----------------------------------------- Version 0 2023-09-05T17:12:36 ----------------------------------------- Patch: SUSE-2018-1267 Released: Tue Jul 3 18:09:32 2018 Summary: Security update for git Severity: important References: 1095218,1095219,CVE-2018-11233,CVE-2018-11235 Description: This update for git to version 2.16.4 fixes several issues. These security issues were fixed: - CVE-2018-11233: Path sanity-checks on NTFS allowed attackers to read arbitrary memory (bsc#1095218) - CVE-2018-11235: Arbitrary code execution when recursively cloning a malicious repository (bsc#1095219) ----------------------------------------- Patch: SUSE-2018-1277 Released: Thu Jul 5 08:38:06 2018 Summary: Security update for unzip Severity: moderate References: 1080074,910683,914442,CVE-2014-9636,CVE-2018-1000035 Description: This update for unzip fixes the following issues: - CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442) - CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074) This non-security issue was fixed: +- Allow processing of Windows zip64 archives (Windows archivers set total_disks field to 0 but per standard, valid values are 1 and higher) (bnc#910683) ----------------------------------------- Patch: SUSE-2018-1279 Released: Thu Jul 5 08:41:25 2018 Summary: Security update for tiff Severity: moderate References: 1074317,1082332,1082825,1086408,1092949,CVE-2017-11613,CVE-2017-18013,CVE-2018-10963,CVE-2018-7456,CVE-2018-8905 Description: This update for tiff fixes the following security issues: These security issues were fixed: - CVE-2017-18013: Fixed a NULL pointer dereference in the tif_print.cTIFFPrintDirectory function that could have lead to denial of service (bsc#1074317). - CVE-2018-10963: Fixed an assertion failure in the TIFFWriteDirectorySec() function in tif_dirwrite.c, which allowed remote attackers to cause a denial of service via a crafted file (bsc#1092949). - CVE-2018-7456: Prevent a NULL Pointer dereference in the function TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013 (bsc#1082825). - CVE-2017-11613: Prevent denial of service in the TIFFOpen function. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If the value of td_imagelength is set close to the amount of system memory, it will hang the system or trigger the OOM killer (bsc#1082332). - CVE-2018-8905: Prevent heap-based buffer overflow in the function LZWDecodeCompat via a crafted TIFF file (bsc#1086408). ----------------------------------------- Patch: SUSE-2018-1280 Released: Thu Jul 5 08:43:02 2018 Summary: Security update for exiv2 Severity: moderate References: 1048883,1050257,1051188,1054590,1054592,1054593,1060995,1060996,1061000,1061023,CVE-2017-11337,CVE-2017-11338,CVE-2017-11339,CVE-2017-11340,CVE-2017-11553,CVE-2017-11591,CVE-2017-11592,CVE-2017-11683,CVE-2017-12955,CVE-2017-12956,CVE-2017-12957,CVE-2017-14859,CVE-2017-14860,CVE-2017-14862,CVE-2017-14864 Description: This update for exiv2 to 0.26 fixes the following security issues: - CVE-2017-14864: Prevent invalid memory address dereference in Exiv2::getULong that could have caused a segmentation fault and application crash, which leads to denial of service (bsc#1060995). - CVE-2017-14862: Prevent invalid memory address dereference in Exiv2::DataValue::read that could have caused a segmentation fault and application crash, which leads to denial of service (bsc#1060996). - CVE-2017-14859: Prevent invalid memory address dereference in Exiv2::StringValueBase::read that could have caused a segmentation fault and application crash, which leads to denial of service (bsc#1061000). - CVE-2017-14860: Prevent heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function via a crafted input that could have lead to a denial of service attack (bsc#1061023). - CVE-2017-11337: Prevent invalid free in the Action::TaskFactory::cleanup function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883). - CVE-2017-11338: Prevent infinite loop in the Exiv2::Image::printIFDStructure function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883). - CVE-2017-11339: Prevent heap-based buffer overflow in the Image::printIFDStructure function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883). - CVE-2017-11340: Prevent Segmentation fault in the XmpParser::terminate() function via a crafted input that could have lead to a remote denial of service attack (bsc#1048883). - CVE-2017-12955: Prevent heap-based buffer overflow. The vulnerability caused an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact (bsc#1054593). - CVE-2017-12956: Preventn illegal address access in Exiv2::FileIo::path[abi:cxx11]() that could have lead to remote denial of service (bsc#1054592). - CVE-2017-12957: Prevent heap-based buffer over-read that was triggered in the Exiv2::Image::io function and could have lead to remote denial of service (bsc#1054590). - CVE-2017-11683: Prevent reachable assertion in the Internal::TiffReader::visitDirectory function that could have lead to a remote denial of service attack via crafted input (bsc#1051188). - CVE-2017-11591: Prevent Floating point exception in the Exiv2::ValueType function that could have lead to a remote denial of service attack via crafted input (bsc#1050257). - CVE-2017-11553: Prevent illegal address access in the extend_alias_table function via a crafted input could have lead to remote denial of service. - CVE-2017-11592: Prevent mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function that could have lead to a remote denial of service attack (heap memory corruption) via crafted input. ----------------------------------------- Patch: SUSE-2018-1281 Released: Thu Jul 5 08:44:42 2018 Summary: Security update for ghostscript Severity: moderate References: 1090099,CVE-2018-10194 Description: This update for ghostscript fixes the following issues: - CVE-2018-10194: The set_text_distance function did not prevent overflows in text-positioning calculation, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document (bsc#1090099). ----------------------------------------- Patch: SUSE-2018-1282 Released: Thu Jul 5 08:46:19 2018 Summary: Security update for libvorbis Severity: moderate References: 1091070,CVE-2018-10392 Description: This update for libvorbis fixes the following issues: The following security issue was fixed: - Fixed the validation of channels in mapping0_forward(), which previously allowed remote attackers to cause a denial of service via specially crafted files (CVE-2018-10392, bsc#1091070) ----------------------------------------- Patch: SUSE-2018-1284 Released: Thu Jul 5 08:47:56 2018 Summary: Security update for openvpn Severity: moderate References: 1090839,CVE-2018-9336 Description: This update for openvpn fixes the following issues: - CVE-2018-9336: Fix potential double-free() in Interactive Service could lead to denial of service (bsc#1090839). ----------------------------------------- Patch: SUSE-2018-1292 Released: Mon Jul 9 11:57:14 2018 Summary: Security update for openslp Severity: important References: 1090638,CVE-2017-17833 Description: This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing ----------------------------------------- Patch: SUSE-2018-1307 Released: Wed Jul 11 17:25:54 2018 Summary: Recommended update for google-compute-engine Severity: moderate References: 1097378 Description: This update for google-compute-engine fixes the following issues: - Ensure that google-ip-forwarding-daemon service and google-network-setup are stopped and disabled during upgrade. - Ensure that google-network-daemon service is enabled and started during upgrade. - Set run_dir to /var/run. (bsc#1097378, #1097616) ----------------------------------------- Patch: SUSE-2018-1319 Released: Thu Jul 12 11:04:25 2018 Summary: Security update for java-1_8_0-openjdk Severity: important References: 1087066,1090023,1090024,1090025,1090026,1090027,1090028,1090029,1090030,1090032,1090033,CVE-2018-2790,CVE-2018-2794,CVE-2018-2795,CVE-2018-2796,CVE-2018-2797,CVE-2018-2798,CVE-2018-2799,CVE-2018-2800,CVE-2018-2814,CVE-2018-2815 Description: This update for java-1_8_0-openjdk to version 8u171 fixes the following issues: These security issues were fixed: - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969, CVE-2018-2790, bsc#1090023: Manifest better manifest entries - S8189977, CVE-2018-2795, bsc#1090025: Improve permission portability - S8189981, CVE-2018-2796, bsc#1090026: Improve queuing portability - S8189985, CVE-2018-2797, bsc#1090027: Improve tabular data portability - S8189989, CVE-2018-2798, bsc#1090028: Improve container portability - S8189993, CVE-2018-2799, bsc#1090029: Improve document portability - S8189997, CVE-2018-2794, bsc#1090024: Enhance keystore mechanisms - S8190478: Improved interface method selection - S8190877: Better handling of abstract classes - S8191696: Better mouse positioning - S8192025, CVE-2018-2814, bsc#1090032: Less referential references - S8192030: Better MTSchema support - S8192757, CVE-2018-2815, bsc#1090033: Improve stub classes implementation - S8193409: Improve AES supporting classes - S8193414: Improvements in MethodType lookups - S8193833, CVE-2018-2800, bsc#1090030: Better RMI connection support For other changes please consult the changelog. ----------------------------------------- Patch: SUSE-2018-1323 Released: Fri Jul 13 09:26:19 2018 Summary: Security update for libopenmpt Severity: moderate References: 1089080,1095644,CVE-2018-10017,CVE-2018-11710 Description: This update for libopenmpt to version 0.3.9 fixes the following issues: These security issues were fixed: - CVE-2018-11710: Prevent write near address 0 in out-of-memory situations when reading AMS files (bsc#1095644) - CVE-2018-10017: Preven out-of-bounds memory read with IT/ITP/MO3 files containing pattern loops (bsc#1089080) These non-security issues were fixed: - [Bug] openmpt123: Fixed build failure in C++17 due to use of removed feature std::random_shuffle. - STM: Having both Bxx and Cxx commands in a pattern imported the Bxx command incorrectly. - STM: Last character of sample name was missing. - Speed up reading of truncated ULT files. - ULT: Portamento import was sometimes broken. - The resonant filter was sometimes unstable when combining low-volume samples, low cutoff and high mixing rates. - Keep track of active SFx macro during seeking. - The 'note cut' duplicate note action did not volume-ramp the previously playing sample. - A song starting with non-existing patterns could not be played. - DSM: Support restart position and 16-bit samples. - DTM: Import global volume. ----------------------------------------- Patch: SUSE-2018-1332 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Severity: moderate References: 1073299,1093392 Description: This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------- Patch: SUSE-2018-1334 Released: Tue Jul 17 09:06:41 2018 Summary: Recommended update for mozilla-nss Severity: moderate References: 1096515 Description: This update for mozilla-nss provides the following fixes: - Update to NSS 3.36.4 required by Firefox 60.0.2. (bsc#1096515) - Fix a problem that would cause connections to a server that was recently upgraded to TLS 1.3 to result in a SSL_RX_MALFORMED_SERVER_HELLO error. - Fix a rare bug with PKCS#12 files. - Use relro linker option. ----------------------------------------- Patch: SUSE-2018-1335 Released: Tue Jul 17 10:13:39 2018 Summary: Recommended update for cloud-netconfig Severity: moderate References: 1095485 Description: This update for cloud-netconfig fixes the following issues: - Make interface names in Azure persistent. (bsc#1095485) ----------------------------------------- Patch: SUSE-2018-1346 Released: Thu Jul 19 09:25:08 2018 Summary: Security update for glibc Severity: moderate References: 1082318,1092877,1094150,1094154,1094161,CVE-2017-18269,CVE-2018-11236,CVE-2018-11237 Description: This update for glibc fixes the following security issues: - CVE-2017-18269: An SSE2-optimized memmove implementation for i386 did not correctly perform the overlapping memory check if the source memory range spaned the middle of the address space, resulting in corrupt data being produced by the copy operation. This may have disclosed information to context-dependent attackers, resulted in a denial of service or code execution (bsc#1094150). - CVE-2018-11236: Prevent integer overflow on 32-bit architectures when processing very long pathname arguments to the realpath function, leading to a stack-based buffer overflow (bsc#1094161). - CVE-2018-11237: An AVX-512-optimized implementation of the mempcpy function may have writen data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper (bsc#1092877, bsc#1094154). ----------------------------------------- Patch: SUSE-2018-1348 Released: Thu Jul 19 09:32:11 2018 Summary: Security update for wireshark Severity: moderate References: 1094301,CVE-2018-11356,CVE-2018-11357,CVE-2018-11358,CVE-2018-11359,CVE-2018-11360,CVE-2018-11362 Description: This update for wireshark fixes vulnerabilities that could be used to trigger dissector crashes or cause dissectors to go into large infinite loops by making Wireshark read specially crafted packages from the network or capture files (bsc#1094301). This includes: - CVE-2018-11356: DNS dissector crash - CVE-2018-11357: Multiple dissectors could consume excessive memory - CVE-2018-11358: Q.931 dissector crash - CVE-2018-11359: The RRC dissector and other dissectors could crash - CVE-2018-11360: GSM A DTAP dissector crash - CVE-2018-11362: LDSS dissector crash ----------------------------------------- Patch: SUSE-2018-1349 Released: Thu Jul 19 09:35:42 2018 Summary: Security update for rubygem-sprockets Severity: moderate References: 1098369,CVE-2018-3760 Description: This update for rubygem-sprockets fixes the following issues: The following security vulnerability was addressed: - CVE-2018-3760: Fixed a path traversal issue in sprockets/server.rb:forbidden_request?(), which allowed remote attackers to read arbitrary files (bsc#1098369) ----------------------------------------- Patch: SUSE-2018-1353 Released: Thu Jul 19 09:50:32 2018 Summary: Security update for e2fsprogs Severity: moderate References: 1009532,1038194,915402,918346,960273,CVE-2015-0247,CVE-2015-1572 Description: This update for e2fsprogs fixes the following issues: Security issues fixed: - CVE-2015-0247: Fixed couple of heap overflows in e2fsprogs (fsck, dumpe2fs, e2image...) (bsc#915402). - CVE-2015-1572: Fixed potential buffer overflow in closefs() (bsc#918346). Bug fixes: - bsc#1038194: generic/405 test fails with /dev/mapper/thin-vol is inconsistent on ext4 file system. - bsc#1009532: resize2fs hangs when trying to resize a large ext4 file system. - bsc#960273: xfsprogs does not call %{?regenerate_initrd_post}. ----------------------------------------- Patch: SUSE-2018-1355 Released: Thu Jul 19 09:57:36 2018 Summary: Security update for mercurial Severity: moderate References: 1100353,1100354,1100355,CVE-2018-13346,CVE-2018-13347,CVE-2018-13348 Description: This update for mercurial fixes the following issues: Security issues fixed: - CVE-2018-13346: Fix mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data (bsc#1100354). - CVE-2018-13347: Fix mpatch.c that mishandles integer addition and subtraction (bsc#1100355). - CVE-2018-13348: Fix the mpatch_decode function in mpatch.c that mishandles certain situations where there should be at least 12 bytes remaining after thecurrent position in the patch data (bsc#1100353). ----------------------------------------- Patch: SUSE-2018-1371 Released: Mon Jul 23 10:37:01 2018 Summary: Security update for openssl-1_1 Severity: moderate References: 1097158,1097624,1098592,CVE-2018-0732 Description: This update for openssl-1_1 fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) ----------------------------------------- Patch: SUSE-2018-1398 Released: Thu Jul 26 16:27:58 2018 Summary: Security update for java-1_8_0-ibm Severity: important References: 1085449,1093311,CVE-2018-1417,CVE-2018-2783,CVE-2018-2790,CVE-2018-2794,CVE-2018-2795,CVE-2018-2796,CVE-2018-2797,CVE-2018-2798,CVE-2018-2799,CVE-2018-2800,CVE-2018-2814,CVE-2018-2825,CVE-2018-2826 Description: IBM Java was updated to version 8.0.5.15 [bsc#1093311, bsc#1085449] Security fixes: - CVE-2018-2826 CVE-2018-2825 CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 - Removed translations in the java-1_8_0-ibm-devel-32bit package as they conflict with those in java-1_8_0-ibm-devel. ----------------------------------------- Patch: SUSE-2018-1404 Released: Thu Jul 26 16:41:42 2018 Summary: Security update for libsndfile Severity: moderate References: 1071767,1071777,1100167,CVE-2017-17456,CVE-2017-17457,CVE-2018-13139 Description: This update for libsndfile fixes the following issues: Security issues fixed: - CVE-2018-13139: Fix a stack-based buffer overflow in psf_memset in common.c that allows remote attackers to cause a denial of service (bsc#1100167). - CVE-2017-17456: Prevent segmentation fault in the function d2alaw_array() that may have lead to a remote DoS (bsc#1071777) - CVE-2017-17457: Prevent segmentation fault in the function d2ulaw_array() that may have lead to a remote DoS, a different vulnerability than CVE-2017-14246 (bsc#1071767) ----------------------------------------- Patch: SUSE-2018-1409 Released: Fri Jul 27 06:45:10 2018 Summary: Recommended update for systemd Severity: moderate References: 1039099,1083158,1088052,1091265,1093851,1095096,1095973,1098569 Description: This update for systemd provides the following fixes: - systemctl: Mask always reports the same unit names when different unknown units are passed. (bsc#1095973) - systemctl: Check the existence of all units, not just the first one. - scsi_id: Fix the prefix for pre-SPC inquiry reply. (bsc#1039099) - device: Make sure to always retroactively start device dependencies. (bsc#1088052) - locale-util: On overlayfs FTW_MOUNT causes nftw(3) to not list *any* files. - Fix pattern to detect distribution. - install: The 'user' and 'global' scopes are equivalent for user presets. (bsc#1093851) - install: Search for preset files in /run (#7715) - install: Consider globally enabled units as 'enabled' for the user. (bsc#1093851) - install: Consider non-Alias=/non-DefaultInstance= symlinks as 'indirect' enablement. - install: Only consider names in Alias= as 'enabling'. - udev: Whitelist mlx4_core locally-administered MAC addresses in the persistent rule generator. (bsc#1083158) - man: Updated systemd-analyze blame description for service-units with Type=simple. (bsc#1091265) - fileio: Support writing atomic files with timestamp. - fileio.c: Fix incorrect mtime - Drop runtime dependency on dracut, otherwise systemd pulls in tools to generate the initrd even in container/chroot installations that don't have a kernel. For environments where initrd matters, dracut should be pulled via a pattern. (bsc#1098569) - An update broke booting with encrypted partitions on NVMe (bsc#1095096) ----------------------------------------- Patch: SUSE-2018-1411 Released: Fri Jul 27 06:48:11 2018 Summary: Recommended update for SAPHanaSR-ScaleOut Severity: moderate References: 1091988,1092331 Description: This update for SAPHanaSR-ScaleOut provides the following fixes: - Fix a problem that was causing SAPHanaSR-showAttr to fail opening an archived cib file. (bsc#1092331) - Make sure SAPHanaSR-monitor depends only on packages available in SLES. (bsc#1091988) - Move SAPHanaSR-showAttr, SAPHanaSR-monitor to /usr/sbin to match the file layout in SAPHanaSR-ScaleUp. ----------------------------------------- Patch: SUSE-2018-1416 Released: Fri Jul 27 12:47:55 2018 Summary: Security update for mutt Severity: important References: 1094717,1101428,1101566,1101567,1101568,1101569,1101570,1101571,1101573,1101576,1101577,1101578,1101581,1101582,1101583,1101588,1101589,CVE-2014-9116,CVE-2018-14349,CVE-2018-14350,CVE-2018-14351,CVE-2018-14352,CVE-2018-14353,CVE-2018-14354,CVE-2018-14355,CVE-2018-14356,CVE-2018-14357,CVE-2018-14358,CVE-2018-14359,CVE-2018-14360,CVE-2018-14361,CVE-2018-14362,CVE-2018-14363 Description: This update for mutt fixes the following issues: Security issues fixed: - bsc#1101428: Mutt 1.10.1 security release update. - CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox literal count size (bsc#1101583). - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581). - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567). - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578). - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582). - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576). - CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal in a mailbox name (bsc#1101577). - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589). - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588). - CVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/' characters that may have unsafe interaction with cache pathnames (bsc#1101566). - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570). - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571). - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based buffer overflow because of incorrect sscanf usage (bsc#1101569). - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573). - CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails for messages data (bsc#1101568). Bug fixes: - mutt reports as neomutt and incorrect version (bsc#1094717) ----------------------------------------- Patch: SUSE-2018-1458 Released: Tue Jul 31 12:48:18 2018 Summary: Recommended update for lapack Severity: moderate References: 1087426 Description: This update for lapack fixes the following issues: - Build tmglib and fold contents into existing liblapack{.a,.so.3}. (bsc#1087426) ----------------------------------------- Patch: SUSE-2018-1462 Released: Tue Jul 31 14:04:41 2018 Summary: Security update for java-11-openjdk Severity: moderate References: 1101645,1101651,1101655,1101656,CVE-2018-2940,CVE-2018-2952,CVE-2018-2972,CVE-2018-2973 Description: This java-11-openjdk update to version jdk-11+24 fixes the following issues: Security issues fixed: - CVE-2018-2940: Fix unspecified vulnerability in subcomponent Libraries (bsc#1101645). - CVE-2018-2952: Fix unspecified vulnerability in subcomponent Concurrency (bsc#1101651). - CVE-2018-2972: Fix unspecified vulnerability in subcomponent Security (bsc#1101655). - CVE-2018-2973: Fix unspecified vulnerability in subcomponent JSSE (bsc#1101656). ----------------------------------------- Patch: SUSE-2018-1476 Released: Thu Aug 2 14:20:03 2018 Summary: Security update for cups Severity: moderate References: 1096405,1096406,1096407,1096408,CVE-2018-4180,CVE-2018-4181,CVE-2018-4182,CVE-2018-4183 Description: This update for cups fixes the following issues: The following security vulnerabilities were fixed: - Fixed a local privilege escalation to root and sandbox bypasses in the scheduler - CVE-2018-4180: Fixed a local privilege escalation to root in dnssd backend (bsc#1096405) - CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive (bsc#1096406) - CVE-2018-4182: Fixed a sandbox bypass due to insecure error handling (bsc#1096407) - CVE-2018-4183: Fixed a sandbox bypass due to profile misconfiguration (bsc#1096408) ----------------------------------------- Patch: SUSE-2018-1509 Released: Tue Aug 7 09:39:07 2018 Summary: Security update for clamav Severity: moderate References: 1101410,1101412,1101654,1103040,CVE-2018-0360,CVE-2018-0361 Description: This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) - Buffer over-read in unRAR code due to missing max value checks in table initialization - Libmspack heap buffer over-read in CHM parser (bsc#1103040) - PDF parser bugs The following other changes were made: - Disable YARA support for licensing reasons (bsc#1101654). - Add HTTPS support for clamsubmit - Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only ----------------------------------------- Patch: SUSE-2018-1512 Released: Tue Aug 7 12:48:02 2018 Summary: Security update for libcdio Severity: low References: 1082821,1082877,CVE-2017-18199,CVE-2017-18201 Description: This update for libcdio fixes the following issues: The following security vulnerabilities were addressed: - CVE-2017-18199: Fixed a NULL pointer dereference in realloc_symlink in rock.c (bsc#1082821) - CVE-2017-18201: Fixed a double free vulnerability in get_cdtext_generic() in _cdio_generic.c (bsc#1082877) - Fixed several memory leaks (bsc#1082821) ----------------------------------------- Patch: SUSE-2018-1514 Released: Tue Aug 7 18:05:04 2018 Summary: Security update for enigmail Severity: moderate References: 1094781,1096745,1097525,CVE-2018-12019,CVE-2018-12020 Description: This update for enigmail to 2.0.7 fixes the following issues: These security issues were fixed: - CVE-2018-12020: Mitigation against GnuPG signature spoofing: Email signatures could be spoofed via an embedded '--filename' parameter in OpenPGP literal data packets. This update prevents this issue from being exploited if GnuPG was not updated (boo#1096745) - CVE-2018-12019: The signature verification routine interpreted User IDs as status/control messages and did not correctly keep track of the status of multiple signatures. This allowed remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids (boo#1097525) - Disallow plaintext (literal packets) outside of encrpyted packets - Replies to a partially encrypted message may have revealed protected information - no longer display PGP/MIME message part followed by unencrypted data (bsc#1094781) - Fix signature Spoofing via Inline-PGP in HTML Mails These non-security issues were fixed: - Fix filter actions forgetting selected mail folder names - Fix compatibility issue with Thunderbird 60b7 ----------------------------------------- Patch: SUSE-2018-1516 Released: Tue Aug 7 20:19:10 2018 Summary: Recommended update for vsftpd Severity: moderate References: 1010177,1075060,1093179,975538 Description: This update for vsftpd fixes the following issues: - Add 'rsa_cert_file' and 'dsa_cert_file' options to config file template to make the user aware that either one of those options need to be configured, otherwise vsftpd won't start up if SSL mode is enabled (bsc#975538) - Bugfix: Don't start/stop parameterized systemd units in pre/post actions. These units cannot be used without an explicit parameter and attempts to do so lead to a confusing 'failed to try-restart' error message. (bsc#1093179, bsc#1010177) - man page: Added description for 'address_space_limit' option (bsc#1075060) ----------------------------------------- Patch: SUSE-2018-1539 Released: Fri Aug 10 11:39:36 2018 Summary: Security update for wireshark Severity: moderate References: 1101776,1101777,1101786,1101788,1101791,1101794,1101800,1101802,1101804,1101810,CVE-2018-14339,CVE-2018-14340,CVE-2018-14341,CVE-2018-14342,CVE-2018-14343,CVE-2018-14344,CVE-2018-14367,CVE-2018-14368,CVE-2018-14369,CVE-2018-14370 Description: This update for wireshark fixes the following issues: Security issues fixed: - CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, bsc#1101777) - CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, bsc#1101788) - CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, bsc#1101804) - CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, bsc#1101786) - CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, bsc#1101810) - CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, bsc#1101776) - CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, bsc#1101794) - CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, bsc#1101800) - CVE-2018-14367: CoAP dissector crash (wnpa-sec-2018-42, bsc#1101791) - CVE-2018-14370: IEEE 802.11 dissector crash (wnpa-sec-2018-43, bsc#1101802) Bug fixes: - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.8.html ----------------------------------------- Patch: SUSE-2018-1642 Released: Thu Aug 16 16:55:54 2018 Summary: Security update for perl-Archive-Zip Severity: moderate References: 1099497,CVE-2018-10860 Description: This update for perl-Archive-Zip fixes the following security issue: - CVE-2018-10860: Prevent directory traversal caused by not properly sanitizing paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could have used this flaw to write or overwrite arbitrary files in the context of the perl interpreter (bsc#1099497) ----------------------------------------- Patch: SUSE-2018-1705 Released: Mon Aug 20 16:31:22 2018 Summary: Recommended update for quota Severity: important References: 1104898 Description: This update for quota fixes the following issues: - Fix issue with high cpu load if RQUOTAD_PORT is set in /etc/sysconfig/nfs. (bsc#1104898) ----------------------------------------- Patch: SUSE-2018-1756 Released: Fri Aug 24 17:12:55 2018 Summary: Recommended update for growpart Severity: moderate References: 1097455,1098681 Description: This update for growpart provides the following fix: - Support btrfs resize and handle ro setup in rootgrow. (bsc#1097455, bsc#1098681) ----------------------------------------- Patch: SUSE-2018-1775 Released: Tue Aug 28 12:40:50 2018 Summary: Recommended update for xfsprogs Severity: important References: 1089777,1105396 Description: This update for xfsprogs fixes the following issues: - avoid divide-by-zero when hardware reports optimal i/o size as 0 (bsc#1089777) - repair: shift inode back into place if corrupted by bad log replay (bsc#1105396). ----------------------------------------- Patch: SUSE-2018-1782 Released: Tue Aug 28 18:20:02 2018 Summary: Recommended update for SAPHanaSR Severity: moderate References: 1062267,1091074 Description: This update for SAPHanaSR provides the following fixes: - Remove show_SAPHanaSR_attributes. The user is advised to use SAPHanaSR-showAttr instead. (bsc#1091074) - Adjust HAWK2 Wizards to run on both Python 2 and 3. (fate#323526) - SAPHanaSR wizard sets IPAddr2 agent's NIC to eth0. (bsc#1062267) ----------------------------------------- Patch: SUSE-2018-1804 Released: Fri Aug 31 13:02:24 2018 Summary: Recommended update for docker Severity: moderate References: 1065609,1073877,1099277,1100727 Description: This update for docker fixes the following issues: - Build the client binary with -buildmode=pie to fix issues on POWER. (bsc#1100727) - Fix an issue where changed AppArmor profiles don't actually get applied on Docker daemon reboot. (bsc#1099277) - Update to AppArmor patch so that signal mediation also works for signals between in-container processes. (bsc#1073877) - Do not log incorrect warnings when attempting to inject non-existent host files. (bsc#1065609) ----------------------------------------- Patch: SUSE-2018-1853 Released: Thu Sep 6 19:41:23 2018 Summary: Security update for enigmail Severity: moderate References: 1104036 Description: This update for enigmail to 2.0.8 fixes the following issues: The enigmail 2.0.8 release addresses a security issue and solves a few regression bugs. * A security issue has been fixed that allows an attacker to prepare a plain, unauthenticated HTML message in a way that it looks like it's signed and/or encrypted (boo#1104036) ----------------------------------------- Patch: SUSE-2018-1861 Released: Mon Sep 10 11:38:53 2018 Summary: Recommended update for firewalld and susefirewall2-to-firewalld Severity: moderate References: 1096542,1098986,1099698,1105157,1105170 Description: This update for firewalld and susefirewall2-to-firewalld fixes the following issues: firewalld: - Drop global read permissions from the log file (bsc#1098986) - Add missing ipv6-icmp protocol to UI drop-down list (bsc#1099698) - Fix some untranslated strings in the creation of rich rules and firewall-config. (bsc#1096542) - fw: If failure occurs during startup set state to FAILED. - fw_direct: Avoid log for untracked passthrough queries. - Rich Rule Masquerade inverted source-destination in Forward Chain. - Don't forward interface to zone requests to NM for generated interfaces. - firewall-cmd, firewall-offline-cmd: Add --check-config option. - ipset: Check type when parsing ipset definition. - firewall-config: Add ipv6-icmp to the protocol dropdown box. - core/logger: Remove world-readable bit from logfile. - IPv6 rpfilter: Explicitly allow neighbor solicitation. susefirewall2-to-firewalld: - Do not try to handle unknown iptables chains. - Handle source whitelisting. (bsc#1105157) ----------------------------------------- Patch: SUSE-2018-1897 Released: Thu Sep 13 15:18:20 2018 Summary: Recommended update for python3-gcemetadata Severity: moderate References: 1097505 Description: This update for python3-gcemetadata fixes the following issues: - Support instances with multiple Nics. (bsc#1097505) ----------------------------------------- Patch: SUSE-2018-1901 Released: Fri Sep 14 12:38:11 2018 Summary: Recommended update for vncmanager Severity: moderate References: 1103552 Description: This update for vncmanager fixes the following issues: - Declare the service as part of xvnc.target so it can be used as dependency for xvnc-novnc.service. (bsc#1103552) ----------------------------------------- Patch: SUSE-2018-1911 Released: Mon Sep 17 14:36:44 2018 Summary: Recommended update for python3-susepubliccloudinfo Severity: moderate References: 1103684 Description: This update for python3-susepubliccloudinfo fixes the following issues: - Avoid traceback on improper query options. (bsc#1103684) ----------------------------------------- Patch: SUSE-2018-1962 Released: Fri Sep 21 13:48:37 2018 Summary: Recommended update for icewm Severity: important References: 1096917 Description: This update for icewm fixes the following issues: - Renamed icewm-session.desktop to icewm.desktop to fix a upgrade issue (bsc#1096917). ----------------------------------------- Patch: SUSE-2018-1978 Released: Mon Sep 24 10:37:23 2018 Summary: Recommended update for myspell-dictionaries Severity: low References: 1099508,1102294 Description: This update brings myspell-dictionaries to version 20180704, providing the following fixes: - Indonesian spelling dictionary, thesaurus and hyphenation added. - English updates. - Croatian updates. - Bulgarian files converted to UTF8 in order to avoid bugs. (bsc#1102294, bsc#1099508) - Other smaller updates. ----------------------------------------- Patch: SUSE-2018-1998 Released: Tue Sep 25 08:19:41 2018 Summary: Recommended update for wireless-regdb Severity: moderate References: 1095397,1106528 Description: This update for wireless-regdb fixes the following issues: - Fix power limit in 5725-5785 GHz rule for France. - Updated regulatory database for France and Panama. - Fixes in python3 scripts. ----------------------------------------- Patch: SUSE-2018-1999 Released: Tue Sep 25 08:20:35 2018 Summary: Recommended update for zlib Severity: moderate References: 1071321 Description: This update for zlib provides the following fixes: - Speedup zlib on power8. (fate#325307) - Add safeguard against negative values in uInt. (bsc#1071321) ----------------------------------------- Patch: SUSE-2018-2022 Released: Wed Sep 26 09:48:09 2018 Summary: Recommended update for SUSE Manager Client Tools Severity: moderate References: 1103388,1104120,1106523 Description: This update fixes the following issues: hwdata: - Update to version 0.314: + Updated pci, usb and vendor ids. spacewalk-backend: - Channels to be actually un-subscribed from the assigned systems when being removed using spacewalk-remove-channel tool. (bsc#1104120) - Take only text files from /srv/salt to make spacewalk-debug smaller. (bsc#1103388) ----------------------------------------- Patch: SUSE-2018-2044 Released: Wed Sep 26 15:12:18 2018 Summary: Recommended update for firewalld-rpcbind-helper Severity: moderate References: 1096064 Description: This update for firewalld-rpcbind-helper fixes the following issues: - Fix error when running in python3 context, because of a missing decode() call. (bsc#1096064) - Don't raise Exceptions when one of the target sysconfig files isn't installed. (bsc#1096064) ----------------------------------------- Patch: SUSE-2018-2052 Released: Thu Sep 27 12:03:08 2018 Summary: Security update for wireshark Severity: moderate References: 1106514,CVE-2018-16056,CVE-2018-16057,CVE-2018-16058 Description: This update for wireshark to version 2.4.9 fixes the following issues: Security issues fixed (bsc#1106514): - CVE-2018-16058: Bluetooth AVDTP dissector crash (wnpa-sec-2018-44) - CVE-2018-16056: Bluetooth Attribute Protocol dissector crash (wnpa-sec-2018-45) - CVE-2018-16057: Radiotap dissector crash (wnpa-sec-2018-46) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.9.html ----------------------------------------- Patch: SUSE-2018-2054 Released: Thu Sep 27 12:04:23 2018 Summary: Security update for mgetty Severity: important References: 1108752,1108756,1108757,1108761,1108762,CVE-2018-16741,CVE-2018-16742,CVE-2018-16743,CVE-2018-16744,CVE-2018-16745 Description: This update for mgetty fixes the following issues: - CVE-2018-16741: The function do_activate() did not properly sanitize shell metacharacters to prevent command injection (bsc#1108752). - CVE-2018-16745: The mail_to parameter was not sanitized, leading to a buffer overflow if long untrusted input reached it (bsc#1108756). - CVE-2018-16744: The mail_to parameter was not sanitized, leading to command injection if untrusted input reached reach it (bsc#1108757). - CVE-2018-16742: Prevent stack-based buffer overflow that could have been triggered via a command-line parameter (bsc#1108762). - CVE-2018-16743: The command-line parameter username wsa passed unsanitized to strcpy(), which could have caused a stack-based buffer overflow (bsc#1108761). ----------------------------------------- Patch: SUSE-2018-2055 Released: Thu Sep 27 14:30:14 2018 Summary: Recommended update for openldap2 Severity: moderate References: 1089640 Description: This update for openldap2 provides the following fix: - Fix slapd segfaults in mdb_env_reader_dest. (bsc#1089640) ----------------------------------------- Patch: SUSE-2018-2060 Released: Thu Sep 27 15:06:52 2018 Summary: Recommended update for SAPHanaSR-ScaleOut Severity: moderate References: 1098979 Description: This update for SAPHanaSR-ScaleOut provides the following fix: - Allow virtual host names in SAPHanaTopology and SAPHanaController to prevent a wrong promotion scoring. (bsc#1098979) ----------------------------------------- Patch: SUSE-2018-2077 Released: Fri Sep 28 14:52:24 2018 Summary: Recommended update for pidentd Severity: important References: 1101107,1101600 Description: This update for pidentd fixes the following issues: - IPv6 support was accidentally dropped when upgrading to 3.0.19. This update reenables IPv6 support. (bsc#1101600) - Drop uname -r of buildhost from binary for reproducible builds (bsc#1101107) ----------------------------------------- Patch: SUSE-2018-2078 Released: Fri Sep 28 14:54:53 2018 Summary: Recommended update for sapconf Severity: moderate References: 1093843,1093844,1096498,1099101 Description: This update for sapconf provides the following fixes: - Sapconf should not change the system settings for kernel.sem, so remove the variables SEM* from it. (bsc#1099101) - Correct the SAP Note references in the man pages and in the sysconfig file of the sapconf package. (bsc#1096498) - Avoid stopping or disabling uuidd.socket in sapconf as it is mandatory for every SAP application running. (bsc#1093843) - Remove hardcoded default value for VSZ_TMPFS_PERCENT. This allows an admin to exclude VSZ_TMPFS settings from the sysconfig file, so the current system value will remain untouched. This value only got used in the previous version, if the variable VSZ_TMPFS_PERCENT was removed from the sapconf configuration file /etc/sysconfig/sapconf. If the value of the variable was only changed (increased or decreased) in the sapconf configuration file everything works fine. (bsc#1093844) - Remove the no longer needed sysconfig file. - Remove the pagecache references from the sysconfig file. ----------------------------------------- Patch: SUSE-2018-2082 Released: Sun Sep 30 14:06:27 2018 Summary: Security update for libX11 Severity: moderate References: 1102062,1102068,1102073,CVE-2018-14598,CVE-2018-14599,CVE-2018-14600 Description: This update for libX11 fixes the following security issues: - CVE-2018-14599: The function XListExtensions was vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact (bsc#1102062) - CVE-2018-14600: The function XListExtensions interpreted a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution (bsc#1102068) - CVE-2018-14598: A malicious server could have sent a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault) (bsc#1102073) ----------------------------------------- Patch: SUSE-2018-2095 Released: Mon Oct 1 16:02:00 2018 Summary: Security update for openssl-1_0_0 Severity: moderate References: 1089039,1097158,1101470,1104789,1106197,CVE-2018-0732,CVE-2018-0737 Description: This update for openssl-1_0_0 to 1.0.2p fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789) - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Make problematic ECDSA sign addition length-invariant - Add blinding to ECDSA and DSA signatures to protect against side channel attacks This non-security issue was fixed: - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) ----------------------------------------- Patch: SUSE-2018-2119 Released: Tue Oct 2 16:31:25 2018 Summary: Security update for ghostscript Severity: important References: 1106171,1106172,1106173,1106195,1107410,1107411,1107412,1107413,1107420,1107421,1107422,1107423,1107426,1107581,1108027,1109105,CVE-2018-15908,CVE-2018-15909,CVE-2018-15910,CVE-2018-15911,CVE-2018-16509,CVE-2018-16510,CVE-2018-16511,CVE-2018-16513,CVE-2018-16539,CVE-2018-16540,CVE-2018-16541,CVE-2018-16542,CVE-2018-16543,CVE-2018-16585,CVE-2018-16802,CVE-2018-17183 Description: This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code (bsc#1109105) - CVE-2018-15909: Prevent type confusion using the .shfill operator that could have been used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code (bsc#1106172). - CVE-2018-15908: Prevent attackers that are able to supply malicious PostScript files to bypass .tempfile restrictions and write files (bsc#1106171). - CVE-2018-15910: Prevent a type confusion in the LockDistillerParams parameter that could have been used to crash the interpreter or execute code (bsc#1106173). - CVE-2018-15911: Prevent use uninitialized memory access in the aesdecode operator that could have been used to crash the interpreter or potentially execute code (bsc#1106195). - CVE-2018-16513: Prevent a type confusion in the setcolor function that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107412). - CVE-2018-16509: Incorrect 'restoration of privilege' checking during handling of /invalidaccess exceptions could be have been used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction (bsc#1107410). - CVE-2018-16510: Incorrect exec stack handling in the 'CS' and 'SC' PDF primitives could have been used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact (bsc#1107411). - CVE-2018-16542: Prevent attackers able to supply crafted PostScript files from using insufficient interpreter stack-size checking during error handling to crash the interpreter (bsc#1107413). - CVE-2018-16541: Prevent attackers able to supply crafted PostScript files from using incorrect free logic in pagedevice replacement to crash the interpreter (bsc#1107421). - CVE-2018-16540: Prevent use-after-free in copydevice handling that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107420). - CVE-2018-16539: Prevent attackers able to supply crafted PostScript files from using incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable (bsc#1107422). - CVE-2018-16543: gssetresolution and gsgetresolution allowed attackers to have an unspecified impact (bsc#1107423). - CVE-2018-16511: A type confusion in 'ztype' could have been used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107426). - CVE-2018-16585: The .setdistillerkeys PostScript command was accepted even though it is not intended for use during document processing (e.g., after the startup phase). This lead to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107581). - CVE-2018-16802: Incorrect 'restoration of privilege' checking when running out of stack during exception handling could have been used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction. This is due to an incomplete fix for CVE-2018-16509 (bsc#1108027). These non-security issues were fixed: * Fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files). * Avoid that ps2epsi fails with 'Error: /undefined in --setpagedevice--' For additional changes please check http://www.ghostscript.com/doc/9.25/News.htm ----------------------------------------- Patch: SUSE-2018-2136 Released: Thu Oct 4 14:17:44 2018 Summary: Security update for python Severity: moderate References: 1109663,CVE-2018-1000802 Description: This update for python fixes the following issue: - CVE-2018-1000802: Prevent command injection in shutil module (make_archive function) via passage of unfiltered user input (bsc#1109663) ----------------------------------------- Patch: SUSE-2018-2165 Released: Fri Oct 5 15:22:38 2018 Summary: Security update for java-1_8_0-openjdk Severity: important References: 1101644,1101645,1101651,1101656,1106812,CVE-2018-2938,CVE-2018-2940,CVE-2018-2952,CVE-2018-2973 Description: This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release fixes the following issues: These security issues were fixed: - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE (bsc#1101644). - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1101645) - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1101651) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1101656) These non-security issues were fixed: - Improve desktop file usage - Better Internet address support - speculative traps break when classes are redefined - sun/security/pkcs11/ec/ReadCertificates.java fails intermittently - Clean up code that saves the previous versions of redefined classes - Prevent SIGSEGV in ReceiverTypeData::clean_weak_klass_links - RedefineClasses() tests fail assert(((Metadata*)obj)->is_valid()) failed: obj is valid - NMT is not enabled if NMT option is specified after class path specifiers - EndEntityChecker should not process custom extensions after PKIX validation - SupportedDSAParamGen.java failed with timeout - Montgomery multiply intrinsic should use correct name - When determining the ciphersuite lists, there is no debug output for disabled suites. - sun/security/mscapi/SignedObjectChain.java fails on Windows - On Windows Swing changes keyboard layout on a window activation - IfNode::range_check_trap_proj() should handler dying subgraph with single if proj - Even better Internet address support - Newlines in JAXB string values of SOAP-requests are escaped to ' ' - TestFlushableGZIPOutputStream failing with IndexOutOfBoundsException - Unable to use JDWP API in JDK 8 to debug JDK 9 VM - Hotspot crash on Cassandra 3.11.1 startup with libnuma 2.0.3 - Performance drop with Java JDK 1.8.0_162-b32 - Upgrade time-zone data to tzdata2018d - Fix potential crash in BufImg_SetupICM - JDK 8u181 l10n resource file update - Remove debug print statements from RMI fix - (tz) Upgrade time-zone data to tzdata2018e - ObjectInputStream filterCheck method throws NullPointerException - adjust reflective access checks - Fixed builds on s390 (bsc#1106812) ----------------------------------------- Patch: SUSE-2018-2166 Released: Mon Oct 8 07:41:55 2018 Summary: Recommended update for yum Severity: moderate References: 1104227,1104716 Description: This update for yum provides the following fixes: - Make yum point to the correct path of rpmdb. (bsc#1104227, bsc#1104716) - Do not mark systemd service as config. - Do not install in sitearch as this is package is not platform specific. ----------------------------------------- Patch: SUSE-2018-2170 Released: Mon Oct 8 10:31:14 2018 Summary: Recommended update for python3 Severity: moderate References: 1107030 Description: This update for python3 fixes the following issues: - Add -fwrapv to OPTS, which is default for python3 for bugs which are caused by avoiding it. (bsc#1107030) ----------------------------------------- Patch: SUSE-2018-2171 Released: Mon Oct 8 10:31:29 2018 Summary: Security update for soundtouch Severity: moderate References: 1103676,CVE-2018-1000223 Description: This update for soundtouch fixes the following security issue: - CVE-2018-1000223: Prevent buffer overflow in WavInFile::readHeaderBlock() that could have resulted in arbitrary code execution when opening maliocius file in soundstretch utility (bsc#1103676) ----------------------------------------- Patch: SUSE-2018-2182 Released: Tue Oct 9 11:08:36 2018 Summary: Security update for libxml2 Severity: moderate References: 1088279,1102046,1105166,CVE-2018-14404,CVE-2018-14567,CVE-2018-9251 Description: This update for libxml2 fixes the following security issues: - CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279) - CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166) - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) ----------------------------------------- Patch: SUSE-2018-2183 Released: Tue Oct 9 11:30:31 2018 Summary: Security update for java-1_8_0-ibm Severity: moderate References: 1104668,CVE-2016-0705,CVE-2017-3732,CVE-2017-3736,CVE-2018-12539,CVE-2018-1517,CVE-2018-1656,CVE-2018-2940,CVE-2018-2952,CVE-2018-2964,CVE-2018-2973 Description: This update for java-1_8_0-ibm to 8.0.5.20 fixes the following issues: - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1104668). - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1104668). - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1104668). - CVE-2018-2964: Vulnerability in subcomponent: Deployment. