SUSE-2020-2821 Released: Thu Oct 1 12:02:02 2020 Summary: Recommended update for resource-agents Severity: important References: 1175435 Description: This update for resource-agents fixes the following issues: - Fixed an issue when the last commit of galera cluster is not saved in 'grastate.dat'. (bsc#1175435) ----------------------------------------- Version 1.0.8-Production-Build1.2 2020-10-03T07:58:16 ----------------------------------------- Patch: SUSE-2020-2825 Released: Fri Oct 2 08:44:28 2020 Summary: Recommended update for suse-build-key Severity: moderate References: 1170347,1176759 Description: This update for suse-build-key fixes the following issues: - The SUSE Notary Container key is different from the build signing key, include this key instead as suse-container-key. (PM-1845 bsc#1170347) - The SUSE build key for SUSE Linux Enterprise 12 and 15 is extended by 4 more years. (bsc#1176759) ----------------------------------------- Patch: SUSE-2020-2841 Released: Fri Oct 2 12:17:22 2020 Summary: Recommended update for golang-github-prometheus-node_exporter Severity: moderate References: 1151557 Description: This update for golang-github-prometheus-node_exporter fixes the following issues: - Add missing sysconfig file in rpm. (bsc#1151557) - Changes in 1.0.1 * Changes to build specification + Modify spec: update golang version to 1.14 + Remove update tarball script + Add _service file to allow for updates via `osc service disabledrun` * Bug fixes + [BUGFIX] filesystem_freebsd: Fix label values #1728 + [BUGFIX] Update prometheus/procfs to fix log noise #1735 + [BUGFIX] Fix build tags for collectors #1745 + [BUGFIX] Handle no data from powersupplyclass #1747, #1749 - Changes in 1.0.0 * Bug fixes + [BUGFIX] Read /proc/net files with a single read syscall #1380 + [BUGFIX] Renamed label state to name on node_systemd_service_restart_total. #1393 + [BUGFIX] Fix netdev nil reference on Darwin #1414 + [BUGFIX] Strip path.rootfs from mountpoint labels #1421 + [BUGFIX] Fix seconds reported by schedstat #1426 + [BUGFIX] Fix empty string in path.rootfs #1464 + [BUGFIX] Fix typo in cpufreq metric names #1510 + [BUGFIX] Read /proc/stat in one syscall #1538 + [BUGFIX] Fix OpenBSD cache memory information #1542 + [BUGFIX] Refactor textfile collector to avoid looping defer #1549 + [BUGFIX] Fix network speed math #1580 + [BUGFIX] collector/systemd: use regexp to extract systemd version #1647 + [BUGFIX] Fix initialization in perf collector when using multiple CPUs #1665 + [BUGFIX] Fix accidentally empty lines in meminfo_linux #1671 * Several enhancements + See https://github.com/prometheus/node_exporter/releases/tag/v1.0.0 - Changes in 1.0.0-rc.0 Breaking changes * The netdev collector CLI argument --collector.netdev.ignored-devices was renamed to --collector.netdev.device-blacklist in order to conform with the systemd collector. #1279 * The label named state on node_systemd_service_restart_total metrics was changed to name to better describe the metric. #1393 * Refactoring of the mdadm collector changes several metrics node_md_disks_active is removed node_md_disks now has a state label for 'fail', 'spare', 'active' disks. node_md_is_active is replaced by node_md_state with a state set of 'active', 'inactive', 'recovering', 'resync'. * Additional label mountaddr added to NFS device metrics to distinguish mounts from the same URL, but different IP addresses. #1417 * Metrics node_cpu_scaling_frequency_min_hrts and node_cpu_scaling_frequency_max_hrts of the cpufreq collector were renamed to node_cpu_scaling_frequency_min_hertz and node_cpu_scaling_frequency_max_hertz. #1510 * Collectors that are enabled, but are unable to find data to collect, now return 0 for node_scrape_collector_success. ----------------------------------------- Patch: SUSE-2020-2849 Released: Fri Oct 2 12:25:12 2020 Summary: Recommended update for libdlm Severity: moderate References: 1121380,1175812 Description: This update for libdlm fixes the following issues: - Add dependency relationship between 'libdlm' and 'dlm-kmp'. (bsc#1121380) - Add notes in 'dlm.conf' man page. (bsc#1175812) ----------------------------------------- Version 1.0.8-Production-Build1.4 2020-10-07T08:04:50 ----------------------------------------- Patch: SUSE-2020-2869 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 Description: This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------- Version 1.0.9-Production-Build1.2 2020-10-10T07:59:15 ----------------------------------------- Patch: SUSE-2020-2882 Released: Fri Oct 9 14:44:22 2020 Summary: Security update for tigervnc Severity: critical References: 1176733,CVE-2020-26117 Description: This update for tigervnc fixes the following issues: - CVE-2020-26117: Server certificates were stored as certiticate authorities, allowing malicious owners of these certificates to impersonate any server after a client had added an exception (bsc#1176733) ----------------------------------------- Version 1.0.9-Production-Build1.4 2020-10-14T08:18:56 ----------------------------------------- Patch: SUSE-2020-2899 Released: Tue Oct 13 14:18:03 2020 Summary: Security update for rubygem-activesupport-5_1 Severity: critical References: 1172186,CVE-2020-8165 Description: This update for rubygem-activesupport-5_1 fixes the following issues: - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution (bsc#1172186) ----------------------------------------- Patch: SUSE-2020-2901 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 Description: This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------- Patch: SUSE-2020-2914 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 Description: This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. ----------------------------------------- Version 1.0.9-Production-Build1.5 2020-10-16T07:59:15 ----------------------------------------- Patch: SUSE-2020-2939 Released: Thu Oct 15 16:07:59 2020 Summary: Security update for crmsh Severity: moderate References: 1148873,1163581,1176441,1176569 Description: This update for crmsh fixes the following issues: - Fixed start_delay with start-delay(bsc#1176569) - fix on_fail should be on-fail(bsc#1176569) - config: Try to handle configparser.MissingSectionHeaderError while reading config file - ui_configure: Obscure sensitive data by default(bsc#1163581 - hb_report: collect archived logs(bsc#1148873, bsc#1176441) ----------------------------------------- Version 1.0.9-Production-Build1.6 2020-10-17T07:59:33 ----------------------------------------- Patch: SUSE-2020-2947 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 Description: This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------- Version 1.0.9-Production-Build1.7 2020-10-19T11:38:00 ----------------------------------------- Patch: SUSE-2020-2953 Released: Mon Oct 19 06:25:15 2020 Summary: Recommended update for gettext-runtime Severity: moderate References: 1176142 Description: This update for gettext-runtime fixes the following issues: - Fix for an issue when 'xgettext' crashes during creating a 'POT' file. (bsc#1176142) ----------------------------------------- Version 1.0.9-Production-Build1.10 2020-10-21T07:59:21 ----------------------------------------- Patch: SUSE-2020-2958 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Severity: moderate References: 1158830 Description: This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------- Patch: SUSE-2020-2969 Released: Tue Oct 20 16:05:43 2020 Summary: Security update for libvirt Severity: important References: 1171701,1174955,1177155,CVE-2020-15708,CVE-2020-25637 Description: This update for libvirt fixes the following issues: - CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros (bsc#1174955). - CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces() (bsc#1177155). - libxl: Fixed lock manager lock ordering (bsc#1171701). ----------------------------------------- Version 1.0.9-Production-Build1.18 2020-10-26T09:41:08 ----------------------------------------- Patch: SUSE-2020-2978 Released: Wed Oct 21 11:36:05 2020 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1175847,1177479 Description: This update for openssl-1_1 fixes the following issues: FIPS: * Adjust the Diffie-Hellman and Elliptic Curve Diffie-Hellman algorithms to be NIST SP800-56Arev3 compliant (bsc#1175847, bsc#1177479). * Add shared secret KAT to FIPS DH selftest (bsc#1175847). ----------------------------------------- Patch: SUSE-2020-2979 Released: Wed Oct 21 11:37:14 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1176173 Description: This update for mozilla-nss fixes the following issue: - FIPS: Adjust the Diffie-Hellman and Elliptic Curve Diffie-Hellman algorithms to be NIST SP800-56Arev3 compliant (bsc#1176173). ----------------------------------------- Patch: SUSE-2020-2983 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Severity: moderate References: 1176123 Description: This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) ----------------------------------------- Patch: SUSE-2020-2984 Released: Wed Oct 21 15:07:34 2020 Summary: Recommended update for prometheus-ha_cluster_exporter Severity: moderate References: Description: This update for prometheus-ha_cluster_exporter fixes the following issues: - Implement SBD watchdog and msgwait timeout metrics. - Handle correctly corosync membership parsing with qdevice enabled. ----------------------------------------- Patch: SUSE-2020-2988 Released: Wed Oct 21 17:35:34 2020 Summary: Security update for gnutls Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 Description: This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------- Patch: SUSE-2020-2989 Released: Thu Oct 22 08:53:10 2020 Summary: Recommended update for chrony Severity: moderate References: 1171806 Description: This update for chrony fixes the following issues: - Integrate three upstream patches to fix an infinite loop in chronyc. (bsc#1171806) ----------------------------------------- Patch: SUSE-2020-2993 Released: Thu Oct 22 09:11:37 2020 Summary: Recommended update for prometheus-hanadb_exporter Severity: moderate References: Description: This update for prometheus-hanadb_exporter fixes the following issue: Release 0.7.2 - lookup for `/usr/etc` and the fallback `/etc` directory for config files. ----------------------------------------- Patch: SUSE-2020-2995 Released: Thu Oct 22 10:03:09 2020 Summary: Security update for freetype2 Severity: important References: 1177914,CVE-2020-15999 Description: This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914). ----------------------------------------- Patch: SUSE-2020-3012 Released: Thu Oct 22 22:36:57 2020 Summary: Recommended update for sysstat Severity: moderate References: 1174227 Description: This update for sysstat fixes the following issues: - Fix for an issue when 'iowait' output of 'sar' can also decrement as a result of inaccurate tracking. (bsc#1174227) ----------------------------------------- Patch: SUSE-2020-3013 Released: Fri Oct 23 08:35:00 2020 Summary: Recommended update for corosync Severity: moderate References: 1144200,1155792,1163460,1166899,1168771,872651 Description: This update for corosync fixes the following issues: - Fixes an issue when 'systemctl' do not stop corosync properly. (bsc#872651) - Fixed an issue when 'corosync-quorumtool -s' command returns an incorrect value. (bsc#1166899) - Fixed an issue caused by rpm macros that are not fairly used and caused noisy output. (bsc#1155792) - Clean up the binaries in the source. (bsc#11442200) - Implement IPv6 local link support for 'corosync' without any harm on rolling updates. (bsc#1163460, bsc#1168771) - Update corosync to 2.4.5. (jsc#ECO-1745) ----------------------------------------- Patch: SUSE-2020-3020 Released: Fri Oct 23 12:44:11 2020 Summary: Recommended update for sles4sap-white-papers Severity: moderate References: Description: This update for sles4sap-white-papers fixes the following issues: - Remove 'sles4sap-white-papers'. (jsc#ECO-806) ----------------------------------------- Patch: SUSE-2020-3022 Released: Fri Oct 23 14:20:37 2020 Summary: Security update for MozillaFirefox Severity: important References: 1176756,1177872,CVE-2020-15683,CVE-2020-15969 Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872, bsc#1176756) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * Fixed: Fixed legacy preferences not being properly applied when set via GPO ----------------------------------------- Patch: SUSE-2020-3027 Released: Mon Oct 26 06:17:48 2020 Summary: Recommended update for crmsh Severity: moderate References: 1174385,1174588 Description: This update for crmsh fixes the following issues: - Upgrade crmsh version to 4.2.0(jsc#ECO-1745) - Fix for handling the return code of 'corosync-quorumtool' correctly. (bsc#1174588) - Copy ssh key to 'qnetd' while detecting needs password. (bsc#1174385) - Print cluster nodes while getting quorum and qnetd status * Low: corosync: Improve qdevice configure process * Dev: ui_cluster: replace --qdevice as --qnetd-hostname * Dev: ui_cluster: change qdevice related option's help message * Dev: bootstrap: support qdevice heuristics * Dev: bootstrap: start qdevice/qnetd service when not overwrite configuration * Dev: ui_corosync: improve corosync status sub-command * Dev: bootstrap: when removing qdevice, remove qdevice database * Dev: bootstrap: qdevice certification process when cluster join * Dev: ui_cluster: change option info for qdevice/qnetd * Dev: bootstrap: qdevice certification process when cluster init * Dev: bootstrap: interface for removing qdevice * Dev: corosync: check tie-breaker is a valid nodeid * Dev: bootstrap: combine Qdevice.valid2 into Qdevice.valid_attr * Dev: bootstrap: improve init_qdevice function * Dev: bootstrap: write qdevice config section when configuring qdevice in stage * dev: bootstrap: adjust corosync configuration for qdevice * dev: bootstrap: make qdevice process as a bootstrap stage * dev: bootstrap: manage qnetd node * dev: bootstrap: valid qdevice parameters ----------------------------------------- Version 1.0.9-Production-Build1.19 2020-10-27T07:58:07 ----------------------------------------- Patch: SUSE-2020-3028 Released: Mon Oct 26 09:14:59 2020 Summary: Recommended update for python-parallax Severity: moderate References: 1099514,1103832,1131136,1146748,1169581 Description: This update for python-parallax fixes the following issues: - Fix for using ssh key and avoid failures in clusters requesting passwords. (bsc#1169581) - Surpress warning messages when needed. (bsc#1146748) - Fix for conflicting python-parallax with python3-parallax. (bsc#1103832, bsc#1131136) - Fix openQA tests. (bsc#1099514) ----------------------------------------- Version 1.0.9-Production-Build1.20 2020-10-28T07:57:43 ----------------------------------------- Patch: SUSE-2020-3041 Released: Tue Oct 27 09:25:30 2020 Summary: Recommended update for java-1_8_0-ibm Severity: moderate References: 1175295 Description: This update for java-1_8_0-ibm fixes the following issues: - Fix a Java ifix for z15 compression problem. (bsc#1175295) ----------------------------------------- Version 1.0.9-Production-Build1.21 2020-10-29T07:59:05 ----------------------------------------- Patch: SUSE-2020-3063 Released: Wed Oct 28 08:45:07 2020 Summary: Recommended update for rubygem-railties-5_1 Severity: moderate References: 1174315 Description: This update for rubygem-railties-5_1 fixes the following issue: - Fix rubygems dependencies for puma update and respect older version. (bnc#1174315) ----------------------------------------- Version 1.0.9-Production-Build1.25 2020-10-30T07:59:43 ----------------------------------------- Patch: SUSE-2020-3075 Released: Thu Oct 29 09:25:42 2020 Summary: Recommended update for crash Severity: moderate References: 1174543 Description: This update of crash fixes the following issue: - rebuilt with new signing key. (bsc#1174543) ----------------------------------------- Patch: SUSE-2020-3080 Released: Thu Oct 29 10:58:55 2020 Summary: Security update for pacemaker Severity: important References: 1167171,1173668,1175557,1177916,CVE-2020-25654 Description: This update for pacemaker fixes the following issues: - attrd: handle shutdown more cleanly (bsc#1173668) - executor: restrict certain IPC requests to Pacemaker daemons (CVE-2020-25654, bsc#1177916) - extra: quote shell variables in agent code where appropriate (bsc#1175557) - fencer: restrict certain IPC requests to privileged users (CVE-2020-25654, bsc#1177916) - Fixes for %_libexecdir changing to /usr/libexec - move bcond_with/without up front for e.g. pcmk_release - pacemakerd: ignore shutdown requests from unprivileged users (CVE-2020-25654, bsc#1177916) - resources: use ocf_is_true in SysInfo - rpm: add spec option for enabling CIB secrets - rpm: put user-configurable items at top of spec - rpm: use the user/group ID 90 for haclient/hacluster to be consistent with cluster-glue (bsc#1167171) ----------------------------------------- Patch: SUSE-2020-3087 Released: Thu Oct 29 13:30:16 2020 Summary: Security update for samba Severity: important References: 1173902,1173994,1177613,CVE-2020-14318,CVE-2020-14323,CVE-2020-14383 Description: This update for samba fixes the following issues: - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613). - CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). ----------------------------------------- Patch: SUSE-2020-3091 Released: Thu Oct 29 16:35:37 2020 Summary: Security update for MozillaThunderbird and mozilla-nspr Severity: important References: 1174230,1176384,1176756,1176899,1177977,CVE-2020-15673,CVE-2020-15676,CVE-2020-15677,CVE-2020-15678,CVE-2020-15683,CVE-2020-15969 Description: This update for MozillaThunderbird and mozilla-nspr fixes the following issues: - Mozilla Thunderbird 78.4 * new: MailExtensions: browser.tabs.sendMessage API added * new: MailExtensions: messageDisplayScripts API added * changed: Yahoo and AOL mail users using password authentication will be migrated to OAuth2 * changed: MailExtensions: messageDisplay APIs extended to support multiple selected messages * changed: MailExtensions: compose.begin functions now support creating a message with attachments * fixed: Thunderbird could freeze when updating global search index * fixed: Multiple issues with handling of self-signed SSL certificates addressed * fixed: Recipient address fields in compose window could expand to fill all available space * fixed: Inserting emoji characters in message compose window caused unexpected behavior * fixed: Button to restore default folder icon color was not keyboard accessible * fixed: Various keyboard navigation fixes * fixed: Various color-related theme fixes * fixed: MailExtensions: Updating attachments with onBeforeSend.addListener() did not work MFSA 2020-47 (bsc#1177977) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Thunderbird 78.4 - Mozilla Thunderbird 78.3.3 * OpenPGP: Improved support for encrypting with subkeys * OpenPGP message status icons were not visible in message header pane * Creating a new calendar event did not require an event title - Mozilla Thunderbird 78.3.2 (bsc#1176899) * OpenPGP: Improved support for encrypting with subkeys * OpenPGP: Encrypted messages with international characters were sometimes displayed incorrectly * Single-click deletion of recipient pills with middle mouse button restored * Searching an address book list did not display results * Dark mode, high contrast, and Windows theming fixes - Mozilla Thunderbird 78.3.1 * fix crash in nsImapProtocol::CreateNewLineFromSocket - Mozilla Thunderbird 78.3.0 MFSA 2020-44 (bsc#1176756) * CVE-2020-15677 Download origin spoofing via redirect * CVE-2020-15676 XSS when pasting attacker-controlled data into a contenteditable element * CVE-2020-15678 When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after- free scenario * CVE-2020-15673 Memory safety bugs fixed in Thunderbird 78.3 - update mozilla-nspr to version 4.25.1 * The macOS platform code for shared library loading was changed to support macOS 11. * Dependency needed for the MozillaThunderbird udpate ----------------------------------------- Patch: SUSE-2020-3099 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Severity: moderate References: 1177460 Description: This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------- Version 1.0.9-Production-Build1.27 2020-11-03T08:00:33 ----------------------------------------- Patch: SUSE-2020-3115 Released: Mon Nov 2 10:35:39 2020 Summary: Security update for python Severity: moderate References: 1177211,CVE-2020-26116 Description: This update for python fixes the following issues: - bsc#1177211 (CVE-2020-26116) no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. ----------------------------------------- Version 1.0.9-Production-Build1.29 2020-11-04T08:01:36 ----------------------------------------- Patch: SUSE-2020-3123 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Severity: important References: 1177460,1178346,1178350,1178353 Description: This update for timezone fixes the following issue: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------- Patch: SUSE-2020-3138 Released: Tue Nov 3 12:14:03 2020 Summary: Recommended update for systemd Severity: moderate References: 1104902,1154935,1165502,1167471,1173422,1176513,1176800 Description: This update for systemd fixes the following issue: - seccomp: shm{get,at,dt} now have their own numbers everywhere (bsc#1173422) - test-seccomp: log function names - test-seccomp: add log messages when skipping tests - basic/virt: Detect PowerVM hypervisor (bsc#1176800) - fs-util: suppress world-writable warnings if we read /dev/null - udevadm: rename option '--log-priority' into '--log-level' - udev: rename kernel option 'log_priority' into 'log_level' - fstab-generator: add 'nofail' when NFS 'bg' option is used (bsc#1176513) - Fix memory protection default (bsc#1167471) - cgroup: Support 0-value for memory protection directives and accepts MemorySwapMax=0 (bsc#1154935) - Improve latency and reliability when users log in/out (bsc#1104902, bsc#1165502) ----------------------------------------- Version 1.0.9-Production-Build1.30 2020-11-06T08:01:01 ----------------------------------------- Patch: SUSE-2020-3166 Released: Thu Nov 5 10:37:34 2020 Summary: Security update for wireshark Severity: moderate References: 1175204,1176908,1176909,1176910,CVE-2020-17498,CVE-2020-25862,CVE-2020-25863,CVE-2020-25866 Description: This update for wireshark fixes the following issues: - Update to wireshark 3.2.7: * CVE-2020-25863: MIME Multipart dissector crash (bsc#1176908) * CVE-2020-25862: TCP dissector crash (bsc#1176909) * CVE-2020-25866: BLIP dissector crash (bsc#1176910) * CVE-2020-17498: Kafka dissector crash (bsc#1175204) ----------------------------------------- Version 1.0.9-Production-Build1.32 2020-11-07T08:00:26 ----------------------------------------- Patch: SUSE-2020-3195 Released: Fri Nov 6 09:42:32 2020 Summary: Recommended update for SUSEConnect Severity: moderate References: 1155027 Description: This update for SUSEConnect fixes the following issues: - Recognize more formats when parsing the '.curlrc' for proxy credentials. (bsc#1155027) - Add 'rpmlintrc' to filter false-positive warning about patch not applied - Extend the YaST API in order to access to the package search functionality. (jsc#SLE-9109) ----------------------------------------- Patch: SUSE-2020-3234 Released: Fri Nov 6 16:01:36 2020 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1177864 Description: This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------- Version 1.0.9-Production-Build1.33 2020-11-09T12:09:53 ----------------------------------------- Patch: SUSE-2020-3253 Released: Mon Nov 9 07:45:04 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1174697,1176173 Description: This update for mozilla-nss fixes the following issues: - Fixes an issue for Mozilla Firefox which has failed in fips mode (bsc#1174697) - FIPS: Adjust the Diffie-Hellman and Elliptic Curve Diffie-Hellman algorithms to be NIST SP800-56Arev3 compliant (bsc#1176173). ----------------------------------------- Version 1.0.9-Production-Build1.37 2020-11-11T08:00:09 ----------------------------------------- Patch: SUSE-2020-3264 Released: Tue Nov 10 09:50:29 2020 Summary: Security update for zeromq Severity: moderate References: 1176116,1176256,1176257,1176258,1176259,CVE-2020-15166 Description: This update for zeromq fixes the following issues: - CVE-2020-15166: Fixed the possibility of unauthenticated clients causing a denial-of-service (bsc#1176116). - Fixed a heap overflow when receiving malformed ZMTP v1 packets (bsc#1176256) - Fixed a memory leak in client induced by malicious server(s) without CURVE/ZAP (bsc#1176257) - Fixed memory leak when processing PUB messages with metadata (bsc#1176259) - Fixed a stack overflow in PUB/XPUB subscription store (bsc#1176258) ----------------------------------------- Patch: SUSE-2020-3270 Released: Tue Nov 10 17:53:08 2020 Summary: Recommended update for bind Severity: moderate References: 1175894,1177603,1177790,1177913,1177915,1178078 Description: This update for bind fixes the following issues: - Add '/usr/lib64/named' to the files and directories in bind config to include external plugins for chroot. (bsc#1178078) - Replaced named's dependency on time-sync with a dependency on time-set in 'named.service' to avoid a dependency-loop. (bsc#1177790) - Removed 'dnssec-enable' from named.conf as it has been obsoleted and may break. (bsc#1177915) - Added a comment for reference which should be removed in the future. (bsc#1177603) - Added a comment to the 'dnssec-validation' in named.conf with a reference to forwarders which do not return signed responses. (bsc#1175894) - Replaced an INSIST macro which calls abort with a test and a diagnostic output. (bsc#1177913) ----------------------------------------- Patch: SUSE-2020-3275 Released: Tue Nov 10 20:09:55 2020 Summary: Security update for ucode-intel Severity: moderate References: 1170446,1173594,CVE-2020-8695,CVE-2020-8698 Description: This update for ucode-intel fixes the following issues: - Intel CPU Microcode updated to 20201027 prerelease - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) # New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile # Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile ----------------------------------------- Version 1.0.9-Production-Build1.39 2020-11-12T08:01:14 ----------------------------------------- Patch: SUSE-2020-3290 Released: Wed Nov 11 12:25:32 2020 Summary: Recommended update for findutils Severity: moderate References: 1174232 Description: This update for findutils fixes the following issues: - Do not unconditionally use leaf optimization for NFS. (bsc#1174232) NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made. ----------------------------------------- Patch: SUSE-2020-3298 Released: Wed Nov 11 15:30:46 2020 Summary: Recommended update for openssh Severity: moderate References: 1177939 Description: This update for openssh fixes the following issues: - Ensure that only approved DH parameters are used in FIPS mode, to meet NIST 800-56arev3 restrictions. (bsc#1177939). ----------------------------------------- Version 1.0.9-Production-Build1.40 2020-11-13T08:02:30 ----------------------------------------- Patch: SUSE-2020-3308 Released: Thu Nov 12 14:20:07 2020 Summary: Recommended update for sysstat Severity: moderate References: 1177747 Description: This update for sysstat fixes the following issues: - Fix iostat switch '-y' to display the correct results. (bsc#1177747) ----------------------------------------- Patch: SUSE-2020-3311 Released: Thu Nov 12 16:04:56 2020 Summary: Security update for MozillaFirefox Severity: important References: 1178588,CVE-2020-26950 Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.1 ESR * Fixed: Security fix MFSA 2020-49 (bsc#1178588) * CVE-2020-26950 (bmo#1675905) Write side effects in MCallGetProperty opcode not accounted for ----------------------------------------- Patch: SUSE-2020-3313 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Severity: important References: 1178387,CVE-2020-25692 Description: This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------- Version 1.0.9-Production-Build1.43 2020-11-17T08:00:29 ----------------------------------------- Patch: SUSE-2020-3048 Released: Tue Oct 27 16:04:52 2020 Summary: Recommended update for libsolv, libzypp, yaml-cpp, zypper Severity: moderate References: 1174918,1176192,1176435,1176712,1176740,1176902,1177238,935885 Description: This update for libsolv, libzypp, yaml-cpp, zypper fixes the following issues: libzypp was updated to 17.25.1: - When kernel-rt has been installed, the purge-kernels service fails during boot. (bsc#1176902) - Use package name provides as group key in purge-kernel (bsc#1176740 bsc#1176192) kernel-default-base has new packaging, where the kernel uname -r does not reflect the full package version anymore. This patch adds additional logic to use the most generic/shortest edition each package provides with %{packagename}= to group the kernel packages instead of the rpm versions. This also changes how the keep-spec for specific versions is applied, instead of matching the package versions, each of the package name provides will be matched. - RepoInfo: Return the type of the local metadata cache as fallback (bsc#1176435) - VendorAttr: Fix broken 'suse,opensuse' equivalence handling. Enhance API and testcases. (bsc#1174918) - Update docs regarding 'opensuse' namepace matching. - Link against libzstd to close libsolvs open references (as we link statically) yaml-cpp: - The libyaml-cpp0_6 library package is added the to the Basesystem module, LTSS and ESPOS channels, and the INSTALLER channels, as a new libzypp dependency. No source changes were done to yaml-cpp. zypper was updated to 1.14.40: - info: Assume descriptions starting with '

' are richtext (bsc#935885) - help: prevent 'whatis' from writing to stderr (bsc#1176712) - wp: point out that command is aliased to a search command and searches case-insensitive (jsc#SLE-16271) libsolv was updated to 0.7.15 to fix: - make testcase_mangle_repo_names deal correctly with freed repos [bsc#1177238] - fix deduceq2addedmap clearing bits outside of the map - conda: feature depriorization first - conda: fix startswith implementation - move find_update_seeds() call in cleandeps calculation - set SOLVABLE_BUILDHOST in rpm and rpmmd parsers - new testcase_mangle_repo_names() function - new solv_fmemopen() function ----------------------------------------- Patch: SUSE-2020-3341 Released: Mon Nov 16 13:59:51 2020 Summary: Recommended update for libsolv, libzypp, zypper Severity: moderate References: 1174918,1176192,1176435,1176712,1176740,1176902,1177238,935885 Description: This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.1: - Fix bsc#1176902: When kernel-rt has been installed, the purge-kernels service fails during boot. - Use package name provides as group key in purge-kernel (bsc#1176740 bsc#1176192) kernel-default-base has new packaging, where the kernel uname -r does not reflect the full package version anymore. This patch adds additional logic to use the most generic/shortest edition each package provides with %{packagename}= to group the kernel packages instead of the rpm versions. This also changes how the keep-spec for specific versions is applied, instead of matching the package versions, each of the package name provides will be matched. - RepoInfo: Return the type of the local metadata cache as fallback (bsc#1176435) - VendorAttr: Fix broken 'suse,opensuse' equivalence handling. Enhance API and testcases. (bsc#1174918) - Update docs regarding 'opensuse' namepace matching. - New solver testcase format. - Link against libzsd to close libsolvs open references (as we link statically) zypper was updated to 1.14.40: - info: Assume descriptions starting with '

' are richtext (bsc#935885) - help: prevent 'whatis' from writing to stderr (bsc#1176712) - wp: point out that command is aliased to a search command and searches case-insensitive (jsc#SLE-16271) libsolv was updated to 0.7.16: - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases - make testcase_mangle_repo_names deal correctly with freed repos [bsc#1177238] - fix deduceq2addedmap clearing bits outside of the map - conda: feature depriorization first - conda: fix startswith implementation - move find_update_seeds() call in cleandeps calculation - set SOLVABLE_BUILDHOST in rpm and rpmmd parsers - new testcase_mangle_repo_names() function - new solv_fmemopen() function ----------------------------------------- Patch: SUSE-2020-3349 Released: Mon Nov 16 18:04:18 2020 Summary: Security update for kernel-firmware Severity: important References: 1178671,CVE-2020-12321 Description: This update for kernel-firmware fixes the following issue: - CVE-2020-12321: Updated the Intel Bluetooth firmware for buffer overflow security bugs (bsc#1178671). ----------------------------------------- Version 1.0.9-Production-Build1.44 2020-11-18T08:00:50 ----------------------------------------- Patch: SUSE-2020-3355 Released: Tue Nov 17 10:35:46 2020 Summary: Recommended update for prometheus-hanadb_exporter Severity: moderate References: 1178339 Description: This update for prometheus-hanadb_exporter fixes the following issues: - Fix using systemd macros in spec file. (bsc#1178339) ----------------------------------------- Patch: SUSE-2020-3358 Released: Tue Nov 17 13:17:10 2020 Summary: Security update for tcpdump Severity: moderate References: 1178466,CVE-2020-8037 Description: This update for tcpdump fixes the following issues: - CVE-2020-8037: Fixed an issue where PPP decapsulator did not allocate the right buffer size (bsc#1178466). ----------------------------------------- Version 1.0.9-Production-Build1.47 2020-11-20T08:02:49 ----------------------------------------- Patch: SUSE-2020-3374 Released: Thu Nov 19 09:28:00 2020 Summary: Security update for ucode-intel Severity: moderate References: 1170446,1173592,1173594,CVE-2020-8695,CVE-2020-8696,CVE-2020-8698 Description: This update for ucode-intel fixes the following issues: - Updated Intel CPU Microcode to 20201110 official release. - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592) - Release notes: - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html). - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html). - Update for functional issues. Refer to [Second Generation Intel® Xeon® Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel® Xeon® Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel® Xeon® Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel® Core™ Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel® Core™ Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel® Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel® Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel® Xeon® E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel® Xeon® E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details. ### New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | LKF | B2/B3 | 06-8a-01/10 | | 00000028 | Core w/Hybrid Technology | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile ### Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile ----------------------------------------- Patch: SUSE-2020-3375 Released: Thu Nov 19 09:28:25 2020 Summary: Security update for krb5 Severity: moderate References: 1178512,CVE-2020-28196 Description: This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------- Patch: SUSE-2020-3376 Released: Thu Nov 19 09:29:13 2020 Summary: Security update for wireshark Severity: moderate References: 1177406,1178291,CVE-2020-26575,CVE-2020-28030 Description: This update for wireshark fixes the following issues: - wireshark was updated to 3.2.8: - CVE-2020-26575: Fixed an issue where FBZERO dissector was entering in infinite loop (bsc#1177406) - CVE-2020-28030: Fixed an issue where GQUIC dissector was crashing (bsc#1178291) * Infinite memory allocation while parsing this tcp packet ----------------------------------------- Patch: SUSE-2020-3381 Released: Thu Nov 19 10:53:38 2020 Summary: Recommended update for systemd Severity: moderate References: 1177458,1177490,1177510 Description: This update for systemd fixes the following issues: - build-sys: optionally disable support of journal over the network (bsc#1177458) - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510) - mount: don't propagate errors from mount_setup_unit() further up - Rely on the new build option --disable-remote for journal_remote This allows to drop the workaround that consisted in cleaning journal-upload files and {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled. - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458) These files were incorrectly packaged in the main package when systemd-journal_remote was disabled. - Make use of %{_unitdir} and %{_sysusersdir} - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------- Patch: SUSE-2020-3383 Released: Thu Nov 19 11:15:37 2020 Summary: Security update for MozillaFirefox Severity: important References: 1178824,CVE-2020-15999,CVE-2020-16012,CVE-2020-26951,CVE-2020-26953,CVE-2020-26956,CVE-2020-26958,CVE-2020-26959,CVE-2020-26960,CVE-2020-26961,CVE-2020-26965,CVE-2020-26966,CVE-2020-26968 Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.5.0 ESR (bsc#1178824) * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI * CVE-2020-26956: XSS through paste (manual and clipboard API) * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959: Use-after-free in WebRequestService * CVE-2020-26960: Potential use-after-free in uses of nsTArray * CVE-2020-15999: Heap buffer overflow in freetype * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965: Software keyboards may have remembered typed passwords * CVE-2020-26966: Single-word search queries were also broadcast to local network * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 ----------------------------------------- Patch: SUSE-2020-3451 Released: Thu Nov 19 18:35:28 2020 Summary: Recommended update for hawk-apiserver Severity: moderate References: 1178228 Description: This update for hawk-apiserver fixes the following issues: - Update from version 0.0.2 to version 0.0.4: - various enhancement security https related (bsc#1178228) - update to go modules - add -version flag to show build version ----------------------------------------- Version 1.0.9-Production-Build1.49 2020-11-21T08:01:55 ----------------------------------------- Patch: SUSE-2020-3461 Released: Fri Nov 20 13:09:07 2020 Summary: Recommended update for bind Severity: low References: 1177983 Description: This update for bind fixes the following issue: - Build the 'Administrator Reference Manual' which is built using python3-Sphinx (bsc#1177983) ----------------------------------------- Patch: SUSE-2020-3462 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Severity: moderate References: 1174593,1177858,1178727 Description: This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------- Patch: SUSE-2020-3469 Released: Fri Nov 20 17:42:13 2020 Summary: Recommended update for grub2 Severity: moderate References: 1172952,1176062,1177957,1178278 Description: This update for grub2 fixes the following issues: - Fixed an issue, where the https boot was interrupted by an unrecognized network address error message (bsc#1172952) - Improve the error handling when grub2-install fails with short mbr gap (bsc#1176062) - Fixed an error in grub2-install where it exited with 'failed to get canonical path of `/boot/grub2/i386-pc'.' (bsc#1177957) - Fixed a boot failure issue on blocklist installations (bsc#1178278) ----------------------------------------- Patch: SUSE-2020-3472 Released: Fri Nov 20 17:44:04 2020 Summary: Recommended update for crmsh Severity: moderate References: 1122391,1148874,1165644,1175708,1177980 Description: This update for crmsh fixes the following issues: - Converting deprecated 'score' in rsc_order to 'kind' (bsc#1122391) - Fixed a bug where crmsh exited with an error, even if the 'error' is actually a warning (bsc#1122391) - Fixed an issue where 'crm cluster remove node' didn't stop nor disable the hawk service on that node (bsc#1175708) - Checks now whether pacemaker.service and corosync.service are already running/stopped (bsc#1177980) - Fixed a bug where the node address was not removed from the corosync.conf file on node removal (bsc#1165644) - Collecting corosync.log in hb_report if it is defined in config file (bsc#1148874) ----------------------------------------- Version 1.0.9-Production-Build1.52 2020-11-25T08:01:54 ----------------------------------------- Patch: SUSE-2020-3478 Released: Mon Nov 23 09:33:17 2020 Summary: Security update for c-ares Severity: moderate References: 1178882,CVE-2020-8277 Description: This update for c-ares fixes the following issues: - Version update to 1.17.0 * CVE-2020-8277: Fixed a Denial of Service through DNS request (bsc#1178882) * For further details see https://c-ares.haxx.se/changelog.html ----------------------------------------- Patch: SUSE-2020-3481 Released: Mon Nov 23 11:17:09 2020 Summary: Optional update for vim Severity: low References: 1166602,1173256,1174564,1176549 Description: This update for vim doesn't fix any user visible issues and it is optional to install. - Introduce vim-small package with reduced requirements for small installations (bsc#1166602). - Stop owning /etc/vimrc so the old, distro provided config actually gets removed. - Own some dirs in vim-data-common so installation of vim-small doesn't leave not owned directories. (bsc#1173256) - Add vi as slave to update-alternatives so that every package has a matching 'vi' symlink. (bsc#1174564, bsc#1176549) ----------------------------------------- Version 1.0.9-Production-Build1.55 2020-11-26T08:01:34 ----------------------------------------- Patch: SUSE-2020-3511 Released: Wed Nov 25 09:53:36 2020 Summary: Recommended update for drbd Severity: moderate References: 1178388 Description: This update for drbd fixes the following issues: - Fixed an issue when the build procedure returns incompatible output. (bsc#1178388) ----------------------------------------- Patch: SUSE-2020-3518 Released: Wed Nov 25 13:38:02 2020 Summary: Recommended update for python-shaptools, salt-shaptools Severity: moderate References: Description: This update for python-shaptools, salt-shaptools fixes the following issues: python-shaptools: Update from version 0.3.10+git.1600699158.46fca28 to version 0.3.11+git.1605798399.b036435 - Retrieve the currently installed ENSA version for Netweaver (only for ASCS and ERS instances) (jsc#SLE-4047) salt-shaptools: Update from version 0.3.10+git.1600699854.f5950bc to version 0.3.11+git.1605797958.ae2f08a - Improve extract_pydbapi to check recursively in subfolders. (jsc#SLE-4047) - Implement a new state to set the ENSA version grains data. ----------------------------------------- Patch: SUSE-2020-3523 Released: Wed Nov 25 17:00:14 2020 Summary: Recommended update for ucode-intel Severity: important References: 1178971 Description: This update for ucode-intel fixes the following issues: - Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971) - Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms. ----------------------------------------- Version 1.0.9-Production-Build1.56 2020-11-27T07:58:43 ----------------------------------------- Patch: SUSE-2020-3532 Released: Thu Nov 26 12:49:05 2020 Summary: Security update for the Linux Kernel Severity: important References: 1051510,1058115,1065600,1131277,1160947,1161360,1163524,1166965,1170232,1170415,1171417,1172073,1172366,1173115,1173233,1175306,1175721,1175749,1175882,1176011,1176235,1176278,1176381,1176423,1176482,1176485,1176698,1176721,1176722,1176723,1176725,1176732,1176877,1176907,1176922,1176990,1177027,1177086,1177121,1177165,1177206,1177226,1177410,1177411,1177470,1177511,1177513,1177724,1177725,1177766,1178003,1178123,1178330,1178393,1178622,1178765,1178782,1178838,CVE-2020-0404,CVE-2020-0427,CVE-2020-0430,CVE-2020-0431,CVE-2020-0432,CVE-2020-12351,CVE-2020-12352,CVE-2020-14351,CVE-2020-14381,CVE-2020-14390,CVE-2020-16120,CVE-2020-25212,CVE-2020-25284,CVE-2020-25285,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-25656,CVE-2020-25668,CVE-2020-25704,CVE-2020-25705,CVE-2020-26088,CVE-2020-27673,CVE-2020-27675,CVE-2020-8694 Description: The SUSE Linux Enterprise 15 LTSS kernel was updated to receive various security and bug fixes. The following security bugs were fixed: - CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782). - CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393). - CVE-2020-25668: Fixed a use-after-free in con_font_op() (bnc#1178123). - CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766). - CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485). - CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bnc#1176723). - CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086). - CVE-2020-16120: Fixed permission check to open real file when using overlayfs. It was possible to have a file not readable by an unprivileged user be copied to a mountpoint controlled by that user and then be able to access the file (bsc#1177470). - CVE-2020-8694: Restricted energy meter to root access (bsc#1170415). - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724). - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725). - CVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381). - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177511). - CVE-2020-2521: Fixed getxattr kernel panic and memory overflow (bsc#1176381). - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-25643: Fixed a memory corruption and a read overflow which could have caused by improper input validation in the ppp_cp_parse_cr function (bsc#1177206). - CVE-2020-25641: Fixed a zero-length biovec request issued by the block subsystem could have caused the kernel to enter an infinite loop, causing a denial of service (bsc#1177121). - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411) - CVE-2020-27675: Fixed a race condition in event handler which may crash dom0 (XSA-331 bsc#1177410). The following non-security bugs were fixed: - btrfs: cleanup root usage by btrfs_get_alloc_profile (bsc#1131277). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366 bsc#1176922). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366 bsc#1176922). - btrfs: remove root usage from can_overcommit (bsc#1131277). - hyperv_fb: disable superfluous VERSION_WIN10_V5 case (bsc#1175306). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - livepatch: Add -fdump-ipa-clones to build (). Add support for -fdump-ipa-clones GCC option. Update config files accordingly. - livepatch: Test if -fdump-ipa-clones is really available As of now we add -fdump-ipa-clones unconditionally. It does not cause a trouble if the kernel is build with the supported toolchain. Otherwise it could fail easily. Do the correct thing and test for the availability. - powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#1178765 ltc#188968). - scsi: qla2xxx: Do not consume srb greedily (bsc#1173233). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1173233). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - x86/hyperv: Create and use Hyper-V page definitions (bsc#1176877). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (bsc#1058115 bsc#1176907). - xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411). - xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411). - xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410). - xen/events: block rogue events for some time (XSA-332 bsc#1177411). - xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411). - xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600). - xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411). - xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411). - xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411). - xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411). ----------------------------------------- Version 1.0.9-Production-Build1.60 2020-11-28T07:58:38 ----------------------------------------- Patch: SUSE-2020-3546 Released: Fri Nov 27 11:21:09 2020 Summary: Recommended update for gnutls Severity: moderate References: 1172695 Description: This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------- Patch: SUSE-2020-3551 Released: Fri Nov 27 14:54:37 2020 Summary: Security update for libssh2_org Severity: moderate References: 1130103,1178083,CVE-2019-17498,CVE-2019-3855,CVE-2019-3856,CVE-2019-3857,CVE-2019-3858,CVE-2019-3859,CVE-2019-3860,CVE-2019-3861,CVE-2019-3862,CVE-2019-3863 Description: This update for libssh2_org fixes the following issues: - Version update to 1.9.0: [bsc#1178083, jsc#SLE-16922] Enhancements and bugfixes: * adds ECDSA keys and host key support when using OpenSSL * adds ED25519 key and host key support when using OpenSSL 1.1.1 * adds OpenSSH style key file reading * adds AES CTR mode support when using WinCNG * adds PEM passphrase protected file support for Libgcrypt and WinCNG * adds SHA256 hostkey fingerprint * adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path() * adds explicit zeroing of sensitive data in memory * adds additional bounds checks to network buffer reads * adds the ability to use the server default permissions when creating sftp directories * adds support for building with OpenSSL no engine flag * adds support for building with LibreSSL * increased sftp packet size to 256k * fixed oversized packet handling in sftp * fixed building with OpenSSL 1.1 * fixed a possible crash if sftp stat gets an unexpected response * fixed incorrect parsing of the KEX preference string value * fixed conditional RSA and AES-CTR support * fixed a small memory leak during the key exchange process * fixed a possible memory leak of the ssh banner string * fixed various small memory leaks in the backends * fixed possible out of bounds read when parsing public keys from the server * fixed possible out of bounds read when parsing invalid PEM files * no longer null terminates the scp remote exec command * now handle errors when diffie hellman key pair generation fails * improved building instructions * improved unit tests - Version update to 1.8.2: [bsc#1130103] Bug fixes: * Fixed the misapplied userauth patch that broke 1.8.1 * moved the MAX size declarations from the public header ----------------------------------------- Patch: SUSE-2020-3552 Released: Fri Nov 27 18:11:42 2020 Summary: Security update for binutils Severity: moderate References: 1126826,1126829,1126831,1140126,1142649,1143609,1153768,1153770,1157755,1160254,1160590,1163333,1163744,1179036,CVE-2019-12972,CVE-2019-14250,CVE-2019-14444,CVE-2019-17450,CVE-2019-17451,CVE-2019-9074,CVE-2019-9075,CVE-2019-9077 Description: This update for binutils fixes the following issues: binutils was updated to version 2.35.1 (jsc#ECO-2373) Additional branch fixes applied on top of 2.35.1: * Fixes PR26520, aka [bsc#1179036], a problem in addr2line with certain DWARF variable descriptions. * Also fixes PR26711, PR26656, PR26655, PR26929, PR26808, PR25878, PR26740, PR26778, PR26763, PR26685, PR26699, PR26902, PR26869, PR26711 * The above includes fixes for dwo files produced by modern dwp, fixing several problems in the DWARF reader. Update to binutils 2.35.1 and rebased branch diff: * This is a point release over the previous 2.35 version, containing bug fixes, and as an exception to the usual rule, one new feature. The new feature is the support for a new directive in the assembler: '.nop'. This directive creates a single no-op instruction in whatever encoding is correct for the target architecture. Unlike the .space or .fill this is a real instruction, and it does affect the generation of DWARF line number tables, should they be enabled. Update to binutils 2.35: * The assembler can now produce DWARF-5 format line number tables. * Readelf now has a 'lint' mode to enable extra checks of the files it is processing. * Readelf will now display '[...]' when it has to truncate a symbol name. The old behaviour - of displaying as many characters as possible, up to the 80 column limit - can be restored by the use of the --silent-truncation option. * The linker can now produce a dependency file listing the inputs that it has processed, much like the -M -MP option supported by the compiler. - fix DT_NEEDED order with -flto [bsc#1163744] Update to binutils 2.34: * The disassembler (objdump --disassemble) now has an option to generate ascii art thats show the arcs between that start and end points of control flow instructions. * The binutils tools now have support for debuginfod. Debuginfod is a HTTP service for distributing ELF/DWARF debugging information as well as source code. The tools can now connect to debuginfod servers in order to download debug information about the files that they are processing. * The assembler and linker now support the generation of ELF format files for the Z80 architecture. - Add new subpackages for libctf and libctf-nobfd. - Disable LTO due to bsc#1163333. - Includes fixes for these CVEs: bsc#1153768 aka CVE-2019-17451 aka PR25070 bsc#1153770 aka CVE-2019-17450 aka PR25078 - fix various build fails on aarch64 (PR25210, bsc#1157755). Update to binutils 2.33.1: * Adds support for the Arm Scalable Vector Extension version 2 (SVE2) instructions, the Arm Transactional Memory Extension (TME) instructions and the Armv8.1-M Mainline and M-profile Vector Extension (MVE) instructions. * Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE, Cortex-A76AE, and Cortex-A77 processors. * Adds a .float16 directive for both Arm and AArch64 to allow encoding of 16-bit floating point literals. * For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not) Loongson3 LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no] configure time option to set the default behavior. Set the default if the configure option is not used to 'no'. * The Cortex-A53 Erratum 843419 workaround now supports a choice of which workaround to use. The option --fix-cortex-a53-843419 now takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp] which can be used to force a particular workaround to be used. See --help for AArch64 for more details. * Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties in the AArch64 ELF linker. * Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI on inputs and use PLTs protected with BTI. * Add -z pac-plt for AArch64 to pick PAC enabled PLTs. * Add --source-comment[=] option to objdump which if present, provides a prefix to source code lines displayed in a disassembly. * Add --set-section-alignment = option to objcopy to allow the changing of section alignments. * Add --verilog-data-width option to objcopy for verilog targets to control width of data elements in verilog hex format. * The separate debug info file options of readelf (--debug-dump=links and --debug-dump=follow) and objdump (--dwarf=links and --dwarf=follow-links) will now display and/or follow multiple links if more than one are present in a file. (This usually happens when gcc's -gsplit-dwarf option is used). In addition objdump's --dwarf=follow-links now also affects its other display options, so that for example, when combined with --syms it will cause the symbol tables in any linked debug info files to also be displayed. In addition when combined with --disassemble the --dwarf= follow-links option will ensure that any symbol tables in the linked files are read and used when disassembling code in the main file. * Add support for dumping types encoded in the Compact Type Format to objdump and readelf. - Includes fixes for these CVEs: bsc#1126826 aka CVE-2019-9077 aka PR1126826 bsc#1126829 aka CVE-2019-9075 aka PR1126829 bsc#1126831 aka CVE-2019-9074 aka PR24235 bsc#1140126 aka CVE-2019-12972 aka PR23405 bsc#1143609 aka CVE-2019-14444 aka PR24829 bsc#1142649 aka CVE-2019-14250 aka PR90924 * Add xBPF target * Fix various problems with DWARF 5 support in gas * fix nm -B for objects compiled with -flto and -fcommon. ----------------------------------------- Patch: SUSE-2020-3556 Released: Fri Nov 27 21:35:59 2020 Summary: Recommended update for resource-agents Severity: moderate References: 1178977 Description: This update for resource-agents fixes the following issues: - Fix handling of probe actions (bsc#1178977) ----------------------------------------- Version 1.0.9-Production-Build1.63 2020-12-02T07:57:54 ----------------------------------------- Patch: SUSE-2020-3579 Released: Tue Dec 1 14:24:31 2020 Summary: Recommended update for glib2 Severity: moderate References: 1178346 Description: This update for glib2 fixes the following issues: - Add support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) ----------------------------------------- Patch: SUSE-2020-3581 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Severity: moderate References: 1178376 Description: This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------- Patch: SUSE-2020-3590 Released: Tue Dec 1 18:09:24 2020 Summary: Recommended update for hawk2 Severity: moderate References: 1163381 Description: This update for hawk2 fixes the following issues: - Update from version 2.1.2+git.1594886920.d00b94aa to version 2.2.0+git.1603969748.10468582: - Fix server error after authentication if a resource has the same name as a node (bsc#1163381) - Allow also users in haclient to view history explorer (jsc#SLE-7358) ----------------------------------------- Version 1.0.9-Production-Build1.64 2020-12-03T07:58:55 ----------------------------------------- Patch: SUSE-2020-3593 Released: Wed Dec 2 10:33:49 2020 Summary: Security update for python3 Severity: important References: 1176262,1179193,CVE-2019-20916 Description: This update for python3 fixes the following issues: Update to 3.6.12 (bsc#1179193), including: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------- Patch: SUSE-2020-3597 Released: Wed Dec 2 10:45:20 2020 Summary: Security update for python Severity: important References: 1176262,CVE-2019-20916 Description: This update for python fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------- Version 1.0.9-Production-Build1.66 2020-12-04T07:54:17 ----------------------------------------- Patch: SUSE-2020-3616 Released: Thu Dec 3 10:56:12 2020 Summary: Recommended update for c-ares Severity: moderate References: 1178882 Description: - Fixed incomplete c-ares-devel dependencies introduced by the privous update (bsc#1178882). ----------------------------------------- Patch: SUSE-2020-3620 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Severity: moderate References: Description: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------- Version 1.0.9-Production-Build1.69 2020-12-08T07:40:32 ----------------------------------------- Patch: SUSE-2020-3637 Released: Mon Dec 7 11:53:11 2020 Summary: Recommended update for fence-agents Severity: moderate References: 1178343 Description: This update for fence-agents fixes the following issues: Update from version 4.4.0+git.1558595666.5f79f9e9 to version 4.6.0+git.1605185986.7b0f11c1 (bsc#1178343) - Add `pkg-config` file - `fence_scsi`: do not write key to device if it's already registered, and open file correctly to avoid using regex against end-of-file - `fencing`: fix run_command() to allow timeout=0 to mean forever - `fencing`: fix to make timeout(s)=0 be treated as forever for agents using `pexpect` - Add a `fence_crosslink` agent - `fencing`: fix `power-timeout` when using the new `disable-timeout` parameter ----------------------------------------- Patch: SUSE-2020-3643 Released: Mon Dec 7 17:22:19 2020 Summary: Recommended update for binutils Severity: important References: 1179341 Description: This update for binutils fixes the following issues: * Fix an incompatibility introduced in the latest update that broken the install scripts of the Oracle server. [bsc#1179341] ----------------------------------------- Patch: SUSE-2020-3703 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1179431 Description: This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------- Version 1.0.9-Production-Build1.71 2020-12-09T18:06:15 ----------------------------------------- Patch: SUSE-2020-3722 Released: Wed Dec 9 13:37:08 2020 Summary: Security update for openssl-1_1 Severity: important References: 1179491,CVE-2020-1971 Description: This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------- Patch: SUSE-2020-3725 Released: Wed Dec 9 14:40:18 2020 Summary: Recommended update for postfix Severity: moderate References: 1176650 Description: This update for postfix fixes the following issues: - Remove miss placed `fillup_only` call from `%verifyscript`. (bsc#1176650) ----------------------------------------- Version 1.0.9-Production-Build1.72 2020-12-10T07:41:00 ----------------------------------------- Patch: SUSE-2020-3733 Released: Wed Dec 9 18:18:35 2020 Summary: Security update for curl Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 Description: This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------- Version 1.0.9-Production-Build1.74 2020-12-11T12:33:20 ----------------------------------------- Patch: SUSE-2020-3738 Released: Thu Dec 10 08:08:22 2020 Summary: Recommended update for ucode-intel Severity: important References: 1179224 Description: This update for ucode-intel fixes the following issues: - Reverted 3 microcodes back to 20200616 release level after regression reports. (bsc#1179224) - SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | Xeon Scalable - SKX-D | M1 | 06-55-04/b7 | 02006906 | Xeon D-21xx - CLX-SP | B0 | 06-55-06/bf | 04002f01 | Xeon Scalable Gen2 - CLX-SP | B1 | 06-55-07/bf | 05002f01 | Xeon Scalable Gen2 ----------------------------------------- Patch: SUSE-2020-3749 Released: Thu Dec 10 14:39:28 2020 Summary: Security update for gcc7 Severity: moderate References: 1150164,1161913,1167939,1172798,1178577,1178614,1178624,1178675,CVE-2020-13844 Description: This update for gcc7 fixes the following issues: - CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation issue (bsc#1172798) - Enable fortran for the nvptx offload compiler. - Update README.First-for.SuSE.packagers - avoid assembler errors with AVX512 gather and scatter instructions when using -masm=intel. - Backport the aarch64 -moutline-atomics feature and accumulated fixes but not its default enabling. [jsc#SLE-12209, bsc#1167939] - Fixed 32bit libgnat.so link. [bsc#1178675] - Fixed memcpy miscompilation on aarch64. [bsc#1178624, bsc#1178577] - Fixed debug line info for try/catch. [bsc#1178614] - Remove -mbranch-protection=standard (aarch64 flag) when gcc7 is used to build gcc7 (ie when ada is enabled) - Fixed corruption of pass private ->aux via DF. [gcc#94148] - Fixed debug information issue with inlined functions and passed by reference arguments. [gcc#93888] - Fixed binutils release date detection issue. - Fixed register allocation issue with exception handling code on s390x. [bsc#1161913] - Fixed miscompilation of some atomic code on aarch64. [bsc#1150164] ----------------------------------------- Version 1.0.9-Production-Build1.75 2020-12-12T13:02:24 ----------------------------------------- Patch: SUSE-2020-3762 Released: Fri Dec 11 14:12:48 2020 Summary: Security update for openssl-1_0_0 Severity: important References: 1155346,1176029,1177479,1177575,1177673,1177793,1179491,CVE-2020-1971 Description: This update for openssl-1_0_0 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). - Initialized dh->nid to NID_undef in DH_new_method() (bsc#1177673). - Fixed a test failure in apache_ssl in fips mode (bsc#1177793). - Renamed BN_get_rfc3526_prime_* functions back to get_rfc3526_prime_* (bsc#1177575). - Restored private key check in EC_KEY_check_key (bsc#1177479). - Added shared secret KAT to FIPS DH selftest (bsc#1176029). - Included ECDH/DH Requirements from SP800-56Arev3 (bsc#1176029). - Used SHA-2 in the RSA pairwise consistency check (bsc#1155346) ----------------------------------------- Version 1.0.9-Production-Build1.79 2020-12-15T07:41:19 ----------------------------------------- Patch: SUSE-2019-748 Released: Tue Mar 26 14:35:56 2019 Summary: Security update for libmspack Severity: moderate References: 1113038,1113039,CVE-2018-18584,CVE-2018-18585 Description: This update for libmspack fixes the following issues: Security issues fixed: - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (bsc#1113038) - CVE-2018-18585: chmd_read_headers accepted a filename that has '\0' as its first or second character (such as the '/\0' name). (bsc#1113039) - Fix off-by-one bounds check on CHM PMGI/PMGL chunk numbers and reject empty filenames. ----------------------------------------- Patch: SUSE-2020-1493 Released: Wed May 27 18:55:51 2020 Summary: Security update for libmspack Severity: low References: 1130489,1141680,CVE-2019-1010305 Description: This update for libmspack fixes the following issues: Security issue fixed: - CVE-2019-1010305: Fixed a buffer overflow triggered by a crafted chm file which could have led to information disclosure (bsc#1141680). Other issue addressed: - Enable build-time tests (bsc#1130489) ----------------------------------------- Patch: SUSE-2020-3774 Released: Mon Dec 14 11:27:33 2020 Summary: Recommended update for kdump Severity: moderate References: 1047634,1050349,1093795,1094444,1108255,1108919,1111207,1112387,1116463,1123940,1125218,1141064,1153601,1170336,1173914,1177196 Description: This update for kdump fixes the following issues: - Fix multipath configuration with `user_friendly_names` and/or aliases. (bsc#1111207, bsc#1125218, bsc#1153601) - Recover from missing `CRASHTIME=` in `VMCOREINFO`. (bsc#1112387) - Clean up the use of current vs. boot network interface names. (bsc#1094444, bsc#1116463, bsc#1141064) - Use a custom namespace for physical NICs. (bsc#1094444, bsc#1116463, bsc#1141064) - Add `:force` option to `KDUMP_NETCONFIG`. (bsc#1108919) - Add `fence_kdump_send` when `fence-agents` are installed. (bsc#1108919) - Use var for path of `fence_kdump_send` and remove the unnecessary `PRESCRIPT` check. (bsc#1108919) - Document kdump behaviour for `fence_kdump_send`. (bsc#1108919) - Restore only static routes in kdump initrd. (bsc#1093795) - Replace obsolete perl-Bootloader library with a simpler script. (bsc#1050349) - Remove `console=hvc0` from command line. (bsc#1173914) - Set serial console from Xen command line. (bsc#1173914) - Remove `noefi` and `acpi_rsdp` for EFI firmware. (bsc#1123940, bsc#1170336) - Add `skip_balance` option to BTRFS mounts. (bsc#1108255) - Do not add `rd.neednet=1` to dracut command line. (bsc#1177196) ----------------------------------------- Patch: SUSE-2020-3790 Released: Mon Dec 14 15:01:22 2020 Summary: Security update for clamav Severity: moderate References: 1104457,1118459,1130721,1144504,1149458,1157763,CVE-2019-12625,CVE-2019-12900,CVE-2019-15961,CVE-2019-1785,CVE-2019-1786,CVE-2019-1787,CVE-2019-1788,CVE-2019-1789,CVE-2019-1798,CVE-2020-3123,CVE-2020-3327,CVE-2020-3341,CVE-2020-3350,CVE-2020-3481 Description: This update for clamav fixes the following issues: clamav was updated to the new major release 0.103.0. (jsc#ECO-3010,bsc#1118459) Note that libclamav was changed incompatible, if you have a 3rd party application that uses libclamav, it needs to be rebuilt. Update to 0.103.0 * clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort. - Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads as it will temporarily consume two times as much memory. We added a new clamd config option ConcurrentDatabaseReload, which may be set to no. * Fix clamav-milter.service (requires clamd.service to run) Update to 0.102.4 * CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. Update to 0.102.3 * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. * Fix 'Attempt to allocate 0 bytes' error when parsing some PDF documents. * Fix a couple of minor memory leaks. * Updated libclamunrar to UnRAR 5.9.2. Update to 0.102.2: * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. * Significantly improved the scan speed of PDF files on Windows. * Re-applied a fix to alleviate file access issues when scanning RAR files in downstream projects that use libclamav where the scanning engine is operating in a low-privilege process. This bug was originally fixed in 0.101.2 and the fix was mistakenly omitted from 0.102.0. * Fixed an issue where freshclam failed to update if the database version downloaded is one version older than advertised. This situation may occur after a new database version is published. The issue affected users downloading the whole CVD database file. * Changed the default freshclam ReceiveTimeout setting to 0 (infinite). The ReceiveTimeout had caused needless database update failures for users with slower internet connections. * Correctly display the number of kilobytes (KiB) in progress bar and reduced the size of the progress bar to accommodate 80-character width terminals. * Fixed an issue where running freshclam manually causes a daemonized freshclam process to fail when it updates because the manual instance deletes the temporary download directory. The freshclam temporary files will now download to a unique directory created at the time of an update instead of using a hardcoded directory created/destroyed at the program start/exit. * Fix for freshclam's OnOutdatedExecute config option. * Fixes a memory leak in the error condition handling for the email parser. * Improved bound checking and error handling in ARJ archive parser. * Improved error handling in PDF parser. * Fix for memory leak in byte-compare signature handler. - The freshclam.service should not be started before the network is online (it checks for updates immediately upon service start) Update to 0.102.1: * CVE-2019-15961, bsc#1157763: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. * Build system fixes to build clamav-milter, to correctly link with libxml2 when detected, and to correctly detect fanotify for on-access scanning feature support. * Signature load time is significantly reduced by changing to a more efficient algorithm for loading signature patterns and allocating the AC trie. Patch courtesy of Alberto Wu. * Introduced a new configure option