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. (bsc#1104668). - CVE-2016-0705: Prevent double free in the dsa_priv_decode function that allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key (bsc#1104668). - CVE-2017-3732: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668). - CVE-2017-3736: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668). - CVE-2018-12539: Users other than the process owner might have been able to use Java Attach API to connect to an IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code (bsc#1104668) - CVE-2018-1517: Unspecified vulnerability (bsc#1104668). - CVE-2018-1656: Unspecified vulnerability (bsc#1104668) ----------------------------------------- Patch: SUSE-2018-2193 Released: Wed Oct 10 13:20:50 2018 Summary: Recommended update for dialog Severity: moderate References: 1094836 Description: This update for dialog fixes the following issues: - Fixes a bug where scrolling is not possible (bsc#1094836) ----------------------------------------- Patch: SUSE-2018-2232 Released: Mon Oct 15 14:57:55 2018 Summary: Security update for git Severity: important References: 1110949,CVE-2018-17456 Description: This update for git fixes the following issues: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character. (boo#1110949). ----------------------------------------- Patch: SUSE-2018-2245 Released: Tue Oct 16 14:23:40 2018 Summary: Recommended update for emacs Severity: low References: 1096354 Description: This update for emacs fixes the following issues: - Bugfix: Use X core fonts for menu bar (bsc#1096354) ----------------------------------------- Patch: SUSE-2018-2298 Released: Wed Oct 17 17:02:57 2018 Summary: Recommended update for java-11-openjdk Severity: moderate References: 1111162,1112142,1112143,1112144,1112145,1112146,1112147,1112148,1112149,CVE-2018-3136,CVE-2018-3139,CVE-2018-3149,CVE-2018-3150,CVE-2018-3157,CVE-2018-3169,CVE-2018-3180,CVE-2018-3183 Description: This update for java-11-openjdk fixes the following issues: Update to upstream tag jdk-11.0.1+13 (Oracle October 2018 CPU) Security fixes: - S8202936, CVE-2018-3183, bsc#1112148: Improve script engine support - S8199226, CVE-2018-3169, bsc#1112146: Improve field accesses - S8199177, CVE-2018-3149, bsc#1112144: Enhance JNDI lookups - S8202613, CVE-2018-3180, bsc#1112147: Improve TLS connections stability - S8208209, CVE-2018-3180, bsc#1112147: Improve TLS connection stability again - S8199172, CVE-2018-3150, bsc#1112145: Improve jar attribute checks - S8200648, CVE-2018-3157, bsc#1112149: Make midi code more sound - S8194534, CVE-2018-3136, bsc#1112142: Manifest better support - S8208754, CVE-2018-3136, bsc#1112142: The fix for JDK-8194534 needs updates - S8196902, CVE-2018-3139, bsc#1112143: Better HTTP Redirection Security-In-Depth fixes: - S8194546: Choosier FileManagers - S8195874: Improve jar specification adherence - S8196897: Improve PRNG support - S8197881: Better StringBuilder support - S8201756: Improve cipher inputs - S8203654: Improve cypher state updates - S8204497: Better formatting of decimals - S8200666: Improve LDAP support - S8199110: Address Internet Addresses Update to upstream tag jdk-11+28 (OpenJDK 11 rc1) - S8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy - S8207838: AArch64: Float registers incorrectly restored in JNI call - S8209637: [s390x] Interpreter doesn't call result handler after native calls - S8209670: CompilerThread releasing code buffer in destructor is unsafe - S8209735: Disable avx512 by default - S8209806: API docs should be updated to refer to javase11 - Report version without the '-internal' postfix - Don't build against gdk making the accessibility depend on a particular version of gtk. Update to upstream tag jdk-11+27 - S8031761: [TESTBUG] Add a regression test for JDK-8026328 - S8151259: [TESTBUG] nsk/jvmti/RedefineClasses/redefclass030 fails with 'unexpected values of outer fields of the class' when running with -Xcomp - S8164639: Configure PKCS11 tests to use user-supplied NSS libraries - S8189667: Desktop#moveToTrash expects incorrect '<>' FilePermission - S8194949: [Graal] gc/TestNUMAPageSize.java fail with OOM in -Xcomp - S8195156: [Graal] serviceability/jvmti/GetModulesInfo/ /JvmtiGetAllModulesTest.java fails with Graal in Xcomp mode - S8199081: [Testbug] compiler/linkage/LinkageErrors.java fails if run twice - S8201394: Update java.se module summary to reflect removal of java.se.ee module - S8204931: Colors with alpha are painted incorrectly on Linux - S8204966: [TESTBUG] hotspot/test/compiler/whitebox/ /IsMethodCompilableTest.java test fails with -XX:CompileThreshold=1 - S8205608: Fix 'frames()' in ThreadReferenceImpl.c to prevent quadratic runtime behavior - S8205687: TimeoutHandler generates huge core files - S8206176: Remove the temporary tls13VN field - S8206258: [Test Error] sun/security/pkcs11 tests fail if NSS libs not found - S8206965: java/util/TimeZone/Bug8149452.java failed on de_DE and ja_JP locale. - S8207009: TLS 1.3 half-close and synchronization issues - S8207046: arm32 vm crash: C1 arm32 platform functions parameters type mismatch - S8207139: NMT is not enabled on Windows 2016/10 - S8207237: SSLSocket#setEnabledCipherSuites is accepting empty string - S8207355: C1 compilation hangs in ComputeLinearScanOrder::compute_dominator - S8207746: C2: Lucene crashes on AVX512 instruction - S8207765: HeapMonitorTest.java intermittent failure - S8207944: java.lang.ClassFormatError: Extra bytes at the end of class file test' possibly violation of JVMS 4.7.1 - S8207948: JDK 11 L10n resource file update msg drop 10 - S8207966: HttpClient response without content-length does not return body - S8208125: Cannot input text into JOptionPane Text Input Dialog - S8208164: (str) improve specification of String::lines - S8208166: Still unable to use custom SSLEngine with default TrustManagerFactory after JDK-8207029 - S8208189: ProblemList compiler/graalunit/JttThreadsTest.java - S8208205: ProblemList tests that fail due to 'Error attaching to process: Can't create thread_db agent!' - S8208226: ProblemList com/sun/jdi/BasicJDWPConnectionTest.java - S8208251: serviceability/jvmti/HeapMonitor/MyPackage/ /HeapMonitorGCCMSTest.java fails intermittently on Linux-X64 - S8208305: ProblemList compiler/jvmci/compilerToVM/GetFlagValueTest.java - S8208347: ProblemList compiler/cpuflags/TestAESIntrinsicsOnSupportedConfig.java - S8208353: Upgrade JDK 11 to libpng 1.6.35 - S8208358: update bug ids mentioned in tests - S8208370: fix typo in ReservedStack tests' @requires - S8208391: Differentiate response and connect timeouts in HTTP Client API - S8208466: Fix potential memory leak in harfbuzz shaping. - S8208496: New Test to verify concurrent behavior of TLS. - S8208521: ProblemList more tests that fail due to 'Error attaching to process: Can't create thread_db agent!' - S8208640: [a11y] [macos] Unable to navigate between Radiobuttons in Radio group using keyboard. - S8208663: JDK 11 L10n resource file update msg drop 20 - S8208676: Missing NULL check and resource leak in NetworkPerformanceInterface::NetworkPerformance::network_utilization - S8208691: Tighten up jdk.includeInExceptions security property - S8209011: [TESTBUG] AArch64: sun/security/pkcs11/Secmod/ /TestNssDbSqlite.java fails in aarch64 platforms - S8209029: ProblemList tests that fail due to 'Error attaching to process: Can't create thread_db agent!' in jdk-11+25 testing - S8209149: [TESTBUG] runtime/RedefineTests/ /RedefineRunningMethods.java needs a longer timeout - S8209451: Please change jdk 11 milestone to FCS - S8209452: VerifyCACerts.java failed with 'At least one cacert test failed' - S8209506: Add Google Trust Services GlobalSign root certificates - S8209537: Two security tests failed after JDK-8164639 due to dependency was missed ----------------------------------------- Patch: SUSE-2018-2302 Released: Thu Oct 18 14:29:31 2018 Summary: Security update for zziplib Severity: moderate References: 1110687,CVE-2018-17828 Description: This update for zziplib fixes the following issues: - CVE-2018-17828: Remove any '../' components from pathnames of extracted files to avoid path traversal during unpacking. (bsc#1110687) ----------------------------------------- Patch: SUSE-2018-2307 Released: Thu Oct 18 14:42:54 2018 Summary: Recommended update for libxcb Severity: moderate References: 1101560 Description: This update for libxcb provides the following fix: - Fix some IO errors when using KWin in combination with the NVIDIA driver. (bsc#1101560) ----------------------------------------- Patch: SUSE-2018-2335 Released: Fri Oct 19 15:06:23 2018 Summary: Security update for clamav Severity: moderate References: 1103040,1104457,1110723,CVE-2018-14680,CVE-2018-14681,CVE-2018-14682,CVE-2018-15378 Description: This update for clamav fixes the following issues: clamav was updated to version 0.100.2. Following security issues were fixed: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723) - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040) Following non-security issues were addressed: - Make freshclam more robust against lagging signature mirrors. - On-Access 'Extra Scanning', an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457) ----------------------------------------- Patch: SUSE-2018-2340 Released: Fri Oct 19 16:05:53 2018 Summary: Security update for fuse Severity: moderate References: 1101797,CVE-2018-10906 Description: This update for fuse fixes the following issues: - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) ----------------------------------------- Patch: SUSE-2018-2343 Released: Sat Oct 20 09:51:54 2018 Summary: Recommended update for dejagnu Severity: moderate References: 1100206 Description: This update for dejagnu fixes the following issues: - Use separate kill command for each pid (bsc#1100206) - Install LICENSE file in the correct directory. ----------------------------------------- Patch: SUSE-2018-2346 Released: Mon Oct 22 09:40:46 2018 Summary: Recommended update for logrotate Severity: moderate References: 1093617 Description: This update for logrotate provides the following fix: - Ensure the HOME environment variable is set to /root when logrotate is started via systemd. This allows mariadb to rotate its logs when the database has a root password defined. (bsc#1093617) ----------------------------------------- Patch: SUSE-2018-2364 Released: Mon Oct 22 13:13:28 2018 Summary: Security update for wireshark Severity: important References: 1111647,CVE-2018-12086,CVE-2018-18227 Description: This update for wireshark fixes the following issues: Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed: - CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) - CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated protocol support that were done are listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html ----------------------------------------- Patch: SUSE-2018-2370 Released: Mon Oct 22 14:02:01 2018 Summary: Recommended update for aaa_base Severity: moderate References: 1102310,1104531 Description: This update for aaa_base provides the following fixes: - Let bash.bashrc work even for (m)ksh. (bsc#1104531) - Fix an error at login if java system directory is empty. (bsc#1102310) ----------------------------------------- Patch: SUSE-2018-2392 Released: Tue Oct 23 12:45:51 2018 Summary: Security update for tiff Severity: moderate References: 1092480,1106853,1108627,1108637,1110358,CVE-2018-10779,CVE-2018-16335,CVE-2018-17100,CVE-2018-17101,CVE-2018-17795 Description: This update for tiff fixes the following issues: Security issue fixed: - CVE-2018-10779: TIFFWriteScanline in tif_write.c had a heap-based buffer over-read, as demonstrated by bmp2tiff.(bsc#1092480) - CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108637) - CVE-2018-17101: There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108627) - CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. (bsc#1110358) - CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. (bsc#1106853) ----------------------------------------- Patch: SUSE-2018-2411 Released: Tue Oct 23 17:27:40 2018 Summary: Recommended update for libXaw Severity: moderate References: 1098411 Description: This update for libXaw provides the following fix: - Fix a crash when the required font is not installed. (bsc#1098411) ----------------------------------------- Patch: SUSE-2018-2431 Released: Wed Oct 24 13:05:29 2018 Summary: Security update for ntp Severity: moderate References: 1083424,1098531,1111853,CVE-2018-12327,CVE-2018-7170 Description: NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. ----------------------------------------- Patch: SUSE-2018-2441 Released: Wed Oct 24 16:38:48 2018 Summary: Initial release of python-pyinotify Severity: low References: 1111493 Description: This update provides python-pyinotify required for salt beacons ----------------------------------------- Patch: SUSE-2018-2442 Released: Wed Oct 24 16:39:09 2018 Summary: Recommended update for python-msrestazure and it's dependencies Severity: moderate References: 1109694 Description: This update for python-adal, python-isodate, python-msrest, python-msrestazure fixes the following issues: python-msrestazure: - Update to version 0.5.0 + Features * Implementation is now using ADAL and not request-oauthlib. This allows more AD scenarios (like federated). * Add additionalInfo parsing for CloudError. * Implement new LRO options of Autorest. * Improve MSI for VM token polling algorithm. * MSIAuthentication now uses IMDS endpoint if available. * MSIAuthentication can be used in any environment that defines MSI_ENDPOINT env variable. * CloudError now includes the 'innererror' attribute to match OData v4. * Introduces ARMPolling implementation of Azure Resource Management LRO. * Add support for WebApp/Functions in MSIAuthentication classes. * Add parse_resource_id(), resource_id(), validate_resource_id() to parse ARM ids. * Retry strategy now n reach 24 seconds (instead of 12 seconds). * Add Managed Service Integrated (MSI) authentication. * Add 'timeout' to ServicePrincipalCredentials and UserPasswordCredentials. * Threads created by AzureOperationPoller have now a name prefixed by 'AzureOperationPoller' to help identify them. * Improve MSIAuthentication to support User Assigned Identity. + Bugfixes * MSIAuthentication regression for KeyVault since IMDS support. * MSIAuthentication should initialize the token attribute on creation. * Fixes refreshToken in UserPassCredentials and AADTokenCredentials. * Fix US government cloud definition. * Reduce max MSI polling time for VM. * IMDS/MSI: Retry on more error codes. * IMDS/MSI: Fix a boundary case on timeout. * Fix parse_resource_id() tool to be case*insensitive to keywords when matching. * Add missing baseclass init call for AdalAuthentication. * Fix LRO result if POST uses AsyncOperation header. * Remove a possible infinite loop with MSIAuthentication. * Fix session obj for cloudmetadata endpoint. * Fix authentication resource node for AzureSatck. * Better detection of AppService with MSIAuthentication. * get_cloud_from_metadata_endpoint incorrect on AzureStack. * get_cloud_from_metadata_endpoint certificate issue. * Fix AttributeError if error JSON from ARM does not follow ODatav4 (as it should). * Fix AttributeError if input JSON is not a dict. * Fix AdalError handling in some scenarios. * Update Azure Gov login endpoint. * Update metadata ARM endpoint parser. + Incompatible changes * Remove unused auth_uri, state, client and token_uri attributes in ServicePrincipalCredentials, UserPassCredentials and AADTokenCredentials. * Remove token caching based on 'keyring'. Token caching should be implemented using ADAL now. * Remove InteractiveCredentials. This class was deprecated and unusable. Use ADAL device code instead. python-msrest - Update to version 0.5.0 + Require python-enum32 and python-typing. + Features * Support additionalProperties and XML. * Deserialize/from_dict now accepts a content*type parameter to parse XML strings. * Add XML support * Add many type hints, and MyPY testing on CI. * HTTP calls are made through a HTTPDriver API. Only implementation is `requests` for now. This driver API is *not* considered stable and you should pin your msrest version if you want to provide a personal implementation. * msrest is now able to keep the 'requests.Session' alive for performance. * All Authentication classes now define `signed_session` and `refresh_session` with an optional `session` parameter. * Disable HTTP log by default (security), add `enable_http_log` to restore it. * Add TopicCredentials for EventGrid client. * Add LROPoller class. This is a customizable LRO engine. * Model now accept kwargs in constructor for future kwargs models. * Add support for additional_properties. * The interpretation of Swagger 2.0 'discriminator' is now lenient. * Add ApiKeyCredentials class. This can be used to support OpenAPI ApiKey feature. * Add CognitiveServicesAuthentication class. Pre*declared ApiKeyCredentials class for Cognitive Services. * Add Configuration.session_configuration_callback to customize the requests.Session if necessary. * Add a flag to Serializer to disable client*side*validation. * Remove 'import requests' from 'exceptions.py' for apps that require fast loading time. * Input is now more lenient. * Model have a 'validate' method to check content constraints. * Model have now new methods for serialize, as_dict, deserialize and from_dict. + Bugfixes * Fix a serialization issue if additional_properties is declared, and 'automatic model' syntax is used ('automatic model' being the ability to pass a dict to command and have the model auto*created). * Better parse empty node and not string types. * Improve 'object' XML parsing. * Fix some XML serialization subtle scenarios. * Fix some complex XML Swagger definitions. * Lower Accept header overwrite logging message. * Fix 'object' type and XML format. * Incorrect milliseconds serialization for some datetime object. * Improve `SDKClient.__exit__` to take exc_details as optional parameters and not required. * Refresh_session should also use the permanent HTTP session if available. * Fix incorrect date parsing if ms precision is over 6 digits. * Fix minimal dependency of isodate. * Fix serialisation from dict if datetime provided. * Date parsing is now compliant with Autorest / Swagger 2.0 specification (less lenient). * Accept to deserialize enum of different type if content string match. * Stop failing on deserialization if enum string is unkwon. Return the string instead. * Do not validate additional_properties. * Improve validation error if expected type is dict, but actual type is not. * Fix additional_properties if Swagger was flatten. * Optional formdata parameters were raising an exception. * 'application/x*www*form*urlencoded' form was sent using 'multipart/form*data'. * Fix regression: accept 'set' as a valid '[str]' * Always log response body. * Improved exception message if error JSON is Odata v4. * Refuse 'str' as a valid '[str]' type. * Better exception handling if input from server is not JSON valid. * Fix regression introduced in msrest 0.4.12 * dict syntax with enum modeled as string and enum used. * Fix regression introduced in msrest 0.4.12 * dict syntax using isodate.Duration. * Better Enum checking. + Internal optimisation * Call that does not return a streamable object are now executed in requests stream mode False (was True whatever the type of the call). This should reduce the number of leaked opened session and allow urllib3 to manage connection pooling more efficiently. Only clients generated with Autorest.Python >= 2.1.31 (not impacted otherwise, fully backward compatible) + Deprecation * Trigger DeprecationWarning for _client.add_header and _client.send_formdata. python-adal - Update to version 1.0.2 python-isodate - Update to version 0.6.0 + Support incomplete month date. + Rely on duck typing when doing duration maths. + Support ':' as separator in fractional time zones. ----------------------------------------- Patch: SUSE-2018-2445 Released: Wed Oct 24 16:41:09 2018 Summary: Recommended update for iotop Severity: moderate References: 1094694,1094823 Description: This update for iotop provides the following fix: - Fix a crash when /proc/*/status doesn't have the tab character or when it has invalid lines. (bsc#1094823, bsc#1094694) ----------------------------------------- Patch: SUSE-2018-2456 Released: Thu Oct 25 11:43:12 2018 Summary: Security update for mercurial Severity: moderate References: 1110899,CVE-2018-17983 Description: This update for mercurial fixes the following issues: - CVE-2018-17983: Fix an out-of-bounds read during parsing of a malformed manifest entry (bsc#1110899). ----------------------------------------- Patch: SUSE-2018-2463 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Severity: moderate References: 1104700,1112310 Description: This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------- Patch: SUSE-2018-2484 Released: Fri Oct 26 10:16:04 2018 Summary: Security update for wpa_supplicant Severity: moderate References: 1080798,1098854,1099835,1104205,1109209,1111873,CVE-2018-14526 Description: This update for wpa_supplicant provides the following fixes: This security issues was fixe: - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the vulnerability to recover sensitive information (bsc#1104205) These non-security issues were fixed: - Fix reading private key passwords from the configuration file. (bsc#1099835) - Enable PWD as EAP method. This allows for password-based authentication, which is easier to setup than most of the other methods, and is used by the Eduroam network. (bsc#1109209) - compile eapol_test binary to allow testing via radius proxy and server (note: this does not match CONFIG_EAPOL_TEST which sets -Werror and activates an assert call inside the code of wpa_supplicant) (bsc#1111873), (fate#326725) - Enabled timestamps in log file when being invoked by systemd service file (bsc#1080798). - Fixes the default file permissions of the debug log file to more sane values, i.e. it is no longer world-readable (bsc#1098854). - Open the debug log file with O_CLOEXEC, which will prevent file descriptor leaking to child processes (bsc#1098854). ----------------------------------------- Patch: SUSE-2018-2486 Released: Fri Oct 26 12:38:27 2018 Summary: Recommended update for xfsprogs Severity: moderate References: 1105068 Description: This update for xfsprogs fixes the following issues: - Explictly disable systemd unit files for scrub (bsc#1105068). ----------------------------------------- Patch: SUSE-2018-2487 Released: Fri Oct 26 12:39:07 2018 Summary: Recommended update for glibc Severity: moderate References: 1102526 Description: This update for glibc fixes the following issues: - Fix build on aarch64 with binutils newer than 2.30. - Fix year 2039 bug for localtime with 64-bit time_t (bsc#1102526) ----------------------------------------- Patch: SUSE-2018-2490 Released: Fri Oct 26 12:40:48 2018 Summary: Recommended update for xdm Severity: moderate References: 1062105 Description: This update for xdm fixes the following issues: - Change /etc/X11/xdm/scripts/10-gpg-agent to get it work with every gpg version 2.1 and up. (bsc#1062105) ----------------------------------------- Patch: SUSE-2018-2496 Released: Fri Oct 26 14:20:00 2018 Summary: Recommended update for texlive-specs-n Severity: moderate References: 1077170,1083212,1094731 Description: This update fixes the following issues with texlive-specs-n: - Port back changes for bsd_glob of latexmk(.pl). (bsc#1094731) - Use font-config macros *with* xorg-x11-fonts-core (for encodings), mkfontdir (ditto), and mkfontscale. (bsc#1083212) - Avoid broken scripts due former env correction, only repair those scripts where the shebang exists . - Switch over to python 3. (bsc#1077170) - Avoid nasty warning about missing batchmode in ENVironment. ----------------------------------------- Patch: SUSE-2018-2504 Released: Fri Oct 26 16:12:22 2018 Summary: Security update for lcms2 Severity: moderate References: 1108813,CVE-2018-16435 Description: This update for lcms2 fixes the following issues: - CVE-2018-16435: A integer overflow was fixed in the AllocateDataSet function in cmscgats.c, that could lead to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. (bsc#1108813) ----------------------------------------- Patch: SUSE-2018-2505 Released: Fri Oct 26 16:12:37 2018 Summary: Security update for audiofile Severity: moderate References: 1111586,CVE-2018-17095 Description: This update for audiofile fixes the following issues: - CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run could occurred when running sfconvert leading to crashes or code execution when handling untrusted soundfiles (bsc#1111586). ----------------------------------------- Patch: SUSE-2018-2507 Released: Fri Oct 26 16:27:56 2018 Summary: Recommended update for s3fs Severity: moderate References: 1111267 Description: This update for s3fs fixes the following issues: - Add fuse package as required in runtime to allow mounting with systemd, mount command or /etc/fstab (bsc#1111267) ----------------------------------------- Patch: SUSE-2018-2513 Released: Mon Oct 29 11:11:23 2018 Summary: Recommended update for sysstat Severity: moderate References: 1089883 Description: This update for sysstat fixes the following issues: Sysstat was updated to 12.0.2, bringing new features and bugfixes (fate#326576, bsc#1089883) - It contains lots of improvements in SVG output. - New metric additions for hugepages. - New options Please look at http://sebastien.godard.pagesperso-orange.fr/ for a more detailed history of changes. ----------------------------------------- Patch: SUSE-2018-2514 Released: Mon Oct 29 11:11:47 2018 Summary: Recommended update for nfs4-acl-tools Severity: moderate References: 1104803,967251 Description: This update for nfs4-acl-tools fixes the following issues: - Allow recursive set_acl to set inheritance flags. (bsc#967251, bsc#1104803) ----------------------------------------- Patch: SUSE-2018-2529 Released: Tue Oct 30 16:05:19 2018 Summary: Recommended update for dapl Severity: moderate References: 1094657 Description: This update for dapl fixes the following issues: - Fix a 'deadlock' that causes socket connection to timeout when net.ipv4.tcp_syncookies=0. (bsc#1094657) ----------------------------------------- Patch: SUSE-2018-2550 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Severity: moderate References: 1113554 Description: This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------- Patch: SUSE-2018-2565 Released: Fri Nov 2 17:10:31 2018 Summary: Security update for soundtouch Severity: moderate References: 1108630,1108631,1108632,CVE-2018-17096,CVE-2018-17097,CVE-2018-17098 Description: This update for soundtouch fixes the following issues: - CVE-2018-17098: The WavFileBase class allowed remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch. (bsc#1108632) - CVE-2018-17097: The WavFileBase class allowed remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch. (double free) (bsc#1108631) - CVE-2018-17096: The BPMDetect class allowed remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. (bsc#1108630) ----------------------------------------- Patch: SUSE-2018-2569 Released: Fri Nov 2 19:00:18 2018 Summary: Recommended update for pam Severity: moderate References: 1110700 Description: This update for pam fixes the following issues: - Remove limits for nproc from /etc/security/limits.conf (bsc#1110700) ----------------------------------------- Patch: SUSE-2018-2595 Released: Wed Nov 7 11:14:42 2018 Summary: Security update for systemd Severity: important References: 1089761,1090944,1091677,1093753,1101040,1102908,1105031,1107640,1107941,1109197,1109252,1110445,1112024,1113083,1113632,1113665,1114135,991901,CVE-2018-15686,CVE-2018-15688 Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non security issues fixed: - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don't create Requires for workdir if 'missing ok' (bsc#1113083) - logind: use manager_get_user_by_pid() where appropriate - logind: rework manager_get_{user|session}_by_pid() a bit - login: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024) - core: be more defensive if we can't determine per-connection socket peer (#7329) - core: introduce systemd.early_core_pattern= kernel cmdline option - core: add missing 'continue' statement - core/mount: fstype may be NULL - journald: don't ship systemd-journald-audit.socket (bsc#1109252) - core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445) - mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076) - detect-virt: do not try to read all of /proc/cpuinfo (bsc#1109197) - emergency: make sure console password agents don't interfere with the emergency shell - man: document that 'nofail' also has an effect on ordering - journald: take leading spaces into account in syslog_parse_identifier - journal: do not remove multiple spaces after identifier in syslog message - syslog: fix segfault in syslog_parse_priority() - journal: fix syslog_parse_identifier() - install: drop left-over debug message (#6913) - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool. - Add udev.no-partlabel-links kernel command-line option. This option can be used to disable the generation of the by-partlabel symlinks regardless of the name used. (bsc#1089761) - man: SystemMaxUse= clarification in journald.conf(5). (bsc#1101040) - systemctl: load unit if needed in 'systemctl is-active' (bsc#1102908) - core: don't freeze OnCalendar= timer units when the clock goes back a lot (bsc#1090944) - Enable or disable machines.target according to the presets (bsc#1107941) - cryptsetup: add support for sector-size= option (fate#325697) - nspawn: always use permission mode 555 for /sys (bsc#1107640) - Bugfix for a race condition between daemon-reload and other commands (bsc#1105031) - Fixes an issue where login with root credentials was not possible in init level 5 (bsc#1091677) - Fix an issue where services of type 'notify' harmless DENIED log entries. (bsc#991901) - Does no longer adjust qgroups on existing subvolumes (bsc#1093753) - cryptsetup: add support for sector-size= option (#9936) (fate#325697 bsc#1114135) ----------------------------------------- Patch: SUSE-2018-2607 Released: Wed Nov 7 15:42:48 2018 Summary: Optional update for gcc8 Severity: low References: 1084812,1084842,1087550,1094222,1102564 Description: The GNU Compiler GCC 8 is being added to the Development Tools Module by this update. The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15. Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved. The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened: https://gcc.gnu.org/gcc-8/changes.html Also changes needed or common pitfalls when porting software are described on: https://gcc.gnu.org/gcc-8/porting_to.html ----------------------------------------- Patch: SUSE-2018-2616 Released: Thu Nov 8 17:53:23 2018 Summary: Security update for libepubgen, liblangtag, libmwaw, libnumbertext, libreoffice, libstaroffice, libwps, myspell-dictionaries, xmlsec1 Severity: moderate References: 1050305,1088263,1091606,1094779,1095601,1095639,1096360,1098891,1104876,CVE-2018-10583 Description: This update for LibreOffice, libepubgen, liblangtag, libmwaw, libnumbertext, libstaroffice, libwps, myspell-dictionaries, xmlsec1 fixes the following issues: LibreOffice was updated to 6.1.3.2 (fate#326624) and contains new features and lots of bugfixes: The full changelog can be found on: https://wiki.documentfoundation.org/ReleaseNotes/6.1 Bugfixes: - bsc#1095639 Exporting to PPTX results in vertical labels being shown horizontally - bsc#1098891 Table in PPTX misplaced and partly blue - bsc#1088263 Labels in chart change (from white and other colors) to black when saving as PPTX - bsc#1095601 Exporting to PPTX shifts arrow shapes quite a bit - Add more translations: * Belarusian * Bodo * Dogri * Frisian * Gaelic * Paraguayan_Guaran * Upper_Sorbian * Konkani * Kashmiri * Luxembourgish * Monglolian * Manipuri * Burnese * Occitan * Kinyarwanda * Santali * Sanskrit * Sindhi * Sidamo * Tatar * Uzbek * Upper Sorbian * Venetian * Amharic * Asturian * Tibetian * Bosnian * English GB * English ZA * Indonesian * Icelandic * Georgian * Khmer * Lao * Macedonian * Nepali * Oromo * Albanian * Tajik * Uyghur * Vietnamese * Kurdish - Try to build all languages see bsc#1096360 - Make sure to install the KDE5/Qt5 UI/filepicker - Try to implement safeguarding to avoid bsc#1050305 - Disable base-drivers-mysql as it needs mysqlcppcon that is only for mysql and not mariadb, causes issues bsc#1094779 * Users can still connect using jdbc/odbc - Fix java detection on machines with too many cpus - CVE-2018-10583: An information disclosure vulnerability occured when LibreOffice automatically processed and initiated an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. (bsc#1091606) libepubgen was updated to 0.1.1: - Avoid
inside

or . - Avoid writin vertical-align attribute without a value. - Fix generation of invalid XHTML when there is a link starting at the beginning of a footnote. - Handle relative width for images. - Fixed layout: write chapter names to improve navigation. - Support writing mode. - Start a new HTML file at every page span in addition to the splits induced by the chosen split method. This is to ensure that specified writing mode works correctly, as it is HTML attribute. liblangtag was updated to 0.6.2: - use standard function - fix leak in test libmwaw was updated to 0.3.14: - Support MS Multiplan 1.1 files libnumbertext was update to 1.0.5: - Various fixes in numerical calculations and issues reported on libreoffice tracker libstaroffice was updated to 0.0.6: - retrieve some StarMath's formula, - retrieve some charts as graphic, - retrieve some fields in sda/sdc/sdp text-boxes, - .sdw: retrieve more attachments. libwps was updated to 0.4.9: - QuattroPro: add parser to .wb3 files - Multiplan: add parser to DOS v1-v3 files - charts: try to retrieve charts in .wk*, .wq* files - QuattroPro: add parser to .wb[12] files myspell-dictionaries was updated to 20181025: - Turkish dictionary added - Updated French dictionary xmlsec1 was updated to 1.2.26: - Added xmlsec-mscng module based on Microsoft Cryptography API: Next Generation - Added support for GOST 2012 and fixed CryptoPro CSP provider for GOST R 34.10-2001 in xmlsec-mscrypto ----------------------------------------- Patch: SUSE-2018-2620 Released: Thu Nov 8 17:57:34 2018 Summary: Security update for libxkbcommon Severity: low References: 1105832,CVE-2018-15853,CVE-2018-15854,CVE-2018-15855,CVE-2018-15856,CVE-2018-15857,CVE-2018-15858,CVE-2018-15859,CVE-2018-15861,CVE-2018-15862,CVE-2018-15863,CVE-2018-15864 Description: This update for libxkbcommon to version 0.8.2 fixes the following issues: - Fix a few NULL-dereferences, out-of-bounds access and undefined behavior in the XKB text format parser. - CVE-2018-15853: Endless recursion could have been used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation (bsc#1105832). - CVE-2018-15854: Unchecked NULL pointer usage could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly (bsc#1105832). - CVE-2018-15855: Unchecked NULL pointer usage could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled (bsc#1105832). - CVE-2018-15856: An infinite loop when reaching EOL unexpectedly could be used by local attackers to cause a denial of service during parsing of crafted keymap files (bsc#1105832). - CVE-2018-15857: An invalid free in ExprAppendMultiKeysymList could have been used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file (bsc#1105832). - CVE-2018-15858: Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file (bsc#1105832). - CVE-2018-15859: Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled (bsc#1105832). - CVE-2018-15861: Unchecked NULL pointer usage in ExprResolveLhs could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure (bsc#1105832). - CVE-2018-15862: Unchecked NULL pointer usage in LookupModMask could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers (bsc#1105832). - CVE-2018-15863: Unchecked NULL pointer usage in ResolveStateAndPredicate could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression (bsc#1105832). - CVE-2018-15864: Unchecked NULL pointer usage in resolve_keysym could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created (bsc#1105832). ----------------------------------------- Patch: SUSE-2018-2625 Released: Mon Nov 12 08:58:25 2018 Summary: Recommended update for java-11-openjdk Severity: moderate References: 1113734 Description: This update for java-11-openjdk fixes the following issues: Merge into the JDK following modules from github.com/javaee: * com.sum.xml.fastinfoset * org.jvnet.staxex * com.sun.istack.runtime * com.sun.xml.txw2 * com.sun.xml.bind This provides a default implementation of JAXB-API that existed in JDK before Java 11 and that some applications depend on. ----------------------------------------- Patch: SUSE-2018-2626 Released: Mon Nov 12 09:51:00 2018 Summary: Recommended update for bash-completion Severity: moderate References: 1104531 Description: This update for bash-completion fixes the following issues: - Fix an issue where bash-completion was not working with mksh (bsc#1104531) ----------------------------------------- Patch: SUSE-2018-2641 Released: Mon Nov 12 20:39:30 2018 Summary: Recommended update for nfsidmap Severity: moderate References: 1098217 Description: This update for nfsidmap fixes the following issues: - Improve support for SAMBA with Active Directory. (bsc#1098217) ----------------------------------------- Patch: SUSE-2018-2649 Released: Tue Nov 13 14:49:19 2018 Summary: Recommended update for guile Severity: moderate References: 1110085 Description: - The patch fixes a coredump when using guile with japanese locales based on Shift-JIS (LC_CTYPE=ja_JP.sjis) (bsc#1110085) ----------------------------------------- Patch: SUSE-2018-2686 Released: Fri Nov 16 15:54:44 2018 Summary: Security update for squid Severity: important References: 1082318,1112066,1112695,1113668,1113669,CVE-2018-19131,CVE-2018-19132 Description: This update for squid fixes the following issues: Security issues fixed: - CVE-2018-19131: Fixed Cross-Site-Scripting vulnerability in the TLS error handling (bsc#1113668). - CVE-2018-19132: Fixed small memory leak in processing of SNMP packets (bsc#1113669). Non-security issues fixed: - Create runtime directories needed when SMP mode is enabled (bsc#1112695, bsc#1112066). - Install license correctly (bsc#1082318). ----------------------------------------- Patch: SUSE-2018-2716 Released: Tue Nov 20 16:15:16 2018 Summary: Recommended update for llvm5 Severity: moderate References: 1111190 Description: This update for llvm5 fixes the following issues: - Build TableGen component as its own shared library because it is not included in the libLLVM library and is needed for ldc. (bsc#1111190) ----------------------------------------- Patch: SUSE-2018-2742 Released: Thu Nov 22 13:28:36 2018 Summary: Recommended update for rpcbind Severity: moderate References: 969953 Description: This update for rpcbind fixes the following issues: - Fix tool stack buffer overflow aborting (bsc#969953) ----------------------------------------- Patch: SUSE-2018-2761 Released: Thu Nov 22 16:26:11 2018 Summary: Security update for libwpd Severity: important References: 1115713,CVE-2018-19208 Description: This update for libwpd fixes the following issues: Security issue fixed: - CVE-2018-19208: Fixed illegal address access inside libwpd at function WP6ContentListener:defineTable (bsc#1115713). ----------------------------------------- Patch: SUSE-2018-2763 Released: Thu Nov 22 16:26:44 2018 Summary: Security update for java-1_8_0-ibm Severity: important References: 1116574,CVE-2018-13785,CVE-2018-3136,CVE-2018-3139,CVE-2018-3149,CVE-2018-3169,CVE-2018-3180,CVE-2018-3183,CVE-2018-3214 Description: java-1_8_0-ibm was updated to Java 8.0 Service Refresh 5 Fix Pack 25 (bsc#1116574) * Class Libraries: - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10930 CVE-2018-3183 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK’S CACERTS. - IJ10566 SUPPORT EBCDIC CODE PAGE IBM-274 – BELGIUM EBCDIC * Java Virtual Machine - IJ08730 APPLICATION SIGNAL HANDLER NOT INVOKED FOR SIGABRT - IJ10453 ASSERTION FAILURE AT CLASSPATHITEM.CPP - IJ09574 CLASSLOADER DEFINED THROUGH SYSTEM PROPERTY ‘JAVA.SYSTEM.CLASS.LOADE R’ IS NOT HONORED. - IJ10931 CVE-2018-3169 - IJ10618 GPU SORT: UNSPECIFIED LAUNCH FAILURE - IJ10619 INCORRECT ILLEGALARGUMENTEXCEPTION BECAUSE OBJECT IS NOT AN INSTANCE OF DECLARING CLASS ON REFLECTIVE INVOCATION - IJ10135 JVM HUNG IN GARBAGECOLLECTORMXBEAN.G ETLASTGCINFO() API - IJ10680 RECURRENT ABORTED SCAVENGE * ORB - IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION * Reliability and Serviceability - IJ09600 DTFJ AND JDMPVIEW FAIL TO PARSE WIDE REGISTER VALUES * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10310 ADD NULL CHECKING ON THE ENCRYPTION TYPES LIST TO CREDENTIALS.GETDEFAULTNA TIVECREDS() METHOD - IJ10491 AES/GCM CIPHER – AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER – INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL – INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ‘ARRAY INDEX OUT OF RANGE’ EXCEPTION - IJ08704 THE SECURITY PROPERTY ‘JDK.CERTPATH.DISABLEDAL GORITHMS’ IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS * z/OS Extentions - PH03889 ADD SUPPORT FOR TRY-WITH-RESOURCES TO COM.IBM.JZOS.ENQUEUE - PH03414 ROLLOVER FROM SYE TO SAE FOR ICSF REASON CODE 3059 - PH04008 ZERTJSSE – Z SYSTEMS ENCRYPTION READINESS TOOL (ZERT) NEW SUPPORT IN THE Z/OS JAVA SDK This includes the update to Java 8.0 Service Refresh 5 Fix Pack 22: * Java Virtual Machine - IJ09139 CUDA4J NOT AVAILABLE ON ALL PLATFORMS * JIT Compiler - IJ09089 CRASH DURING COMPILATION IN USEREGISTER ON X86-32 - IJ08655 FLOATING POINT ERROR (SIGFPE) IN ZJ9SYM1 OR ANY VM/JIT MODULE ON AN INSTRUCTION FOLLOWING A VECTOR INSTRUCTION - IJ08850 CRASH IN ARRAYLIST$ITR.NEXT() - IJ09601 JVM CRASHES ON A SIGBUS SIGNAL WHEN ACCESSING A DIRECTBYTEBUFFER * z/OS Extentions - PH02999 JZOS data management classes accept dataset names in code pages supported by z/OS system services - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID Also the update to Java 8.0 Service Refresh 5 Fix Pack 21 * Class Libraries - IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM - IJ08570 JAVA.LANG.UNSATISFIEDLIN KERROR WITH JAVA OPTION -DSUN.JAVA2D.CMM=SUN.JAV A2D.CMM.KCMS.KCMSSERVICE PROVIDER ON AIX PLATFORM * Java Virtual Machine - IJ08001 30% THROUGHPUT DROP FOR CERTAIN SYNCHRONIZATION WORKLOADS - IJ07997 TRACEASSERT IN GARBAGE COLLECTOR(MEMORYSUBSPACE) * JIT Compiler - IJ08503 ASSERTION IS HIT DUE TO UNEXPECTED STACK HEIGHT IN DEBUGGING MODE - IJ08375 CRASH DURING HARDWARE GENERATED GUARDED STORAGE EVENT WITHIN A TRANSACTIONAL EXECUTION REGION WHEN RUNNING WITH -XGC:CONCURRENTS - IJ08205 CRASH WHILE COMPILING - IJ09575 INCORRECT RESULT WHEN USING JAVA.LANG.MATH.MIN OR MAX ON 31-BIT JVM - IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE() ----------------------------------------- Patch: SUSE-2018-2792 Released: Tue Nov 27 10:52:31 2018 Summary: Recommended update for autofs Severity: moderate References: 1093436 Description: This update for autofs fixes the following issues: - Fix file descriptor leak (bsc#1093436) ----------------------------------------- Patch: SUSE-2018-2793 Released: Tue Nov 27 13:38:46 2018 Summary: Security update for tiff Severity: moderate References: 1099257,1113094,1113672,CVE-2018-12900,CVE-2018-18557,CVE-2018-18661 Description: This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257). - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672). - CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094). Non-security issues fixed: - asan_build: build ASAN included - debug_build: build more suitable for debugging ----------------------------------------- Patch: SUSE-2018-2797 Released: Tue Nov 27 15:54:44 2018 Summary: Security update for rubygem-loofah Severity: moderate References: 1113969,CVE-2018-16468 Description: This update for rubygem-loofah fixes the following issues: Security issue fixed: - CVE-2018-16468: Fixed XXS by removing the svg animate attribute `from` from the allowlist (bsc#1113969). ----------------------------------------- Patch: SUSE-2018-2798 Released: Wed Nov 28 07:48:35 2018 Summary: Recommended update for make Severity: moderate References: 1100504 Description: This update for make fixes the following issues: - Use a non-blocking read with pselect to avoid hangs (bsc#1100504) ----------------------------------------- Patch: SUSE-2018-2818 Released: Fri Nov 30 14:32:24 2018 Summary: Recommended update for skopeo Severity: moderate References: 1115165 Description: This update for skopeo to version 0.1.32 adds the following feature: - implement `skopeo sync` command (bsc#1115165) ----------------------------------------- Patch: SUSE-2018-2825 Released: Mon Dec 3 15:35:02 2018 Summary: Security update for pam Severity: important References: 1115640,CVE-2018-17953 Description: This update for pam fixes the following issue: Security issue fixed: - CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640). ----------------------------------------- Patch: SUSE-2018-2857 Released: Thu Dec 6 09:40:03 2018 Summary: Security update for rubygem-activejob-5_1 Severity: low References: 1117632,CVE-2018-16476 Description: This update for rubygem-activejob-5_1 fixes the following issues: Security issue fixed: - CVE-2018-16476: Fixed broken access control vulnerability (bsc#1117632). ----------------------------------------- Patch: SUSE-2018-2861 Released: Thu Dec 6 14:32:01 2018 Summary: Security update for ncurses Severity: important References: 1103320,1115929,CVE-2018-19211 Description: This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Non-security issue fixed: - Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320). ----------------------------------------- Patch: SUSE-2018-2862 Released: Thu Dec 6 14:33:19 2018 Summary: Security update for openssl-1_0_0 Severity: moderate References: 1100078,1112209,1113534,1113652,1113742,CVE-2018-0734,CVE-2018-5407 Description: This update for openssl-1_0_0 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Added elliptic curve scalar multiplication timing attack defenses that fixes 'PortSmash' (bsc#1113534). Non-security issues fixed: - Added missing timing side channel patch for DSA signature generation (bsc#1113742). - Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078). - Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209) ----------------------------------------- Patch: SUSE-2018-2864 Released: Fri Dec 7 10:21:20 2018 Summary: Security update for tiff Severity: moderate References: 1017693,1054594,1115717,990460,CVE-2016-10092,CVE-2016-10093,CVE-2016-10094,CVE-2016-6223,CVE-2017-12944,CVE-2018-19210 Description: This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-19210: Fixed NULL pointer dereference in the TIFFWriteDirectorySec function (bsc#1115717). - CVE-2017-12944: Fixed denial of service issue in the TIFFReadDirEntryArray function (bsc#1054594). - CVE-2016-10094: Fixed heap-based buffer overflow in the _tiffWriteProc function (bsc#1017693). - CVE-2016-10093: Fixed heap-based buffer overflow in the _TIFFmemcpy function (bsc#1017693). - CVE-2016-10092: Fixed heap-based buffer overflow in the TIFFReverseBits function (bsc#1017693). - CVE-2016-6223: Fixed out-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() (bsc#990460). ----------------------------------------- Patch: SUSE-2018-2866 Released: Fri Dec 7 12:04:49 2018 Summary: Recommended update for helm-mirror Severity: low References: 1116182 Description: This update provides helm-mirror to the Containers module. This utility mirrors Helm repositories to a local directory and it can extract used container images. ----------------------------------------- Patch: SUSE-2018-2882 Released: Mon Dec 10 08:07:44 2018 Summary: Security update for cups Severity: important References: 1115750,CVE-2018-4700 Description: This update for cups fixes the following issues: Security issue fixed: - CVE-2018-4700: Fixed extremely predictable cookie generation that is effectively breaking the CSRF protection of the CUPS web interface (bsc#1115750). ----------------------------------------- Patch: SUSE-2018-2908 Released: Tue Dec 11 21:48:30 2018 Summary: Recommended update for susefirewall2-to-firewalld Severity: moderate References: 1115001 Description: This update for susefirewall2-to-firewalld fixes the following issues: - Add input and forward zone to the known ones (bsc#1115001) - Stop guessing firewall service from port/proto ----------------------------------------- Patch: SUSE-2018-2914 Released: Wed Dec 12 13:37:46 2018 Summary: Security update for ghostscript Severity: important References: 1109105,1111479,1111480,1112229,1117022,1117274,1117313,1117327,1117331,CVE-2018-17183,CVE-2018-17961,CVE-2018-18073,CVE-2018-18284,CVE-2018-19409,CVE-2018-19475,CVE-2018-19476,CVE-2018-19477 Description: This update for ghostscript to version 9.26 fixes the following issues: Security issues fixed: - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) - CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) - CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) - CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331): - Security issues have been the primary focus - Minor bug fixes and improvements - For release summary see: http://www.ghostscript.com/doc/9.26/News.htm ----------------------------------------- Patch: SUSE-2018-2926 Released: Thu Dec 13 11:24:58 2018 Summary: Recommended update for java-1_8_0-ibm Severity: important References: 1119213 Description: This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 5 Fix Pack 26 [bsc#1119213] * Fixes several crashes that could have caused problems with SUSE Manager installations ----------------------------------------- Patch: SUSE-2018-2939 Released: Fri Dec 14 13:59:54 2018 Summary: Recommended update for libcdio Severity: moderate References: 1108134 Description: This update for libcdio fixes the following issues: - Remove API/ABI breaking changes from libcdio patch (bsc#1108134). ----------------------------------------- Patch: SUSE-2018-2945 Released: Fri Dec 14 16:43:57 2018 Summary: Security update for tcpdump Severity: moderate References: 1117267,CVE-2018-19519 Description: This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2018-19519: Fixed a stack-based buffer over-read in the print_prefix function (bsc#1117267) ----------------------------------------- Patch: SUSE-2018-2961 Released: Mon Dec 17 19:51:40 2018 Summary: Recommended update for psmisc Severity: moderate References: 1098697,1112780 Description: This update for psmisc provides the following fix: - Make the fuser option -m work even with mountinfo. (bsc#1098697) - Support also btrFS entries in mountinfo, that is use stat(2) to determine the device of the mounted subvolume (bsc#1098697, bsc#1112780) ----------------------------------------- Patch: SUSE-2018-2970 Released: Mon Dec 17 19:53:42 2018 Summary: Recommended update for libmtp Severity: moderate References: 1110868 Description: This update for libmtp fixes the following issues: - Adjusted udev rules for new kernel versions (bsc#1110868) - Added lots of new USB ids - Some more small bug fixes ----------------------------------------- Patch: SUSE-2018-2986 Released: Wed Dec 19 13:53:22 2018 Summary: Security update for libnettle Severity: moderate References: 1118086,CVE-2018-16869 Description: This update for libnettle fixes the following issues: Security issues fixed: - CVE-2018-16869: Fixed a leaky data conversion exposing a manager oracle (bsc#1118086) ----------------------------------------- Patch: SUSE-2018-2990 Released: Wed Dec 19 14:16:40 2018 Summary: Security update for git Severity: moderate References: 1117257,CVE-2018-19486 Description: This update for git fixes the following issues: Security issue fixed: - CVE-2018-19486: Fixed git that executed commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was (bsc#1117257). ----------------------------------------- Patch: SUSE-2018-2992 Released: Wed Dec 19 16:18:57 2018 Summary: Recommended update for xdm Severity: moderate References: 1102584,1118121 Description: This update for xdm fixes the following issues: - Add OnFailure=plymouth-quit.service to display-manager service. (bsc#1118121) - display-manager: quit plymouth when display-manager is set to console (bsc#1102584) ----------------------------------------- Patch: SUSE-2018-3024 Released: Fri Dec 21 11:23:50 2018 Summary: Security update for enigmail Severity: moderate References: 1118935 Description: This update for enigmail to version 2.0.9 fixes the following issues: Security issue fixed: - When using Web Key Discovery, a HTTP authentication may be triggered. This may trick users into possibly sending e-mail credentials (bsc#1118935). Non-security issues fixed: - pEp - PGP/MIME signed-only messages are ignored - Autocrypt overrules manually created Per-Recipient Rules - 'Re:' prefix on subject line disappears when editing encrypted, saved draft ----------------------------------------- Patch: SUSE-2018-3044 Released: Fri Dec 21 18:47:21 2018 Summary: Security update for MozillaFirefox, mozilla-nspr and mozilla-nss Severity: important References: 1097410,1106873,1119069,1119105,CVE-2018-0495,CVE-2018-12384,CVE-2018-12404,CVE-2018-12405,CVE-2018-17466,CVE-2018-18492,CVE-2018-18493,CVE-2018-18494,CVE-2018-18498 Description: This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20 (bsc#1119105) ----------------------------------------- Patch: SUSE-2018-3064 Released: Fri Dec 28 18:39:08 2018 Summary: Security update for containerd, docker and go Severity: important References: 1047218,1074971,1080978,1081495,1084533,1086185,1094680,1095817,1098017,1102522,1104821,1105000,1108038,1113313,1113978,1114209,1118897,1118898,1118899,1119634,1119706,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2018-7187 Description: This update for containerd, docker and go fixes the following issues: containerd and docker: - Add backport for building containerd (bsc#1102522, bsc#1113313) - Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. (bsc#1102522) - Enable seccomp support on SLE12 (fate#325877) - Update to containerd v1.1.1, which is the required version for the Docker v18.06.0-ce upgrade. (bsc#1102522) - Put containerd under the podruntime slice (bsc#1086185) - 3rd party registries used the default Docker certificate (bsc#1084533) - Handle build breakage due to missing 'export GOPATH' (caused by resolution of boo#1119634). I believe Docker is one of the only packages with this problem. go: - golang: arbitrary command execution via VCS path (bsc#1081495, CVE-2018-7187) - Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely (because GOPATH is also set automatically) (boo#1119634) - Fix a regression that broke go get for import path patterns containing '...' (bsc#1119706) Additionally, the package go1.10 has been added. ----------------------------------------- Patch: SUSE-2018-3066 Released: Fri Dec 28 18:39:32 2018 Summary: Security update for wireshark Severity: moderate References: 1117740,CVE-2018-19622,CVE-2018-19623,CVE-2018-19624,CVE-2018-19625,CVE-2018-19626,CVE-2018-19627 Description: This update for wireshark fixes the following issues: Update to Wireshark 2.4.11 (bsc#1117740). Security issues fixed: - CVE-2018-19625: The Wireshark dissection engine could crash (wnpa-sec-2018-51) - CVE-2018-19626: The DCOM dissector could crash (wnpa-sec-2018-52) - CVE-2018-19623: The LBMPDM dissector could crash (wnpa-sec-2018-53) - CVE-2018-19622: The MMSE dissector could go into an infinite loop (wnpa-sec-2018-54) - CVE-2018-19627: The IxVeriWave file parser could crash (wnpa-sec-2018-55) - CVE-2018-19624: The PVFS dissector could crash (wnpa-sec-2018-56) Further bug fixes and updated protocol support as listed in: - https://www.wireshark.org/docs/relnotes/wireshark-2.4.11.html ----------------------------------------- Patch: SUSE-2019-5 Released: Wed Jan 2 13:54:39 2019 Summary: Security update for libraw Severity: moderate References: 1097975,1103200,1103206,CVE-2018-5804,CVE-2018-5813,CVE-2018-5815,CVE-2018-5816 Description: This update for libraw fixes the following issues: Security issues fixed: The following security vulnerabilities were addressed: - CVE-2018-5813: Fixed an error within the 'parse_minolta()' function (dcraw/dcraw.c) that could be exploited to trigger an infinite loop via a specially crafted file. This could be exploited to cause a DoS.(boo#1103200). - CVE-2018-5815: Fixed an integer overflow in the internal/dcraw_common.cpp:parse_qt() function, that could be exploited to cause an infinite loop via a specially crafted Apple QuickTime file. (boo#1103206) - CVE-2018-5804,CVE-2018-5816: Fixed a type confusion error in the identify function (bsc#1097975) ----------------------------------------- Patch: SUSE-2019-6 Released: Wed Jan 2 20:25:25 2019 Summary: Recommended update for gcc7 Severity: moderate References: 1099119,1099192 Description: GCC 7 was updated to the GCC 7.4 release. - Fix AVR configuration to not use __cxa_atexit or libstdc++ headers. Point to /usr/avr/sys-root/include as system header include directory. - Includes fix for build with ISL 0.20. - Pulls fix for libcpp lexing bug on ppc64le manifesting during build with gcc8. [bsc#1099119] - Pulls fix for forcing compile-time tuning even when building with -march=z13 on s390x. [bsc#1099192] - Fixes support for 32bit ASAN with glibc 2.27+ ----------------------------------------- Patch: SUSE-2019-9 Released: Wed Jan 2 20:26:17 2019 Summary: Recommended update for mirror Severity: moderate References: 1117110 Description: This update for mirror provides the following fix: - Check if a directory must be removed. In case all the previous content of a directory is removed, but new content for the directory was downloaded, do not remove it. (bsc#1117110) ----------------------------------------- Patch: SUSE-2019-32 Released: Tue Jan 8 13:03:20 2019 Summary: Recommended update for librdkafka Severity: moderate References: 1119963 Description: This update ships librdkafka 0.11.6 to SUSE Linux Enterprise Server 15. librdkafka is a C library implementation of the Apache Kafka protocol, containing both Producer and Consumer support. ----------------------------------------- Patch: SUSE-2019-44 Released: Tue Jan 8 13:07:32 2019 Summary: Recommended update for acl Severity: low References: 953659 Description: This update for acl fixes the following issues: - test: Add helper library to fake passwd/group files. - quote: Escape literal backslashes. (bsc#953659) ----------------------------------------- Patch: SUSE-2019-48 Released: Wed Jan 9 17:24:55 2019 Summary: Security update for helm-mirror Severity: moderate References: 1116182,1118897,1118898,1118899,1120762,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875 Description: This update for helm-mirror to version 0.2.1 fixes the following issues: Security issues fixed: - CVE-2018-16873: Fixed a remote command execution (bsc#1118897) - CVE-2018-16874: Fixed a directory traversal in 'go get' via curly braces in import path (bsc#1118898) - CVE-2018-16875: Fixed a CPU denial of service (bsc#1118899) Non-security issue fixed: - Update to v0.2.1 (bsc#1120762) - Include helm-mirror into the containers module (bsc#1116182) ----------------------------------------- Patch: SUSE-2019-58 Released: Thu Jan 10 16:03:31 2019 Summary: Security update for java-1_8_0-openjdk Severity: important References: 1112142,1112143,1112144,1112146,1112147,1112148,1112152,1112153,CVE-2018-13785,CVE-2018-16435,CVE-2018-3136,CVE-2018-3139,CVE-2018-3149,CVE-2018-3169,CVE-2018-3180,CVE-2018-3183,CVE-2018-3214 Description: This update for java-1_8_0-openjdk to version 8u191 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-3183: Improve script engine support (bsc#1112148) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile ----------------------------------------- Patch: SUSE-2019-62 Released: Thu Jan 10 20:30:58 2019 Summary: Recommended update for xfsprogs Severity: moderate References: 1119063 Description: This update for xfsprogs fixes the following issues: - Fix root inode's parent when it's bogus for sf directory (xfs repair). (bsc#1119063) ----------------------------------------- Patch: SUSE-2019-75 Released: Fri Jan 11 13:29:22 2019 Summary: Recommended update for azure-li-services, python-Cerberus Severity: moderate References: 1103542,1119702 Description: This update for azure-li-services, python-Cerberus fixes the following issues: azure-li-services and its dependency python-Cerberus were added to the Public Cloud Module. (fate#326575 bsc#1103542) 'azure-li-services' is a package providing services to setup a system suitable to run SAP workloads on it. ----------------------------------------- Patch: SUSE-2019-76 Released: Fri Jan 11 13:46:45 2019 Summary: Recommended update for lifecycle-data-sle-module-live-patching Severity: moderate References: 1020320 Description: This update for lifecycle-data-sle-module-live-patching adds lifecycle data for following live patches: - 4_12_14-23, 4_12_14-25_13, 4_12_14-25_16, 4_12_14-25_19, 4_12_14-25_22, 4_12_14-25_25, 4_12_14-25_3, 4_12_14-25_6. (bsc#1020320) ----------------------------------------- Patch: SUSE-2019-80 Released: Fri Jan 11 17:05:49 2019 Summary: Security update for LibVNCServer Severity: important References: 1120114,1120115,1120116,1120117,1120118,1120119,1120120,1120121,1120122,CVE-2018-15126,CVE-2018-15127,CVE-2018-20019,CVE-2018-20020,CVE-2018-20021,CVE-2018-20022,CVE-2018-20023,CVE-2018-20024,CVE-2018-6307 Description: This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-15126: Fixed use-after-free in file transfer extension (bsc#1120114) - CVE-2018-6307: Fixed use-after-free in file transfer extension server code (bsc#1120115) - CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC client code (bsc#1120116) - CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c (bsc#1120117) - CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1120118) - CVE-2018-20023: Fixed information disclosure through improper initialization in VNC Repeater client code (bsc#1120119) - CVE-2018-20022: Fixed information disclosure through improper initialization in VNC client code (bsc#1120120) - CVE-2018-20024: Fixed NULL pointer dereference in VNC client code (bsc#1120121) - CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122) ----------------------------------------- Patch: SUSE-2019-82 Released: Fri Jan 11 17:16:48 2019 Summary: Recommended update for suse-build-key Severity: moderate References: 1044232 Description: This update for suse-build-key fixes the following issues: - Include the SUSE PTF GPG key in the key directory to avoid it being stripped via %doc stripping in CAASP. (bsc#1044232) ----------------------------------------- Patch: SUSE-2019-89 Released: Tue Jan 15 13:15:33 2019 Summary: Recommended update for python3-susepubliccloudinfo Severity: moderate References: 1121150,1121151 Description: This update for python3-susepubliccloudinfo fixes the following issues: Update to version 1.1.0 (bsc#1121151, bsc#1121150) + Support new inactive state + Remove awscvsgen and associated subpackage ----------------------------------------- Patch: SUSE-2019-90 Released: Tue Jan 15 13:15:42 2019 Summary: Recommended update for regionServiceClientConfigEC2 Severity: moderate References: 1121114 Description: This update for regionServiceClientConfigEC2 2.1.0 fixes the following issues: Add the SUSE server IP 34.197.223.242 to the configuration. (bsc#1121114) ----------------------------------------- Patch: SUSE-2019-91 Released: Tue Jan 15 14:14:43 2019 Summary: Recommended update for mozilla-nss Severity: moderate References: 1090767,1121045,1121207 Description: This update for mozilla-nss fixes the following issues: - The hmac packages used in FIPS certification inadvertently removed in last update: re-added. (bsc#1121207) - Added 'Suggest:' for libfreebl3 and libsoftokn3 respective -hmac packages to avoid dependency issues during updates (bsc#1090767, bsc#1121045) ----------------------------------------- Patch: SUSE-2019-93 Released: Tue Jan 15 14:48:33 2019 Summary: Security update for wget Severity: important References: 1120382,CVE-2018-20483 Description: This update for wget fixes the following issues: Security issue fixed: - CVE-2018-20483: Fixed an information disclosure through file metadata (bsc#1120382) ----------------------------------------- Patch: SUSE-2019-97 Released: Tue Jan 15 18:01:38 2019 Summary: Recommended update for rpmlint Severity: moderate References: 1015141,1076467,1089114,1089340,1095769,1097339,1102836,1104110,1108037,1109938,1111254,1116686,1116758,1119975 Description: This update for rpmlint fixes the following issues: - Update rpmlint-checks to version master (bsc#1116686) - whitelist boltd dbus service (bsc#1119975) - whitelist pam_slurm_adopt (bsc#1116758) - Add user/group 'slurm' for package slurm (FATE#316379) - whitelist keepalived dbus service (bsc#1015141) - remove openswan whitelisting (bsc#1089340) - whitelist systemd-timesyncd (bsc#1111254) - whitelist NetworkManager-fortisslvpn (bsc#1109938) - whitelist iwd D-Bus service (bsc#1108037) - whitelist xpra D-Bus service (bsc#1102836) - adjust maximum valid suse_version to 1550 (bsc#1104110) - whitelist ratbagd D-Bus service (bsc#1076467) - whitelist pam_oath PAM module after audit (bsc#1089114) - Update rpmlint-checks to version master (bsc#1097339) - whitelisting NetworkManager-libreswan plugin (bsc#1089340) - add Lua/NodeJS related groups to list of valid groups (bsc#1095769) ----------------------------------------- Patch: SUSE-2019-102 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Severity: moderate References: 1120402 Description: This update for timezone fixes the following issues: - Update 2018i: São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------- Patch: SUSE-2019-104 Released: Tue Jan 15 18:03:13 2019 Summary: Recommended update for chrony Severity: moderate References: 1117147 Description: This update for chrony fixes the following issues: - Generate chronyd sysconfig file. (bsc#1117147) ----------------------------------------- Patch: SUSE-2019-110 Released: Thu Jan 17 14:17:05 2019 Summary: Security update for zeromq Severity: important References: 1121717,CVE-2019-6250 Description: This update for zeromq fixes the following issues: Security issue fixed: - CVE-2019-6250: fix a remote execution vulnerability due to pointer arithmetic overflow (bsc#1121717) ----------------------------------------- Patch: SUSE-2019-112 Released: Thu Jan 17 14:19:30 2019 Summary: Security update for soundtouch Severity: moderate References: 1108631,1108632,CVE-2018-17097,CVE-2018-17098 Description: This update for soundtouch fixes the following issues: Security issues fixed: - CVE-2018-17098: Fixed a heap corruption from size inconsistency, which allowed remote attackers to cause a denial of service or possibly have other unspecified impact (bsc#1108632) - CVE-2018-17097: Fixed a double free, which allowed remote attackers to cause a denial of service or possibly have other unspecified impact (bsc#1108631) ----------------------------------------- Patch: SUSE-2019-124 Released: Fri Jan 18 12:36:07 2019 Summary: Recommended update for tpm-tools Severity: low References: 1114793 Description: This update for tpm-tools provides the following fix: - Fix undefined and binary data being output in the tpm_version command. (bsc#1114793) ----------------------------------------- Patch: SUSE-2019-130 Released: Fri Jan 18 16:30:56 2019 Summary: Security update for wireshark Severity: moderate References: 1121232,1121233,1121234,1121235,CVE-2019-5717,CVE-2019-5718,CVE-2019-5719,CVE-2019-5721 Description: This update for wireshark to version 2.4.12 fixes the following issues: Security issues fixed: - CVE-2019-5717: Fixed a denial of service in the P_MUL dissector (bsc#1121232) - CVE-2019-5718: Fixed a denial of service in the RTSE dissector and other dissectors (bsc#1121233) - CVE-2019-5719: Fixed a denial of service in the ISAKMP dissector (bsc#1121234) - CVE-2019-5721: Fixed a denial of service in the ISAKMP dissector (bsc#1121235) ----------------------------------------- Patch: SUSE-2019-133 Released: Mon Jan 21 09:35:52 2019 Summary: Security update for libraw Severity: moderate References: 1120498,1120499,1120500,1120515,1120516,1120517,1120519,CVE-2018-20337,CVE-2018-20363,CVE-2018-20364,CVE-2018-20365,CVE-2018-5817,CVE-2018-5818,CVE-2018-5819 Description: This update for libraw fixes the following issues: Security issues fixed: - CVE-2018-20337: Fixed a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp (bsc#1120519) - CVE-2018-20365: Fixed a heap-based buffer overflow in the raw2image function of libraw_cxx.cpp (bsc#1120500) - CVE-2018-20364: Fixed a NULL pointer dereference in the copy_bayer function of libraw_cxx.cpp (bsc#1120499) - CVE-2018-20363: Fixed a NULL pointer dereference in the raw2image function of libraw_cxx.cpp (bsc#1120498) - CVE-2018-5817: Fixed an infinite loop in the unpacked_load_raw function of dcraw_common.cpp (bsc#1120515) - CVE-2018-5818: Fixed an infinite loop in the parse_rollei function of dcraw_common.cpp (bsc#1120516) - CVE-2018-5819: Fixed a denial of service in the parse_sinar_ia function of dcraw_common.cpp (bsc#1120517) ----------------------------------------- Patch: SUSE-2019-137 Released: Mon Jan 21 15:52:45 2019 Summary: Security update for systemd Severity: important References: 1005023,1045723,1076696,1080919,1093753,1101591,1111498,1114933,1117063,1119971,1120323,CVE-2018-16864,CVE-2018-16865,CVE-2018-16866,CVE-2018-6954 Description: This update for systemd provides the following fixes: Security issues fixed: - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323) - CVE-2018-16866: Fixed an information leak in journald (bsc#1120323) - CVE-2018-6954: Fix mishandling of symlinks present in non-terminal path components (bsc#1080919) - Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971) Non-security issues fixed: - pam_systemd: Fix 'Cannot create session: Already running in a session' (bsc#1111498) - systemd-vconsole-setup: vconsole setup fails, fonts will not be copied to tty (bsc#1114933) - systemd-tmpfiles-setup: symlinked /tmp to /var/tmp breaking multiple units (bsc#1045723) - Fixed installation issue with /etc/machine-id during update (bsc#1117063) - btrfs: qgroups are assigned to parent qgroups after reboot (bsc#1093753) - logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591) - udev: Downgrade message when settting inotify watch up fails. (bsc#1005023) - udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696) ----------------------------------------- Patch: SUSE-2019-145 Released: Wed Jan 23 15:55:42 2019 Summary: Security update for ghostscript Severity: important References: 1122319,CVE-2019-6116 Description: This update for ghostscript version 9.26a fixes the following issues: Security issue fixed: - CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators (bsc#1122319) ----------------------------------------- Patch: SUSE-2019-155 Released: Thu Jan 24 13:50:25 2019 Summary: Recommended update for csync Severity: moderate References: 1113889 Description: This update for csync fixes the following issues: - Fix a compile error on Leap 15.1 (bsc#1113889) ----------------------------------------- Patch: SUSE-2019-195 Released: Tue Jan 29 13:13:26 2019 Summary: Security update for subversion Severity: moderate References: 1122842,CVE-2018-11803 Description: This update for subversion fixes the following issues: Security issue fixed: - CVE-2018-11803: Fixed a vulnerability that allowed malicious SVN clients to trigger a crash in mod_dav_svn by omitting the root path from a recursive directory listing request (bsc#1122842) ----------------------------------------- Patch: SUSE-2019-201 Released: Tue Jan 29 20:19:32 2019 Summary: Recommended update for google-compute-engine Severity: moderate References: 1119029,1119110,1122172 Description: This update for google-compute-engine provides the following fixes: - Fixes from version 20181206 (bsc#1119029, bsc#1119110): + Google Compute Engine * Support enabling OS Login two factor authentication. * Improve accounts support for FreeBSD. + Google Compute Engine OS Login * Support OS Login two factor authentication (Alpha). * Improve SELinux support. - Fixes from version 20181023: + Google Compute Engine * Fix: Update sudoer group membership without overriding local groups. - Fixes from version 20181018: + Google Compute Engine * Fix: Remove users from sudoers group on account removal. - Fixes from version 20181011: + Google Compute Engine * Revert: Remove users from sudoers group on account removal. - Fixes from version 20181008: + Google Compute Engine * Remove users from sudoers group on account removal. * Remove gsutil dependency for metadata scripts. - Fixes from version 20180905: + Google Compute Engine * Remove ntp package dependency. * Support Debian 10 Buster. * Restart the network daemon if networking is restarted. * Prevent setup of the default ethernet interface. * Accounts daemon verifies username is 32 characters or less. + Google Compute Engine OS Login * Add user name validation to pam modules. * Return false on failed final load. * Support FreeBSD. * Support Debian 10 Buster. - Fixes from version 20180611: + Google Compute Engine * Prevent IP forwarding daemon log spam. * Make default shell configurable when executing metadata scripts. * Rename distro directory to distro_lib. ----------------------------------------- Patch: SUSE-2019-207 Released: Tue Jan 29 20:20:24 2019 Summary: Recommended update for container-suseconnect Severity: moderate References: 1119496 Description: This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.0.0 (bsc#1119496): - Added command line interface - Added `ADDITIONAL_MODULES` capability to enable further extension modules during image build and run - Added documentation about how to build docker images on non SLE distributions - Improve documentation to clarify how container-suseconnect works in a Dockerfile - Improve error handling on non SLE hosts - Fix bug which makes container-suseconnect work on SLE15 based distributions ----------------------------------------- Patch: SUSE-2019-215 Released: Thu Jan 31 15:59:57 2019 Summary: Security update for python3 Severity: important References: 1120644,1122191,CVE-2018-20406,CVE-2019-5010 Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) - CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644) ----------------------------------------- Patch: SUSE-2019-221 Released: Fri Feb 1 15:20:56 2019 Summary: Security update for java-11-openjdk Severity: important References: 1120431,1122293,1122299,CVE-2018-11212,CVE-2019-2422,CVE-2019-2426 Description: This update for java-11-openjdk to version 11.0.2+7 fixes the following issues: Security issues fixed: - CVE-2019-2422: Better FileChannel transfer performance (bsc#1122293) - CVE-2019-2426: Improve web server connections - CVE-2018-11212: Improve JPEG processing (bsc#1122299) - Better route routing - Better interface enumeration - Better interface lists - Improve BigDecimal support - Improve robot support - Better icon support - Choose printer defaults - Proper allocation handling - Initial class initialization - More reliable p11 transactions - Improve NIO stability - Better loading of classloader classes - Strengthen Windows Access Bridge Support - Improved data set handling - Improved LSA authentication - Libsunmscapi improved interactions Non-security issues fix: - Do not resolve by default the added JavaEE modules (bsc#1120431) - ~2.5% regression on compression benchmark starting with 12-b11 - java.net.http.HttpClient hangs on 204 reply without Content-length 0 - Add additional TeliaSonera root certificate - Add more ld preloading related info to hs_error file on Linux - Add test to exercise server-side client hello processing - AES encrypt performance regression in jdk11b11 - AIX: ProcessBuilder: Piping between created processes does not work. - AIX: Some class library files are missing the Classpath exception - AppCDS crashes for some uses with JRuby - Automate vtable/itable stub size calculation - BarrierSetC1::generate_referent_check() confuses register allocator - Better HTTP Redirection - Catastrophic size_t underflow in BitMap::*_large methods - Clip.isRunning() may return true after Clip.stop() was called - Compiler thread creation should be bounded by available space in memory and Code Cache - com.sun.net.httpserver.HttpServer returns Content-length header for 204 response code - Default mask register for avx512 instructions - Delayed starting of debugging via jcmd - Disable all DES cipher suites - Disable anon and NULL cipher suites - Disable unsupported GCs for Zero - Epsilon alignment adjustments can overflow max TLAB size - Epsilon elastic TLAB sizing may cause misalignment - HotSpot update for vm_version.cpp to recognise updated VS2017 - HttpClient does not retrieve files with large sizes over HTTP/1.1 - IIOException 'tEXt chunk length is not proper' on opening png file - Improve TLS connection stability again - InitialDirContext ctor sometimes throws NPE if the server has sent a disconnection - Inspect stack during error reporting - Instead of circle rendered in appl window, but ellipse is produced JEditor Pane - Introduce diagnostic flag to abort VM on failed JIT compilation - Invalid assert(HeapBaseMinAddress > 0) in ReservedHeapSpace::initialize_compressed_heap - jar has issues with UNC-path arguments for the jar -C parameter [windows] - java.net.http HTTP client should allow specifying Origin and Referer headers - java.nio.file.Files.writeString writes garbled UTF-16 instead of UTF-8 - JDK 11.0.1 l10n resource file update - JDWP Transport Listener: dt_socket thread crash - JVMTI ResourceExhausted should not be posted in CompilerThread - LDAPS communication failure with jdk 1.8.0_181 - linux: Poor StrictMath performance due to non-optimized compilation - Missing synchronization when reading counters for live threads and peak thread count - NPE in SupportedGroupsExtension - OpenDataException thrown when constructing CompositeData for StackTraceElement - Parent class loader may not have a referred ClassLoaderData instance when obtained in Klass::class_in_module_of_loader - Populate handlers while holding streamHandlerLock - ppc64: Enable POWER9 CPU detection - print_location is not reliable enough (printing register info) - Reconsider default option for ClassPathURLCheck change done in JDK-8195874 - Register to register spill may use AVX 512 move instruction on unsupported platform. - s390: Use of shift operators not covered by cpp standard - serviceability/sa/TestUniverse.java#id0 intermittently fails with assert(get_instanceKlass()->is_loaded()) failed: must be at least loaded - SIGBUS in CodeHeapState::print_names() - SIGSEGV in MethodArityHistogram() with -XX:+CountCompiledCalls - Soft reference reclamation race in com.sun.xml.internal.stream.util.ThreadLocalBufferAllocator - Swing apps are slow if displaying from a remote source to many local displays - switch jtreg to 4.2b13 - Test library OSInfo.getSolarisVersion cannot determine Solaris version - TestOptionsWithRanges.java is very slow - TestOptionsWithRanges.java of '-XX:TLABSize=2147483648' fails intermittently - The Japanese message of FileNotFoundException garbled - The 'supported_groups' extension in ServerHellos - ThreadInfoCompositeData.toCompositeData fails to map ThreadInfo to CompositeData - TimeZone.getDisplayName given Locale.US doesn't always honor the Locale. - TLS 1.2 Support algorithm in SunPKCS11 provider - TLS 1.3 handshake server name indication is missing on a session resume - TLS 1.3 server fails if ClientHello doesn't have pre_shared_key and psk_key_exchange_modes - TLS 1.3 interop problems with OpenSSL 1.1.1 when used on the client side with mutual auth - tz: Upgrade time-zone data to tzdata2018g - Undefined behaviour in ADLC - Update avx512 implementation - URLStreamHandler initialization race - UseCompressedOops requirement check fails fails on 32-bit system - windows: Update OS detection code to recognize Windows Server 2019 - x86: assert on unbound assembler Labels used as branch targets - x86: jck tests for ldc2_w bytecode fail - x86: sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization - '-XX:OnOutOfMemoryError' uses fork instead of vfork ----------------------------------------- Patch: SUSE-2019-225 Released: Mon Feb 4 13:36:52 2019 Summary: Recommended update for hmaccalc Severity: moderate References: 1122491 Description: This update for hmaccalc fixes the following issues: - require libfreebl3-hmac and libsoftokn3-hmac during building (bsc#1122491) ----------------------------------------- Patch: SUSE-2019-247 Released: Wed Feb 6 07:18:45 2019 Summary: Security update for lua53 Severity: moderate References: 1123043,CVE-2019-6706 Description: This update for lua53 fixes the following issues: Security issue fixed: - CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043) ----------------------------------------- Patch: SUSE-2019-259 Released: Wed Feb 6 11:26:09 2019 Summary: Recommended update for man-pages-posix Severity: low References: 1116987 Description: This update for man-pages-posix fixes the following issues: - Supplements the package 'man' in order to install some missing man pages. (bnc#1116987) ----------------------------------------- Patch: SUSE-2019-270 Released: Wed Feb 6 15:43:23 2019 Summary: Recommended update for mariadb-connector-c Severity: important References: 1097938,1116686 Description: This update for mariadb-connector-c fixes the following issues: - Update to version 3.0.7 (bsc#1116686) - Fixed installation issue where libmysqlclient.so.18 link was missing (bsc#1097938). ----------------------------------------- Patch: SUSE-2019-271 Released: Wed Feb 6 16:45:08 2019 Summary: Security update for python Severity: moderate References: 1122191,CVE-2019-5010 Description: This update for python fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) ----------------------------------------- Patch: SUSE-2019-273 Released: Wed Feb 6 16:48:18 2019 Summary: Security update for MozillaFirefox Severity: important References: 1119069,1120374,1122983,CVE-2018-12404,CVE-2018-18500,CVE-2018-18501,CVE-2018-18505 Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: Security issues fixed: - CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (bsc#1122983). - CVE-2018-18501: Fixed multiple memory safety bugs (bsc#1122983). - CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (bsc#1122983). - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bsc#1119069). Non-security issue fixed: - Update to MozillaFirefox ESR 60.5.0 - Update to mozilla-nss 3.41.1 ----------------------------------------- Patch: SUSE-2019-276 Released: Wed Feb 6 19:12:35 2019 Summary: Recommended update for rollback-helper Severity: moderate References: 1108618,1113048,1115555 Description: This update for rollback-helper fixes the following issues: - Added handling for separate /var subvolumes (bsc#1115555) - Run before any other services calling zypper (bsc#1113048) - Retry network connection if it doesn't work yet (bsc#1108618) ----------------------------------------- Patch: SUSE-2019-283 Released: Thu Feb 7 13:15:03 2019 Summary: Security update for LibVNCServer Severity: critical References: 1123823,1123828,1123832,CVE-2018-20748,CVE-2018-20749,CVE-2018-20750 Description: This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123828) - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123832) - CVE-2018-20748: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1123823) ----------------------------------------- Patch: SUSE-2019-286 Released: Thu Feb 7 13:45:27 2019 Summary: Security update for docker Severity: moderate References: 1001161,1112980,1115464,1118897,1118898,1118899,1118990,1121412,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875 Description: This update for containerd, docker, docker-runc and golang-github-docker-libnetwork fixes the following issues: Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork: - CVE-2018-16873: cmd/go: remote command execution during 'go get -u' (bsc#1118897) - CVE-2018-16874: cmd/go: directory traversal in 'go get' via curly braces in import paths (bsc#1118898) - CVE-2018-16875: crypto/x509: CPU denial of service (bsc#1118899) Non-security issues fixed for docker: - Disable leap based builds for kubic flavor (bsc#1121412) - Allow users to explicitly specify the NIS domainname of a container (bsc#1001161) - Update docker.service to match upstream and avoid rlimit problems (bsc#1112980) - Allow docker images larger then 23GB (bsc#1118990) - Docker version update to version 18.09.0-ce (bsc#1115464) ----------------------------------------- Patch: SUSE-2019-317 Released: Mon Feb 11 16:08:23 2019 Summary: Recommended update for sendmail Severity: moderate References: 1116675 Description: This update for sendmail addresses the following issues: - Fixes an issue with symlink creation on package installation. In order for the wrong symlink to be removed, the service needs to be disabled and re-enabled. (bsc#1116675) ----------------------------------------- Patch: SUSE-2019-362 Released: Wed Feb 13 13:31:56 2019 Summary: Security update for docker-runc Severity: important References: 1121967,CVE-2019-5736 Description: This update for docker-runc fixes the following issues: Security issue fixed: - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) ----------------------------------------- Patch: SUSE-2019-364 Released: Wed Feb 13 14:00:08 2019 Summary: Recommended update for ipset Severity: moderate References: 1122853 Description: This update for ipset fixes the following issues: - Fixed parsing service names for ports. Parsing is attempted both for numbers and service names and the temporary stored error message triggered to reset the state parameters about the set [bsc#1122853] ----------------------------------------- Patch: SUSE-2019-366 Released: Wed Feb 13 14:00:29 2019 Summary: Recommended update for wireless-regdb Severity: moderate References: 1121466 Description: This update for wireless-regdb provides the following fixes: - Changes in version 2018.10.24 (bsc#1121466): * Remove dependency to python attr. * Sync DE with ETSI EN 301 893 V2.1.1. * Sync FR with ETSI EN 301 893 V2.1.1. - Changes in version 2018.09.07: * Update source of info for CU and ES. * Update regulatory rules for Switzerland (CH), and Liechtenstein. * Update regulatory rules for Finland (FI) on 5GHz (SRD devices). * Update rules for Hungary (HU) on 2.4/5/60G, 5725-5875MHz. ----------------------------------------- Patch: SUSE-2019-369 Released: Wed Feb 13 14:01:42 2019 Summary: Recommended update for itstool Severity: moderate References: 1065270,1111019 Description: This update for itstool and python-libxml2-python fixes the following issues: Package: itstool - Updated version to support Python3. (bnc#1111019) Package: python-libxml2-python - Fix segfault when parsing invalid data. (bsc#1065270) ----------------------------------------- Patch: SUSE-2019-371 Released: Wed Feb 13 14:02:17 2019 Summary: Recommended update for ypbind Severity: moderate References: 1114640 Description: This update for ypbind fixes the following issues: - Fixes crash on reload. (bsc#1114640) - Enhanced yp.conf manual page ----------------------------------------- Patch: SUSE-2019-374 Released: Wed Feb 13 14:03:02 2019 Summary: Recommended update for xrdb Severity: moderate References: 1120004 Description: This update for xrdb fixes the following issues: - Now no warnings will be shown when parsing valid comments. (bsc#1120004) ----------------------------------------- Patch: SUSE-2019-418 Released: Sat Feb 16 11:33:57 2019 Summary: Security update for python-numpy Severity: important References: 1122208,CVE-2019-6446 Description: This update for python-numpy fixes the following issue: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208). With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set. NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution. ----------------------------------------- Patch: SUSE-2019-420 Released: Mon Feb 18 10:21:54 2019 Summary: Recommended update for texlive-specs-n Severity: moderate References: 1118796 Description: This update for texlive-specs-n provides the following fix: - Fix one more unescaped left brace with perl. (bsc#1118796) ----------------------------------------- Patch: SUSE-2019-426 Released: Mon Feb 18 17:46:55 2019 Summary: Security update for systemd Severity: important References: 1117025,1121563,1122000,1123333,1123727,1123892,1124153,1125352,CVE-2019-6454 Description: This update for systemd fixes the following issues: - CVE-2019-6454: Overlong DBUS messages could be used to crash systemd (bsc#1125352) - units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) - logind: fix bad error propagation - login: log session state 'closing' (as well as New/Removed) - logind: fix borked r check - login: don't remove all devices from PID1 when only one was removed - login: we only allow opening character devices - login: correct comment in session_device_free() - login: remember that fds received from PID1 need to be removed eventually - login: fix FDNAME in call to sd_pid_notify_with_fds() - logind: fd 0 is a valid fd - logind: rework sd_eviocrevoke() - logind: check file is device node before using .st_rdev - logind: use the new FDSTOREREMOVE=1 sd_notify() message (bsc#1124153) - core: add a new sd_notify() message for removing fds from the FD store again - logind: make sure we don't trip up on half-initialized session devices (bsc#1123727) - fd-util: accept that kcmp might fail with EPERM/EACCES - core: Fix use after free case in load_from_path() (bsc#1121563) - core: include Found state in device dumps - device: fix serialization