to statically link libjson-c with libclamav. Static linking with libjson is highly recommended to prevent crashes in applications that use libclamav alongside another JSON parsing library. * Null-dereference fix in email parser when using the --gen-json metadata option. * Fixes for Authenticode parsing and certificate signature (.crb database) bugs. Update to 0.102.0: * The On-Access Scanning feature has been migrated out of clamd and into a brand new utility named clamonacc. This utility is similar to clamdscan and clamav-milter in that it acts as a client to clamd. This separation from clamd means that clamd no longer needs to run with root privileges while scanning potentially malicious files. Instead, clamd may drop privileges to run under an account that does not have super-user. In addition to improving the security posture of running clamd with On-Access enabled, this update fixed a few outstanding defects: - On-Access scanning for created and moved files (Extra-Scanning) is fixed. - VirusEvent for On-Access scans is fixed. - With clamonacc, it is now possible to copy, move, or remove a file if the scan triggered an alert, just like with clamdscan. * The freshclam database update utility has undergone a significant update. This includes: - Added support for HTTPS. - Support for database mirrors hosted on ports other than 80. - Removal of the mirror management feature (mirrors.dat). - An all new libfreshclam library API. - created new subpackage libfreshclam2 Update to 0.101.4: * CVE-2019-12900: An out of bounds write in the NSIS bzip2 (bsc#1149458) * CVE-2019-12625: Introduce a configurable time limit to mitigate zip bomb vulnerability completely. Default is 2 minutes, configurable useing the clamscan --max-scantime and for clamd using the MaxScanTime config option (bsc#1144504) Update to version 0.101.3: * bsc#1144504: ZIP bomb causes extreme CPU spikes Update to version 0.101.2 (bsc#1130721) * CVE-2019-1787: An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data. * CVE-2019-1789: An out-of-bounds heap read condition may occur when scanning PE files (i.e. Windows EXE and DLL files) that have been packed using Aspack as a result of inadequate bound-checking. * CVE-2019-1788: An out-of-bounds heap write condition may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. The invalid write happens when an invalid pointer is mistakenly used to initialize a 32bit integer to zero. This is likely to crash the application. * CVE-2019-1786: An out-of-bounds heap read condition may occur when scanning malformed PDF documents as a result of improper bounds-checking. * CVE-2019-1785: A path-traversal write condition may occur as a result of improper input validation when scanning RAR archives. * CVE-2019-1798: A use-after-free condition may occur as a result of improper error handling when scanning nested RAR archives. ----------------------------------------- Patch: SUSE-2020-3792 Released: Mon Dec 14 17:39:24 2020 Summary: Recommended update for gzip Severity: moderate References: 1145276 Description: This update for gzip fixes the following issues: Update from version 1.9 to version 1.10 (jsc#ECO-2217, jsc#SLE-12974) - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. - Fix three data corruption issues. (bsc#1145276, jsc#SLE-5818, jsc#SLE-8914) - Add support for `DFLTCC` (hardware-accelerated deflation) for s390x arch. (jsc#SLE-5818, jsc#SLE-8914) Enable it using the `--enable-dfltcc` option. - Compressed gzip output no longer contains the current time as a timestamp when the input is not a regular file. Instead, the output contains a `null` (zero) timestamp. This makes gzip's behavior more reproducible when used as part of a pipeline. - A use of uninitialized memory on some malformed inputs has been fixed. - A few theoretical race conditions in signal handlers have been fixed. - Update gnulib for `libio.h` removal. ----------------------------------------- Version 1.0.9-Production-Build1.80 2020-12-16T07:40:20 ----------------------------------------- Patch: SUSE-2020-3803 Released: Tue Dec 15 09:40:41 2020 Summary: Recommended update for rsyslog Severity: moderate References: 1176355 Description: This update for rsyslog fixes the following issues: - Fixes a crash for imfile (bsc#1176355) ----------------------------------------- Version 1.0.9-Production-Build1.81 2020-12-17T07:41:10 ----------------------------------------- Patch: SUSE-2020-3849 Released: Wed Dec 16 12:26:10 2020 Summary: Recommended update for crmsh Severity: moderate References: 1175976,1178333,1178373,1178701 Description: This update for crmsh fixes the following issues: - Fix for bootstrap using class 'JoinLock' to manage lock in parallel join. (bsc#1175976) - Fix for utils improving disable and enable functionalities. (bsc#1178701) - Fix for bootstrap disabling 'corosync-qdevice' if not configured. (bsc#1178701) - Fix for bootstrap including '/etc/sysconfig/nfs' into 'csync2.cfg'. (bsc#1178373) - Fix for bootstrap changing for '_get_sbd_device_interactive' function to avoid possible crash when configure sbd.(bsc#1178333) ----------------------------------------- Version 1.0.9-Production-Build1.83 2020-12-18T07:39:52 ----------------------------------------- Patch: SUSE-2020-3860 Released: Thu Dec 17 10:47:37 2020 Summary: Recommended update for tcl Severity: moderate References: 1179615 Description: This update for tcl fixes the following issue: - `TCL_LIBS` in `tclConfig.sh` possibly breaks build on newer service packs. (bsc#1179615) It is not needed for linking to a dynamic `libtcl` anyway and now it is empty. ----------------------------------------- Version 1.0.9-Production-Build1.84 2020-12-19T07:40:12 ----------------------------------------- Patch: SUSE-2020-3882 Released: Fri Dec 18 16:47:31 2020 Summary: Security update for openssh Severity: moderate References: 1148566,1173513,CVE-2020-14145 Description: This update for openssh fixes the following issues: - CVE-2020-14145: Fixed a potential information leak during host key exchange (bsc#1173513). - Fixed an issue where oracle cluster with cluvfy using 'scp' failing/missinterpreted (bsc#1148566). ----------------------------------------- Version 1.0.9-Production-Build1.85 2020-12-22T07:41:40 ----------------------------------------- Patch: SUSE-2020-3902 Released: Mon Dec 21 20:08:35 2020 Summary: Security update for MozillaFirefox Severity: critical References: 1180039,CVE-2020-16042,CVE-2020-26971,CVE-2020-26973,CVE-2020-26974,CVE-2020-26978,CVE-2020-35111,CVE-2020-35112,CVE-2020-35113 Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-55 (bsc#1180039) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 ----------------------------------------- Version 1.0.9-Production-Build1.86 2020-12-23T07:41:30 ----------------------------------------- Patch: SUSE-2020-3921 Released: Tue Dec 22 15:19:17 2020 Summary: Recommended update for libpwquality Severity: low References: Description: This update for libpwquality fixes the following issues: - Implement alignment with 'pam_cracklib'. (jsc#SLE-16720) ----------------------------------------- Version 1.0.9-Production-Build1.87 2020-12-30T07:39:39 ----------------------------------------- Patch: SUSE-2020-3930 Released: Wed Dec 23 18:19:39 2020 Summary: Security update for python3 Severity: important References: 1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492 Description: This update for python3 fixes the following issues: - Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - add triplets for mips-r6 and riscv - RISC-V needs CTYPES_PASS_BY_REF_HACK Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(…). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091). Update to 3.6.11: - Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094) - CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. ----------------------------------------- Patch: SUSE-2020-3932 Released: Wed Dec 23 18:21:59 2020 Summary: Security update for java-1_8_0-ibm Severity: moderate References: 1177943,1180063,CVE-2020-14779,CVE-2020-14781,CVE-2020-14792,CVE-2020-14796,CVE-2020-14797,CVE-2020-14798,CVE-2020-14803 Description: This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 20 [bsc#1180063,bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 * Class libraries: - SOCKETADAPTOR$SOCKETINPUTSTREAM.READ is blocking for more time that the set timeout - Z/OS specific C function send_file is changing the file pointer position * Java Virtual Machine: - Crash on iterate java stack - Java process hang on SIGTERM * JIT Compiler: - JMS performance regression from JDK8 SR5 FP40 TO FP41 * Class Libraries: - z15 high utilization following Z/VM and Linux migration from z14 To z15 * Java Virtual Machine: - Assertion failed when trying to write a class file - Assertion failure at modronapi.cpp - Improve the performance of defining and finding classes * JIT Compiler: - An assert in ppcbinaryencoding.cpp may trigger when running with traps disabled on power - AOT field offset off by n bytes - Segmentation fault in jit module on ibm z platform ----------------------------------------- Patch: SUSE-2020-3942 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Severity: moderate References: 1180138 Description: This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------- Patch: SUSE-2020-3943 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Severity: moderate References: 1178823 Description: This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------- Patch: SUSE-2020-3946 Released: Tue Dec 29 17:39:54 2020 Summary: Recommended update for python3 Severity: important References: 1180377 Description: This update for python3 fixes the following issues: - A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3, which caused regressions in several applications. (bsc#1180377) ----------------------------------------- Version 1.0.9-Production-Build1.89 2021-01-05T07:40:55 ----------------------------------------- Patch: SUSE-2021-2 Released: Mon Jan 4 06:42:18 2021 Summary: Recommended update for alsa-utils Severity: moderate References: 1179904 Description: This update for alsa-utils fixes the following issues: - Fix for alsa restore behavior during locking and restore saved settings. (bsc#1179904) - Remove unnecessary condition for alsa-restore.service ----------------------------------------- Version 1.0.9-Production-Build1.90 2021-01-12T07:41:58 ----------------------------------------- Patch: SUSE-2021-67 Released: Mon Jan 11 15:16:40 2021 Summary: Recommended update for yast2-cluster Severity: moderate References: 1120815,1151687,1180424 Description: This update for yast2-cluster fixes the following issues: - Add watchdog config to the default list. (bsc#1180424) - Update the open ports to support pacemaker-remote, booth, corosync-qnetd. (bsc#1151687) - Support use hostname in ring address. (bsc#1120815) ----------------------------------------- Version 1.0.9-Production-Build1.94 2021-01-13T07:42:42 ----------------------------------------- Patch: SUSE-2021-72 Released: Tue Jan 12 08:32:11 2021 Summary: Security update for MozillaFirefox Severity: important References: 1180623,CVE-2020-16044 Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.1 ESR * Fixed: Critical security issue MFSA 2021-01 (bsc#1180623) * CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk ----------------------------------------- Patch: SUSE-2021-76 Released: Tue Jan 12 10:25:26 2021 Summary: Recommended update for SUSEConnect Severity: low References: Description: This update for SUSEConnect fixes the following issue: Update to version 0.3.29 - Replace the Ruby path with the native one during build phase. ----------------------------------------- Patch: SUSE-2021-79 Released: Tue Jan 