and deserialization of DeviceFound - fix path in btrfs rule (#6844) - assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) - Update systemd-system.conf.xml (bsc#1122000) - units: inform user that the default target is started after exiting from rescue or emergency mode - core: free lines after reading them (bsc#1123892) - sd-bus: if we receive an invalid dbus message, ignore and proceeed - automount: don't pass non-blocking pipe to kernel. ----------------------------------------- Patch: SUSE-2019-443 Released: Tue Feb 19 18:53:19 2019 Summary: Recommended update for google-compute-engine Severity: moderate References: 1123671,1123672 Description: This update for google-compute-engine fixes the following issues: Google Compute Engine was updated to version 20190124 (bsc#1123671, bsc#1123672) * Fix metadata script retrieval to support Python 3. ----------------------------------------- Patch: SUSE-2019-464 Released: Fri Feb 22 09:43:52 2019 Summary: Recommended update for xkeyboard-config Severity: moderate References: 1123784 Description: This update for xkeyboard-config fixes the following issues: - Fixes missing mappings for evdev keys KEY_RFKILL and KEY_WWAN. (bsc#1123784) ----------------------------------------- Patch: SUSE-2019-487 Released: Mon Feb 25 17:42:01 2019 Summary: Recommended update for cloud-regionsrv-client Severity: moderate References: 1029162,1114985,1120980 Description: This update for cloud-regionsrv-client fixes the following issues: Updated to version 8.1.3 + Fix file permissions for generated credentials rw root only + Generate instance data as string as expected by zypper plugin handling + Write the proper credentials file when switching back to RIS service + Support registration against RMT + Implement URL resolver to facilitate instance verification for zypper access + Fixes related to bsc#1120980 also need server side support + IPv6 support + Fix handling of older cached SMT objects loaded from cached file ----------------------------------------- Patch: SUSE-2019-495 Released: Tue Feb 26 16:42:35 2019 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc Severity: important References: 1048046,1051429,1114832,1118897,1118898,1118899,1121967,1124308,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736 Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues: Security issues fixed: - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes: - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of 'cp -r' to reduce noise in the build logs. ----------------------------------------- Patch: SUSE-2019-500 Released: Tue Feb 26 19:11:26 2019 Summary: Recommended update for lifecycle-data-sle-module-live-patching Severity: moderate References: 1020320,1126443 Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: - Fixed package names in the data file. (bsc#1126443) - Added data for 4_12_14-25_28. (bsc#1020320) ----------------------------------------- Patch: SUSE-2019-505 Released: Wed Feb 27 08:43:56 2019 Summary: Security update for amavisd-new Severity: moderate References: 1123389,987887,CVE-2016-1238 Description: This update for amavisd-new fixes the following issues: wmavisd-new was updated to version 2.11.1 (bsc#1123389): * removed a trailing dot element from @INC, as a workaround for a perl vulnerability CVE-2016-1238 (bsc#987887) * amavis-services: bumping up syslog level from LOG_NOTICE to LOG_ERR for a message 'PID went away', and removed redundant newlines from some log messages * safe_decode() and safe_decode_utf8(): avoid warning messages 'Use of uninitialized value in subroutine entry' in Encode::MIME::Header when the $check argument is undefined * @sa_userconf_maps has been extended to allow loading of per-recipient (or per-policy bank, or global) SpamAssassin configuration set from LDAP. For consistency with SQL a @sa_userconf_maps entry prefixed with 'ldap:' will load SpamAssassin configuration set using the load_scoreonly_ldap() method; a patch by Atanas Karashenski * add some Sanesecurity.Foxhole false positives to the default list @virus_name_to_spam_score_maps * updated some comments Update amavis-milter to version 2.6.1: * Fixed bug when creating amavisd-new policy bank names ----------------------------------------- Patch: SUSE-2019-529 Released: Fri Mar 1 13:46:51 2019 Summary: Recommended update for cloud-netconfig Severity: moderate References: 1112822,1118783,1122013,1123008 Description: This update for cloud-netconfig provides the following fixes: - Run cloud-netconfig periodically. (bsc#1118783, bsc#1122013) - Do not treat eth0 special with regard to routing policies. (bsc#1123008) - Reduce the timeout on metadata read. (bsc#1112822) ----------------------------------------- Patch: SUSE-2019-533 Released: Fri Mar 1 13:47:40 2019 Summary: Recommended update for mirror Severity: low References: 1123661 Description: This update for mirror provides the following fix: - Remove a warning that dump() will no longer be available in Perl 5.30. (bsc#1123661) ----------------------------------------- Patch: SUSE-2019-550 Released: Tue Mar 5 14:46:46 2019 Summary: Recommended update for sapconf Severity: moderate References: 1111243,1122741 Description: This update for sapconf fixes the following issues: - Source /etc/sysconfig/sapconf entries correctly, even if the /etc filesystem is read-only. (bsc#1122741) - log skipping of existing /etc/systemd/logind.conf.d/sap.conf file during package installation. (bsc#1111243) ----------------------------------------- Patch: SUSE-2019-567 Released: Thu Mar 7 17:49:00 2019 Summary: Recommended update for arpwatch Severity: moderate References: 1119851 Description: This update for arpwatch provides the following fix: - Prevent a memory leak in gethname. (bsc#1119851) ----------------------------------------- Patch: SUSE-2019-571 Released: Thu Mar 7 18:13:46 2019 Summary: Security update for file Severity: moderate References: 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907 Description: This update for file fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974) - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) ----------------------------------------- Patch: SUSE-2019-574 Released: Fri Mar 8 15:22:51 2019 Summary: Security update for java-1_8_0-openjdk Severity: important References: 1122293,1122299,CVE-2018-11212,CVE-2019-2422 Description: This update for java-1_8_0-openjdk to version jdk8u201 (icedtea 3.11.0) fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). Complete list of changes: https://mail.openjdk.java.net/pipermail/distro-pkg-dev/2019-March/041223.html ----------------------------------------- Patch: SUSE-2019-585 Released: Tue Mar 12 12:59:09 2019 Summary: Security update for java-1_8_0-ibm Severity: important References: 1122292,1122293,1122299,1128158,CVE-2018-11212,CVE-2018-1890,CVE-2019-2422,CVE-2019-2449 Description: This update for java-1_8_0-ibm to version 8.0.5.30 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2018-1890: Fixed a local privilege escalation via RPATHs (bsc#1128158). - CVE-2019-2449: Fixed a vulnerabilit which could allow remote atackers to delete arbitrary files (bsc#1122292). More information: https://www-01.ibm.com/support/docview.wss?uid=ibm10873332 ----------------------------------------- Patch: SUSE-2019-600 Released: Tue Mar 12 18:40:17 2019 Summary: Security update for openssl-1_0_0 Severity: moderate References: 1117951,1127080,CVE-2019-1559 Description: This update for openssl-1_0_0 fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951) - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080). ----------------------------------------- Patch: SUSE-2019-605 Released: Wed Mar 13 12:40:48 2019 Summary: Recommended update for azure-li-services Severity: moderate References: 1127923,1127924 Description: This update for azure-li-services to version 1.1.27 provides the following: - Azure Large instances password reset and MAC based ifnames support (bsc#1127924) - Azure Very Large instances support for bonding (bsc#1127924) ----------------------------------------- Patch: SUSE-2019-608 Released: Wed Mar 13 15:21:02 2019 Summary: Recommended update for cups Severity: moderate References: 1118118 Description: This update for cups fixes the following issues: - Fixed validation of UTF-8 filenames to avoid crashes (bsc#1118118) ----------------------------------------- Patch: SUSE-2019-619 Released: Fri Mar 15 15:38:37 2019 Summary: Security update for wireshark Severity: moderate References: 1127367,1127369,1127370,CVE-2019-9208,CVE-2019-9209,CVE-2019-9214 Description: This update for wireshark to version 2.4.13 fixes the following issues: Security issues fixed: - CVE-2019-9214: Avoided a dereference of a null coversation which could make RPCAP dissector crash (bsc#1127367). - CVE-2019-9209: Fixed a buffer overflow in time values which could make ASN.1 BER and related dissectors crash (bsc#1127369). - CVE-2019-9208: Fixed a null pointer dereference which could make TCAP dissector crash (bsc#1127370). Release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.4.13.html ----------------------------------------- Patch: SUSE-2019-637 Released: Tue Mar 19 09:26:52 2019 Summary: Security update for libssh2_org Severity: moderate References: 1128471,1128472,1128474,1128476,1128480,1128481,1128490,1128492,1128493,CVE-2019-3855,CVE-2019-3856,CVE-2019-3857,CVE-2019-3858,CVE-2019-3859,CVE-2019-3860,CVE-2019-3861,CVE-2019-3862,CVE-2019-3863 Description: This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenicate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). ----------------------------------------- Patch: SUSE-2019-654 Released: Wed Mar 20 10:29:13 2019 Summary: Security update for openwsman Severity: important References: 1092206,1122623,CVE-2019-3816,CVE-2019-3833 Description: This update for openwsman fixes the following issues: Security issues fixed: - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). - CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Other issues addressed: - Added OpenSSL 1.1 compatibility - Compilation in debug mode fixed - Directory listing without authentication fixed (bsc#1092206). ----------------------------------------- Patch: SUSE-2019-665 Released: Wed Mar 20 14:54:29 2019 Summary: Recommended update for xf86-input-wacom Severity: low References: 1120405 Description: This update for xf86-input-wacom provides the following fix: - Re-added support for serial input devices. (bsc#1120405) ----------------------------------------- Patch: SUSE-2019-707 Released: Fri Mar 22 13:32:07 2019 Summary: Security update for unzip Severity: moderate References: 1110194,CVE-2018-18384 Description: This update for unzip fixes the following issues: - CVE-2018-18384: Fixed a buffer overflow when listing archives (bsc#1110194) ----------------------------------------- Patch: SUSE-2019-711 Released: Fri Mar 22 15:51:07 2019 Summary: Security update for libjpeg-turbo Severity: moderate References: 1096209,1098155,1128712,CVE-2018-1152,CVE-2018-11813,CVE-2018-14498 Description: This update for libjpeg-turbo fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712). - CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop (bsc#1096209) - CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image (bsc#1098155) ----------------------------------------- Patch: SUSE-2019-718 Released: Fri Mar 22 16:50:25 2019 Summary: Security update for ghostscript Severity: important References: 1129186,CVE-2019-3838 Description: This update for ghostscript fixes the following issue: Security issue fixed: - CVE-2019-3838: Fixed a vulnerability which made forceput operator in DefineResource to be still accessible which could allow access to file system outside of the constraints of -dSAFER (bsc#1129186). ----------------------------------------- Patch: SUSE-2019-720 Released: Fri Mar 22 16:53:55 2019 Summary: Security update for libgxps Severity: moderate References: 1092125,CVE-2018-10733 Description: This update for libgxps fixes the following issues: - CVE-2018-10733: Fixed a heap-based buffer over-read issue in ft_font_face_hash (bsc#1092125). ----------------------------------------- Patch: SUSE-2019-732 Released: Mon Mar 25 14:10:04 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1088524,1118364,1128246 Description: This update for aaa_base fixes the following issues: - Restore old position of ssh/sudo source of profile (bsc#1118364). - Update logic for JRE_HOME env variable (bsc#1128246) ----------------------------------------- Patch: SUSE-2019-748 Released: Tue Mar 26 14:35:56 2019 Summary: Security update for libmspack Severity: moderate References: 1113038,1113039,CVE-2018-18584,CVE-2018-18585 Description: This update for libmspack fixes the following issues: Security issues fixed: - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (bsc#1113038) - CVE-2018-18585: chmd_read_headers accepted a filename that has '\0' as its first or second character (such as the '/\0' name). (bsc#1113039) - Fix off-by-one bounds check on CHM PMGI/PMGL chunk numbers and reject empty filenames. ----------------------------------------- Patch: SUSE-2019-772 Released: Wed Mar 27 10:37:12 2019 Summary: Security update for wavpack Severity: moderate References: 1120929,1120930,CVE-2018-19840,CVE-2018-19841 Description: This update for wavpack fixes the following issues: Security issues fixed: - CVE-2018-19840: Fixed a denial-of-service in the WavpackPackInit function from pack_utils.c (bsc#1120930) - CVE-2018-19841: Fixed a denial-of-service in the WavpackVerifySingleBlock function from open_utils.c (bsc#1120929) ----------------------------------------- Patch: SUSE-2019-777 Released: Wed Mar 27 12:23:34 2019 Summary: Security update for ntp Severity: moderate References: 1128525,CVE-2019-8936 Description: This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other issues addressed: - Fixed several bugs in the BANCOMM reclock driver. - Fixed ntp_loopfilter.c snprintf compilation warnings. - Fixed spurious initgroups() error message. - Fixed STA_NANO struct timex units. - Fixed GPS week rollover in libparse. - Fixed incorrect poll interval in packet. - Added a missing check for ENABLE_CMAC. ----------------------------------------- Patch: SUSE-2019-780 Released: Wed Mar 27 13:08:53 2019 Summary: Recommended update for LibVNCServer Severity: moderate References: 1123805 Description: This update for LibVNCServer fixes the following issues: - remmina can not connect to vnc server (bsc#1123805) ----------------------------------------- Patch: SUSE-2019-781 Released: Wed Mar 27 13:09:01 2019 Summary: Recommended update for yum Severity: low References: 1111112 Description: This update for yum fixes the following issues: - No relevent changes for SLE (bsc#1111112) ----------------------------------------- Patch: SUSE-2019-786 Released: Thu Mar 28 11:21:38 2019 Summary: Security update for tiff Severity: moderate References: 1108606,1115717,1121626,1125113,CVE-2018-17000,CVE-2018-19210,CVE-2019-6128,CVE-2019-7663 Description: This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-19210: Fixed a NULL pointer dereference in TIFFWriteDirectorySec function (bsc#1115717). - CVE-2018-17000: Fixed a NULL pointer dereference in the _TIFFmemcmp function (bsc#1108606). - CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626). - CVE-2019-7663: Fixed an invalid address dereference in the TIFFWriteDirectoryTagTransfer function in libtiff/tif_dirwrite.c (bsc#1125113) ----------------------------------------- Patch: SUSE-2019-788 Released: Thu Mar 28 11:55:06 2019 Summary: Security update for sqlite3 Severity: moderate References: 1119687,CVE-2018-20346 Description: This update for sqlite3 to version 3.27.2 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Release notes: https://www.sqlite.org/releaselog/3_27_2.html ----------------------------------------- Patch: SUSE-2019-790 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Severity: moderate References: 1130557 Description: This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------- Patch: SUSE-2019-791 Released: Thu Mar 28 12:06:50 2019 Summary: Security update for libnettle Severity: moderate References: 1129598 Description: This update for libnettle to version 3.4.1 fixes the following issues: Issues addressed and new features: - Updated to 3.4.1 (fate#327114 and bsc#1129598) - Fixed a missing break statements in the parsing of PEM input files in pkcs1-conv. - Fixed a link error on the pss-mgf1-test which was affecting builds without public key support. - All functions using RSA private keys are now side-channel silent. This applies both to the bignum calculations, which now use GMP's mpn_sec_* family of functions, and the processing of PKCS#1 padding needed for RSA decryption. - Changes in behavior: The functions rsa_decrypt and rsa_decrypt_tr may now clobber all of the provided message buffer, independent of the actual message length. They are side-channel silent, in that branches and memory accesses don't depend on the validity or length of the message. Side-channel leakage from the caller's use of length and return value may still provide an oracle useable for a Bleichenbacher-style chosen ciphertext attack. Which is why the new function rsa_sec_decrypt is recommended. ----------------------------------------- Patch: SUSE-2019-806 Released: Fri Mar 29 13:16:51 2019 Summary: Security update for sysstat Severity: low References: 1117001,1117260,CVE-2018-19416,CVE-2018-19517 Description: This update for sysstat fixes the following issues: Security issues fixed: - CVE-2018-19416: Fixed out-of-bounds read during a memmove call inside the remap_struct function (bsc#1117001). - CVE-2018-19517: Fixed out-of-bounds read during a memset call inside the remap_struct function (bsc#1117260). ----------------------------------------- Patch: SUSE-2019-855 Released: Wed Apr 3 11:49:58 2019 Summary: Security update for netpbm Severity: moderate References: 1086777,CVE-2018-8975 Description: This update for netpbm fixes the following issues: - CVE-2018-8975: The pm_mallocarray2 function allowed remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file (bsc#1086777). ----------------------------------------- Patch: SUSE-2019-861 Released: Wed Apr 3 16:09:41 2019 Summary: Security update for clamav Severity: important References: 1130721,CVE-2019-1787,CVE-2019-1788,CVE-2019-1789 Description: This update for clamav to version 0.100.3 fixes the following issues: Security issues fixed (bsc#1130721): - CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. - CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). - CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. ----------------------------------------- Patch: SUSE-2019-869 Released: Thu Apr 4 11:46:13 2019 Summary: Recommended update for mariadb-connector-c Severity: moderate References: 1126088 Description: This update for mariadb-connector-c fixes the following issues: - Bugfix: libmariadb.pc installed in seemingly wrong location (bsc#1126088) ----------------------------------------- Patch: SUSE-2019-887 Released: Fri Apr 5 07:55:32 2019 Summary: Recommended update for zypper-docker Severity: moderate References: 1018823,1022052,1097442,1098017 Description: This update for zypper-docker to version 2.0.0 contains the following changes: Features: * Allow inspection of stopped containers Using zypper-docker luc,lpc or pchkc on a stopped container is now possible. * Analyze container instead of base image by default Note: This is a backwards incompatible change. If the base image of a container needs to be analyzed, which was the former default a new --base flag can be used. e.g. zypper-docker pchkc --base Minor Improvements / Fixes: * Add short forms of commands to help section (bsc#1022052) * Fix bug that caused images not to be removed properly in some cases * Fix bug that caused lpc command to log to stdout * Fix bug that caused force flag not to work with zypper-docker images * Fix zypper-docker ps command * Fix bug with zypper-docker up/patch --no-recommends * Fix update behavior when getting a zypper update Other: * Update and use zypper exit codes (bsc#1018823) * Support recent version of the docker API ----------------------------------------- Patch: SUSE-2019-895 Released: Mon Apr 8 10:58:32 2019 Summary: Recommended update for speech-dispatcher Severity: moderate References: 1129586 Description: This update for speech-dispatcher fixes the following issues: - set includedir to fix the entries in the pkg-config file (bsc#1129586) ----------------------------------------- Patch: SUSE-2019-904 Released: Mon Apr 8 15:42:21 2019 Summary: Security update for gnuplot Severity: moderate References: 1117463,1117464,1117465,CVE-2018-19490,CVE-2018-19491,CVE-2018-19492 Description: This update for gnuplot fixes the following issues: Security issues fixed: - CVE-2018-19492: Fixed a buffer overflow in cairotrm_options function (bsc#1117463) - CVE-2018-19491: Fixed a buffer overlow in the PS_options function (bsc#1117464) - CVE-2018-19490: Fixed a heap-based buffer overflow in the df_generate_ascii_array_entry function (bsc#1117465) ----------------------------------------- Patch: SUSE-2019-905 Released: Mon Apr 8 16:48:02 2019 Summary: Recommended update for gcc Severity: moderate References: 1096008 Description: This update for gcc fixes the following issues: - Fix gcc-PIE spec to properly honor -no-pie at link time. (bsc#1096008) ----------------------------------------- Patch: SUSE-2019-909 Released: Tue Apr 9 08:04:44 2019 Summary: Recommended update for chrony Severity: moderate References: 1129914 Description: This update for chrony fixes the following issues: - Fix ordering and dependencies of chronyd.service, so that it is started after name resolution is up (bsc#1129914). ----------------------------------------- Patch: SUSE-2019-917 Released: Tue Apr 9 13:08:12 2019 Summary: Security update for SDL Severity: moderate References: 1124799,1124800,1124802,1124803,1124805,1124806,1124824,1124825,1124826,1124827,1125099,CVE-2019-7572,CVE-2019-7573,CVE-2019-7574,CVE-2019-7575,CVE-2019-7576,CVE-2019-7577,CVE-2019-7578,CVE-2019-7635,CVE-2019-7636,CVE-2019-7637,CVE-2019-7638 Description: This update for SDL fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). ----------------------------------------- Patch: SUSE-2019-919 Released: Tue Apr 9 15:47:42 2019 Summary: Security update for blktrace Severity: low References: 1091942,CVE-2018-10689 Description: This update for blktrace fixes the following issues: - CVE-2018-10689: Prevent buffer overflow in the dev_map_read function because the device and devno arrays were too small (bsc#1091942) ----------------------------------------- Patch: SUSE-2019-920 Released: Tue Apr 9 16:52:38 2019 Summary: Security update for flac Severity: low References: 1091045,CVE-2017-6888 Description: This update for flac fixes the following issues: - CVE-2017-6888: An error in the 'read_metadata_vorbiscomment_()' function could be exploited to cause a memory leak via a specially crafted FLAC file (bsc#1091045). ----------------------------------------- Patch: SUSE-2019-925 Released: Wed Apr 10 16:32:50 2019 Summary: Security update for wget Severity: important References: 1131493,CVE-2019-5953 Description: This update for wget fixes the following issues: Security issue fixed: - CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution (bsc#1131493). ----------------------------------------- Patch: SUSE-2019-926 Released: Wed Apr 10 16:33:12 2019 Summary: Security update for tar Severity: moderate References: 1120610,1130496,CVE-2018-20482,CVE-2019-9923 Description: This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). ----------------------------------------- Patch: SUSE-2019-940 Released: Fri Apr 12 13:20:03 2019 Summary: Security update for audiofile Severity: low References: 1100523,CVE-2018-13440 Description: This update for audiofile fixes the following issues: Security issue fixed: - CVE-2018-13440: Return AF_FAIL instead of causing NULL pointer dereferences later (bsc#1100523). ----------------------------------------- Patch: SUSE-2019-947 Released: Fri Apr 12 21:49:31 2019 Summary: Recommended update for cluster-glue Severity: moderate References: 1098758 Description: This update for cluster-glue provides the following fix: - stonith:ibmhmc: Add 'managedsyspat' and 'password' as supported parameters. (bsc#1098758) ----------------------------------------- Patch: SUSE-2019-954 Released: Tue Apr 16 13:05:59 2019 Summary: Security update for openexr Severity: low References: 1113455,CVE-2018-18444 Description: This update for openexr fixes the following issues: Security issue fixed: - CVE-2018-18444: Fixed Out-of-bounds write in makeMultiView.cpp (bsc#1113455). ----------------------------------------- Patch: SUSE-2019-966 Released: Wed Apr 17 12:20:13 2019 Summary: Recommended update for python-rpm-macros Severity: moderate References: 1128323 Description: This update for python-rpm-macros fixes the following issues: The Python RPM macros were updated to version 20190408.32abece, fixing bugs (bsc#1128323) * Add missing $ expansion on the pytest call * Rewrite pytest and pytest_arch into Lua macros with multiple arguments. * We should preserve existing PYTHONPATH. * Add --ignore to pytest calls to ignore build directories. * Actually make pytest into function to capture arguments as well * Add pytest definitions. * Use upstream-recommended %{_rpmconfigdir}/macros.d directory for the rpm macros. * Fix an issue with epoch printing having too many \ * add epoch while printing 'Provides:' ----------------------------------------- Patch: SUSE-2019-971 Released: Wed Apr 17 14:43:26 2019 Summary: Security update for python3 Severity: important References: 1129346,CVE-2019-9636 Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). ----------------------------------------- Patch: SUSE-2019-972 Released: Wed Apr 17 14:44:05 2019 Summary: Security update for python Severity: important References: 1129346,1130847,CVE-2019-9636,CVE-2019-9948 Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). ----------------------------------------- Patch: SUSE-2019-1001 Released: Wed Apr 24 09:41:15 2019 Summary: Security update for ntfs-3g_ntfsprogs Severity: moderate References: 1130165,CVE-2019-9755 Description: This update for ntfs-3g_ntfsprogs fixes the following issues: Security issues fixed: - CVE-2019-9755: Fixed a heap-based buffer overflow which could lead to local privilege escalation (bsc#1130165). ----------------------------------------- Patch: SUSE-2019-1002 Released: Wed Apr 24 10:13:34 2019 Summary: Recommended update for zlib Severity: moderate References: 1110304,1129576 Description: This update for zlib fixes the following issues: - Fixes a segmentation fault error (bsc#1110304, bsc#1129576) ----------------------------------------- Patch: SUSE-2019-1018 Released: Wed Apr 24 13:02:28 2019 Summary: Security update for jasper Severity: moderate References: 1010783,1117505,1117511,CVE-2016-9396,CVE-2018-19539,CVE-2018-19542 Description: This update for jasper fixes the following issues: Security issues fixed: - CVE-2018-19542: Fixed a denial of service in jp2_decode (bsc#1117505). - CVE-2018-19539: Fixed a denial of service in jas_image_readcmpt (bsc#1117511). - CVE-2016-9396: Fixed a denial of service in jpc_cox_getcompparms (bsc#1010783). ----------------------------------------- Patch: SUSE-2019-1022 Released: Wed Apr 24 13:46:51 2019 Summary: Recommended update for hwdata Severity: moderate References: 1121410 Description: This update for hwdata fixes the following issues: Update to version 0.320 (bsc#1121410): - Updated the pci, usb and vendor ids vendor and product databases. ----------------------------------------- Patch: SUSE-2019-1034 Released: Thu Apr 25 13:39:50 2019 Summary: Recommended update for docker-runc Severity: important References: 1131314,1131553 Description: This update for docker-runc fixes the following issues: - Backport various upstream patches to fix some kernel regression related to O_TMPFILE. bsc#1131314 bsc#1131553 ----------------------------------------- Patch: SUSE-2019-1036 Released: Thu Apr 25 14:53:44 2019 Summary: Security update for wireshark Severity: moderate References: 1131945,CVE-2019-10894,CVE-2019-10895,CVE-2019-10896,CVE-2019-10899,CVE-2019-10901,CVE-2019-10903 Description: This update for wireshark to version 2.4.14 fixes the following issues: Security issues fixed: - CVE-2019-10895: NetScaler file parser crash. - CVE-2019-10899: SRVLOC dissector crash. - CVE-2019-10894: GSS-API dissector crash. - CVE-2019-10896: DOF dissector crash. - CVE-2019-10901: LDSS dissector crash. - CVE-2019-10903: DCERPC SPOOLSS dissector crash. Non-security issue fixed: - Update to version 2.4.14 (bsc#1131945). ----------------------------------------- Patch: SUSE-2019-1040 Released: Thu Apr 25 17:09:21 2019 Summary: Security update for samba Severity: important References: 1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880 Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686): - Out of bound read in ldb_wildcard_compare - Hold at most 10 outstanding paged result cookies - Put 'results_store' into a doubly linked list - Refuse to build Samba against a newer minor version of ldb Non-security issues fixed: - Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377). - Abide to the load_printers parameter in smb.conf (bsc#1124223). - Provide the 32bit samba winbind PAM module and its dependend 32bit libraries. ----------------------------------------- Patch: SUSE-2019-1052 Released: Fri Apr 26 14:33:42 2019 Summary: Security update for java-11-openjdk Severity: moderate References: 1132728,1132732,CVE-2019-2602,CVE-2019-2684 Description: This update for java-11-openjdk to version 11.0.3+7 fixes the following issues: Security issues fixed: - CVE-2019-2602: Fixed excessive use of CPU time in the BigDecimal implementation (bsc#1132728). - CVE-2019-2684: Fixed a flaw in the RMI registry implementation which could lead to selection of an incorrect skeleton class (bsc#1132732). Non-security issues fixed: - Multiple bug fixes and improvements. ----------------------------------------- Patch: SUSE-2019-1059 Released: Sat Apr 27 09:44:01 2019 Summary: Security update for libssh2_org Severity: important References: 1130103,1133528,CVE-2019-3859 Description: This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] ----------------------------------------- Patch: SUSE-2019-1090 Released: Mon Apr 29 14:32:33 2019 Summary: Security update for rubygem-actionpack-5_1 Severity: moderate References: 1129271,1129272,CVE-2019-5418,CVE-2019-5419 Description: This update for rubygem-actionpack-5_1 fixes the following issues: Security issues fixed: - CVE-2019-5418: Fixed a file content disclosure vulnerability in Action View which could be exploited via specially crafted accept headers in combination with calls to render file (bsc#1129272). - CVE-2019-5419: Fixed a resource exhaustion issue in Action View which could make the server unable to process requests (bsc#1129271). ----------------------------------------- Patch: SUSE-2019-1105 Released: Tue Apr 30 12:10:58 2019 Summary: Recommended update for gcc7 Severity: moderate References: 1084842,1114592,1124644,1128794,1129389,1131264,SLE-6738 Description: This update for gcc7 fixes the following issues: Update to gcc-7-branch head (r270528). - Disables switch jump-tables when retpolines are used. This restores some lost performance for kernel builds with retpolines. (bsc#1131264, jsc#SLE-6738) - Fix ICE compiling tensorflow on aarch64. (bsc#1129389) - Fix for aarch64 FMA steering pass use-after-free. (bsc#1128794) - Fix for s390x FP load-and-test issue. (bsc#1124644) - Improve build reproducability by disabling address-space randomization during build. - Adjust gnat manual entries in the info directory. (bsc#1114592) - Includes fix to no longer try linking -lieee with -mieee-fp. (bsc#1084842) ----------------------------------------- Patch: SUSE-2019-1113 Released: Tue Apr 30 14:08:42 2019 Summary: Recommended update for python-pycurl Severity: moderate References: 1128355 Description: This update for python-pycurl fixes the following issues: - bsc#1128355: update to the Factory package to get multibuild and better working tests. - Update to 7.43.0.2: * Added perform_rb and perform_rs methods to Curl objects to return response body as byte string and string, respectively. * Added OPT_COOKIELIST constant for consistency with other option constants. * PycURL is now able to report errors triggered by libcurl via CURLOPT_FAILONERROR mechanism when the error messages are not decodable in Python's default encoding (GitHub issue #259). * Added getinfo_raw method to Curl objects to return byte strings as is from libcurl without attempting to decode them (GitHub issue #493). * When adding a Curl easy object to CurlMulti via add_handle, the easy objects now have their reference counts increased so that the application is no longer required to keep references to them to keep them from being garbage collected (GitHub issue #171). * PycURL easy, multi and share objects can now be weak referenced. * set_ca_certs now accepts byte strings as it should have been all along. * Use OpenSSL 1.1 and 1.0 specific APIs for controlling thread locks depending on OpenSSL version (patch by Vitaly Murashev). * Fixed a crash when closesocket callback failed (patch by Gisle Vanem and toddrme2178). * Added CURLOPT_PROXY_SSLCERT, CURLOPT_PROXY_SSLCERTTYPE, CURLOPT_PROXY_SSLKEY, CURLOPT_PROXY_SSLKEYTYPE, CURLOPT_PROXY_SSL_VERIFYPEER (libcurl 7.52.0+, patch by Casey Miller). * Added CURLOPT_PRE_PROXY (libcurl 7.52.0+, patch by ziggy). * Added SOCKET_BAD constant and it is now recognized as a valid return value from OPENSOCKET callback. ----------------------------------------- Patch: SUSE-2019-1127 Released: Thu May 2 09:39:24 2019 Summary: Security update for sqlite3 Severity: moderate References: 1130325,1130326,CVE-2019-9936,CVE-2019-9937 Description: This update for sqlite3 to version 3.28.0 fixes the following issues: Security issues fixed: - CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326). - CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325). ----------------------------------------- Patch: SUSE-2019-1130 Released: Thu May 2 13:07:59 2019 Summary: Recommended update for azure-li-services Severity: moderate References: 1125372,1125373 Description: This update for azure-li-services fixes the following issues: - Create /etc/sysconfig/sbd configuration Write /etc/sysconfig/sbd which contains the disk device name used to initialize the SBD device - Add support for iSCSI SBD device setup In a new an optional stonith section the configuration for the iSCSI initiator and ip address can be setup. Once present the process to setup the iSCSI initiator as well as the device discovery is started. (bsc#1125373 and bsc#1125372) ----------------------------------------- Patch: SUSE-2019-1134 Released: Thu May 2 17:57:27 2019 Summary: Recommended update for quota Severity: moderate References: 1131513,SLE-5734 Description: This update for quota fixes the following issues: Quota was updated to 4.05 release jsc#SLE-5734 bsc#1131513: * This release includes mostly various smaller cleanups and fixes in various areas. * Most visible changes are addition of f2fs and exfs among recognized filesystems. * Remove quot binary functionality could be achieved by using repquota instead ----------------------------------------- Patch: SUSE-2019-1145 Released: Fri May 3 16:03:10 2019 Summary: Recommended update for aws-efs-utils Severity: moderate References: 1101451,1124652,1125133 Description: This update for aws-efs-utils fixes the following issues: This ships aws-efs-utils 1.7 to the SUSE Linux Enterprise Module for Public Cloud (bsc#1101451, fate#327220, bsc#1124652, fate#327221) This package provides utilities for using the EFS file systems. ----------------------------------------- Patch: SUSE-2019-1152 Released: Fri May 3 18:06:09 2019 Summary: Recommended update for java-11-openjdk Severity: moderate References: 1131378 Description: This update for java-11-openjdk fixes the following issues: - Require update-ca-certificates by the headless subpackage (bsc#1131378) - Removed a font rendering patch with broke related to other font changes. ----------------------------------------- Patch: SUSE-2019-1156 Released: Mon May 6 13:46:07 2019 Summary: Security update for python-Jinja2 Severity: important References: 1125815,1132174,1132323,CVE-2016-10745,CVE-2019-10906,CVE-2019-8341 Description: This update for python-Jinja2 to version 2.10.1 fixes the following issues: Security issues fixed: - CVE-2019-8341: Fixed a command injection in from_string() (bsc#1125815). - CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format (bsc#1132323). ----------------------------------------- Patch: SUSE-2019-1160 Released: Mon May 6 14:24:31 2019 Summary: Recommended update for sg3_utils Severity: moderate References: 1005063,1069384,1131482,1133418,840054 Description: This update for sg3_utils fixes the following issues: - Update to version 1.44~763+19.1ed0757: * rescan-scsi-bus.sh: use LUN wildcard in idlist (bsc#1069384) * 40-usb-blacklist.rules: use ID_SCSI_INQUIRY (bsc#840054, bsc#1131482) * Changed versioning scheme (svn r763, pre-release of upstream 1.44, plus 16 SUSE patches, SUSE git commit b2fedfa) * 59-fc-wwpn-id.rules: fix rule syntax (bsc#1133418) - Spec file: add fc_wwpn_id to generate by-path links for fibrechannel (bsc#1005063) ----------------------------------------- Patch: SUSE-2019-1176 Released: Tue May 7 16:19:23 2019 Summary: Recommended update for rpmlint Severity: moderate References: 1132530 Description: This update for rpmlint fixes the following issues: - fix rpmlint-tests build by reverting changes to reference output that do not apply on SLE15 (bsc#1132530) ----------------------------------------- Patch: SUSE-2019-1199 Released: Fri May 10 07:44:05 2019 Summary: Recommended update for nvmetcli Severity: moderate References: 1130981 Description: This update for nvmetcli fixes the following issues: - Add ANA support to nvmetcli (bsc#1130981) ----------------------------------------- Patch: SUSE-2019-1206 Released: Fri May 10 14:01:55 2019 Summary: Security update for bzip2 Severity: low References: 985657,CVE-2016-3189 Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). ----------------------------------------- Patch: SUSE-2019-1211 Released: Fri May 10 14:09:09 2019 Summary: Security update for java-1_8_0-openjdk Severity: important References: 1132728,1132729,1132732,1133135,CVE-2018-3639,CVE-2019-2602,CVE-2019-2684,CVE-2019-2698 Description: This update for java-1_8_0-openjdk to version 8u212 fixes the following issues: Security issues fixed: - CVE-2019-2602: Better String parsing (bsc#1132728). - CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). - CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). - CVE-2018-3639: fix revision to prefer PR_SPEC_DISABLE_NOEXEC to PR_SPEC_DISABLE Non-Security issue fixed: - Disable LTO (bsc#1133135). - Added Japanese new era name. ----------------------------------------- Patch: SUSE-2019-1220 Released: Mon May 13 13:27:57 2019 Summary: Security update for cf-cli Severity: moderate References: 1132242,CVE-2019-3781 Description: This update for cf-cli fixes the following issues: cf-cli was updated: to version 6.43.0 (bsc#1132242) Enhancements : - `cf curl` supports a new `--fail` flag (primarily for scripting purposes) which returns exit code `22` for server errors [story](https://www.pivotaltracker.com/story/show/130060949) - Improves `cf delete-orphaned-routes` such that it uses a different endpoint, reducing the chance of a race condition when two users are simultaneously deleting orphaned routes and associating routes with applications [story](https://www.pivotaltracker.com/story/show/163156064) - we've improved the speed of cf services - it now hits a single endpoint instead of making individual API calls Security: - CVE-2019-3781: CF CLI does not sanitize user’s password in verbose/trace/debug. - Fixes issue with running cf login in verbose mode whereby passwords which contains regex were not completely redacted - Fixes issue whilst running commands in verbose mode refresh tokens were not completely redacted Other Bug Fixes: - Updates help text for cf curlstory - Now refresh tokens work properly whilst using cf curl with V3 CC API endpoints story - Fixes performance degradation for cf services story - cf delete-service requires that you are targeting a space story - cf enable-service access for a service in an org will succeed if you have already enabled access for that service in that org story cf-cli was updated to version 6.42.0: Minor Enhancements: - updated `cf restage` help text and the first line in the command's output to indicate that using this command will cause app downtime [story](https://www.pivotaltracker.com/story/show/151841382) - updated the `cf bind-route-service` help text to clarify usage instructions [story](https://www.pivotaltracker.com/story/show/150111078) - improved an error message for `cf create-service-boker` to be more helpful when the CC API returns a `502` due to an invalid service broker catalog - upgraded to Golang 1.11.4 [story](https://www.pivotaltracker.com/story/show/162745359) - added a short name `ue` for `cf unset-env` [story](https://www.pivotaltracker.com/story/show/161632713) - updated `cf marketplace` command to include a new `broker` column to prepare for a upcoming services-related feature which will allow services to have the same name as long as they are associated with different service brokers [story](https://www.pivotaltracker.com/story/show/162699756) Bugs: - fix for `cf enable-service-access -p plan` whereby when we refactored the code in CLI `v6.41.0` it created service plan visibilities as part of a subsequent run of the command (the unrefactored code skipped creating the service plan visibilities); now the command will skip creating service plan visibilities as it did prior to the refactor [story](https://www.pivotaltracker.com/story/show/162747373) - updated the `cf rename-buildpack` help text which was missing reference to the `-s` stack flag [story](https://www.pivotaltracker.com/story/show/162428661) - updated help text for when users use `brew search cloudfoundry-cli` [story](https://www.pivotaltracker.com/story/show/161770940) - now when you run `cf service service-instance` for a route service, the route service url appears in the key value table [story](https://www.pivotaltracker.com/story/show/162498211) Update to version 6.41.0: Enhancements: - updated `cf --help` to include the `delete` command [story](https://www.pivotaltracker.com/story/show/161556511) Update to version 6.40.1: Bug Fixes: - Updates the minimum version for the buildpacks-stacks association feature. In [CLI v6.39.0](https://github.com/cloudfoundry/cli/releases/tag/v6.39.0), when the feature was released, we incorrectly set the minimum to cc api version as`2.114`. The minimum cc api version is now correctly set to [`2.112`](https://github.com/cloudfoundry/capi-release/releases/tag/1.58.0). [story](https://www.pivotaltracker.com/story/show/161464797) - Fixes a bug with inspecting a service instance `cf service service-instance`, now the `documentation` url displays correctly for services which populate that field [story](https://www.pivotaltracker.com/story/show/161251875) Update to version 6.40.0: Bug Fixes: - Fix bug where trailing slash on cf api would break listing commands for older CC APIs story. For older versions of CC API, if the API URL had a trailing slash, some requests would fail with an 'Unknown request' error. These requests are now handled properly. Update to version 6.39.0: Enhancements: - for users on cc api 3.27, cf start is enhanced to display the new cf app v3 output. For users on cc api 3.27 or lower, users will see the same v2 output. Note that if you use v3 commands to create and start your app, if you subsequently use cf stop and cf start, the routes property in cf app will not populate even though the route exists story - for users on cc api 3.27, cf restart is enhanced to display the new cf app v3 output. For users on cc api 3.27 or lower, users will see the same v2 output. story - for users on cc api 3.27, cf restage is enhanced to display the new cf app v3 output. For users on cc api 3.27 or lower, users will see the same v2 output. story - improved help text for -d domains for cf push to include examples of usage story - cf v3-scale displays additional app information story - if you've created an internal domain, and it is the first domain in cc, the CLI will now ignore the internal domain and instead choose the next non-internal domain when you push an app story Bug Fixes: - Fix for users on macOS attempting to brew install cf-cli the CF CLI using the unreleased master branch of Homebrew story - Fixes an issue whereby, due to a recent cc api change, when you execute cf push and watch the cf app command, the app display returned a 400 error story - Fixes a bug whereby if you logged in using client credentials, cf auth user pass --client credentials you were unable to create an org; now create-org will assign the role to the user id specified in your manifest story - fixes an issue introduced when we refactored cf start and as part of that work, we stopped blocking on the initial connection with the logging backend; now the CLI blocks until the NOAA connection is made, or the default dial timeout of five seconds is reached story update to version 6.38.0: Enhancements: - v3-ssh process type now defaults to web story - Support added for setting tags for user provided service instances story - Now a warning appears if you attempt to use deprecated properties and variable substitution story - Updated usage so now you can rename the cf binary use it with every command story - cf events now displays the Diego cell_id and instance guid in crash events story - Includes cf service service-instance table display improvements wherein the service instance information is now grouped separately from the binding information story - cf service service-instance table display information for user provided services changed: status has been added to the table story Bug Fixes: - the CLI now properly handles escaped commas in the X-Cf-Warnings header Update to version 6.37.0: Enhancements - The api/cloudcontroller/ccv2 package has been updated with more functions #1343 - Now a warning appears if you are using a API version older than 2.69.0, which is no longer officially supported - Now the CLI reads the username and password from the environment variables #1358 Bug Fixes: - Fixes bug whereby X-Cf-Warnings were not being unescaped when displayed to user #1361 - When using CF_TRACE=1, passwords are now sanitized #1375 and tracker Update to version 6.36.0: Bug Fixes: - int64 support for cf/flags library, #1333 - Debian package, #1336 - Web action flag not working on CLI 0.6.5, #1337 - When a cf push upload fails/Consul is down, a panic occurs, #1340 and #1351 update to version 6.35.2: Bug Fixes: - Providing a clearer services authorization warning message when a service has been disabled for the organization, fixing #1344 ----------------------------------------- Patch: SUSE-2019-1221 Released: Mon May 13 13:28:42 2019 Summary: Security update for libxslt Severity: moderate References: 1132160,CVE-2019-11068 Description: This update for libxslt fixes the following issues: Security issue fixed: - CVE-2019-11068: Fixed a protection mechanism bypass where callers of xsltCheckRead() and xsltCheckWrite() would permit access upon receiving an error (bsc#1132160). ----------------------------------------- Patch: SUSE-2019-1229 Released: Tue May 14 11:05:55 2019 Summary: Recommended update for sensors Severity: moderate References: 1108468,1116021 Description: This update for sensors fixes the following issues: sensors was updated to version 3.5.0: The following changes were done: + soname was bumped due to commit dcf2367 which introduced an ABI change. (This was reverted for the SUSE packages, as it was not necessary) + Fixed disappearance of certain hwmon chips with 4.19+ kernels (bsc#1116021). + Add the find-driver script for debugging. + Various documentation and man page improvements. + Fix various issues found by Coverity Scan. + Updated links in documentation to reflect the new home of lm_sensors. + sensors.1: Add reference to sensors-detect and document -j option (json output). + sensors: Add support for json output, add support for power min, lcrit, min_alarm, lcrit_alarm. + sensors-detect changes: * Fix systemd paths. * Add detection of Fintek F81768. * Only probe I/O ports on x86. * Add detection of Nuvoton NCT6793D. * Add detection of Microchip MCP9808. * Mark F71868A as supported by the f71882fg driver. * Mark F81768D as supported by the f71882fg driver. * Mark F81866D as supported by the f71882fg driver. * Add detection of various ITE chips. * Add detection of Nuvoton NCT6795D. * Add detection of DDR4 SPD. * Add detection of ITE IT8987D. * Add detection of AMD Family 17h temperature sensors. * Add detection of AMD KERNCZ SMBus controller. * Add detection of various Intel SMBus controllers. * Add detection of Giantec GT30TS00. * Add detection of ONS CAT34TS02C and CAT34TS04. * Add detection of AMD Family 15h Model 60+ temperature sensors. * Add detection of Nuvoton NCT6796D. * Add detection of AMD Family 15h Model 70+ temperature sensors. + configs: Add sample configuration files. + sensors.conf.default: * Add hardwired inputs of NCT6795D * Add hardwired inputs of F71868A * Add hardwired NCT6796D inputs + vt1211_pwm: replaced deprecated sub shell syntax, run with bash instead of sh. + pwmconfig: replaced deprecated sub shell syntax. + fancontrol: replaced deprecated sub shell syntax, save original pwm values. + fancontrol.8: replaced deprecated sub shell syntax. + libsensors: * Add support for SENSORS_BUS_TYPE_SCSI, add support for power min, lcrit, min_alarm, lcrit_alarm. * Handle hwmon device with thermal device parent (bsc#1108468). - Undo unnecessary libsensors version bump. - Undo the SENSORS_API_VERSION change, to stay source-compatible with upstream. ----------------------------------------- Patch: SUSE-2019-1234 Released: Tue May 14 18:31:52 2019 Summary: Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork Severity: important References: 1114209,1114832,1118897,1118898,1118899,1121397,1121967,1123013,1128376,1128746,1134068,CVE-2018-16873,CVE-2018-16874,CVE-2018-16875,CVE-2019-5736,CVE-2019-6486 Description: This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues: Security issues fixed: - CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). - CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). - CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). - CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). - CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes: - Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). - docker-test: Improvements to test packaging (bsc#1128746). - Move daemon.json file to /etc/docker directory (bsc#1114832). - Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). - Fix go build failures (bsc#1121397). ----------------------------------------- Patch: SUSE-2019-1267 Released: Thu May 16 09:55:03 2019 Summary: Security update for graphviz Severity: moderate References: 1132091,CVE-2019-11023 Description: This update for graphviz fixes the following issues: Security issue fixed: - CVE-2019-11023: Fixed a denial of service vulnerability, which was caused by a NULL pointer dereference in agroot() (bsc#1132091). ----------------------------------------- Patch: SUSE-2019-1282 Released: Fri May 17 13:14:19 2019 Summary: Recommended update for azure-li-services Severity: moderate References: 1133162 Description: This update for azure-li-services to 1.1.31 fixes the following issues: - Umount LUN only on cleanup If one service(A) needs the LUN and another service(B) that needs the LUN too runs in parallel a potential race condition exists in a way the service A could have umounted the LUN exactly at a time service B accesses it. Thus this patch changes the services such that only the last service, the cleanup service umounts the LUN. - Load softdog module when STONITH is set up It loads the module and make the load boot persistant - Fixup system-setup service dependencies The setup of the stonith SBD device requires the network to be up beforehand because the target is an iSCSI endpoint. ----------------------------------------- Patch: SUSE-2019-1290 Released: Mon May 20 09:56:48 2019 Summary: Security update for nmap Severity: moderate References: 1104139,1133512,CVE-2018-15173 Description: This update for nmap fixes the following issues: Security issue fixed: - CVE-2018-15173: Fixed a remote denial of service attack via a crafted TCP-based service (bsc#1104139). Non-security issue fixed: - Add missing runtime dependency python-xml which prevented zenmap from starting (bsc#1133512). ----------------------------------------- Patch: SUSE-2019-1291 Released: Mon May 20 09:57:16 2019 Summary: Security update for transfig Severity: low References: 1106531,CVE-2018-16140 Description: This update for transfig fixes the following issues: Security issue fixed: - CVE-2018-16140: Fixed a buffer underwrite vulnerability in get_line() in read.c, which allowed an attacker to write prior to the beginning of the buffer via specially crafted .fig file (bsc#1106531) ----------------------------------------- Patch: SUSE-2019-1302 Released: Tue May 21 13:05:02 2019 Summary: Recommended update for monitoring-plugins Severity: moderate References: 1132350,1132903,1133107 Description: This update for monitoring-plugins fixes the following issues: - update AppArmor profiles for usrMerge (related to bsc#1132350) - grep in check_cups - ps in check_procs and check_procs.sle15 - update usr.lib.nagios.plugins.check_procs to bash in /usr - support IPv4 ping for dual stacked host again (bsc#1132903) - update usr.lib.nagios.plugins.check_procs again for sle15 and above so that ptrace is allowed (bsc#1133107) - add /etc/nrpe.d/*.cfg snipplets - copy usr.lib.nagios.plugins.check_procs as usr.lib.nagios.plugins.check_procs.sle15 and use that for sle15 and above. 'ptrace' to enable ptrace globally is needed here. ----------------------------------------- Patch: SUSE-2019-1308 Released: Tue May 21 18:35:23 2019 Summary: Security update for java-1_8_0-ibm Severity: important References: 1132728,1132729,1132732,1132734,1134718,CVE-2019-10245,CVE-2019-2602,CVE-2019-2684,CVE-2019-2697,CVE-2019-2698 Description: This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 35. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). ----------------------------------------- Patch: SUSE-2019-1312 Released: Wed May 22 12:19:12 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1096191 Description: This update for aaa_base fixes the following issue: * Shell detection in /etc/profile and /etc/bash.bashrc was broken within AppArmor-confined containers (bsc#1096191) ----------------------------------------- Patch: SUSE-2019-1318 Released: Thu May 23 12:45:16 2019 Summary: Recommended update for orc Severity: moderate References: 1130085 Description: This update for orc does not fix any customer visible issues and does only address an issue with its test suite (bsc#1130085) ----------------------------------------- Patch: SUSE-2019-1327 Released: Thu May 23 18:09:53 2019 Summary: Recommended update for speech-dispatcher Severity: moderate References: 1129586 Description: This update for speech-dispatcher fixes the following issues: - Remove a work-around that was necessary in previous versions but since speech-dispatcher 0.8.4 no longer is. (bsc#1129586) ----------------------------------------- Patch: SUSE-2019-1328 Released: Thu May 23 18:10:08 2019 Summary: Recommended update for lifecycle-data-sle-module-live-patching Severity: moderate References: 1020320 Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: - Added data for 4_12_14-150_14. (bsc#1020320) ----------------------------------------- Patch: SUSE-2019-1340 Released: Fri May 24 12:57:31 2019 Summary: Security update for libu2f-host Severity: low References: 1124781,CVE-2018-20340 Description: This update for libu2f-host fixes the following issues: Security issue fixed: - CVE-2018-20340: Fixed an unchecked buffer, which could allow a buffer overflow with a custom made malicious USB device (bsc#1124781). ----------------------------------------- Patch: SUSE-2019-1343 Released: Fri May 24 13:58:40 2019 Summary: Recommended update for google-compute-engine Severity: moderate References: 1128392,1134179 Description: This update for google-compute-engine fixes the following issues: google-compute-engine was updated to version 20190416 (bsc#1128392, bsc#1134179): - Google Compute Engine OS Login * Fix pam_group ordering detection. * Restart cron from the OS Login control file. * Add PAM entry to su:account stack. Update to version 20190315: - Google Compute Engine OS Login * Fix alternate challenge section for two factor authentication. Update to version 20190304: - Google Compute Engine * Set oom_score_adjust for google_accounts_daemon. - Google Compute Engine OS Login * Use pam_group to provide users with default groups. * Add compat.h to support FreeBSD. * Exit immediately after a two factor authentication failure. * Add support for Google phone prompt challenges. - Include systemd service file to run google_optimize_local_ssd command - Include systemd service file to run google_set_multiqueue command - Install journald configuration files into /usr/lib/systemd/journald.conf.d ----------------------------------------- Patch: SUSE-2019-1352 Released: Fri May 24 14:41:44 2019 Summary: Security update for python3 Severity: moderate References: 1130840,1133452,CVE-2019-9947 Description: This update for python3 to version 3.6.8 fixes the following issues: Security issue fixed: - CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840). Non-security issue fixed: - Fixed broken debuginfo packages by switching off LTO and PGO optimization (bsc#1133452). ----------------------------------------- Patch: SUSE-2019-1358 Released: Mon May 27 13:51:26 2019 Summary: Recommended update for rsync Severity: moderate References: 1100786,1108562 Description: This update for rsync fixes the following issues: - rsync invoked with --sparse and --preallocate could have resulted in a failure (bsc#1108562) - Don't require systemd explicitly as it's not present in containers [bsc#1100786]. ----------------------------------------- Patch: SUSE-2019-1364 Released: Tue May 28 10:51:38 2019 Summary: Security update for systemd Severity: moderate References: 1036463,1121563,1124122,1125352,1125604,1126056,1127557,1130230,1132348,1132400,1132721,1133506,1133509,CVE-2019-3842,CVE-2019-3843,CVE-2019-3844,CVE-2019-6454,SLE-5933 Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could be exploited by a local user (bsc#1132348). - CVE-2019-6454: Fixed a denial of service via crafted D-Bus message (bsc#1125352). - CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where services with DynamicUser could gain new privileges or create SUID/SGID binaries (bsc#1133506, bsc#1133509). Non-security issued fixed: - logind: fix killing of scopes (bsc#1125604) - namespace: make MountFlags=shared work again (bsc#1124122) - rules: load drivers only on 'add' events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - systemd-coredump: generate a stack trace of all core dumps and log into the journal (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - Do not automatically online memory on s390x (bsc#1127557) - Removed sg.conf (bsc#1036463) ----------------------------------------- Patch: SUSE-2019-1367 Released: Tue May 28 12:41:43 2019 Summary: Recommended update for tcsh Severity: moderate References: 1129112 Description: This update for tcsh fixes the following issues: - Incorrect postcmd handling could have caused miscalculation of a while loop start resulting in an infinite loop (bsc#1129112) ----------------------------------------- Patch: SUSE-2019-1368 Released: Tue May 28 13:15:38 2019 Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root Severity: important References: 1134524,CVE-2019-5021 Description: This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) ----------------------------------------- Patch: SUSE-2019-1372 Released: Tue May 28 16:53:28 2019 Summary: Security update for libtasn1 Severity: moderate References: 1105435,CVE-2018-1000654 Description: This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). ----------------------------------------- Patch: SUSE-2019-1374 Released: Wed May 29 10:15:39 2019 Summary: Security update for taglib Severity: low References: 1096180,CVE-2018-11439 Description: This update for taglib fixes the following issues: - CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function allowed remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file (bsc#1096180) ----------------------------------------- Patch: SUSE-2019-1376 Released: Wed May 29 13:31:29 2019 Summary: Recommended update for openal-soft Severity: low References: 1131808 Description: This update for openal-soft provides the following fixes: - Remove an unused file licensed under Apache-2.0 (and thus incompatible with the rest of the stack). (bsc#1131808) ----------------------------------------- Patch: SUSE-2019-1380 Released: Wed May 29 15:10:22 2019 Summary: Recommended update for ipa-ex-fonts Severity: moderate References: 1112183 Description: This update for ipa-ex-fonts fixes the following issues: - Update to version 004.01 * new glyph U+32FF 'SQUARE ERA NAME REIWA' (boo#1112183) * add standardized variation sequences of 93 characters * update spaces of the two glyphs (U+26FF8, U+663B) - remove old Obsoletes and Provides for the past naming rule change ----------------------------------------- Patch: SUSE-2019-1389 Released: Fri May 31 10:12:36 2019 Summary: Security update for cronie Severity: low References: 1128935,1128937,1130746,1133100,CVE-2019-9704,CVE-2019-9705 Description: This update for cronie fixes the following issues: Security issues fixed: - CVE-2019-9704: Fixed an insufficient check in the return value of calloc which could allow a local user to create Denial of Service by crashing the daemon (bsc#1128937). - CVE-2019-9705: Fixed an implementation vulnerability which could allow a local user to exhaust the memory resulting in Denial of Service (bsc#1128935). Bug fixes: - Manual start of cron is possible even when it's already started using systemd (bsc#1133100). - Cron schedules only one job of crontab (bsc#1130746). ----------------------------------------- Patch: SUSE-2019-1393 Released: Fri May 31 10:18:34 2019 Summary: Recommended update for pesign Severity: moderate References: 1130588,1134670 Description: This update for pesign fixes the following issues: - Enable build on %arm as we can sign kernel on %arm (bsc#1134670) - Require shadow instead of old pwdutils (bsc#192328) ----------------------------------------- Patch: SUSE-2019-1398 Released: Fri May 31 12:54:22 2019 Summary: Security update for libpng16 Severity: low References: 1100687,1121624,1124211,CVE-2018-13785,CVE-2019-7317 Description: This update for libpng16 fixes the following issues: Security issues fixed: - CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211). - CVE-2018-13785: Fixed a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c, which could haved triggered and integer overflow and result in an divide-by-zero while processing a crafted PNG file, leading to a denial of service (bsc#1100687) ----------------------------------------- Patch: SUSE-2019-1403 Released: Mon Jun 3 10:45:52 2019 Summary: Recommended update for fio Severity: moderate References: 1129706 Description: This update ships the performance measurement tool 'fio' to the SUSE Linux Enterprise 15 Module for Basesystem. (bsc#1129706) ----------------------------------------- Patch: SUSE-2019-1409 Released: Mon Jun 3 16:28:25 2019 Summary: Recommended update for lifecycle-data-sle-module-live-patching Severity: moderate References: 1020320 Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: - Added data 4_12_14_-150_17 for lifecycle-data-sle-live-patching. (bsc#1020320) ----------------------------------------- Patch: SUSE-2019-1412 Released: Tue Jun 4 07:58:12 2019 Summary: Recommended update for wireless-regdb Severity: moderate References: 1134213 Description: This update for wireless-regdb provides the following fixes: - Update to version 2019.03.01: (bsc#1134213) * Sync IN with G.S.R. 1048(E). * Update regulatory rules for Sweden (SE) on 2.4/5/60 GHz. * Update 60ghz band rules for US. * Add 5725-5875 MHz rule for Portugal (PT). * Add URLs in README. * Delete outdated comment for DE. * Update source of info for CU and ES. ----------------------------------------- Patch: SUSE-2019-1415 Released: Tue Jun 4 13:18:42 2019 Summary: Recommended update for fping Severity: moderate References: 1133988 Description: This update for fping fixes the following issues: - Fix fping on servers with disabled IPv6 [bsc#1133988] ----------------------------------------- Patch: SUSE-2019-1417 Released: Tue Jun 4 15:40:25 2019 Summary: Recommended update for libselinux, policycoreutils, setools Severity: moderate References: 1130097,1136515 Description: This update for libselinux, policycoreutils, setools fixes the following issues: This update provides policycoreutils-python that contains binaries necessary for SELinux administration. (bsc#1130097) Also necessary dependencies for this package have been included in the update. python2-setools and python3-setools are shipped instead of python-setools. ----------------------------------------- Patch: SUSE-2019-1447 Released: Fri Jun 7 12:28:24 2019 Summary: Recommended update for sap-suse-cluster-connector Severity: moderate References: 1119137,1135487 Description: This update for sap-suse-cluster-connector fixes the following issues: - Support groups and primitives names containing dashes. (bsc#1135487) - Adjust detection of cluster resources, if multiple SAPInstance resource are found. - Fix smm function, add set_maintenance_mode function and split function list_sap_resources into a frontend (list_sap_resources) and a backend (get_resource_and_status) to get a proper smm handling in sap_suse_cluster_connector. (bsc#1119137) ----------------------------------------- Patch: SUSE-2019-1457 Released: Tue Jun 11 10:09:14 2019 Summary: Security update for vim Severity: important References: 1137443,CVE-2019-12735 Description: This update for vim fixes the following issue: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). ----------------------------------------- Patch: SUSE-2019-1484 Released: Thu Jun 13 07:46:46 2019 Summary: Recommended update for e2fsprogs Severity: moderate References: 1128383 Description: This update for e2fsprogs fixes the following issues: - Check and fix tails of all bitmap blocks (bsc#1128383) ----------------------------------------- Patch: SUSE-2019-1486 Released: Thu Jun 13 09:40:24 2019 Summary: Security update for elfutils Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7150,CVE-2019-7665 Description: This update for elfutils fixes the following issues: Security issues fixed: - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084) - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085) - CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088) - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089) - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090) - CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) - CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) - CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067) - CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726) - CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007) ----------------------------------------- Patch: SUSE-2019-1491 Released: Thu Jun 13 14:49:21 2019 Summary: Recommended update for onboard Severity: moderate References: 1082318,1131071 Description: This update for onboard fixes the following issues: onboard is added to SUSE Linux Enterprise 15 (fate#326794, bsc#1131071). onboard provides an on-screen keyboard to the GNOME desktop for use in touchscreen settings. ----------------------------------------- Patch: SUSE-2019-1492 Released: Thu Jun 13 14:51:01 2019 Summary: Recommended update for libidn Severity: low References: 1132869 Description: This update for libidn fixes the following issue: - The missing libidn11-32bit compat library package was provided. (bsc#1132869) ----------------------------------------- Patch: SUSE-2019-1502 Released: Fri Jun 14 11:13:24 2019 Summary: Recommended update for python-M2Crypto Severity: moderate References: 1135009 Description: This update for python-M2Crypto fixes the following issues: - Fix the use of urlunsplit() to make osc work behind a proxy (bsc#1135009) ----------------------------------------- Patch: SUSE-2019-1525 Released: Mon Jun 17 17:31:04 2019 Summary: Security update for netpbm Severity: moderate References: 1024288,1024291,1136936,CVE-2017-2579,CVE-2017-2580 Description: This update for netpbm fixes the following issues: Security issues fixed: - CVE-2017-2579: Fixed out-of-bounds read in expandCodeOntoStack() (bsc#1024288). - CVE-2017-2580: Fixed out-of-bounds write of heap data in addPixelToRaster() function (bsc#1024291). - create netpbm-vulnerable subpackage and move pstopnm there, as ghostscript is used to convert (bsc#1136936) ----------------------------------------- Patch: SUSE-2019-1560 Released: Wed Jun 19 08:57:17 2019 Summary: Recommended update for cloud-netconfig Severity: moderate References: 1135257,1135263 Description: This update for cloud-netconfig fixes the following issues: - cloud-netconfig will now pause and retry if API call throttling is detected in Azure (bsc#1135257, bsc#1135263) ----------------------------------------- Patch: SUSE-2019-1562 Released: Wed Jun 19 09:16:07 2019 Summary: Security update for docker Severity: moderate References: 1096726,CVE-2018-15664 Description: This update for docker fixes the following issues: Security issue fixed: - CVE-2018-15664: Fixed an issue which could make docker cp vulnerable to symlink-exchange race attacks (bsc#1096726). ----------------------------------------- Patch: SUSE-2019-1565 Released: Wed Jun 19 11:55:42 2019 Summary: Recommended update for google-compute-engine Severity: moderate References: 1136266,1136267 Description: This update for google-compute-engine fixes the following issues: Update to version 20190522 (bsc#1136266, bsc#1136267) + Google Compute Engine * Fix guest attributes flow in Python 3. + Google Compute Engine OS Login * Update OS Login control file for FreeBSD support. Update to version 20190521: + Google Compute Engine * Retry download for metadata scripts. * Fix script retrieval in Python 3. * Disable boto config in Python 3. * Update SSH host keys in guest attributes. * Fix XPS settings with more than 64 vCPUs. ----------------------------------------- Patch: SUSE-2019-1575 Released: Thu Jun 20 09:58:03 2019 Summary: Recommended update for kernel-azure Severity: moderate References: 1134581 Description: This update ships the Azure flavor kernel to SUSE Linux Enterprise 15 SP1. ----------------------------------------- Patch: SUSE-2019-1576 Released: Thu Jun 20 12:49:40 2019 Summary: Security update for enigmail Severity: important References: 1135855,CVE-2019-12269 Description: This update for enigmail to version 2.0.11 fixes the following issues: Security issue fixed: - CVE-2019-12269: Fixed an issue where a specially crafted inline PGP messages could spoof a 'correctly signed' message (bsc#1135855). ----------------------------------------- Patch: SUSE-2019-1595 Released: Fri Jun 21 10:17:44 2019 Summary: Security update for dbus-1 Severity: important References: 1137832,CVE-2019-12749 Description: This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). ----------------------------------------- Patch: SUSE-2019-1603 Released: Fri Jun 21 10:23:33 2019 Summary: Security update for exempi Severity: moderate References: 1098946,CVE-2018-12648 Description: This update for exempi fixes the following issues: - CVE-2018-12648: Fixed a NULL pointer dereference (crash) issue when processing webp files (bsc#1098946). ----------------------------------------- Patch: SUSE-2019-1607 Released: Fri Jun 21 10:26:45 2019 Summary: Security update for wireshark Severity: moderate References: 1136021 Description: This update for wireshark to version 2.4.15 fixes the following issues: Security issue fixed: - Fixed a denial of service in the dissection engine (bsc#1136021). ----------------------------------------- Patch: SUSE-2019-1616 Released: Fri Jun 21 11:04:39 2019 Summary: Recommended update for rpcbind Severity: moderate References: 1134659 Description: This update for rpcbind fixes the following issues: - Change rpcbind locking path from /var/run/rpcbind.lock to /run/rpcbind.lock. (bsc#1134659) - Change the order of socket/service in the %postun scriptlet to avoid an error from rpcbind.socket when rpcbind is running during package update. ----------------------------------------- Patch: SUSE-2019-1627 Released: Fri Jun 21 11:15:11 2019 Summary: Recommended update for xfsprogs Severity: moderate References: 1073421,1122271,1129859 Description: This update for xfsprogs fixes the following issues: - xfs_repair: will now allow '/' in attribute names (bsc#1122271) - xfs_repair: will now allow zeroing of corrupt log (bsc#1073421) - enabdled offline (unmounted) filesystem geometry queries (bsc#1129859) ----------------------------------------- Patch: SUSE-2019-1631 Released: Fri Jun 21 11:17:21 2019 Summary: Recommended update for xz Severity: low References: 1135709 Description: This update for xz fixes the following issues: Add SUSE-Public-Domain licence as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain licence [bsc#1135709] ----------------------------------------- Patch: SUSE-2019-1635 Released: Fri Jun 21 12:45:53 2019 Summary: Recommended update for krb5 Severity: moderate References: 1134217 Description: This update for krb5 provides the following fix: - Move LDAP schema files from /usr/share/doc/packages/krb5 to /usr/share/kerberos/ldap. (bsc#1134217) ----------------------------------------- Patch: SUSE-2019-1700 Released: Tue Jun 25 13:19:21 2019 Summary: Security update for libssh Severity: moderate References: 1134193 Description: This update for libssh fixes the following issue: Issue addressed: - Added support for new AES-GCM encryption types (bsc#1134193). ----------------------------------------- Patch: SUSE-2019-1728 Released: Tue Jul 2 17:35:39 2019 Summary: Recommended update for openssl-1_0_0 Severity: moderate References: 1130041 Description: This update for openssl-1_0_0 fixes the following issues: - Add back the steam subpackage on openSUSE Leap 15 whose openssl-1_0_0 package is inherited from this package (bsc#1130041) This update also ships openssl-1_0_0 to the SUSE Manager Client Tools 15 repository, to be used for phantomjs / grafana. ----------------------------------------- Patch: SUSE-2019-1741 Released: Wed Jul 3 21:13:18 2019 Summary: Recommended update for perl-Tk Severity: moderate References: 1134134 Description: This update for perl-Tk fixes the following issues: - Tk::Photo importer fails on some XPM files. (bsc#1134134) ----------------------------------------- Patch: SUSE-2019-1747 Released: Thu Jul 4 11:44:06 2019 Summary: Recommended update for cluster-glue Severity: moderate References: 1131545 Description: This update for cluster-glue fixes the following issues: - Directory /var/run/heartbeat/rsctmp will now get created if it doesn't exist (bsc#1131545) ----------------------------------------- Patch: SUSE-2019-1750 Released: Thu Jul 4 16:07:32 2019 Summary: Security update for libu2f-host, pam_u2f Severity: moderate References: 1128140,1135727,1135729,CVE-2019-12209,CVE-2019-12210,CVE-2019-9578 Description: This update for libu2f-host and pam_u2f to version 1.0.8 fixes the following issues: Security issues fixed for libu2f-host: - CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response (bsc#1128140). Security issues fixed for pam_u2f: - CVE-2019-12209: Fixed an issue where symlinks in the user's directory were followed (bsc#1135729). - CVE-2019-12210: Fixed file descriptor leaks (bsc#1135727). ----------------------------------------- Patch: SUSE-2019-1776 Released: Mon Jul 8 18:18:37 2019 Summary: Security update for zeromq Severity: important References: 1082318,1140255,CVE-2019-13132 Description: This update for zeromq fixes the following issues: - CVE-2019-13132: An unauthenticated remote attacker could have exploited a stack overflow vulnerability on a server that is supposed to be protected by encryption and authentication to potentially gain a remote code execution. (bsc#1140255) - Correctly mark license files as licence instead of documentation (bsc#1082318) ----------------------------------------- Patch: SUSE-2019-1780 Released: Mon Jul 8 20:24:24 2019 Summary: Recommended update for icewm Severity: moderate References: 1076817 Description: This update for icewm fixes the following issues: - Disabled icewm's suspend function in order to allow systemd the handling of power key events (bsc#1076817) ----------------------------------------- Patch: SUSE-2019-1795 Released: Tue Jul 9 23:39:25 2019 Summary: Recommended update for saptune Severity: moderate References: 1116799,1123808,1124485,1124486,1124487,1124488,1124489,1126220,1128322,1128325 Description: This update for saptune fixes the following issues: - Resetting all values to clean the system during package removal - Fix saptune issues with /etc/security/limits.conf. (bsc#1124485) - Add deprecated message to the description of some notes set scheduler for note SUSE-GUIDE-01 correctly.(bsc#1123808) - Ship both versions of saptune in one package to support a smooth migration controlled by the customer. See man saptune-migrate(5) for more information. - Support note name changes and note deletion during update of saptune v2 from SLE12 to SLE15. - Support different SAP Note definitions and solution definitions related to the used operation system version (distinguish between SLE12 and SLE15 at the moment) - Remove calculation of optimized values, only set the values from the configuration file irrespective of the current system value. Current system value can be increase or decrease. ATTENTION: saptune no longer respects higher system values. Use the override option to change the values of the Note definition files, if needed. (bsc#1124488) - Mark the Notes SUSE-GUIDE-01 and SUSE-GUIDE-02 as deprecated in saptune v1 and remove these Note definitions from saptune v2. (bsc#1116799) - Add bash-completion for saptune. - Add action 'show' to the 'note' operation to print content of the note definition file to stdout. - Add new action 'create' to support the customer/vendor while creating a vendor or customer specific file in /etc/saptune/extra using the template file /usr/share/saptune/NoteTemplate.conf - Simplify file name syntax for the vendor files available in /etc/saptune/extra. Old file names still valid and supported. - Add header support (version, date, description) for the vendor files available in /etc/saptune/extra as already available for the note definition files in /usr/share/saptune/notes - No longer write or remove entries from /etc/security/limits.conf. Instead add or remove drop-in files in /etc/security/limits.d The filename syntax for the drop-in files /etc/security/limits.d is saptune---.conf. The limits entry syntax inside the Note definition files changed to support more than one limits settings in the definition file. (bsc#1128322) - Preserve comment sections of the security limits file /etc/security/limits.conf. Especially, if this is the only content of the file. (bsc#1124485) - Work with the current Note definition file to define the pagecache settings. (bsc#1126220) - Setting of UserTaskMax by applying the related SAP Notes in the postinstall of the package. (bsc#1124489) - Starting to support severities INFO, WARNING, ERROR and DEBUG for the logging and add a defined format for the log messages. - Remove saptune as active tuned profile during action 'saptune daemon stop' - start/stop services, if requested by SAP Notes, but do not enable/disable these services. (bsc#1128325) - Adapt the parameter oriented save state file handling (store and revert) to the special needs of the security limits parameter. (bsc#1124485) - Disable parameter settings using an override file. (bsc#1124486) - Store the order of the note as they are applied to get the same system tuning result after a system reboot as before. - Correct the revert of the vm.dirty parameters by handling their counterpart parameters in addition. (bsc#1124487) - Adjust operation customize to the new configuration files and override location and enable customize option for vendor and customer specific files in /etc/saptune/extra. (bsc#1124487) - Change output format of the operations list, verify and simulate. (bsc#1124487) - Display footnotes during 'verify' and 'simulate'. (bsc#1124487) - Remove Netweaver formula for page cache calculation. Use the HANA approach '2% system memory' for both. - Display a warning message, if a [block] section is found in the Note definition file because on systems with a huge number of block devices this operation may take some time. - Add force_latency handling to 'cpu' section. Use the files in /sys/devices/system/cpu/cpu* instead of /dev/cpu_dma_latency. Remove the parameter from the tuned.conf file and add it to the SAP note files '1984787' and '2205917' - Add action 'saptune revert all' and add parameter based saved state files to support proper revert functionality. (bsc#1124487) - Add override file handling for the solution definition using /etc/saptune/override/solution. (bsc#1124486) - Read solution definition from file /usr/share/saptune/solution instead of static coding inside of saptune. (bsc#1124486) - Make sure a note, which is part of an applied solution definition, but was reverted manually later, will NOT applied again after a system reboot. - One configuration file per SAP Note. (bsc#1124486) - Add new SAP Notes and adapt content of SAP Notes. - Handle different locations of the new configuration files (/usr/share/saptune/note, /etc/saptune/extra). (bsc#1124486) - Allow parameter override by the customer. (bsc#1124486) - Expand section handling of the 'ini file' handler to handle the new configuration file entries. Supported sections: version, reminder, login, mem, vm, block, limits, sysctl, pagecache, cpu, service, rpm, grub. (bsc#1124486) ----------------------------------------- Patch: SUSE-2019-1804 Released: Wed Jul 10 10:40:44 2019 Summary: Security update for ruby-bundled-gems-rpmhelper, ruby2.5 Severity: important References: 1082007,1082008,1082009,1082010,1082011,1082014,1082058,1087433,1087434,1087436,1087437,1087440,1087441,1112530,1112532,1130028,1130611,1130617,1130620,1130622,1130623,1130627,1133790,CVE-2017-17742,CVE-2018-1000073,CVE-2018-1000074,CVE-2018-1000075,CVE-2018-1000076,CVE-2018-1000077,CVE-2018-1000078,CVE-2018-1000079,CVE-2018-16395,CVE-2018-16396,CVE-2018-6914,CVE-2018-8777,CVE-2018-8778,CVE-2018-8779,CVE-2018-8780,CVE-2019-8320,CVE-2019-8321,CVE-2019-8322,CVE-2019-8323,CVE-2019-8324,CVE-2019-8325 Description: This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues: Changes in ruby2.5: Update to 2.5.5 and 2.5.4: https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/ https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/ Security issues fixed: - CVE-2019-8320: Delete directory using symlink when decompressing tar (bsc#1130627) - CVE-2019-8321: Escape sequence injection vulnerability in verbose (bsc#1130623) - CVE-2019-8322: Escape sequence injection vulnerability in gem owner (bsc#1130622) - CVE-2019-8323: Escape sequence injection vulnerability in API response handling (bsc#1130620) - CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution (bsc#1130617) - CVE-2019-8325: Escape sequence injection vulnerability in errors (bsc#1130611) Ruby 2.5 was updated to 2.5.3: This release includes some bug fixes and some security fixes. Security issues fixed: - CVE-2018-16396: Tainted flags are not propagated in Array#pack and String#unpack with some directives (bsc#1112532) - CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly (bsc#1112530) Ruby 2.5 was updated to 2.5.1: This release includes some bug fixes and some security fixes. Security issues fixed: - CVE-2017-17742: HTTP response splitting in WEBrick (bsc#1087434) - CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir (bsc#1087441) - CVE-2018-8777: DoS by large request in WEBrick (bsc#1087436) - CVE-2018-8778: Buffer under-read in String#unpack (bsc#1087433) - CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (bsc#1087440) - CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir (bsc#1087437) - Multiple vulnerabilities in RubyGems were fixed: - CVE-2018-1000079: Fixed path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058) - CVE-2018-1000075: Fixed infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014) - CVE-2018-1000078: Fixed XSS vulnerability in homepage attribute when displayed via gem server (bsc#1082011) - CVE-2018-1000077: Fixed that missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL (bsc#1082010) - CVE-2018-1000076: Fixed improper verification of signatures in tarball allows to install mis-signed gem (bsc#1082009) - CVE-2018-1000074: Fixed unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (bsc#1082008) - CVE-2018-1000073: Fixed path traversal when writing to a symlinked basedir outside of the root (bsc#1082007) Other changes: - Fixed Net::POPMail methods modify frozen literal when using default arg - ruby: change over of the Japanese Era to the new emperor May 1st 2019 (bsc#1133790) - build with PIE support (bsc#1130028) Changes in ruby-bundled-gems-rpmhelper: - Add a new helper for bundled ruby gems. ----------------------------------------- Patch: SUSE-2019-1807 Released: Wed Jul 10 13:13:21 2019 Summary: Recommended update for java-11-openjdk Severity: moderate References: 1137264 Description: This update ships the OpenJDK LTS version 11 in the java-11-openjdk packages. (FATE#326347 bsc#1137264) ----------------------------------------- Patch: SUSE-2019-1808 Released: Wed Jul 10 13:16:29 2019 Summary: Recommended update for libgcrypt Severity: moderate References: 1133808 Description: This update for libgcrypt fixes the following issues: - Fixed redundant fips tests in some situations causing sudo to stop working when pam-kwallet is installed. bsc#1133808 ----------------------------------------- Patch: SUSE-2019-1815 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Severity: moderate References: 1140016 Description: This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------- Patch: SUSE-2019-1835 Released: Fri Jul 12 18:06:31 2019 Summary: Security update for expat Severity: moderate References: 1139937,CVE-2018-20843 Description: This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). ----------------------------------------- Patch: SUSE-2019-1846 Released: Mon Jul 15 11:36:33 2019 Summary: Security update for bzip2 Severity: important References: 1139083,CVE-2019-12900 Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). ----------------------------------------- Patch: SUSE-2019-1853 Released: Mon Jul 15 16:03:36 2019 Summary: Recommended update for systemd Severity: moderate References: 1107617,1137053 Description: This update for systemd fixes the following issues: - conf-parse: remove 4K line length limit (bsc#1137053) - udevd: change the default value of udev.children-max (again) (bsc#1107617) - meson: stop creating enablement symlinks in /etc during installation (sequel) - Fixed build for openSUSE Leap 15+ - Make sure we don't ship any static enablement symlinks in /etc Those symlinks must only be created by the presets. There are no changes in practice since systemd/udev doesn't ship such symlinks in /etc but let's make sure no future changes will introduce new ones by mistake. ----------------------------------------- Patch: SUSE-2019-1864 Released: Wed Jul 17 12:22:37 2019 Summary: Recommended update for osc Severity: moderate References: 1138165 Description: This update for osc fixes the following issues: - Version update to version 0.165.1 (bsc#1138165) * fix oscssl 'urldefrag is not defined error' * osc release command now python3 compatible * add more decode logic in get_commitlog * osc add 'dir' in compressed mode now works with python3 * osc getbinaries now prints the output instead of using the quiet mode as a default ----------------------------------------- Patch: SUSE-2019-1869 Released: Wed Jul 17 14:03:20 2019 Summary: Security update for MozillaFirefox Severity: important References: 1140868,CVE-2019-11709,CVE-2019-11711,CVE-2019-11712,CVE-2019-11713,CVE-2019-11715,CVE-2019-11717,CVE-2019-11719,CVE-2019-11729,CVE-2019-11730,CVE-2019-9811 Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: * Added IPSEC IKE support to softoken * Many new FIPS test cases ----------------------------------------- Patch: SUSE-2019-1892 Released: Thu Jul 18 15:54:35 2019 Summary: Recommended update for openslp Severity: moderate References: 1117969,1136136 Description: This update for openslp fixes the following issues: - Use tcp connects to talk with other directory agents (DAs) (bsc#1117969) - Fix segfault in predicate match if a registered service has a malformed attribute list (bsc#1136136) ----------------------------------------- Patch: SUSE-2019-1894 Released: Thu Jul 18 16:18:10 2019 Summary: Security update for LibreOffice Severity: moderate References: 1089811,1116451,1121874,1123131,1123455,1124062,1124869,1127760,1127857,1128845,1135189,1135228,CVE-2018-16858 Description: This update for libreoffice and libraries fixes the following issues: LibreOffice was updated to 6.2.5.2 (fate#327121 bsc#1128845 bsc#1123455), bringing lots of bug and stability fixes. Additional bugfixes: - If there is no firebird engine we still need java to run hsqldb (bsc#1135189) - PPTX: Rectangle turns from green to blue and loses transparency when transparency is set (bsc#1135228) - Slide deck compression doesn't, hmm, compress too much (bsc#1127760) - Psychedelic graphics in LibreOffice (but not PowerPoint) (bsc#1124869) - Image from PPTX shown in a square, not a circle (bsc#1121874) libixion was updated to 0.14.1: * Updated for new orcus liborcus was updated to 0.14.1: * Boost 1.67 support * Various cell handling issues fixed libwps was updated to 0.4.10: * QuattroPro: add parser of .qwp files * all: support complex encoding mdds was updated to 1.4.3: * Api change to 1.4 * More multivector operations and tweaks * Various multi vector fixes * flat_segment_tree: add segment iterator and functions * fix to handle out-of-range insertions on flat_segment_tree * Another api version -> rename to mdds-1_2 myspell-dictionaries was updated to 20190423: * Serbian dictionary updated * Update af_ZA hunspell * Update Spanish dictionary * Update Slovenian dictionary * Update Breton dictionary * Update Galician dictionary ----------------------------------------- Patch: SUSE-2019-1916 Released: Mon Jul 22 08:44:01 2019 Summary: Recommended update for yast2-saptune Severity: moderate References: 1077615,1135879 Description: This update for yast2-saptune fixes the following issues: - Fix to disable tuned daemon, if saptune is not configured (bsc#1135879) ----------------------------------------- Patch: SUSE-2019-1963 Released: Wed Jul 24 11:41:43 2019 Summary: Security update for openexr Severity: moderate References: 1040109,1040113,1040115,CVE-2017-9111,CVE-2017-9113,CVE-2017-9115 Description: This update for openexr fixes the following issues: Security issues fixed: - CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h (bsc#1040109). - CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp (bsc#1040113). - CVE-2017-9115: Fixed an invalid write of size 2 in the = operator function inhalf.h (bsc#1040115). ----------------------------------------- Patch: SUSE-2019-1971 Released: Thu Jul 25 14:58:52 2019 Summary: Security update for libgcrypt Severity: moderate References: 1138939,CVE-2019-12904 Description: This update for libgcrypt fixes the following issues: Security issue fixed: - CVE-2019-12904: Fixed a flush-and-reload side-channel attack in the AES implementation (bsc#1138939). ----------------------------------------- Patch: SUSE-2019-1994 Released: Fri Jul 26 16:12:05 2019 Summary: Recommended update for libxml2 Severity: moderate References: 1135123 Description: This update for libxml2 fixes the following issues: - Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit when processing large XML files. (bsc#1135123) ----------------------------------------- Patch: SUSE-2019-1998 Released: Fri Jul 26 16:13:22 2019 Summary: Recommended update for sysstat Severity: moderate References: 1138767 Description: This update for sysstat fixes the following issues: - Fix scaling issue with mtab symlinks and