12 10:49:34 2021 Summary: Recommended update for gcc7 Severity: moderate References: 1167939 Description: This update for gcc7 fixes the following issues: - Amend the gcc7 aarch64 atomics for glibc namespace violation with getauxval. [bsc#1167939] ----------------------------------------- Patch: SUSE-2021-87 Released: Tue Jan 12 14:33:05 2021 Summary: Security update for crmsh Severity: important References: 1179999,CVE-2020-35459 Description: This update for crmsh fixes the following issue: - CVE-2020-35459: Fixed a privilege escalation in hawk_invoke (bsc#1179999). ----------------------------------------- Patch: SUSE-2021-88 Released: Tue Jan 12 14:33:31 2021 Summary: Security update for hawk2 Severity: important References: 1179998,CVE-2020-35458 Description: This update for hawk2 fixes the following security issue: - CVE-2020-35458: Fixed an insufficient input handler that could have led to remote code execution (bsc#1179998). ----------------------------------------- Patch: SUSE-2021-92 Released: Tue Jan 12 16:47:30 2021 Summary: Recommended update for prometheus-ha_cluster_exporter Severity: moderate References: Description: This update for prometheus-ha_cluster_exporter fixes the following issue: Update to version 1.2.1 - Remove Pacemaker dependency from systemd unit (jsc#TEAM-2169) ----------------------------------------- Version 1.0.9-Production-Build1.95 2021-01-15T11:43:25 ----------------------------------------- Patch: SUSE-2021-129 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 Description: This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------- Version 1.0.9-Production-Build1.101 2021-01-23T09:27:52 ----------------------------------------- Patch: SUSE-2021-177 Released: Wed Jan 20 11:18:03 2021 Summary: Recommended update for libselinux Severity: moderate References: 1135710,1136845,1180603 Description: This update for libselinux fixes the following issue: Issues addressed: - Removed check for selinux-policy package as it is not shipped in this package(bsc#1136845). - Added check that restorecond is installed and enabled - adjusted licenses of packages. All packages are under Public Domain, only selinux-tools contains a GPL-2.0 tool. ----------------------------------------- Patch: SUSE-2021-179 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Severity: moderate References: 1177460 Description: This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------- Patch: SUSE-2021-188 Released: Fri Jan 22 07:44:03 2021 Summary: Recommended update for fence-agents Severity: important References: 1178343 Description: This update for fence-agents fixes the following issues: - Fixes a regression which broke fencing in GCE (bsc#1178343) ----------------------------------------- Patch: SUSE-2021-191 Released: Fri Jan 22 10:14:02 2021 Summary: Recommended update for groff Severity: moderate References: 1180276 Description: This update for groff fixes the following issues: - include adjustments for reproducible builds (bsc#1180276) ----------------------------------------- Patch: SUSE-2021-200 Released: Fri Jan 22 15:39:33 2021 Summary: Security update for hawk2 Severity: critical References: 1179998,CVE-2020-35458 Description: This update for hawk2 fixes the following issues: hawk2 was updated to version 2.4.0+git.1611141202.2fe6369e. Security issue fixed: - Fixed another possible code execution vulnerability in the controller code (bsc#1179998). ----------------------------------------- Version 1.0.9-Production-Build1.103 2021-01-26T07:39:31 ----------------------------------------- Patch: SUSE-2021-202 Released: Mon Jan 25 13:33:53 2021 Summary: Recommended update for crmsh Severity: moderate References: 1177023,1180149,1180421,1180424 Description: This update for crmsh fixes the following issues: - Fix for an issue when 'cluster-init' fails due to wrong declaration of netmask. (bsc#1180421) - Fix for crmsh and yast2-cluster by adding '/etc/modules-load.d/watchdog.conf' into corosync config. (bsc#1180424) - Fix for bootstrap to return more specific error messages. (bsc#1177023) - Fix for a bootstrap isue when cluster init process not protected by lock and exclude other not joinging. (bsc#1180149) - Implement to use ping to test host is reachable before joining. - Check cluster was running on init node ----------------------------------------- Version 1.0.9-Production-Build1.106 2021-01-27T07:39:55 ----------------------------------------- Patch: SUSE-2021-213 Released: Tue Jan 26 09:01:36 2021 Summary: Recommended update for resource-agents Severity: moderate References: 1179977 Description: This update for resource-agents fixes the following issues: - A bug was fixed where the stop operation failed if /root/.profile has unexpected content (bsc#1179977) ----------------------------------------- Patch: SUSE-2021-215 Released: Tue Jan 26 12:03:38 2021 Summary: Recommended update for fence-agents Severity: important References: 1178343 Description: This update for fence-agents fixes the following issues: - Update to version 4.7.0+git.1607346448.17bd8552: * fence_mpath, fence_scsi: Improve logging for failed res/key get * fence_mpath, fence_scsi: Capture stderr in run_cmd() * build: depend on config changes to rebuild when running make after running ./configure * fence_redfish: Fix typo in help. * fence_aws: add support for IMDSv2 * spec: add pkg-config file, and set version for obsoletes to avoid failing to build on Fedora 33 * Add pkg-config file * fence_scsi: dont write key to device if it's already registered, and open file correctly to avoid using regex against end-of-file * fencing: fix run_command() to allow timeout=0 to mean forever * fencing: fix to make timeout(s)=0 be treated as forever for agents using pexpect - Fix a regression which broke fencing in GCE. [bsc#1178343] ----------------------------------------- Patch: SUSE-2021-220 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Severity: moderate References: 1180603 Description: This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------- Patch: SUSE-2021-227 Released: Tue Jan 26 19:22:14 2021 Summary: Security update for sudo Severity: important References: 1180684,1180685,1180687,1181090,CVE-2021-23239,CVE-2021-23240,CVE-2021-3156 Description: This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687] ----------------------------------------- Patch: SUSE-2021-228 Released: Tue Jan 26 23:05:02 2021 Summary: Recommended update for python-kiwi Severity: moderate References: 1179562,1180781 Description: This update for python-kiwi fixes the following issues: - Azure generated images are not bootable. (bsc#1180781) - Fixed validation of bool value in dracut module. - The `oem-multipath-scan` setup results in a bool variable inside of the initrd code. The variable `kiwi_oemmultipath_scan` is therefore either set to `true` or `false`. This update fixes the validation to make use of the `bool()` method provided for these type of variables. - Azure `LI/VLI` Production image boot process drops to dracut rescue shell during boot randomly (bsc#1179562) - Omit multipath module by default - The plain installation of the multipath toolkit activates the dracut multipath code. The setup if the target image runs in a multipath environment or not should however be decided explicitly in the image description via `` and not implicitly by the presence of tools - Fixed multipath disk device assignment in kiwi lib - The former lookup of the multipath mapped disk device contained a race condition. If the lookup of the device mapper files happened before multipathd has finished the initialization, kiwi continues with the unix node name and fails when the device mapper keeps a busy state on it. Now, in case of an explicit request to use multipath the lookup of the mapped device becomes a mandatory process that runs until the `DEVICE_TIMEOUT` is reached. Default timeout is set to 60 sec. ----------------------------------------- Version 1.0.9-Production-Build1.107 2021-01-28T07:39:37 ----------------------------------------- Patch: SUSE-2021-233 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 Description: This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------- Version 1.0.9-Production-Build1.108 2021-01-30T07:41:10 ----------------------------------------- Patch: SUSE-2021-246 Released: Fri Jan 29 13:13:12 2021 Summary: Security update for MozillaFirefox Severity: important References: 1181414,CVE-2020-26976,CVE-2021-23953,CVE-2021-23954,CVE-2021-23960,CVE-2021-23964 Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs ----------------------------------------- Version 1.0.9-Production-Build1.111 2021-02-02T07:40:18 ----------------------------------------- Patch: SUSE-2021-251 Released: Mon Feb 1 11:19:48 2021 Summary: Security update for rubygem-nokogiri Severity: important References: 1146578,1156722,1180507,CVE-2019-5477,CVE-2020-26247 Description: This update for rubygem-nokogiri fixes the following issues: rubygem-nokogiri was updated to 1.8.5 (bsc#1156722). Security issues fixed: - CVE-2019-5477: Fixed a command injection vulnerability (bsc#1146578). - CVE-2020-26247: Fixed an XXE vulnerability in Nokogiri::XML::Schema (bsc#1180507). ----------------------------------------- Patch: SUSE-2021-265 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Severity: important References: 1178775,1180885 Description: This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------- Version 1.0.9-Production-Build1.113 2021-02-03T07:40:18 ----------------------------------------- Patch: SUSE-2021-285 Released: Tue Feb 2 13:08:54 2021 Summary: Security update for cups Severity: moderate References: 1170671,1180520,CVE-2019-8842,CVE-2020-10001 Description: This update for cups fixes the following issues: - CVE-2020-10001: Fixed an out-of-bounds read in the ippReadIO function (bsc#1180520). - CVE-2019-8842: Fixed an out-of-bounds read in an extension field (bsc#1170671). ----------------------------------------- Version 1.0.9-Production-Build1.115 2021-02-04T07:39:31 ----------------------------------------- Patch: SUSE-2021-293 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Severity: moderate References: 1180603 Description: This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------- Version 1.0.9-Production-Build1.116 2021-02-05T07:40:09 ----------------------------------------- Patch: SUSE-2021-301 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Severity: moderate References: 1177460 Description: This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------- Version 1.0.9-Production-Build1.119 2021-02-09T07:40:23 ----------------------------------------- Patch: SUSE-2021-339 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Severity: low References: Description: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------- Patch: SUSE-2021-341 Released: Mon Feb 8 17:39:53 2021 Summary: Security update for python-urllib3 Severity: moderate References: 1177211,1181571,CVE-2020-26116 Description: This update for python-urllib3 fixes the following issues: - CVE-2020-26116: Raise ValueError if method contains control characters and thus prevent CRLF injection into URLs (bsc#1177211). - Skip test for RECENT_DATE (bsc#1181571). ----------------------------------------- Version 1.0.9-Production-Build1.120 2021-02-10T07:40:12 ----------------------------------------- Patch: SUSE-2021-355 Released: Tue Feb 9 18:07:49 2021 Summary: Security update for python Severity: important References: 1176262,1180686,1181126,CVE-2019-20916,CVE-2021-3177 Description: This update for python fixes the following issues: - buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126, CVE-2021-3177). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686).