automounter. (bsc#1138767) ----------------------------------------- Patch: SUSE-2019-2001 Released: Fri Jul 26 18:09:41 2019 Summary: Recommended update for docker Severity: important References: 1138920 Description: This update for docker fixes the following issues: - Mark daemon.json as %config(noreplace) to not overwrite it during installation (bsc#1138920) ----------------------------------------- Patch: SUSE-2019-2002 Released: Mon Jul 29 13:00:27 2019 Summary: Security update for java-11-openjdk Severity: important References: 1115375,1140461,1141780,1141781,1141782,1141783,1141784,1141785,1141787,1141788,1141789,CVE-2019-2745,CVE-2019-2762,CVE-2019-2766,CVE-2019-2769,CVE-2019-2786,CVE-2019-2816,CVE-2019-2818,CVE-2019-2821,CVE-2019-7317 Description: This update for java-11-openjdk to version jdk-11.0.4+11 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation (bsc#1141784). - CVE-2019-2762: Exceptional throw cases (bsc#1141782). - CVE-2019-2766: Improve file protocol handling (bsc#1141789). - CVE-2019-2769: Better copies of CopiesList (bsc#1141783). - CVE-2019-2786: More limited privilege usage (bsc#1141787). - CVE-2019-7317: Improve PNG support options (bsc#1141780). - CVE-2019-2818: Better Poly1305 support (bsc#1141788). - CVE-2019-2816: Normalize normalization (bsc#1141785). - CVE-2019-2821: Improve TLS negotiation (bsc#1141781). - Certificate validation improvements Non-security issues fixed: - Do not fail installation when the manpages are not present (bsc#1115375) - Backport upstream fix for JDK-8208602: Cannot read PEM X.509 cert if there is whitespace after the header or footer (bsc#1140461) ----------------------------------------- Patch: SUSE-2019-2003 Released: Mon Jul 29 13:01:22 2019 Summary: Security update for libreoffice Severity: important References: 1110348,1112112,1112113,1112114,1116451,1117195,1117300,1121874,1123131,1123455,1124062,1124658,1124869,1127760,1127857,1128845,1135189,1135228,882383,CVE-2018-16858 Description: This update for libreoffice fixes the following issues: LibreOffice was updated to 6.2.5.2 (fate#327121). Security issue fixed: - CVE-2018-16858: LibreOffice was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location. (bsc#1124062) Other bugfixes: - If there is no firebird engine we still need java to run hsqldb (bsc#1135189) - Require firebird as default driver for base if enabled - PPTX: Rectangle turns from green to blue and loses transparency when transparency is set (bsc1135228) - Slide deck compression doesn't, hmm, compress too much (bsc#1127760) - Psychedelic graphics in LibreOffice (but not PowerPoint) (bsc#1124869) - Image from PPTX shown in a square, not a circle (bsc#1121874) - Switch to the new web based help system bsc#1116451 - Enable new approach for mariadb connector again - PPTX: SmartArt: Basic rendering of the Organizational Chart (bsc#1112114) - PPTX: SmartArt: Basic rendering of Accent Process and Continuous Block Process (bsc#1112113) - Saving a new document can silently overwrite an existing document (bsc#1117300) - Install also C++ libreofficekit headers bsc#1117195 - Chart in PPTX lacks color and is too large (bsc#882383) - PPTX: SmartArt: Basic rendering of several list types (bsc#1112112) - PPTX: Charts having weird/darker/ugly background versus Office 365 and strange artefacts where overlapping (bsc#1110348) ----------------------------------------- Patch: SUSE-2019-2004 Released: Mon Jul 29 13:01:59 2019 Summary: Security update for bzip2 Severity: important References: 1139083,CVE-2019-12900 Description: This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). ----------------------------------------- Patch: SUSE-2019-2005 Released: Mon Jul 29 13:02:15 2019 Summary: Recommended update for cloud-init Severity: moderate References: 1116767,1119397,1121878,1123694,1125950,1125992,1126101,1132692,1136440 Description: This update for cloud-init fixes the following issues: - Fixes a bug where only the last defined route was written to the routes configuration file (bsc#1132692) - Fixes a bug where a new network rules file for network devices didn't apply immediately (bsc#1125950) - Improved the writing of route config files to avoid issues (bsc#1125992) - Fixes a bug where OpenStack instances where not detected on VIO (bsc#1136440) - Fixes a bug where IPv4 and IPv6 were not set up as default routes (bsc#1121878) - Added a fix to prevent the resolv.conf to be empty (bsc#1119397) - Uses now the proper name to designate IPv6 addresses in ifcfg-* files (bsc#1126101) - Fixes an issue where the ifroute-eth0 file got corrupted when cloning an existing instance (bsc#1123694) Some more fixes were included within the 19.1 update of cloud-init. Please refer to the package changelog for more details. ----------------------------------------- Patch: SUSE-2019-2012 Released: Mon Jul 29 14:47:00 2019 Summary: Security update for postgresql10 Severity: moderate References: 1134689,1138034,CVE-2019-10130,CVE-2019-10164 Description: This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034). - CVE-2019-10130: Prevent row-level security policies from being bypassed via selectivity estimators (bsc#1134689). Bug fixes: - For a complete list of fixes check the release notes. * https://www.postgresql.org/docs/10/release-10-9.html * https://www.postgresql.org/docs/10/release-10-8.html * https://www.postgresql.org/docs/10/release-10-7.html ----------------------------------------- Patch: SUSE-2019-2020 Released: Tue Jul 30 13:18:31 2019 Summary: Security update for mariadb, mariadb-connector-c Severity: important References: 1126088,1132666,1136035,CVE-2019-2614,CVE-2019-2627,CVE-2019-2628 Description: This update for mariadb and mariadb-connector-c fixes the following issues: mariadb: - Update to version 10.2.25 (bsc#1136035) - CVE-2019-2628: Fixed a remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2627: Fixed another remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2614: Fixed a potential remote denial of service by an privileged attacker (bsc#1136035). - Fixed reading options for multiple instances if my${INSTANCE}.cnf is used (bsc#1132666) mariadb-connector-c: - Update to version 3.1.2 (bsc#1136035) - Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for x86_64 (bsc#1126088) ----------------------------------------- Patch: SUSE-2019-2021 Released: Tue Jul 30 16:38:55 2019 Summary: Security update for java-1_8_0-openjdk Severity: important References: 1115375,1141780,1141782,1141783,1141784,1141785,1141786,1141787,1141789,CVE-2019-2745,CVE-2019-2762,CVE-2019-2766,CVE-2019-2769,CVE-2019-2786,CVE-2019-2816,CVE-2019-2842,CVE-2019-7317 Description: This update for java-1_8_0-openjdk to version 8u222 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation (bsc#1141784). - CVE-2019-2762: Exceptional throw cases (bsc#1141782). - CVE-2019-2766: Improve file protocol handling (bsc#1141789). - CVE-2019-2769: Better copies of CopiesList (bsc#1141783). - CVE-2019-2786: More limited privilege usage (bsc#1141787). - CVE-2019-2816: Normalize normalization (bsc#1141785). - CVE-2019-2842: Extended AES support (bsc#1141786). - CVE-2019-7317: Improve PNG support (bsc#1141780). - Certificate validation improvements Non-security issue fixed: - Fixed an issue where the installation failed when the manpages are not present (bsc#1115375) ----------------------------------------- Patch: SUSE-2019-2031 Released: Wed Jul 31 18:36:22 2019 Summary: Security update for subversion Severity: important References: 1142721,1142743,CVE-2018-11782,CVE-2019-0203 Description: This update for subversion to version 1.10.6 fixes the following issues: Security issues fixed: - CVE-2018-11782: Fixed a remote denial of service in svnserve 'get-deleted-rev' (bsc#1142743). - CVE-2019-0203: Fixed a remote, unauthenticated denial of service in svnserve (bsc#1142721). ----------------------------------------- Patch: SUSE-2019-2039 Released: Fri Aug 2 08:34:40 2019 Summary: Recommended update for transfig Severity: moderate References: 1136882 Description: This update for transfig fixes the following issues: - Fix export to PDF, PNG from. (bsc#1136882) ----------------------------------------- Patch: SUSE-2019-2043 Released: Fri Aug 2 15:18:37 2019 Summary: Security update for openexr Severity: moderate References: 1061305,CVE-2017-14988 Description: This update for openexr fixes the following issues: - CVE-2017-14988: Fixed a denial of service in Header::readfrom() (bsc#1061305). ----------------------------------------- Patch: SUSE-2019-2050 Released: Tue Aug 6 09:42:37 2019 Summary: Security update for python3 Severity: important References: 1094814,1138459,1141853,CVE-2018-20852,CVE-2019-10160 Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Non-security issue fixed: - Fixed an issue where the SIGINT signal was ignored or not handled (bsc#1094814). ----------------------------------------- Patch: SUSE-2019-2060 Released: Tue Aug 6 14:27:41 2019 Summary: Recommended update for libreoffice-share-linker Severity: moderate References: 1139727 Description: This update for libreoffice-share-linker fixes the following issues: - Work with paranoid umask settings. (bsc#1139727) ----------------------------------------- Patch: SUSE-2019-2061 Released: Tue Aug 6 14:28:33 2019 Summary: Recommended update for several bugs for Hawk2 Severity: moderate References: 1089802,1137891 Description: Update for Hawk2 for the following issues: - Fix display in case of nameless cluster (bsc#1137891) - Fix utility method for checking ACL version in Hawk (bsc#1089802) ----------------------------------------- Patch: SUSE-2019-2064 Released: Tue Aug 6 15:50:23 2019 Summary: Security update for python Severity: important References: 1138459,CVE-2019-10160 Description: This update for python fixes the following issues: Security issue fixed: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). ----------------------------------------- Patch: SUSE-2019-2067 Released: Tue Aug 6 17:22:07 2019 Summary: Security update for osc Severity: important References: 1129889,1138977,1140697,1142518,1142662,1144211,CVE-2019-3685 Description: This update for osc to version 0.165.4 fixes the following issues: Security issue fixed: - CVE-2019-3685: Fixed broken TLS certificate handling allowing for a Man-in-the-middle attack (bsc#1142518). Non-security issues fixed: - support different token operations (runservice, release and rebuild) (requires OBS 2.10) - fix osc token decode error - offline build mode is now really offline and does not try to download the buildconfig - osc build -define now works with python3 - fixes an issue where the error message on osc meta -e was not parsed correctly - osc maintainer -s now works with python3 - simplified and fixed osc meta -e (bsc#1138977) - osc lbl now works with non utf8 encoding (bsc#1129889) - add simpleimage as local build type - allow optional fork when creating a maintenance request - fix RPMError fallback - fix local caching for all package formats - fix appname for trusted cert store - osc -h does not break anymore when using plugins - switch to difflib.diff_bytes and sys.stdout.buffer.write for diffing. This will fix all decoding issues with osc diff, osc ci and osc rq -d - fix osc ls -lb handling empty size and mtime - removed decoding on osc api command. ----------------------------------------- Patch: SUSE-2019-2069 Released: Wed Aug 7 00:50:55 2019 Summary: Security update for the Linux Kernel for Azure Severity: important References: 1051510,1055117,1071995,1083647,1083710,1088047,1094555,1098633,1103990,1103991,1103992,1104745,1106383,1109837,1111666,1112374,1114279,1114685,1119113,1119222,1119532,1120423,1123080,1125703,1127034,1127315,1127611,1128432,1128902,1129770,1130836,1132390,1133021,1133401,1133738,1134090,1134097,1134390,1134395,1134399,1134730,1134738,1135153,1135296,1135335,1135556,1135642,1135897,1136156,1136157,1136161,1136217,1136264,1136271,1136333,1136342,1136343,1136345,1136348,1136460,1136461,1136462,1136467,1137103,1137194,1137224,1137366,1137429,1137458,1137534,1137535,1137584,1137586,1137609,1137625,1137728,1137811,1137827,1137884,1137985,1138263,1138291,1138293,1138336,1138374,1138375,1138589,1138681,1138719,1138732,1138874,1138879,1139358,1139619,1139712,1139751,1139771,1139865,1140133,1140139,1140228,1140322,1140328,1140405,1140424,1140428,1140454,1140463,1140559,1140575,1140577,1140637,1140652,1140658,1140676,1140715,1140719,1140726,1140727,1140728,1140814,1140887,1140888,1140889,1140891,1140893,1140903,1140945,1140948,1140954,1140955,1140956,1140957,1140958,1140959,1140960,1140961,1140962,1140964,1140971,1140972,1140992,1141312,1141401,1141402,1141452,1141453,1141454,1141478,1141558,1142023,1142052,1142083,1142112,1142115,1142119,1142220,1142221,1142265,1142350,1142351,1142354,1142359,1142450,1142623,1142673,1142701,1142868,1143003,1143105,1143185,1143189,1143191,1143209,1143507,CVE-2018-16871,CVE-2018-20836,CVE-2018-20855,CVE-2019-10638,CVE-2019-10639,CVE-2019-1125,CVE-2019-11478,CVE-2019-11599,CVE-2019-11810,CVE-2019-12614,CVE-2019-12817,CVE-2019-12818,CVE-2019-12819,CVE-2019-13233,CVE-2019-13631,CVE-2019-13648,CVE-2019-14283,CVE-2019-14284 Description: The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20855: An issue was discovered in create_qp_common, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. (bnc#bsc#1103991) - CVE-2019-1125: Fix Spectre V1 variant via swapgs: Exclude ATOMs from speculation through SWAPGS (bsc#1139358). - CVE-2019-14284: In the Linux kernel, drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. (bnc#bsc#1143189) - CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. (bsc#1143191) - CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free. (bsc#1134399) - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user can cause a denial of service via a sigreturn() system call that sends a crafted signal frame. (bnc#1142265) - CVE-2019-13631: In parse_hid_report_descriptor, a malicious usb device could send an hid: report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023) - CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. (bsc#1140577) - CVE-2019-13233: In arch/x86/lib/insn-eval.c, there was a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation. (bnc#1140454) - CVE-2018-20836: In the Linux kernel there was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (bnc#1134395) - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (bnc#1133738) - CVE-2019-12817: Linux kernel for powerpc had a bug where unrelated processes could be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected. (bsc#1138263, bsc#1139619) - CVE-2019-12614: In dlpar_parse_cc_property there was an unchecked kstrdup of prop->name, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bsc#1137194) - CVE-2018-16871: An attacker, who was able to mount an exported NFS filesystem, was able to trigger a null pointer dereference by using an invalid NFS sequence. This could panic the machine and deny access to the NFS server. (bsc#1137103) - CVE-2019-12819: An issue was discovered in the Linux kernel The function __mdiobus_register() calls put_device(), which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bsc#1138291) - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may have returned NULL. If the caller did not check for this, it would trigger a NULL pointer dereference. This would cause denial of service. (bsc#1138293) The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - acpi/nfit: Always dump _DSM output payload (bsc#1142351). - acpi: Add Hygon Dhyana support (). - acpi: PM: Allow transitions to D0 to occur in special cases (bsc#1051510). - acpi: PM: Avoid evaluating _PS3 on transitions from D3hot to D3cold (bsc#1051510). - acpica: Clear status of GPEs on first direct enable (bsc#1111666). - af_key: unconditionally clone on broadcast (bsc#1051510). - af_unix: remove redundant lockdep class (git-fixes). - alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - alsa: compress: Do not allow paritial drain operations on capture streams (bsc#1051510). - alsa: compress: Fix regression on compressed capture streams (bsc#1051510). - alsa: compress: Prevent bypasses of set_params (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - alsa: hda - Do not resume forcibly i915 HDMI/DP codec (bsc#1111666). - alsa: hda - Fix intermittent CORB/RIRB stall on Intel chips (bsc#1111666). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda - Optimize resume for codecs without jack detection (bsc#1111666). - alsa: hda/hdmi - Fix i915 reverse port/pin mapping (bsc#1111666). - alsa: hda/hdmi - Remove duplicated define (bsc#1111666). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - alsa: line6: Fix a typo (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - alsa: seq: Break too long mutex context in the write loop (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510). - alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - alsa: usb-audio: Fix parse of UAC2 Extension Units (bsc#1111666). - alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - alsa: usb-audio: fix Line6 Helix audio format rates (bsc#1111666). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - arm64: do not override dma_max_pfn (jsc#SLE-6197 bsc#1140559 LTC#173150). - asoc: : cs4265 : readable register too low (bsc#1051510). - asoc:: cs42xx8: Add regcache mask dirty (bsc#1051510). - asoc:: cx2072x: fix integer overflow on unsigned int multiply (bsc#1111666). - asoc:: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - asoc:: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - asoc:: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ath10k: Do not send probe response template for mesh (bsc#1111666). - ath10k: Fix encoding for protected management frames (bsc#1111666). - ath10k: add missing error handling (bsc#1111666). - ath10k: add peer id check in ath10k_peer_find_by_id (bsc#1111666). - ath10k: destroy sdio workqueue while remove sdio module (bsc#1111666). - ath10k: fix incorrect multicast/broadcast rate setting (bsc#1111666). - ath10k: fix pciE device wake up failed (bsc#1111666). - ath6kl: add some bounds checking (bsc#1051510). - ath9k: Check for errors when reading SREV register (bsc#1111666). - ath9k: correctly handle short radar pulses (bsc#1111666). - ath: DFS JP domain W56 fixed pulse type 3 RADAR detection (bsc#1111666). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: Revert 'bcache: fix high CPU occupancy during journal' (bsc#1140652). - bcache: Revert 'bcache: fix high CPU occupancy during journal' (bsc#1140652). - bcache: Revert 'bcache: free heap cache_set->flush_btree in bch_journal_free' (bsc#1140652). - bcache: Revert 'bcache: free heap cache_set->flush_btree in bch_journal_free' (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652). - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: remove 'XXX:' comment line from run_cache_set() (bsc#1140652). - bcache: remove 'XXX:' comment line from run_cache_set() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - bluetooth: Replace the bluetooth fix with the upstream commit (bsc#1135556) - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnxt_en: Add device IDs 0x1806 and 0x1752 for 57500 devices (bsc#1137224). - bnxt_en: Add support for BCM957504 (bsc#1137224). - bnxt_en: Cap the returned MSIX vectors to the rdma driver (bsc#1134090 jsc#SLE-5954). - bnxt_en: Disable bus master during pci shutdown and driver unload (bsc#1104745). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bnxt_en: Fix statistics context reservation logic for rdma driver (bsc#1104745). - bnxt_en: Suppress error messages when querying DSCP DCB capabilities (bsc#1104745). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bpf, devmap: Add missing RCU read lock on flush (bsc#1109837). - bpf, devmap: Add missing bulk queue free (bsc#1109837). - bpf, devmap: Fix premature entry free on destroying map (bsc#1109837). - bpf, tcp: correctly handle DONT_WAIT flags and timeo == 0 (bsc#1109837). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - bpf: btf: fix the brackets of BTF_INT_OFFSET() (bsc#1083647). - bpf: devmap: fix use-after-free Read in __dev_map_entry_free (bsc#1109837). - bpf: fix callees pruning callers (bsc#1109837). - bpf: fix nested bpf tracepoints with per-cpu data (bsc#1083647). - bpf: lpm_trie: check left child of last leftmost node for NULL (bsc#1109837). - bpf: sockmap fix msg->sg.size account on ingress skb (bsc#1109837). - bpf: sockmap remove duplicate queue free (bsc#1109837). - bpf: sockmap, fix use after free from sleep in psock backlog workqueue (bsc#1109837). - brcmfmac: fix NULL pointer derefence during usb disconnect (bsc#1111666). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1111666). - ceph: factor out ceph_lookup_inode() (bsc#1138681). - ceph: fix NULL pointer deref when debugging is enabled (bsc#1138681). - ceph: fix potential use-after-free in ceph_mdsc_build_path (bsc#1138681). - ceph: flush dirty inodes before proceeding with remount (bsc#1138681). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - ceph: print inode number in __caps_issued_mask debugging messages (bsc#1138681). - ceph: quota: fix quota subdir mounts (bsc#1138681). - ceph: remove duplicated filelock ref increase (bsc#1138681). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510). - clk: rockchip: Turn on 'aclk_dmac1' for suspend on rk3288 (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpu/topology: Export die_id (jsc#SLE-5454). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpufreq: Add Hygon Dhyana support (). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - cxgb4: Enable hash filter with offload (bsc#1136345 jsc#SLE-4681). - cxgb4: use firmware API for validating filter spec (bsc#1136345 jsc#SLE-4681). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - dax: Fix xarray entry association for mixed mappings (bsc#1140893). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dma-buf: Discard old fence_excl on retrying get_fences_rcu for realloc (bsc#1111666). - dma-direct: add support for allocation from ZONE_DMA and ZONE_DMA32 (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-direct: do not retry allocation for no-op GFP_DMA (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-direct: retry allocations using GFP_DMA for small masks (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-mapping: move dma_mark_clean to dma-direct.h (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-mapping: move swiotlb arch helpers to a new header (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-mapping: take dma_pfn_offset into account in dma_max_pfn (jsc#SLE-6197 bsc#1140559 LTC#173150). - dmaengine: Replace WARN_TAINT_ONCE() with pr_warn_once() (jsc#SLE-5442). - dmaengine: at_xdmac: remove BUG_ON macro in tasklet (bsc#1111666). - dmaengine: hsu: Revert 'set HSU_CH_MTSR to memory width' (bsc#1051510). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - dmaengine: ioat: constify pci_device_id (jsc#SLE-5442). - dmaengine: ioat: do not use DMA_ERROR_CODE (jsc#SLE-5442). - dmaengine: ioat: fix prototype of ioat_enumerate_channels (jsc#SLE-5442). - dmaengine: ioatdma: Add Snow Ridge ioatdma device id (jsc#SLE-5442). - dmaengine: ioatdma: Add intr_coalesce sysfs entry (jsc#SLE-5442). - dmaengine: ioatdma: add descriptor pre-fetch support for v3.4 (jsc#SLE-5442). - dmaengine: ioatdma: disable DCA enabling on IOATDMA v3.4 (jsc#SLE-5442). - dmaengine: ioatdma: set the completion address register after channel reset (jsc#SLE-5442). - dmaengine: ioatdma: support latency tolerance report (LTR) for v3.4 (jsc#SLE-5442). - dmaengine: pl330: _stop: clear interrupt status (bsc#1111666). - dmaengine: tegra210-adma: Fix crash during probe (bsc#1111666). - dmaengine: tegra210-adma: restore channel status (bsc#1111666). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - documentation/ABI: Document umwait control sysfs interfaces (jsc#SLE-5187). - documentation: DMA-API: fix a function name of max_mapping_size (bsc#1140954). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base/devres: introduce devm_release_action() (bsc#1103992). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers/dma/ioat: Remove now-redundant smp_read_barrier_depends() (jsc#SLE-5442). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: depend on HAS_IOMEM for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - drivers: fix a typo in the kernel doc for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drivers: provide devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm/amd/display: Fix Divide by 0 in memory calculations (bsc#1111666). - drm/amd/display: Make some functions static (bsc#1111666). - drm/amd/display: Set stream->mode_changed when connectors change (bsc#1111666). - drm/amd/display: Use plane->color_space for dpp if specified (bsc#1111666). - drm/amd/display: fix releasing planes when exiting odm (bsc#1111666). - drm/amd/powerplay: use hardware fan control if no powerplay fan table (bsc#1111666). - drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE (bsc#1051510). - drm/amdgpu/psp: move psp version specific function pointers to early_init (bsc#1111666). - drm/amdgpu: remove ATPX_DGPU_REQ_POWER_FOR_DISPLAYS check when hotplug-in (bsc#1111666). - drm/arm/hdlcd: Actually validate CRTC modes (bsc#1111666). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/arm/mali-dp: Add a loop around the second set CVAL and try 5 times (bsc#1111666). - drm/atmel-hlcdc: revert shift by 8 (bsc#1111666). - drm/edid: abstract override/firmware EDID retrieval (bsc#1111666). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1111666). - drm/fb-helper: generic: Do not take module ref for fbcon (bsc#1111666). - drm/i915/aml: Add new Amber Lake pci ID (jsc#SLE-4986). - drm/i915/cfl: Adding another pci Device ID (jsc#SLE-4986). - drm/i915/cml: Add CML pci IDS (jsc#SLE-4986). - drm/i915/cml: Introduce Comet Lake PCH (jsc#SLE-6681). - drm/i915/dmc: protect against reading random memory (bsc#1051510). - drm/i915/gvt: Initialize intel_gvt_gtt_entry in stack (bsc#1111666). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/icl: Add WaDisableBankHangMode (bsc#1111666). - drm/i915/icl: Adding few more device IDs for Ice Lake (jsc#SLE-4986). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/i915: Add new AML_ULX support list (jsc#SLE-4986). - drm/i915: Add new ICL pci ID (jsc#SLE-4986). - drm/i915: Apply correct ddi translation table for AML device (jsc#SLE-4986). - drm/i915: Attach the pci match data to the device upon creation (jsc#SLE-4986). - drm/i915: Fix uninitialized mask in intel_device_info_subplatform_init (jsc#SLE-4986). - drm/i915: Introduce concept of a sub-platform (jsc#SLE-4986). - drm/i915: Maintain consistent documentation subsection ordering (bsc#1111666). - drm/i915: Mark AML 0x87CA as ULX (jsc#SLE-4986). - drm/i915: Move final cleanup of drm_i915_private to i915_driver_destroy (jsc#SLE-4986). - drm/i915: Remove redundant device id from IS_IRONLAKE_M macro (jsc#SLE-4986). - drm/i915: Split Pineview device info into desktop and mobile (jsc#SLE-4986). - drm/i915: Split some pci ids into separate groups (jsc#SLE-4986). - drm/i915: start moving runtime device info to a separate struct (jsc#SLE-4986). - drm/imx: notify drm core before sending event during crtc disable (bsc#1111666). - drm/imx: only send event on crtc disable if kept disabled (bsc#1111666). - drm/lease: Make sure implicit planes are leased (bsc#1111666). - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1111666). - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1111666). - drm/mediatek: clear num_pipes when unbind driver (bsc#1111666). - drm/mediatek: fix unbind functions (bsc#1111666). - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1111666). - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1111666). - drm/msm: a5xx: fix possible object reference leak (bsc#1111666). - drm/msm: fix fb references in async update (bsc#1111666). - drm/nouveau/bar/nv50: ensure BAR is mapped (bsc#1111666). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510). - drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd when encoders change (bsc#1111666). - drm/nouveau/kms/gv100-: fix spurious window immediate interlocks (bsc#1111666). - drm/omap: dsi: Fix PM for display blank with paired dss_pll calls (bsc#1111666). - drm/panel: otm8009a: Add delay at the end of initialization (bsc#1111666). - drm/pl111: fix possible object reference leak (bsc#1111666). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - drm/sun4i: dsi: Change the start delay calculation (bsc#1111666). - drm/sun4i: dsi: Enforce boundaries on the start delay (bsc#1111666). - drm/udl: Replace drm_dev_unref with drm_dev_put (bsc#1111666). - drm/udl: introduce a macro to convert dev to udl (bsc#1111666). - drm/udl: move to embedding drm device inside udl device (bsc#1111666). - drm/v3d: Handle errors from IRQ setup (bsc#1111666). - drm/vc4: fix fb references in async update (bsc#1141312). - drm/vmwgfx: Honor the sg list segment size limitation (bsc#1111666). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1111666). - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1111666). - drm: Fix drm_release() and device unplug (bsc#1111666). - drm: add fallback override/firmware EDID modes workaround (bsc#1111666). - drm: add non-desktop quirk for Valve HMDs (bsc#1111666). - drm: add non-desktop quirks to Sensics and OSVR headsets (bsc#1111666). - drm: do not block fb changes for async plane updates (bsc#1111666). - drm: etnaviv: avoid DMA API warning when importing buffers (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for GPD MicroPC (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for GPD pocket2 (bsc#1111666). - drm: return -EFAULT if copy_to_user() fails (bsc#1111666). - e1000e: start network tx queue only when link is up (bsc#1051510). - edac, amd64: Add Hygon Dhyana support (). - edac/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - ext4: do not delete unlinked inode from orphan list on failed truncate (bsc#1140891). - failover: allow name change on IFF_UP slave interfaces (bsc#1109837). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - fpga: add intel stratix10 soc fpga manager driver (jsc#SLE-7057). - fpga: stratix10-soc: fix use-after-free on s10_init() (jsc#SLE-7057). - fpga: stratix10-soc: fix wrong of_node_put() in init function (jsc#jsc#SLE-7057). - fs/ocfs2: fix race in ocfs2_dentry_attach_lock() (bsc#1140889). - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bsc#1140887). - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bsc#1140887). - fs: Abort file_remove_privs() for non-reg. files (bsc#1140888). - fs: kill btrfs clear path blocking (bsc#1140139). - fs: Btrfs: fix race between block group removal and block group allocation (bsc#1143003). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: omap: fix lack of irqstatus_raw0 for OMAP4 (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1111666). - hid:: Wacom: switch Dell canvas into highres mode (bsc#1051510). - hid:: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - hid:: wacom: Add ability to provide explicit battery status info (bsc#1051510). - hid:: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - hid:: wacom: Add support for Pro Pen slim (bsc#1051510). - hid:: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - hid:: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - hid:: wacom: Do not set tool type until we're in range (bsc#1051510). - hid:: wacom: Mark expected switch fall-through (bsc#1051510). - hid:: wacom: Move handling of hid: quirks into a dedicated function (bsc#1051510). - hid:: wacom: Move hid: fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - hid:: wacom: Properly handle AES serial number and tool type (bsc#1051510). - hid:: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - hid:: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - hid:: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - hid:: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - hid:: wacom: Support 'in range' for Intuos/Bamboo tablets where possible (bsc#1051510). - hid:: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - hid:: wacom: Work around hid: descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hid:: wacom: convert Wacom custom usages to standard hid: usages (bsc#1051510). - hid:: wacom: correct touch resolution x/y typo (bsc#1051510). - hid:: wacom: fix mistake in printk (bsc#1051510). - hid:: wacom: generic: Correct pad syncing (bsc#1051510). - hid:: wacom: generic: Ignore hid:_DG_BATTERYSTRENTH == 0 (bsc#1051510). - hid:: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - hid:: wacom: generic: Refactor generic battery handling (bsc#1051510). - hid:: wacom: generic: Report AES battery information (bsc#1051510). - hid:: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - hid:: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - hid:: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - hid:: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - hid:: wacom: generic: Support multiple tools per report (bsc#1051510). - hid:: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - hid:: wacom: generic: add the 'Report Valid' usage (bsc#1051510). - hid:: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - hid:: wacom: generic: read hid:_DG_CONTACTMAX from any feature report (bsc#1051510). - hid:: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - hugetlbfs: dirty pages as they are added to pagecache (git fixes (mm/hugetlbfs)). - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (git fixes (mm/hugetlbfs)). - hv/netvsc: Set probe mode to sync (bsc#1142083). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (). - hwmon: (k10temp) Add Hygon Dhyana support (). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (). - hwmon: (k10temp) Add support for family 17h (). - hwmon: (k10temp) Add support for temperature offsets (). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (). - hwmon: (k10temp) Correct model name for Ryzen 1600X (). - hwmon: (k10temp) Display both Tctl and Tdie (). - hwmon: (k10temp) Fix reading critical temperature register (). - hwmon: (k10temp) Make function get_raw_temp static (). - hwmon: (k10temp) Move chip specific code into probe function (). - hwmon: (k10temp) Only apply temperature offset if result is positive (). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (). - hwmon: (k10temp) Use API function to access System Management Network (). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (). - i2c-piix4: Add Hygon Dhyana SMBus support (). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: mlxcpld: Add support for extended transaction length for i2c-mlxcpld (bsc#1112374). - i2c: mlxcpld: Add support for smbus block read transaction (bsc#1112374). - i2c: mlxcpld: Allow configurable adapter id for mlxcpld (bsc#1112374). - i2c: mlxcpld: Fix adapter functionality support callback (bsc#1112374). - i2c: mlxcpld: Fix wrong initialization order in probe (bsc#1112374). - i2c: mux: mlxcpld: simplify code to reach the adapter (bsc#1112374). - i2c: synquacer: fix synquacer_i2c_doxfer() return value (bsc#1111666). - ib/hfi1: Clear the IOWAIT pending bits when QP is put into error state (bsc#1114685). - ib/hfi1: Create inline to get extended headers (bsc#1114685 ). - ib/hfi1: Validate fault injection opcode user input (bsc#1114685 ). - ib/ipoib: Add child to parent list only if device initialized (bsc#1103992). - ib/mlx5: Fixed reporting counters on 2nd port for Dual port RoCE (bsc#1103991). - ib/mlx5: Verify DEVX general object type correctly (bsc#1103991 ). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - idr: fix overflow case for idr_for_each_entry_ul() (bsc#1109837). - input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - input: psmouse - fix build error of multiple definition (bsc#1051510). - input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - iommu-helper: mark iommu_is_span_boundary as inline (jsc#SLE-6197 bsc#1140559 LTC#173150). - iommu/amd: Make iommu_disable safer (bsc#1140955). - iommu/arm-smmu-v3: Fix big-endian CMD_SYNC writes (bsc#1111666). - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bsc#1051510). - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bsc#1051510). - iommu/arm-smmu: Add support for qcom,smmu-v2 variant (bsc#1051510). - iommu/arm-smmu: Avoid constant zero in TLBI writes (bsc#1140956). - iommu/vt-d: Duplicate iommu_resv_region objects per device list (bsc#1140959). - iommu/vt-d: Handle RMRR with pci bridge device scopes (bsc#1140961). - iommu/vt-d: Handle pci bridge RMRR device scopes in intel_iommu_get_resv_regions (bsc#1140960). - iommu/vt-d: Introduce is_downstream_to_pci_bridge helper (bsc#1140962). - iommu/vt-d: Remove unnecessary rcu_read_locks (bsc#1140964). - iommu: Fix a leak in iommu_insert_resv_region (bsc#1140957). - iommu: Use right function to get group for device (bsc#1140958). - iov_iter: Fix build error without CONFIG_CRYPTO (bsc#1111666). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fib: Do not assume only nodes hold a reference on routes (bsc#1138732). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - irqchip/gic-v3-its: fix some definitions of inner cacheability attributes (bsc#1051510). - irqchip/mbigen: Do not clear eventid when freeing an MSI (bsc#1051510). - iw_cxgb4: Fix qpid leak (bsc#1136348 jsc#SLE-4684). - iwlwifi: Correct iwlwifi 22000 series ucode file name (bsc#1142673) - iwlwifi: Fix double-free problems in iwl_req_fw_callback() (bsc#1111666). - iwlwifi: correct one of the pci struct names (bsc#1111666). - iwlwifi: do not WARN when calling iwl_get_shared_mem_conf with RF-Kill (bsc#1111666). - iwlwifi: fix RF-Kill interrupt while FW load for gen2 devices (bsc#1111666). - iwlwifi: fix cfg structs for 22000 with different RF modules (bsc#1111666). - iwlwifi: fix devices with pci Device ID 0x34F0 and 11ac RF modules (bsc#1111666). - iwlwifi: mvm: Drop large non sta frames (bsc#1111666). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1111666). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1111666). - ixgbe: Avoid NULL pointer dereference with VF on non-IPsec hw (bsc#1140228). - kABI fix for hda_codec.relaxed_resume flag (bsc#1111666). - kABI workaround for asus-wmi changes (bsc#1051510). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kABI: Fix lost iommu-helper symbols on arm64 (jsc#SLE-6197 bsc#1140559 LTC#173150). - kABI: mask changes made by basic protected virtualization support (jsc#SLE-6197 bsc#1140559 LTC#173150). - kABI: mask changes made by swiotlb for protected virtualization (jsc#SLE-6197 bsc#1140559 LTC#173150). - kABI: mask changes made by use of DMA memory for adapter interrupts (jsc#SLE-6197 bsc#1140559 LTC#173150). - kabi fixup blk_mq_register_dev() (bsc#1140637). - kabi/severities: Whitelist airq_iv_* (s390-specific) - kabi/severities: Whitelist more s390x internal symbols - kabi/severities: Whitelist s390 internal-only symbols - kabi: Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - kabi: Mask no_vf_scan in struct pci_dev (jsc#SLE-5803 ). - kabi: remove unused hcall definition (bsc#1140322 LTC#176270). - kabi: s390: enum interruption_class (jsc#SLE-5789 bsc#1134730 LTC#173388). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995). - kernel-binary: Use -c grep option in klp project detection. - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm: polling: add architecture backend to disable polling (bsc#1119222). - kvm: s390: change default halt poll time to 50us (bsc#1119222). - kvm: s390: enable CONFIG_HAVE_kvm_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_kvm_NO_POLL for bsc#1119222 - kvm: s390: fix typo in parameter description (bsc#1119222). - kvm: s390: kABI Workaround for 'kvm_vcpu_stat' Add halt_no_poll_steal to kvm_vcpu_stat. Hide it from the kABI checker. - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222). - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: svm/avic: fix off-by-one in checking host APIC ID (bsc#1140971). - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - kvm: x86: Skip EFER vs. guest CPUID checks for host-initiated writes (bsc#1140972). - kvm: x86: fix return value for reserved EFER (bsc#1140992). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - lib/bitmap.c: make bitmap_parselist() thread-safe and much faster (bsc#1143507). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - libnvdimm/region: Register badblocks before namespaces (bsc#1143209). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: allow 4addr AP operation on crypto controlled devices (bsc#1051510). - mac80211: do not start any work during reconfigure flow (bsc#1111666). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: fix rate reporting inside cfg80211_calculate_bitrate_he() (bsc#1111666). - mac80211: free peer keys before vif down in mesh (bsc#1111666). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - mac80211: mesh: fix RCU warning (bsc#1111666). - mac80211: only warn once on chanctx_conf being NULL (bsc#1111666). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - mfd: hi655x: Fix regmap area declared size for hi655x (bsc#1051510). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mips: fix an off-by-one in dma_capable (jsc#SLE-6197 bsc#1140559 LTC#173150). - mlxsw: core: Add API for QSFP module temperature thresholds reading (bsc#1112374). - mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD workqueue (bsc#1112374). - mlxsw: core: Move ethtool module callbacks to a common location (bsc#1112374). - mlxsw: core: Prevent reading unsupported slave address from SFP EEPROM (bsc#1112374). - mlxsw: core: mlxsw: core: avoid -Wint-in-bool-context warning (bsc#1112374). - mlxsw: pci: Reincrease pci reset timeout (bsc#1112374). - mlxsw: reg: Add Management Temperature Bulk Register (bsc#1112374). - mlxsw: spectrum: Move QSFP EEPROM definitions to common location (bsc#1112374). - mlxsw: spectrum: Put MC TCs into DWRR mode (bsc#1112374). - mlxsw: spectrum_dcb: Configure DSCP map as the last rule is removed (bsc#1112374). - mlxsw: spectrum_flower: Fix TOS matching (bsc#1112374). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm/devm_memremap_pages: introduce devm_memunmap_pages (bsc#1103992). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm/page_alloc.c: avoid potential NULL pointer dereference (git fixes (mm/pagealloc)). - mm/page_alloc.c: fix never set ALLOC_NOFRAGMENT flag (git fixes (mm/pagealloc)). - mm/vmscan.c: prevent useless kswapd loops (git fixes (mm/vmscan)). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: complete HS400 before checking status (bsc#1111666). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - mmc: sdhci-pci: Try 'cd' for card-detect lookup before using NULL (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995). - mt7601u: do not schedule rx_tasklet when the device has been disconnected (bsc#1111666). - mt7601u: fix possible memory leak when the device is disconnected (bsc#1111666). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net/af_iucv: build proper skbs for HiperTransport (bsc#1142221 LTC#179332). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142221 LTC#179332). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net/mlx5: Avoid reloading already removed devices (bsc#1103990 ). - net/mlx5: FPGA, tls, hold rcu read lock a bit longer (bsc#1103990). - net/mlx5: FPGA, tls, idr remove on flow delete (bsc#1103990 ). - net/mlx5: Set completion EQs as shared resources (bsc#1103991 ). - net/mlx5: Update pci error handler entries and command translation (bsc#1103991). - net/mlx5e: Fix ethtool rxfh commands when CONFIG_MLX5_EN_RXNFC is disabled (bsc#1103990). - net/mlx5e: Fix the max MTU check in case of XDP (bsc#1103990 ). - net/mlx5e: Fix use-after-free after xdp_return_frame (bsc#1103990). - net/mlx5e: Rx, Check ip headers sanity (bsc#1103990 ). - net/mlx5e: Rx, Fix checksum calculation for new hardware (bsc#1127611). - net/mlx5e: Rx, Fixup skb checksum for packets with tail padding (bsc#1109837). - net/mlx5e: XDP, Fix shifted flag index in RQ bitmap (bsc#1103990 ). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net/sched: cbs: Fix error path of cbs_module_init (bsc#1109837). - net/sched: cbs: fix port_rate miscalculation (bsc#1109837). - net/tls: avoid NULL pointer deref on nskb->sk in fallback (bsc#1109837). - net/tls: avoid potential deadlock in tls_set_device_offload_rx() (bsc#1109837). - net/tls: do not copy negative amounts of data in reencrypt (bsc#1109837). - net/tls: do not ignore netdev notifications if no TLS features (bsc#1109837). - net/tls: do not leak IV and record seq when offload fails (bsc#1109837). - net/tls: do not leak partially sent record in device mode (bsc#1109837). - net/tls: fix build without CONFIG_TLS_DEVICE (bsc#1109837). - net/tls: fix copy to fragments in reencrypt (bsc#1109837). - net/tls: fix page double free on TX cleanup (bsc#1109837). - net/tls: fix refcount adjustment in fallback (bsc#1109837). - net/tls: fix socket wmem accounting on fallback with netem (bsc#1109837). - net/tls: fix state removal with feature flags off (bsc#1109837). - net/tls: fix the IV leaks (bsc#1109837). - net/tls: make sure offload also gets the keys wiped (bsc#1109837). - net/tls: prevent bad memory access in tls_is_sk_tx_device_offloaded() (bsc#1109837). - net/tls: replace the sleeping lock around RX resync with a bit lock (bsc#1109837). - net/udp_gso: Allow TX timestamp with UDP GSO (bsc#1109837). - net: Fix missing meta data in skb with vlan packet (bsc#1109837). - net: avoid weird emergency message (networking-stable-19_05_21). - net: core: support XDP generic on stacked devices (bsc#1109837). - net: do not clear sock->sk early to avoid trouble in strparser (bsc#1103990). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1138879). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1138879). - net: ena: add ethtool function for changing io queue sizes (bsc#1138879). - net: ena: add good checksum counter (bsc#1138879). - net: ena: add handling of llq max tx burst size (bsc#1138879). - net: ena: add newline at the end of pr_err prints (bsc#1138879). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1138879). - net: ena: allow automatic fallback to polling mode (bsc#1138879). - net: ena: allow queue allocation backoff when low on memory (bsc#1138879). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1138879). - net: ena: enable negotiating larger Rx ring size (bsc#1138879). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1138879). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1138879). - net: ena: fix incorrect test of supported hash function (bsc#1138879). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1138879). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1138879). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1138879). - net: ena: gcc 8: fix compilation warning (bsc#1138879). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1138879). - net: ena: make ethtool show correct current and max queue sizes (bsc#1138879). - net: ena: optimise calculations for CQ doorbell (bsc#1138879). - net: ena: remove inline keyword from functions in *.c (bsc#1138879). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1138879). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1138879). - net: ena: use dev_info_once instead of static variable (bsc#1138879). - net: ethernet: ti: cpsw_ethtool: fix ethtool ring param set (bsc#1130836). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - net: hns3: Fix inconsistent indenting (bsc#1140676). - net: hns: Fix WARNING when remove HNS driver with SMMU enabled (bsc#1140676). - net: hns: Fix loopback test failed at copper ports (bsc#1140676). - net: hns: Fix probabilistic memory overwrite when HNS driver initialized (bsc#1140676). - net: hns: Use NAPI_POLL_WEIGHT for hns driver (bsc#1140676). - net: hns: fix ICMP6 neighbor solicitation messages discard problem (bsc#1140676). - net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw() (bsc#1140676). - net: hns: fix unsigned comparison to less than zero (bsc#1140676). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net: phy: marvell10g: report if the PHY fails to boot firmware (bsc#1119113). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net: tls, correctly account for copied bytes with multiple sk_msgs (bsc#1109837). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - new primitive: vmemdup_user() (jsc#SLE-4712 bsc#1136156). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - nfp: bpf: fix static check error through tightening shift amount adjustment (bsc#1109837). - nfp: flower: add rcu locks when accessing netdev for tunnels (bsc#1109837). - nfs: Do not restrict NFSv4.2 on openSUSE (bsc#1138719). - nl80211: fix station_info pertid memory leak (bsc#1051510). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - p54usb: Fix race between disconnect and firmware loading (bsc#1111666). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - pci / PM: Use SMART_SUSPEND and LEAVE_SUSPENDED flags for pcie ports (bsc#1142623). - pci/AER: Use cached AER Capability offset (bsc#1142623). - pci/IOV: Add flag so platforms can skip VF scanning (jsc#SLE-5803). - pci/IOV: Factor out sriov_add_vfs() (jsc#SLE-5803). - pci/P2PDMA: Fix missing check for dma_virt_ops (bsc#1111666). - pci/P2PDMA: fix the gen_pool_add_virt() failure path (bsc#1103992). - pci/portdrv: Add #defines for AER and DPC Interrupt Message Number masks (bsc#1142623). - pci/portdrv: Consolidate comments (bsc#1142623). - pci/portdrv: Disable port driver in compat mode (bsc#1142623). - pci/portdrv: Remove pcie_portdrv_err_handler.slot_reset (bsc#1142623). - pci/portdrv: Support pcie services on subtractive decode bridges (bsc#1142623). - pci/portdrv: Use conventional Device ID table formatting (bsc#1142623). - pci: Always allow probing with driver_override (bsc#1051510). - pci: Correct the buggy backport about AER / DPC pcie stuff (bsc#1142623) - pci: Disable VF decoding before pcibios_sriov_disable() updates resources (jsc#SLE-5803). - pci: Do not poll for PME if the device is in D3cold (bsc#1051510). - pci: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - pci: Return error if cannot probe VF (bsc#1051510). - pci: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - pci: hv: Remove unused reason for refcount handler (bsc#1142701). - pci: hv: support reporting serial number as slot information (bsc#1142701). - pci: portdrv: Restore pci config state on slot reset (bsc#1142623). - pci: fix IOU hotplug behavior (bsc#1141558) - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - perf tools: Add Hygon Dhyana support (). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - pinctrl/amd: add get_direction handler (bsc#1140463). - pinctrl/amd: fix gpio irq level in debugfs (bsc#1140463). - pinctrl/amd: fix masking of GPIO interrupts (bsc#1140463). - pinctrl/amd: make functions amd_gpio_suspend and amd_gpio_resume static (bsc#1140463). - pinctrl/amd: poll InterruptEnable bits in amd_gpio_irq_set_type (bsc#1140463). - pinctrl/amd: poll InterruptEnable bits in enable_irq (bsc#1140463). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/mellanox: Add TmFifo driver for Mellanox BlueField Soc (bsc#1136333 jsc#SLE-4994). - platform/mellanox: Add new ODM system types to mlx-platform (bsc#1112374). - platform/mellanox: mlxreg-hotplug: Add devm_free_irq call to remove flow (bsc#1111666). - platform/x86: ISST: Add IOCTL to Translate Linux logical CPU to PUNIT CPU number (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select PUNIT MSR interface (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select mailbox interface via MSRs (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select mailbox interface via pci (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select mmio interface (jsc#SLE-5364). - platform/x86: ISST: Add common API to register and handle ioctls (jsc#SLE-5364). - platform/x86: ISST: Restore state on resume (jsc#SLE-5364). - platform/x86: ISST: Store per CPU information (jsc#SLE-5364). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_pmc_core: Add ICL platform support (jsc#SLE-5226). - platform/x86: intel_pmc_core: Add Package cstates residency info (jsc#SLE-5226). - platform/x86: intel_pmc_core: Avoid a u32 overflow (jsc#SLE-5226). - platform/x86: intel_pmc_core: Include Reserved IP for LTR (jsc#SLE-5226). - platform/x86: intel_pmc_core: Mark local function static (jsc#SLE-5226). - platform/x86: intel_pmc_core: Quirk to ignore XTAL shutdown (jsc#SLE-5226). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: mlx-platform: Add ASIC hotplug device configuration (bsc#1112374). - platform/x86: mlx-platform: Add LED platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add UID LED for the next generation systems (bsc#1112374). - platform/x86: mlx-platform: Add definitions for new registers (bsc#1112374). - platform/x86: mlx-platform: Add extra CPLD for next generation systems (bsc#1112374). - platform/x86: mlx-platform: Add mlx-wdt platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add mlxreg-fan platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add mlxreg-io platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add support for fan capability registers (bsc#1112374). - platform/x86: mlx-platform: Add support for fan direction register (bsc#1112374). - platform/x86: mlx-platform: Add support for new VMOD0007 board name (bsc#1112374). - platform/x86: mlx-platform: Add support for tachometer speed register (bsc#1112374). - platform/x86: mlx-platform: Allow mlxreg-io driver activation for more systems (bsc#1112374). - platform/x86: mlx-platform: Allow mlxreg-io driver activation for new systems (bsc#1112374). - platform/x86: mlx-platform: Change mlxreg-io configuration for MSN274x systems (bsc#1112374). - platform/x86: mlx-platform: Convert to use SPDX identifier (bsc#1112374). - platform/x86: mlx-platform: Fix LED configuration (bsc#1112374). - platform/x86: mlx-platform: Fix access mode for fan_dir attribute (bsc#1112374). - platform/x86: mlx-platform: Fix copy-paste error in mlxplat_init() (bsc#1112374). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - platform/x86: mlx-platform: Fix tachometer registers (bsc#1112374). - platform/x86: mlx-platform: Remove unused define (bsc#1112374). - platform/x86: mlx-platform: Rename new systems product names (bsc#1112374). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - platform_data/mlxreg: Add capability field to core platform data (bsc#1112374). - platform_data/mlxreg: Document fixes for core platform data (bsc#1112374). - platform_data/mlxreg: additions for Mellanox watchdog driver (bsc#1112374). - pm/core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - pm: ACPI/pci: Resume all devices during hibernation (bsc#1111666). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/papr_scm: Force a scm-unbind if initial scm-bind fails (bsc#1140322 LTC#176270). - powerpc/papr_scm: Update drc_pmem_unbind() to use H_SCM_UNBIND_ALL (bsc#1140322 LTC#176270). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/pseries: Update SCM hcall op-codes in hvcall.h (bsc#1140322 LTC#176270). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - ppc64le: enable CONFIG_PPC_DT_CPU_FTRS (jsc#SLE-7159). - ppc: Convert mmu context allocation to new IDA API (bsc#1139619 LTC#178538). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (git-fixes). - ptrace: restore smp_rmb() in __ptrace_may_access() (git-fixes). - pwm: stm32: Use 3 cells ->of_xlate() (bsc#1111666). - qed: Fix -Wmaybe-uninitialized false positive (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix build error without CONFIG_DEVLINK (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qedi: Use hwfns and affin_hwfn_idx to get MSI-X vector index (jsc#SLE-4693 bsc#1136462). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: Fix out-of-bounds read (bsc#1111666). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - ras/cec: Convert the timer callback to a workqueue (bsc#1114279). - ras/cec: Fix binary search function (bsc#1114279). - rbd: do not assert on writes to snapshots (bsc#1137985 bsc#1138681). - rdma/cxgb4: Do not expose DMA addresses (bsc#1136348 jsc#SLE-4684). - rdma/cxgb4: Use sizeof() notation (bsc#1136348 jsc#SLE-4684). - rdma/ipoib: Allow user space differentiate between valid dev_port (bsc#1103992). - rdma/mlx5: Do not allow the user to write to the clock page (bsc#1103991). - rdma/mlx5: Initialize roce port info before multiport master init (bsc#1103991). - rdma/mlx5: Use rdma_user_map_io for mapping BAR pages (bsc#1103992). - rdma/odp: Fix missed unlock in non-blocking invalidate_start (bsc#1103992). - rdma/srp: Accept again source addresses that do not have a port number (bsc#1103992). - rdma/srp: Document srp_parse_in() arguments (bsc#1103992 ). - rdma/uverbs: check for allocation failure in uapi_add_elm() (bsc#1103992). - rds: ib: fix 'passing zero to ERR_PTR()' warning (git-fixes). - regulator: s2mps11: Fix buck7 and buck8 wrong voltages (bsc#1051510). - rpm/package-descriptions: fix typo in kernel-azure - rpm/post.sh: correct typo in err msg (bsc#1137625) - rtlwifi: rtl8192cu: fix error handle when usb probe failed (bsc#1111666). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - s390/airq: provide cacheline aligned ivs (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/airq: recognize directed interrupts (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/airq: use DMA memory for adapter interrupts (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cio: add basic protected virtualization support (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cio: introduce DMA pools to cio (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cpu_mf: add store cpu counter multiple instruction support (jsc#SLE-6904). - s390/cpu_mf: move struct cpu_cf_events and per-CPU variable to header file (jsc#SLE-6904). - s390/cpu_mf: replace stcctm5() with the stcctm() function (jsc#SLE-6904). - s390/cpum_cf: Add minimal in-kernel interface for counter measurements (jsc#SLE-6904). - s390/cpum_cf: Add support for CPU-MF SVN 6 (jsc#SLE-6904 ). - s390/cpum_cf: add ctr_stcctm() function (jsc#SLE-6904 ). - s390/cpum_cf: introduce kernel_cpumcf_alert() to obtain measurement alerts (jsc#SLE-6904). - s390/cpum_cf: introduce kernel_cpumcf_avail() function (jsc#SLE-6904). - s390/cpum_cf: move counter set controls to a new header file (jsc#SLE-6904). - s390/cpum_cf: prepare for in-kernel counter measurements (jsc#SLE-6904). - s390/cpum_cf: rename per-CPU counter facility structure and variables (jsc#SLE-6904). - s390/cpum_cf_diag: Add support for CPU-MF SVN 6 (jsc#SLE-6904 ). - s390/cpum_cf_diag: Add support for s390 counter facility diagnostic trace (jsc#SLE-6904). - s390/cpumf: Add extended counter set definitions for model 8561 and 8562 (bsc#1142052 LTC#179320). - s390/cpumf: Fix warning from check_processor_id (jsc#SLE-6904 ). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/dma: provide proper ARCH_ZONE_DMA_BITS value (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/ism: move oddities of device IO to wrapper function (jsc#SLE-5802 bsc#1134738 LTC#173387). - s390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589). - s390/mm: force swiotlb for protected virtualization (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/pci: add parameter to disable usage of MIO instructions (jsc#SLE-5802 bsc#1134738 LTC#173387). - s390/pci: add parameter to force floating irqs (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/pci: clarify interrupt vector usage (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/pci: fix assignment of bus resources (jsc#SLE-5802 bsc#1134738 LTC#173387). - s390/pci: fix struct definition for set pci function (jsc#SLE-5802 bsc#1134738 LTC#173387). - s390/pci: gather statistics for floating vs directed irqs (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/pci: improve bar check (jsc#SLE-5803). - s390/pci: map IOV resources (jsc#SLE-5803). - s390/pci: mark command line parser data __initdata (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/pci: move everything irq related to pci_irq.c (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/pci: move io address mapping code to pci_insn.c (jsc#SLE-5802 bsc#1134738 LTC#173387). - s390/pci: provide support for CPU directed interrupts (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/pci: provide support for MIO instructions (jsc#SLE-5802 bsc#1134738 LTC#173387). - s390/pci: remove stale rc (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/pci: remove unused define (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/pci: skip VF scanning (jsc#SLE-5803). - s390/protvirt: add memory sharing for diag 308 set/store (jsc#SLE-5759 bsc#1135153 LTC#173151). - s390/protvirt: block kernel command line alteration (jsc#SLE-5759 bsc#1135153 LTC#173151). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142119 LTC#179331). - s390/qeth: be drop monitor friendly (bsc#1142115 LTC#179337). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/sclp: detect DIRQ facility (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/setup: fix early warning messages (bsc#1051510). - s390/uv: introduce guest side ultravisor code (jsc#SLE-5759 bsc#1135153 LTC#173151). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - s390/vtime: steal time exponential moving average (bsc#1119222). - s390/zcrypt: Fix wrong dispatching for control domain CPRBs (bsc#1137811 LTC#178088). - s390: add alignment hints to vector load and store (jsc#SLE-6907 LTC#175887). - s390: enable processes for mio instructions (jsc#SLE-5802 bsc#1134738 LTC#173387). - s390: remove the unused dma_capable helper (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390: report new CPU capabilities (jsc#SLE-6907 LTC#175887). - s390: revert s390-setup-fix-early-warning-messages (bsc#1140948). - s390: show statistics for MSI IRQs (jsc#SLE-5789 bsc#1134730 LTC#173388). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366). - scripts/git_sort/git_sort.py: Add mmots tree. - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scripts/git_sort/git_sort.py: drop old scsi branches - scsi/fc: kABI fixes for new ELS_FPIN definition (bsc#1136217,jsc#SLE-4722). - scsi: aacraid: Mark expected switch fall-through (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: Mark expected switch fall-throughs (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: change event_wait to a completion (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: change wait_sem to a completion (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: clean up some indentation and formatting issues (jsc#SLE-4710 bsc#1136161). - scsi: be2iscsi: be_iscsi: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: be_main: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: fix spelling mistake 'Retreiving' -> 'Retrieving' (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: lpfc: fix typo (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: remove unused variable dmsg (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: switch to generic DMA API (jsc#SLE-4721 bsc#1136264). - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: csiostor: Remove set but not used variable 'pln' (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: csio_wr: mark expected switch fall-through (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: drop serial_number usage (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix calls to dma_set_mask_and_coherent() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix incorrect dma device in case of vport (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix missing data copy in csio_scsi_err_handler() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: no need to check return value of debugfs_create functions (jsc#SLE-4679 bsc#1136343). - scsi: cxgb4i: add wait_for_completion() (jsc#SLE-4678 bsc#1136342). - scsi: cxgbi: KABI: fix handle completion etc (jsc#SLE-4678 bsc#1136342). - scsi: cxgbi: remove redundant __kfree_skb call on skb and free cst->atid (jsc#SLE-4678 bsc#1136342). - scsi: fc: add FPIN ELS definition (bsc#1136217,jsc#SLE-4722). - scsi: hpsa: Use vmemdup_user to replace the open code (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: bump driver version (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: check for lv removal (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: clean up two indentation issues (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct device id issues (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct device resets (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct ioaccel2 chaining (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct simple mode (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: fix an uninitialized read and dereference of pointer dev (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: mark expected switch fall-throughs (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: remove timeout from TURs (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: switch to generic DMA API (jsc#SLE-4712 bsc#1136156). - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - scsi: lpfc: Add loopback testing to trunking mode (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Annotate switch/case fall-through (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Cancel queued work for an IO when processing a received ABTS (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Change smp_processor_id() into raw_smp_processor_id() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Convert bootstrap mbx polling from msleep to udelay (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Coordinate adapter error handling with offline handling (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct __lpfc_sli_issue_iocb_s4 lockdep check (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct boot bios information to FDMI registration (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct localport timeout duration error (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct nvmet buffer free race condition (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Declare local functions static (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Enhance 6072 log string (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix BFS crash with DIX enabled (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix FDMI fc4type for nvme support (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix FDMI manufacturer attribute value (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix HDMI2 registration string for symbolic name (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix PT2PT PLOGI collison stopping discovery (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix a recently introduced compiler warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix alloc context on oas lun creations (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix build error (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix deadlock due to nested hbalock call (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix driver crash in target reset handler (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix duplicate log message numbers (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix error code if kcalloc() fails (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix error codes in lpfc_sli4_pci_mem_setup() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix fc4type information for FDMI (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix fcp_rsp_len checking on lun reset (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix handling of trunk links state reporting (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix hardlockup in scsi_cmd_iocb_cmpl (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix incorrect logical link speed on trunks when links down (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix indentation and balance braces (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix io lost on host resets (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix kernel warnings related to smp_processor_id() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix link speed reporting for 4-link trunk (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix location of SCSI ktime counters (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix lpfc_nvmet_mrq attribute handling when 0 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix mailbox hang on adapter init (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix memory leak in abnormal exit path from lpfc_eq_create (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix missing wakeups on abort threads (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet async receive buffer replenishment (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet handling of first burst cmd (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet handling of received ABTS for unmapped frames (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet target abort cmd matching (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix oops when driver is loaded with 1 interrupt vector (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix poor use of hardware queues if fewer irq vectors (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix protocol support on G6 and G7 adapters (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix use-after-free mailbox cmd completion (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fixup eq_clr_intr references (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Make lpfc_sli4_oas_verify static (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Move trunk_errmsg[] from a header file into a .c file (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Prevent 'use after free' memory overwrite in nvmet LS handling (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Reduce memory footprint for lpfc_queue (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove set but not used variable 'phys_id' (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove set-but-not-used variables (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove unused functions (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Resolve inconsistent check of hdwq in lpfc_scsi_cmd_iocb_cmpl (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Resolve irq-unsafe lockdep heirarchy warning in lpfc_io_free (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Revert message logging on unsupported topology (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Revise message when stuck due to unresponsive adapter (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Rework misleading nvme not supported in firmware message (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Separate CQ processing for nvmet_fc upcalls (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Specify node affinity for queue memory allocation (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Stop adapter if pci errors detected (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update Copyright in driver version (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update lpfc version to 12.2.0.1 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update lpfc version to 12.2.0.3 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: add support for posting FC events on FPIN reception (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: avoid uninitialized variable warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix 32-bit format string warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix a handful of indentation issues (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix calls to dma_set_mask_and_coherent() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix unused variable warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: resolve static checker warning in lpfc_sli4_hba_unset (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: use dma_set_mask_and_coherent (bsc#1136217,jsc#SLE-4722). - scsi: megaraid_sas: Add support for DEVICE_LIST DCMD in driver (bsc#1136271). - scsi: megaraid_sas: Retry reads of outbound_intr_status reg (bsc#1136271). - scsi: megaraid_sas: Rework code to get PD and LD list (bsc#1136271). - scsi: megaraid_sas: Rework device add code in AEN path (bsc#1136271). - scsi: megaraid_sas: Update structures for HOST_DEVICE_LIST DCMD (bsc#1136271). - scsi: megaraid_sas: correct an info message (bsc#1136271). - scsi: megaraid_sas: driver version update (bsc#1136271). - scsi: mpt3sas: Add Atomic RequestDescriptor support on Aero (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add flag high_iops_queues (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add missing breaks in switch statements (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add support for ATLAS pcie switch (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add support for NVMe Switch Adapter (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Affinity high iops queues IRQs to local node (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Enable interrupt coalescing on high iops (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Fix kernel panic during expander reset (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Fix typo in request_desript_type (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Improve the threshold value and introduce module param (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Introduce perf_mode module parameter (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Irq poll to avoid CPU hard lockups (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Load balance to improve performance and avoid soft lockups (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Rename mpi endpoint device ID macro (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update driver version to 27.102.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update driver version to 29.100.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update mpt3sas driver version to 28.100.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Use high iops queues under some circumstances (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: change _base_get_msix_index prototype (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: fix indentation issue (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: function pointers of request descriptor (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: save and use MSI-X index for posting RD (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: simplify interrupt handler (bsc#1125703,jsc#SLE-4717). - scsi: qedf: Add LBA to underrun debug messages (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add a flag to help debugging io_req which could not be cleaned (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add additional checks for io_req->sc_cmd validity (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add comment to display logging levels (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add driver state to 'driver_stats' debugfs node (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add missing return in qedf_scsi_done() (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add port_id for fcport into initiate_cleanup debug message (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add return value to log message if scsi_add_host fails (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Change MSI-X load error message (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check for fcoe_libfc_config failure (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check for tm_flags instead of cmd_type during cleanup (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check the return value of start_xmit (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Cleanup rrq_work after QEDF_CMD_OUTSTANDING is cleared (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Correctly handle refcounting of rdata (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Do not queue anything if upload is in progress (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Do not send ABTS for under run scenario (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Fix lport may be used uninitialized warning (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Log message if scsi_add_host fails (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Modify flush routine to handle all I/Os and TMF (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Print fcport information on wait for upload timeout (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Print scsi_cmd backpointer in good completion path if the command is still being used (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Remove set but not used variable 'fr_len' (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Update the driver version to 8.37.25.19 (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Wait for upload and link down processing during soft ctx reset (bsc#1136467 jsc#SLE-4694). - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1136467 jsc#SLE-4694). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (bsc#1136467 jsc#SLE-4694). - scsi: qedf: remove set but not used variables (bsc#1136467 jsc#SLE-4694). - scsi: qedi: Add packet filter in light L2 Rx path (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Check for session online before getting iSCSI TLV data (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Cleanup redundant QEDI_PAGE_SIZE macro definition (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Fix spelling mistake 'OUSTANDING' -> 'OUTSTANDING' (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Move LL2 producer index processing in BH (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Replace PAGE_SIZE with QEDI_PAGE_SIZE (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Update driver version to 8.33.0.21 (jsc#SLE-4693 bsc#1136462). - scsi: qedi: add module param to set ping packet size (jsc#SLE-4693 bsc#1136462). - scsi: qedi: remove set but not used variables 'cdev' and 'udev' (jsc#SLE-4693 bsc#1136462). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: qla2xxx: do not crash on uninitialized pool list (boo#1138874). - scsi: fix multipath hang (bsc#1119532). - scsi: scsi_transport_fc: Add FPIN fc event codes (bsc#1136217,jsc#SLE-4722). - scsi: scsi_transport_fc: refactor event posting routines (bsc#1136217,jsc#SLE-4722). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - signal/ptrace: Do not leak unitialized kernel memory with PTRACE_PEEK_SIGINFO (git-fixes). - smb3: Fix endian warning (bsc#1137884). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - staging:iio:ad7150: fix threshold mode config bit (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - supported.conf: added mlxbf_tmfifo (bsc#1136333 jsc#SLE-4994) - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - tcp: be more careful in tcp_fragment() (bsc#1139751). - tcp: fix tcp_set_congestion_control() use from bpf hook (bsc#1109837). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - team: Always enable vlan tx offload (bsc#1051510). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (). - tools/power/x86: A tool to validate Intel Speed Select commands (jsc#SLE-5364). - tools: bpftool: Fix json dump crash on powerpc (bsc#1109837). - tools: bpftool: fix infinite loop in map create (bsc#1109837). - tools: bpftool: use correct argument in cgroup errors (bsc#1109837). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - tty: max310x: Fix external crystal register setup (bsc#1051510). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - typec: tcpm: fix compiler warning about stupid things (git-fixes). - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - usb: serial: fix initial-termios handling (bsc#1135642). - usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - usb: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - usbnet: ipheth: fix racing condition (bsc#1051510). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio/s390: DMA support for virtio-ccw (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: add indirection to indicators access (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: make airq summary indicators DMA (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use DMA memory for ccw I/O and classic notifiers (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use cacheline aligned airq bit vectors (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use vring_create_virtqueue (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - vmci: Fix integer overflow in VMCI handle arrays (bsc#1051510). - vrf: sit mtu should not be updated when vrf netdev is the link (networking-stable-19_05_14). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - wil6210: drop old event after wmi_call timeout (bsc#1111666). - wil6210: fix potential out-of-bounds read (bsc#1051510). - wil6210: fix spurious interrupts in 3-msi (bsc#1111666). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/CPU: Add Icelake model number (jsc#SLE-5226). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Add support for Raven Ridge CPUs (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions. - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/cpufeatures: Enumerate user wait instructions (jsc#SLE-5187). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/kvm: Add Hygon Dhyana support to kvm (). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). This feature was requested for SLE15 but aws reverted in packaging and master. - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to pci and northbridge (). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/umip: Make the UMIP activated message generic (bsc#1138336). - x86/umip: Print UMIP line only once (bsc#1138336). - x86/umwait: Add sysfs interface to control umwait C0.2 state (jsc#SLE-5187). - x86/umwait: Add sysfs interface to control umwait maximum time (jsc#SLE-5187). - x86/umwait: Initialize umwait control values (jsc#SLE-5187). - x86/xen: Add Hygon Dhyana support to Xen (). - xdp: check device pointer before clearing (bsc#1109837). - xdp: fix possible cq entry leak (bsc#1109837). - xdp: fix race on generic receive path (bsc#1109837). - xdp: hold device for umem regardless of zero-copy mode (bsc#1109837). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xfs: do not overflow xattr listent buffer (bsc#1143105). - xprtrdma: Fix use-after-free in rpcrdma_post_recvs (bsc#1103992 ). - xsk: Properly terminate assignment in xskq_produce_flush_desc (bsc#1109837). ----------------------------------------- Patch: SUSE-2019-2077 Released: Wed Aug 7 10:54:05 2019 Summary: Recommended update for wireless-regdb Severity: moderate References: 1138177 Description: This update for wireless-regdb fixes the following issues: - Update to version 2019.06.03 (bsc#1138177): * Expand 60 GHz band for Japan to 57-66 GHz * update source of information for CU * Update regulatory rules for South Korea * Update regulatory rules for Japan (JP) on 5GHz * update source of information for ES ----------------------------------------- Patch: SUSE-2019-2087 Released: Wed Aug 7 18:16:48 2019 Summary: Security update for tcpdump Severity: moderate References: 1068716,1142439,CVE-2017-16808,CVE-2019-1010220 Description: This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2019-1010220: Fixed a buffer over-read in print_prefix() which may expose data (bsc#1142439). - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print() and lookup_emem() (bsc#1068716). ----------------------------------------- Patch: SUSE-2019-2092 Released: Thu Aug 8 13:26:58 2019 Summary: Security update for squid Severity: moderate References: 1140738,CVE-2019-13345 Description: This update for squid fixes the following issues: Security issue fixed: - CVE-2019-13345: Fixed a cross site scripting vulnerability via user_name or auth parameter in cachemgr.cgi (bsc#1140738). ----------------------------------------- Patch: SUSE-2019-2094 Released: Fri Aug 9 06:56:18 2019 Summary: Recommended update for glm Severity: moderate References: 1135667 Description: This update for glm fixes the following issues: - Create a glm.pc file (fixes bsc#1135667) ----------------------------------------- Patch: SUSE-2019-2095 Released: Fri Aug 9 06:56:48 2019 Summary: Recommended update for container-suseconnect Severity: moderate References: 1138731 Description: This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.1.0 (bsc#1138731), fixing interacting with SCC behind proxy and SMT. ----------------------------------------- Patch: SUSE-2019-2096 Released: Fri Aug 9 06:57:23 2019 Summary: Recommended update for docker-img-store-setup Severity: moderate References: 1138201 Description: This update for docker-img-store-setup fixes the following issues: - Support creation of the container storage filesystem with XFS to use the overlay fs driver. (bsc#1138201) ----------------------------------------- Patch: SUSE-2019-2097 Released: Fri Aug 9 09:31:17 2019 Summary: Recommended update for libgcrypt Severity: important References: 1097073 Description: This update for libgcrypt fixes the following issues: - Fixed a regression where system were unable to boot in fips mode, caused by an incomplete implementation of previous change (bsc#1097073). ----------------------------------------- Patch: SUSE-2019-2103 Released: Fri Aug 9 13:16:36 2019 Summary: Security update for wireshark Severity: moderate References: 1141980,CVE-2019-13619 Description: This update for wireshark to version 2.4.16 fixes the following issues: Security issue fixed: - CVE-2019-13619: ASN.1 BER and related dissectors crash (bsc#1141980). ----------------------------------------- Patch: SUSE-2019-2109 Released: Mon Aug 12 07:09:45 2019 Summary: Recommended update for nmap Severity: moderate References: 1143277 Description: This update for nmap fixes the following issues: - Fixed an infinite loop in tls-alpn when server is forcing a protocol (bsc#1143277) ----------------------------------------- Patch: SUSE-2019-2114 Released: Mon Aug 12 11:56:44 2019 Summary: Security update for python Severity: moderate References: 1141853,CVE-2018-20852 Description: This update for python fixes the following issues: - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). ----------------------------------------- Patch: SUSE-2019-2116 Released: Tue Aug 13 07:43:01 2019 Summary: Recommended update for aide Severity: moderate References: 1098360 Description: This update for aide fixes the following issues: - Remove not available gcrypt algorithm 7 DB_HAVAL (bsc#1098360). ----------------------------------------- Patch: SUSE-2019-2117 Released: Tue Aug 13 14:56:55 2019 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Severity: important References: 1100331,1121967,1138920,1139649,1142160,1142413,1143409,CVE-2018-10892,CVE-2019-13509,CVE-2019-14271,CVE-2019-5736 Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Docker: - CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409). - CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160). - Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413, bsc#1139649). runc: - Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920). - Update to runc 425e105d5a03, which is required by Docker (bsc#1139649). containerd: - CVE-2019-5736: Fixed a container breakout vulnerability (bsc#1121967). - Update to containerd v1.2.6, which is required by docker (bsc#1139649). golang-github-docker-libnetwork: - Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413, bsc#1139649). ----------------------------------------- Patch: SUSE-2019-2121 Released: Wed Aug 14 11:17:51 2019 Summary: Optional update for susemanager-cloud-setup Severity: moderate References: 1138254 Description: This is the initial release of the susemanager-cloud-setup packages (bsc#1138254, fate#327820) ----------------------------------------- Patch: SUSE-2019-2122 Released: Wed Aug 14 11:17:59 2019 Summary: Recommended update for lifecycle-data-sle-module-live-patching Severity: moderate References: 1020320 Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: - Added data for 4_12_14-150_14, 4_12_14-150_17, 4_12_14-150_22, 4_12_14-195, 4_12_14-197_4, 4_12_14-197_7, 4_12_14-25_28. (bsc#1020320) ----------------------------------------- Patch: SUSE-2019-2133 Released: Wed Aug 14 11:46:16 2019 Summary: Recommended update for python3-ec2imgutils Severity: moderate References: 1144357,1144358 Description: This update for python3-ec2imgutils fixes the following issues: - Fixes an issue with a name collision when creating a security group with a generated name (bsc#1144357, bsc#1144358) ----------------------------------------- Patch: SUSE-2019-2134 Released: Wed Aug 14 11:54:56 2019 Summary: Recommended update for zlib Severity: moderate References: 1136717,1137624,1141059,SLE-5807 Description: This update for zlib fixes the following issues: - Update the s390 patchset. (bsc#1137624) - Tweak zlib-power8 to have type of crc32_vpmsum conform to usage. (bsc#1141059) - Use FAT LTO objects in order to provide proper static library. - Do not enable the previous patchset on s390 but just s390x. (bsc#1137624) - Add patchset for s390 improvements. (jsc#SLE-5807, bsc#1136717) ----------------------------------------- Patch: SUSE-2019-2139 Released: Wed Aug 14 12:53:22 2019 Summary: Recommended update for google-compute-engine Severity: moderate References: 1144092,1144170 Description: This update for google-compute-engine fixes the following issues: - updated to version 20190801 (bsc#1144092, bsc#1144170) * Fix for 2FA on RHEL 8 * Support for Debian 10 * Support for Google Private Access over IPv6 * Support root disk expansion in RHEL 8 and Debian 10 Some more minor bug fixes were included in this maintenance update. The full list can be retrieved from this rpm's changelog file. ----------------------------------------- Patch: SUSE-2019-2141 Released: Wed Aug 14 14:45:18 2019 Summary: Recommended update for cloud-regionsrv-client Severity: moderate References: 1136112,1136113,1137384,1137385 Description: This update for cloud-regionsrv-client fixes the following issues: - If the credentials are not valid, an error is issued and the user is instructed to re-register the system - Fixes a bug where the registration client aborted with a traceback when the instance data cannot be retrieved (bsc#1137384, bsc#1137385) This maintenance update for cloud-regionsrv-client includes some more smaller bug fixes as well. Please refer to this rpm's changelog file to receive a full list of all changes. ----------------------------------------- Patch: SUSE-2019-2142 Released: Wed Aug 14 18:14:04 2019 Summary: Recommended update for mozilla-nspr, mozilla-nss Severity: moderate References: 1141322 Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.45 (bsc#1141322) : * New function in pk11pub.h: PK11_FindRawCertsWithSubject * The following CA certificates were Removed: CN = Certinomis - Root CA (bmo#1552374) * Implement Delegated Credentials (draft-ietf-tls-subcerts) (bmo#1540403) This adds a new experimental function SSL_DelegateCredential Note: In 3.45, selfserv does not yet support delegated credentials (See bmo#1548360). Note: In 3.45 the SSLChannelInfo is left unmodified, while an upcoming change in 3.46 will set SSLChannelInfo.authKeyBits to that of the delegated credential for better policy enforcement (See bmo#1563078). * Replace ARM32 Curve25519 implementation with one from fiat-crypto (bmo#1550579) * Expose a function PK11_FindRawCertsWithSubject for finding certificates with a given subject on a given slot (bmo#1552262) * Add IPSEC IKE support to softoken (bmo#1546229) * Add support for the Elbrus lcc compiler (<=1.23) (bmo#1554616) * Expose an external clock for SSL (bmo#1543874) This adds new experimental functions: SSL_SetTimeFunc, SSL_CreateAntiReplayContext, SSL_SetAntiReplayContext, and SSL_ReleaseAntiReplayContext. The experimental function SSL_InitAntiReplay is removed. * Various changes in response to the ongoing FIPS review (bmo#1546477) Note: The source package size has increased substantially due to the new FIPS test vectors. This will likely prompt follow-on work, but please accept our apologies in the meantime. mozilla-nspr was updated to version 4.21 * Changed prbit.h to use builtin function on aarch64. * Removed Gonk/B2G references. ----------------------------------------- Patch: SUSE-2019-2145 Released: Thu Aug 15 07:33:19 2019 Summary: Recommended update for python3-susepubliccloudinfo Severity: moderate References: 1144100,1144102 Description: This update for python3-susepubliccloudinfo fixes the following issues: - Added support for 'oracle' framework for images only (bsc#1144100, bsc#1144102) ----------------------------------------- Patch: SUSE-2019-2188 Released: Wed Aug 21 10:10:29 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1140647 Description: This update for aaa_base fixes the following issues: - Make systemd detection cgroup oblivious. (bsc#1140647) ----------------------------------------- Patch: SUSE-2019-2189 Released: Wed Aug 21 10:12:23 2019 Summary: Recommended update for sysstat Severity: moderate References: 1142470 Description: This update for sysstat fixes the following issues: - Remove deprecated gettext and require gettext-runtime during build only. (bsc#1142470) ----------------------------------------- Patch: SUSE-2019-2191 Released: Wed Aug 21 17:59:24 2019 Summary: Security update for wavpack Severity: low References: 1133384,1141334,CVE-2019-1010319,CVE-2019-11498 Description: This update for wavpack fixes the following issues: Security issues fixed: - CVE-2019-1010319: Fixed use of uninitialized variable in ParseWave64HeaderConfig that can result in unexpected control flow, crashes, and segfaults (bsc#1141334). - CVE-2019-11498: Fixed possible denial of service (application crash) in WavpackSetConfiguration64 via a DFF file that lacks valid sample-rate data (bsc#1133384). ----------------------------------------- Patch: SUSE-2019-2198 Released: Thu Aug 22 14:35:15 2019 Summary: Recommended update for cloud-regionsrv-client Severity: important References: 1144754,1146321,1146462,1146463,1146467,1146468,1146610 Description: This update for cloud-regionsrv-client fixes the following issues: - Adds a dependency to python3-urllib3 (bsc#1146610, bsc#1146321, bsc#1144754) - Fixes an issue where the registration client exited with a traceback since the last update (bsc#1146462, bsc#1146463) - Clear the new-registration marker if the instance has a cache of update servers (bsc#1146467, bsc#1146468) ----------------------------------------- Patch: SUSE-2019-2200 Released: Thu Aug 22 14:36:04 2019 Summary: Recommended update for quota Severity: low References: 1144265 Description: This update for quota fixes the following issues: - quota will stop processing the config file in case of errors (bsc#1144265) ----------------------------------------- Patch: SUSE-2019-2218 Released: Mon Aug 26 11:29:57 2019 Summary: Recommended update for pinentry Severity: moderate References: 1141883 Description: This update for pinentry fixes the following issues: - Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883) ----------------------------------------- Patch: SUSE-2019-2223 Released: Tue Aug 27 15:42:56 2019 Summary: Security update for podman, slirp4netns and libcontainers-common Severity: moderate References: 1096726,1123156,1123387,1135460,1136974,1137860,1143386,CVE-2018-15664,CVE-2019-10152,CVE-2019-6778 Description: This is a version update for podman to version 1.4.4 (bsc#1143386). Additional changes by SUSE on top: - Remove fuse-overlayfs because it's (currently) an unsatisfied dependency on SLE (bsc#1143386) - Update libpod.conf to use correct infra_command - Update libpod.conf to use better versioned pause container - Update libpod.conf to use official kubic pause container - Update libpod.conf to match latest features set: detach_keys, lock_type, runtime_supports_json - Add podman-remote varlink client Version update podman to v1.4.4: - Features - Podman now has greatly improved support for containers using multiple OCI runtimes. Containers now remember if they were created with a different runtime using --runtime and will always use that runtime - The cached and delegated options for volume mounts are now allowed for Docker compatability (#3340) - The podman diff command now supports the --latest flag - Bugfixes - Fixed a bug where rootless Podman would attempt to use the entire root configuration if no rootless configuration was present for the user, breaking rootless Podman for new installations - Fixed a bug where rootless Podman's pause process would block SIGTERM, preventing graceful system shutdown and hanging until the system's init send SIGKILL - Fixed a bug where running Podman as root with sudo -E would not work after running rootless Podman at least once - Fixed a bug where options for tmpfs volumes added with the --tmpfs flag were being ignored - Fixed a bug where images with no layers could not properly be displayed and removed by Podman - Fixed a bug where locks were not properly freed on failure to create a container or pod - Fixed a bug where podman cp on a single file would create a directory at the target and place the file in it (#3384) - Fixed a bug where podman inspect --format '{{.Mounts}}' would print a hexadecimal address instead of a container's mounts - Fixed a bug where rootless Podman would not add an entry to container's /etc/hosts files for their own hostname (#3405) - Fixed a bug where podman ps --sync would segfault (#3411) - Fixed a bug where podman generate kube would produce an invalid ports configuration (#3408) - Misc - Updated containers/storage to v1.12.13 - Podman now performs much better on systems with heavy I/O load - The --cgroup-manager flag to podman now shows the correct default setting in help if the default was overridden by libpod.conf - For backwards compatability, setting --log-driver=json-file in podman run is now supported as an alias for --log-driver=k8s-file. This is considered deprecated, and json-file will be moved to a new implementation in the future ([#3363](https://github.com/containers/libpo\ d/issues/3363)) - Podman's default libpod.conf file now allows the crun OCI runtime to be used if it is installed Update podman to v1.4.2: - Fixed a bug where Podman could not run containers using an older version of Systemd as init - Updated vendored Buildah to v1.9.0 to resolve a critical bug with Dockerfile RUN instructions - The error message for running podman kill on containers that are not running has been improved - Podman remote client can now log to a file if syslog is not available - The podman exec command now sets its error code differently based on whether the container does not exist, and the command in the container does not exist - The podman inspect command on containers now outputs Mounts JSON that matches that of docker inspect, only including user-specified volumes and differentiating bind mounts and named volumes - The podman inspect command now reports the path to a container's OCI spec with the OCIConfigPath key (only included when the container is initialized or running) - The podman run --mount command now supports the bind-nonrecursive option for bind mounts - Fixed a bug where podman play kube would fail to create containers due to an unspecified log driver - Fixed a bug where Podman would fail to build with musl libc - Fixed a bug where rootless Podman using slirp4netns networking in an environment with no nameservers on the host other than localhost would result in nonfunctional networking - Fixed a bug where podman import would not properly set environment variables, discarding their values and retaining only keys - Fixed a bug where Podman would fail to run when built with Apparmor support but run on systems without the Apparmor kernel module loaded - Remote Podman will now default the username it uses to log in to remote systems to the username of the current user - Podman now uses JSON logging with OCI runtimes that support it, allowing for better error reporting - Updated vendored containers/image to v2.0 - Update conmon to v0.3.0 - Support OOM Monitor under cgroup V2 - Add config binary and make target for configuring conmon with a go library for importing values Updated podman to version 1.4.0 (bsc#1137860) and (bsc#1135460) - Podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems. - The podman cp now supports pause flag. - The remote client now supports a configuration file for pre-configuring connections to remote Podman installations - CVE-2019-10152: Fixed an iproper dereference of symlinks of the the podman cp command which introduced in version 1.1.0 (bsc#1136974). - Fixed a bug where podman commit could improperly set environment variables that contained = characters - Fixed a bug where rootless podman would sometimes fail to start containers with forwarded ports - Fixed a bug where podman version on the remote client could segfault - Fixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed - Fixed a bug where filtering images by label did not work - Fixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start - Fixed a bug where podman generate kube did not work with containers with named volumes - Fixed a bug where rootless podman would receive permission denied errors accessing conmon.pid - Fixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it - Fixed a bug where rootless Podman commands could double-unlock a lock, causing a crash - Fixed a bug where podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime - Fixed a bug where podman exec would fail on older kernels - Podman commit command is now usable with the Podman remote client - Signature-policy flag has been deprecated - Updated vendored containers/storage and containers/image libraries with numerous bugfixes - Updated vendored Buildah to v1.8.3 - Podman now requires Conmon v0.2.0 - The podman cp command is now aliased as podman container cp - Rootless podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration - Added fuse-overlayfs dependency to support overlay based rootless image manipulations - The podman cp command can now read input redirected to STDIN, and output to STDOUT instead of a file, using - instead of an argument. - The podman remote client now displays version information from both the client and server in podman version - The podman unshare command has been added, allowing easy entry into the user namespace set up by rootless Podman (allowing the removal of files created by rootless podman, among other things) - Fixed a bug where Podman containers with the --rm flag were removing created volumes when they were automatically removed - Fixed a bug where container and pod locks were incorrectly marked as released after a system reboot, causing errors on container and pod removal - Fixed a bug where Podman pods could not be removed if any container in the pod encountered an error during removal - Fixed a bug where Podman pods run with the cgroupfs CGroup driver would encounter a race condition during removal, potentially failing to remove the pod CGroup - Fixed a bug where the podman container checkpoint and podman container restore commands were not visible in the remote client - Fixed a bug where podman remote ps --ns would not print the container's namespaces - Fixed a bug where removing stopped containers with healthchecks could cause an error - Fixed a bug where the default libpod.conf file was causing parsing errors - Fixed a bug where pod locks were not being freed when pods were removed, potentially leading to lock exhaustion - Fixed a bug where 'podman run' with SD_NOTIFY set could, on short-running containers, create an inconsistent state rendering the container unusable - The remote Podman client now uses the Varlink bridge to establish remote connections by default - Fixed an issue with apparmor_parser (bsc#1123387) - Update to libpod v1.4.0 (bsc#1137860): - The podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems - The podman cp command now supports a pause flag to pause containers while copying into them - The remote client now supports a configuration file for pre-configuring connections to remote Podman installations - Fixed CVE-2019-10152 - The podman cp command improperly dereferenced symlinks in host context - Fixed a bug where podman commit could improperly set environment variables that contained = characters - Fixed a bug where rootless Podman would sometimes fail to start containers with forwarded ports - Fixed a bug where podman version on the remote client could segfault - Fixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed - Fixed a bug where filtering images by label did not work - Fixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start - Fixed a bug where podman generate kube did not work with containers with named volumes - Fixed a bug where rootless Podman would receive permission denied errors accessing conmon.pid - Fixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it - Fixed a bug where rootless Podman commands could double-unlock a lock, causing a crash - Fixed a bug where Podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime - Fixed a bug where podman exec would fail on older kernels - The podman commit command is now usable with the Podman remote client - The --signature-policy flag (used with several image-related commands) has been deprecated - The podman unshare command now defines two environment variables in the spawned shell: CONTAINERS_RUNROOT and CONTAINERS_GRAPHROOT, pointing to temporary and permanent storage for rootless containers - Updated vendored containers/storage and containers/image libraries with numerous bugfixes - Updated vendored Buildah to v1.8.3 - Podman now requires Conmon v0.2.0 - The podman cp command is now aliased as podman container cp - Rootless Podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration - Update to image v1.5.1 - Vendor in latest containers/storage - docker/docker_client: Drop redundant Domain(ref.ref) call - pkg/blobinfocache: Split implementations into subpackages - copy: progress bar: show messages on completion - docs: rename manpages to *.5.command - add container-certs.d.md manpage - pkg/docker/config: Bring auth tests from docker/docker_client_test - Don't allocate a sync.Mutex separately Update to storage v1.12.10: - Add function to parse out mount options from graphdriver - Merge the disparate parts of all of the Unix-like lockfiles - Fix unix-but-not-Linux compilation - Return XDG_RUNTIME_DIR as RootlessRuntimeDir if set - Cherry-pick moby/moby #39292 for CVE-2018-15664 fixes - lockfile: add RecursiveLock() API - Update generated files - Fix crash on tesing of aufs code - Let consumers know when Layers and Images came from read-only stores - chown: do not change owner for the mountpoint - locks: correctly mark updates to the layers list - CreateContainer: don't worry about mapping layers unless necessary - docs: fix manpage for containers-storage.conf - docs: sort configuration options alphabetically - docs: document OSTree file deduplication - Add missing options to man page for containers-storage - overlay: use the layer idmapping if present - vfs: prefer layer custom idmappings - layers: propagate down the idmapping settings - Recreate symlink when not found - docs: fix manpage for configuration file - docs: add special handling for manpages in sect 5 - overlay: fix single-lower test - Recreate symlink when not found - overlay: propagate errors from mountProgram - utils: root in a userns uses global conf file - Fix handling of additional stores - Correctly check permissions on rootless directory - Fix possible integer overflow on 32bit builds - Evaluate device path for lvm - lockfile test: make concurrent RW test determinisitc - lockfile test: make concurrent read tests deterministic - drivers.DirCopy: fix filemode detection - storage: move the logic to detect rootless into utils.go - Don't set (struct flock).l_pid - Improve documentation of getLockfile - Rename getLockFile to createLockerForPath, and document it - Add FILES section to containers-storage.5 man page - add digest locks - drivers/copy: add a non-cgo fallback slirp4netns was updated to 0.3.0: - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() (bsc#1123156) This update also includes: - fuse3 and fuse-overlayfs to support rootless containers. ----------------------------------------- Patch: SUSE-2019-2229 Released: Wed Aug 28 07:58:29 2019 Summary: Security update for slurm Severity: important References: 1140709,CVE-2019-12838 Description: This update for slurm to version 18.08.8 fixes the following issues: Security issue fixed: - CVE-2019-12838: Fixed a SQL injection in slurmdbd (bsc#1140709). ----------------------------------------- Patch: SUSE-2019-2249 Released: Thu Aug 29 08:18:30 2019 Summary: Recommended update for python-kiwi Severity: moderate References: 1141168 Description: This update for python-kiwi fixes the following issues: - kiwi will no longer create an empty machine-id file in case it is not provided during the system installation (bsc#1141168) ----------------------------------------- Patch: SUSE-2019-2283 Released: Wed Sep 4 13:41:47 2019 Summary: Recommended update for google-compute-engine Severity: moderate References: 1146172 Description: This update for google-compute-engine fixes the following issues: - Fix install location of NSS and PAM shared libraries (bsc#1146172) - Switch RPM group for oslogin package from Hardware to System/Daemons ----------------------------------------- Patch: SUSE-2019-2291 Released: Wed Sep 4 16:48:52 2019 Summary: Security update for java-1_8_0-ibm Severity: important References: 1122292,1122299,1141780,1141782,1141783,1141785,1141787,1141789,1147021,CVE-2018-11212,CVE-2019-11771,CVE-2019-11772,CVE-2019-11775,CVE-2019-2449,CVE-2019-2762,CVE-2019-2766,CVE-2019-2769,CVE-2019-2786,CVE-2019-2816,CVE-2019-4473,CVE-2019-7317 Description: This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 40. Security issues fixed: - CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11772: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780). - CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). - CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). - CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785). - CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). - CVE-2019-2786: Fixed issue inside Component Security (bsc#1141787). ----------------------------------------- Patch: SUSE-2019-2323 Released: Fri Sep 6 09:19:52 2019 Summary: Recommended update for pesign Severity: moderate References: 1144441 Description: This update for pesign contains the following fixes: - Fix the build failure with NSS 3.44. (bsc#1144441) ----------------------------------------- Patch: SUSE-2019-2332 Released: Mon Sep 9 10:17:16 2019 Summary: Security update for python-urllib3 Severity: moderate References: 1129071,1132663,1132900,CVE-2019-11236,CVE-2019-11324,CVE-2019-9740 Description: This update for python-urllib3 fixes the following issues: Security issues fixed: - CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071). - CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900). - CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663). ----------------------------------------- Patch: SUSE-2019-2340 Released: Tue Sep 10 09:31:35 2019 Summary: Security update for skopeo Severity: important References: 1144065,CVE-2019-10214 Description: This update for skopeo fixes the following issues: Security issues fixed: - CVE-2019-10214: Fixed missing enforcement of TLS connections (bsc#1144065). ----------------------------------------- Patch: SUSE-2019-2341 Released: Tue Sep 10 09:31:50 2019 Summary: Security update for buildah Severity: important References: 1144065,CVE-2019-10214 Description: This update for buildah fixes the following issues: Security issue fixed: - CVE-2019-10214: Fixed missing enforcement of TLS connections. (bsc#1144065) ----------------------------------------- Patch: SUSE-2019-2344 Released: Tue Sep 10 12:47:25 2019 Summary: Recommended update for cloud-regionsrv-client Severity: important References: 1148644,1149840 Description: This update for cloud-regionsrv-client fixes the following issues: - Fixes an issue where repositories where missing on a system (bsc#1148644, bsc#1149840) ----------------------------------------- Patch: SUSE-2019-2346 Released: Tue Sep 10 13:30:18 2019 Summary: Security update for podman Severity: moderate References: 1144065,CVE-2019-10214 Description: This update for podman fixes the following issues: Security issue fixed: - CVE-2019-10214: Fixed missing enforcement of TLS connections. (bsc#1144065) ----------------------------------------- Patch: SUSE-2019-2348 Released: Tue Sep 10 14:51:43 2019 Summary: Security update for ghostscript Severity: moderate References: 1144621,CVE-2019-10216 Description: This update for ghostscript fixes the following issues: Security issue fixed: - CVE-2019-10216: Fix privilege escalation via specially crafted PostScript file (bsc#1144621). ----------------------------------------- Patch: SUSE-2019-2357 Released: Wed Sep 11 13:26:14 2019 Summary: Recommended update for lmdb Severity: moderate References: 1136132 Description: This update for lmdb fixes the following issues: - Fix occasional crash when freed pages landed on the dirty list twice (bsc#1136132). ----------------------------------------- Patch: SUSE-2019-2360 Released: Thu Sep 12 07:54:14 2019 Summary: Recommended update for desktop-file-utils Severity: moderate References: 1094774,1148080 Description: This update for desktop-file-utils fixes the following issues: - Added Pantheon to desktop env list (bsc#1094774) - Fix for update-desktop-database to recognize font media types. (bsc#1148080) ----------------------------------------- Patch: SUSE-2019-2361 Released: Thu Sep 12 07:54:54 2019 Summary: Recommended update for krb5 Severity: moderate References: 1081947,1144047 Description: This update for krb5 contains the following fixes: - Integrate pam_keyinit PAM module, ksu-pam.d. (bsc#1081947) ----------------------------------------- Patch: SUSE-2019-2362 Released: Thu Sep 12 07:55:13 2019 Summary: Recommended update for python-cairo Severity: moderate References: 1142582 Description: This update for python-cairo does not fix any visible issues to users. ----------------------------------------- Patch: SUSE-2019-2378 Released: Fri Sep 13 13:21:51 2019 Summary: Recommended update for apache2-mod_nss Severity: moderate References: 1150133 Description: This update for apache2-mod_nss fixes the following issues: - Use a stronger password in gencert to pass the stricter tests in FIPS mode (bsc#1150133) ----------------------------------------- Patch: SUSE-2019-2395 Released: Wed Sep 18 08:31:38 2019 Summary: Security update for openldap2 Severity: moderate References: 1073313,1111388,1114845,1143194,1143273,CVE-2017-17740,CVE-2019-13057,CVE-2019-13565 Description: This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194). - CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273). - CVE-2017-17740: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313) Non-security issues fixed: - Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845). - Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388) - Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388). ----------------------------------------- Patch: SUSE-2019-2422 Released: Fri Sep 20 16:36:43 2019 Summary: Recommended update for python-urllib3 Severity: moderate References: 1150895 Description: This update for python-urllib3 fixes the following issues: - Add missing dependency on python-six (bsc#1150895) ----------------------------------------- Patch: SUSE-2019-2423 Released: Fri Sep 20 16:41:45 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1146866,SLE-9132 Description: This update for aaa_base fixes the following issues: Added sysctl.d/51-network.conf to tighten network security (bsc#1146866) (jira#SLE-9132) Following settings have been tightened (and set to 0): - net.ipv4.conf.all.accept_redirects - net.ipv4.conf.default.accept_redirects - net.ipv4.conf.default.accept_source_route - net.ipv6.conf.all.accept_redirects - net.ipv6.conf.default.accept_redirects ----------------------------------------- Patch: SUSE-2019-2425 Released: Fri Sep 20 18:48:16 2019 Summary: Security update for nmap Severity: important References: 1135350,1148742,CVE-2017-18594,CVE-2018-15173 Description: This update for nmap fixes the following issues: Security issue fixed: - CVE-2017-18594: Fixed a denial of service condition due to a double free when an SSH connection fails. (bsc#1148742) Non-security issue fixed: - Fixed a regression in the version scanner caused, by the fix for CVE-2018-15173. (bsc#1135350) ----------------------------------------- Patch: SUSE-2019-2429 Released: Mon Sep 23 09:28:40 2019 Summary: Security update for expat Severity: moderate References: 1149429,CVE-2019-15903 Description: This update for expat fixes the following issues: Security issues fixed: - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. (bsc#1149429) ----------------------------------------- Patch: SUSE-2019-2435 Released: Mon Sep 23 13:57:12 2019 Summary: Security update for libopenmpt Severity: moderate References: 1143578,1143581,1143582,1143584,CVE-2018-20860,CVE-2018-20861,CVE-2019-14382,CVE-2019-14383 Description: This update for libopenmpt fixes the following issues: Security issues fixed: - CVE-2018-20861: Fixed crash with certain malformed custom tunings in MPTM files (bsc#1143578). - CVE-2018-20860: Fixed crash with malformed MED files (bsc#1143581). - CVE-2019-14383: Fixed J2B that allows an assertion failure during file parsing with debug STLs (bsc#1143584). - CVE-2019-14382: Fixed DSM that allows an assertion failure during file parsing with debug STLs (bsc#1143582). ----------------------------------------- Patch: SUSE-2019-2443 Released: Tue Sep 24 09:17:39 2019 Summary: Recommended update for libcdio Severity: moderate References: 1094761 Description: This update for libcdio fixes the following issues: - Fix warning when BigEndian and LittleEndian sizes do not match. (bsc#1094761) - Fix that libcdio doesn't bail out when processing non-compliant ISO files. ----------------------------------------- Patch: SUSE-2019-2460 Released: Wed Sep 25 09:25:34 2019 Summary: Security update for ghostscript Severity: important References: 1129180,1129186,1134156,1140359,1146882,1146884,CVE-2019-12973,CVE-2019-14811,CVE-2019-14812,CVE-2019-14813,CVE-2019-14817,CVE-2019-3835,CVE-2019-3839 Description: This update for ghostscript fixes the following issues: Security issues fixed: - CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. (bsc#1129180) - CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators. (bsc#1134156) - CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG function opj_t1_encode_cblks. (bsc#1140359) - CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator. (bsc#1146882) - CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in setuserparams. (bsc#1146882) - CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in setsystemparams. (bsc#1146882) - CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in .pdfexectoken and other procedures. (bsc#1146884) ----------------------------------------- Patch: SUSE-2019-2462 Released: Wed Sep 25 16:43:04 2019 Summary: Security update for python-numpy Severity: moderate References: 1149203,CVE-2019-6446,SLE-8532 Description: This update for python-numpy fixes the following issues: Non-security issues fixed: - Updated to upstream version 1.16.1. (bsc#1149203) (jsc#SLE-8532) ----------------------------------------- Patch: SUSE-2019-2466 Released: Wed Sep 25 23:24:08 2019 Summary: Recommended update for SAPHanaSR Severity: important References: 1082974,1101373,1133024,1133866,1134106,1139715,1149829 Description: This update for SAPHanaSR fixes the following issues: - Fixes a bug where an attribute was not correctly set for remoteNode (bsc#1082974) - Does no longer set attributes to prevent unlogged failovers because of empty or unknown attributes (bsc#1134106, bsc#1133024, bsc#1101373) - Will now return $OCF_RUNNING_MASTER (8) instead of $OCF_SUCCESS (0) when probing a promoted node (bsc#1133866) - Using crm-attributes written by a SAP HANA SR provider hook does improve the data integrity in special error conditions with multiple errors coming in a short time frame (bsc#1139715) - Fix a typo in a condition statement that was breaking SAPHanaSR-monitor output. (bnc#1149829) ----------------------------------------- Patch: SUSE-2019-2477 Released: Thu Sep 26 12:09:46 2019 Summary: Recommended update for openwsman Severity: moderate References: 1105331 Description: This update for openwsman fixes the following issues: - Adds CIM_NAMESPACE if it's not already present (bsc#1105331) ----------------------------------------- Patch: SUSE-2019-2482 Released: Fri Sep 27 13:40:42 2019 Summary: Recommended update for google-compute-engine Severity: important References: 1150058 Description: This update for google-compute-engine fixes the following issues: - Fixes an issue where the implementation of Google Private Access over IPv6 was not complete and thus crashed the application (bsc#1150058) ----------------------------------------- Patch: SUSE-2019-2483 Released: Fri Sep 27 14:16:23 2019 Summary: Optional update for python3-google-api-python-client, python3-httplib2, python3-oauth2client, and python3-uritemplate. Severity: low References: 1088358 Description: This update ships python3-google-api-python-client, python3-httplib2, python3-oauth2client, and python3-uritemplate for the SUSE Linux Enterprise Public Cloud 15 module. ----------------------------------------- Patch: SUSE-2019-2494 Released: Mon Sep 30 16:22:20 2019 Summary: Recommended update for cloud-init Severity: important References: 1141969,1144363,1144881 Description: This update for cloud-init provides the following fixes: - Properly handle static routes. The EphemeralDHCP context manager did not parse or handle rfc3442 classless static routes which prevented reading datasource metadata in some clouds. (bsc#1141969) - The __str__ implementation no longer delivers the name of the interface, use the 'name' attribute instead to form a proper path in the sysfs tree. (bsc#1144363) - If no routes are set for a subnet but the subnet has a gateway specified, set the gateway as the default route for the interface. (bsc#1144881) ----------------------------------------- Patch: SUSE-2019-2495 Released: Mon Sep 30 16:22:27 2019 Summary: Recommended update for firewalld-rpcbind-helper Severity: moderate References: 1146188 Description: This update for firewalld-rpcbind-helper fixes the following issues: - Fixes an error when running in python3 context and a port in `rpcinfo -p` is running neither as tcp nor in udp protocol (bsc#1146188) ----------------------------------------- Patch: SUSE-2019-2512 Released: Wed Oct 2 10:47:58 2019 Summary: Security update for jasper Severity: moderate References: 1117507,1117508,CVE-2018-19540,CVE-2018-19541 Description: This update for jasper fixes the following issues: Security issues fixed: - CVE-2018-19540: Fixed a heap based overflow in jas_icctxtdesc_input (bsc#1117508). - CVE-2018-19541: Fix heap based overread in jas_image_depalettize (bsc#1117507). ----------------------------------------- Patch: SUSE-2019-2517 Released: Wed Oct 2 10:49:20 2019 Summary: Security update for libseccomp Severity: moderate References: 1082318,1128828,1142614,CVE-2019-9893 Description: This update for libseccomp fixes the following issues: Security issues fixed: - CVE-2019-9893: An incorrect generation of syscall filters in libseccomp was fixed (bsc#1128828) libseccomp was updated to new upstream release 2.4.1: - Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. libseccomp was updated to 2.4.0 (bsc#1128828 CVE-2019-9893): - Update the syscall table for Linux v5.0-rc5 - Added support for the SCMP_ACT_KILL_PROCESS action - Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute - Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension - Added support for the parisc and parisc64 architectures - Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) - Return -EDOM on an endian mismatch when adding an architecture to a filter - Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() - Fix PFC generation when a syscall is prioritized, but no rule exists - Numerous fixes to the seccomp-bpf filter generation code - Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 - Numerous tests added to the included test suite, coverage now at ~92% - Update our Travis CI configuration to use Ubuntu 16.04 - Numerous documentation fixes and updates libseccomp was updated to release 2.3.3: - Updated the syscall table for Linux v4.15-rc7 ----------------------------------------- Patch: SUSE-2019-2533 Released: Thu Oct 3 15:02:50 2019 Summary: Security update for sqlite3 Severity: moderate References: 1150137,CVE-2019-16168 Description: This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). ----------------------------------------- Patch: SUSE-2019-2561 Released: Fri Oct 4 14:09:56 2019 Summary: Security update for openssl-1_0_0 Severity: moderate References: 1131291,1150003,1150250,CVE-2019-1547,CVE-2019-1563 Description: This update for openssl-1_0_0 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) In addition fixed invalid curve attacks by validating that an EC point lies on the curve (bsc#1131291). ----------------------------------------- Patch: SUSE-2019-2622 Released: Wed Oct 9 15:23:35 2019 Summary: Security update for libopenmpt Severity: important References: 1153102,CVE-2019-17113 Description: This update for libopenmpt to version 0.3.19 fixes the following issues: - CVE-2019-17113: Fixed a buffer overflow in ModPlug_InstrumentName and ModPlug_SampleName (bsc#1153102). ----------------------------------------- Patch: SUSE-2019-2642 Released: Fri Oct 11 17:10:51 2019 Summary: Recommended update for python-kiwi Severity: important References: 1112357,1124885,1127173,1129566,1132455,1136444,1142899,1143033,1149686 Description: This update for python-kiwi fixes the following issues: - Added --add-bootstrap-packages option (bsc#1149686) - Avoids now the default installation of dracut kiwi modules (bsc#1142899, bsc#1136444) - Add support for custom fstab script extension (bsc#1129566) - Fixes an issue where python-kiwi crashed when the HOME directory is missing (bsc#1149686) - New spare partition types have been added: (bsc#1129566) * spare_part_fs='fsname' * spare_part_mountpoint='/location' * spare_part_is_last='true|false' - Preserve licenses/other txt files by baseStripFirmware (bsc#1132455 - Added support for fstab.patch file (bsc#1129566) - Makes the bundler shasum file compatible with 'sha256sum --check' command (bsc#1127173) - Fixes an issue when importing signing keys (bsc#1112357) - Fixes an issue where grub2 didn't display UTF-8 characters properly (bsc#1124885) ----------------------------------------- Patch: SUSE-2019-2657 Released: Mon Oct 14 17:04:07 2019 Summary: Security update for dhcp Severity: moderate References: 1089524,1134078,1136572,CVE-2019-6470 Description: This update for dhcp fixes the following issues: Secuirty issue fixed: - CVE-2019-6470: Fixed DHCPv6 server crashes (bsc#1134078). Bug fixes: - Add compile option --enable-secs-byteorder to avoid duplicate lease warnings (bsc#1089524). - Use IPv6 when called as dhclient6, dhcpd6, and dhcrelay6 (bsc#1136572). ----------------------------------------- Patch: SUSE-2019-2658 Released: Mon Oct 14 17:15:09 2019 Summary: Security update for the Linux Kernel Severity: important References: 1047238,1050911,1051510,1054914,1055117,1056686,1060662,1061840,1061843,1064597,1064701,1065600,1065729,1066369,1071009,1071306,1071995,1078248,1082555,1082635,1085030,1085536,1085539,1086103,1087092,1090734,1091171,1093205,1102097,1103990,1104353,1104427,1104745,1104902,1104967,1106061,1106284,1106434,1108382,1109158,1109837,1111666,1112178,1112374,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113722,1113994,1114279,1114542,1118689,1119086,1119113,1120046,1120876,1120902,1123034,1123105,1123959,1124370,1127988,1129424,1129519,1129664,1131107,1131281,1131304,1131489,1131565,1132686,1133021,1134291,1134476,1134881,1134882,1135219,1135642,1135897,1135990,1136039,1136261,1136346,1136349,1136352,1136496,1136498,1136502,1136682,1137069,1137322,1137323,1137586,1137865,1137884,1137959,1137982,1138099,1138100,1138539,1139020,1139021,1139101,1139500,1140012,1140155,1140426,1140487,1141013,1141340,1141450,1141543,1141554,1142019,1142076,1142109,1142117,1142118,1142119,1142496,1142541,1142635,1142685,1142701,1142857,1143300,1143331,1143466,1143706,1143738,1143765,1143841,1143843,1143962,1144123,1144333,1144375,1144474,1144518,1144582,1144718,1144813,1144880,1144886,1144912,1144920,1144979,1145010,1145018,1145051,1145059,1145134,1145189,1145235,1145256,1145300,1145302,1145357,1145388,1145389,1145390,1145391,1145392,1145393,1145394,1145395,1145396,1145397,1145408,1145409,1145446,1145661,1145678,1145687,1145920,1145922,1145934,1145937,1145940,1145941,1145942,1145946,1146042,1146074,1146084,1146141,1146163,1146215,1146285,1146346,1146351,1146352,1146361,1146368,1146376,1146378,1146381,1146391,1146399,1146413,1146425,1146512,1146514,1146516,1146519,1146524,1146526,1146529,1146531,1146540,1146543,1146547,1146550,1146575,1146589,1146664,1146678,1146938,1148031,1148032,1148033,1148034,1148035,1148093,1148133,1148192,1148196,1148198,1148202,1148219,1148297,1148303,1148308,1148363,1148379,1148394,1148527,1148570,1148574,1148616,1148617,1148619,1148698,1148712,1148859,1148868,1149053,1149083,1149104,1149105,1149106,1149197,1149214,1149224,1149313,1149325,1149376,1149413,1149418,1149424,1149446,1149522,1149527,1149539,1149552,1149555,1149591,1149602,1149612,1149626,1149651,1149652,1149713,1149940,1149976,1150025,1150033,1150112,1150305,1150381,1150423,1150562,1150727,1150846,1150860,1150861,1150933,1151067,1151192,1151350,1151610,1151661,1151662,1151667,1151680,1151891,1151955,1152024,1152025,1152026,1152161,1152187,1152243,1152325,1152457,1152460,1152466,1152525,1152972,1152974,1152975,CVE-2017-18551,CVE-2017-18595,CVE-2018-20976,CVE-2018-21008,CVE-2019-10207,CVE-2019-11477,CVE-2019-14814,CVE-2019-14815,CVE-2019-14816,CVE-2019-14821,CVE-2019-14835,CVE-2019-15030,CVE-2019-15031,CVE-2019-15090,CVE-2019-15098,CVE-2019-15099,CVE-2019-15117,CVE-2019-15118,CVE-2019-15211,CVE-2019-15212,CVE-2019-15214,CVE-2019-15215,CVE-2019-15216,CVE-2019-15217,CVE-2019-15218,CVE-2019-15219,CVE-2019-15220,CVE-2019-15221,CVE-2019-15222,CVE-2019-15239,CVE-2019-15290,CVE-2019-15291,CVE-2019-15292,CVE-2019-15538,CVE-2019-15666,CVE-2019-15902,CVE-2019-15917,CVE-2019-15919,CVE-2019-15920,CVE-2019-15921,CVE-2019-15924,CVE-2019-15926,CVE-2019-15927,CVE-2019-9456,CVE-2019-9506 Description: The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18551: An issue was discovered in drivers/i2c/i2c-core-smbus.c. There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). - CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). - CVE-2018-20976: An issue was discovered in fs/xfs/xfs_super.c. A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285). - CVE-2018-21008: A use-after-free could have been caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-10207: A local denial of service using HCIUARTSETPROTO/HCI_UART_MRVL was fixed (bnc#1123959 bnc#1142857). - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bnc#1132686 bnc#1137586). - CVE-2019-14814: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512). - CVE-2019-14814: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512). - CVE-2019-14816: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146516). - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could have used this flaw to increase their privileges on the host (bnc#1150112). - CVE-2019-15030: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check (bnc#1149713). - CVE-2019-15031: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via an interrupt. To exploit the vulnerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE was misused in arch/powerpc/kernel/process.c (bnc#1149713). - CVE-2019-15090: An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the qedi_dbg_* family of functions, there is an out-of-bounds read (bnc#1146399). - CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor (bnc#1146378). - CVE-2019-15099: drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel had a NULL pointer dereference via an incomplete address in an endpoint descriptor (bnc#1146368). - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access (bnc#1145920). - CVE-2019-15118: check_input_term in sound/usb/mixer.c mishandled recursion, leading to kernel stack exhaustion (bnc#1145922). - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory (bnc#1146519). - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver (bnc#1146391). - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c (bnc#1146550). - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver (bnc#1146425). - CVE-2019-15216: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1146361). - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver (bnc#1146547). - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver (bnc#1146413). - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver (bnc#1146524). - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver (bnc#1146526). - CVE-2019-15221: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver (bnc#1146529). - CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver (bnc#1146531). - CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589) - CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543). - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). - CVE-2019-15292: There was a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c (bnc#1146678). - CVE-2019-15538: An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS (bnc#1148093). - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandled directory validation (bnc#1148394). - CVE-2019-15902: Misuse of the upstream 'x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()' commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped (bnc#1149376). - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c (bnc#1149539). - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free (bnc#1149552). - CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bnc#1149626). - CVE-2019-15921: There was a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c (bnc#1149602). - CVE-2019-15924: fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c had a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure (bnc#1149612). - CVE-2019-15926: An out-of-bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c (bnc#1149527). - CVE-2019-15927: An issue was discovered in the Linux kernel An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c (bnc#1149522). - CVE-2019-9456: In the Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have led to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1150025). - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042). The following non-security bugs were fixed: - 9p: acl: fix uninitialized iattr access (bsc#1051510). - 9p: p9dirent_read: check network-provided name length (bsc#1051510). - 9p: pass the correct prototype to read_cache_page (bsc#1051510). - 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510). - 9p/rdma: remove useless check in cm_event_handler (bsc#1051510). - 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510). - 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510). - 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510). - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510). - ACPICA: Increase total number of possible Owner IDs (bsc#1148859). - ACPI: custom_method: fix memory leaks (bsc#1051510). - ACPI: fix false-positive -Wuninitialized warning (bsc#1051510). - ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510). - ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510). - ACPI: PM: Fix regression in acpi_device_set_power() (bsc#1051510). - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510). - Add missing structs and defines from recent SMB3.1.1 documentation (bsc#1144333). - Add new flag on SMB3.1.1 read (bsc#1144333). - address lock imbalance warnings in smbdirect.c (bsc#1144333). - Add some missing debug fields in server and tcon structs (bsc#1144333). - add some missing definitions (bsc#1144333). - Add some qedf commits to blacklist file (bsc#1149976) - Add vers=3.0.2 as a valid option for SMBv3.0.2 (bsc#1144333). - af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510). - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02). - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680). - ALSA: aoa: onyx: always initialize register read value (bsc#1051510). - ALSA: firewire: fix a memory leak bug (bsc#1051510). - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510). - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510). - ALSA: hda - Add a generic reboot_notify (bsc#1051510). - ALSA: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510). - ALSA: hda/ca0132 - Add new SBZ quirk (bsc#1051510). - ALSA: hda - Do not override global PCM hw info flag (bsc#1051510). - ALSA: hda: Fix 1-minute detection delay when i915 module is not available (bsc#1111666). - ALSA: hda - Fix a memory leak bug (bsc#1051510). - ALSA: hda - Fixes inverted Conexant GPIO mic mute led (bsc#1051510). - ALSA: hda - Fix potential endless loop at applying quirks (bsc#1051510). - ALSA: hda: kabi workaround for generic parser flag (bsc#1051510). - ALSA: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510). - ALSA: hda/realtek - Add quirk for HP Envy x360 (bsc#1051510). - ALSA: hda/realtek - Add quirk for HP Pavilion 15 (bsc#1051510). - ALSA: hda/realtek - Enable internal speaker & headset mic of ASUS UX431FL (bsc#1051510). - ALSA: hda/realtek - Fix overridden device-specific initialization (bsc#1051510). - ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510). - ALSA: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510). - ALSA: hiface: fix multiple memory leak bugs (bsc#1051510). - ALSA: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510). - ALSA: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510). - ALSA: seq: Fix potential concurrent access to the deleted pool (bsc#1051510). - ALSA: usb-audio: Add implicit fb quirk for Behringer UFX1604 (bsc#1051510). - ALSA: usb-audio: Check mixer unit bitmap yet more strictly (bsc#1051510). - ALSA: usb-audio: fix a memory leak bug (bsc#1111666). - ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510). - ALSA: usb-audio: Fix invalid NULL check in snd_emuusb_set_samplerate() (bsc#1051510). - arm64: fix undefined reference to 'printk' (bsc#1148219). - arm64/kernel: enable A53 erratum #8434319 handling at runtime (bsc#1148219). - arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp (bsc#1148219). - arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021). - arm64: module: do not BUG when exceeding preallocated PLT count (bsc#1148219). - arm64: PCI: Preserve firmware configuration when desired (SLE-9332). - ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021). - ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021). - ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks (bsc#1051510). - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510). - ASoC: Fail card instantiation if DAI format setup fails (bsc#1051510). - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510). - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510). - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510). - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510). - ata: libahci: do not complain in case of deferred probe (bsc#1051510). - ath10k: adjust skb length in ath10k_sdio_mbox_rx_packet (bsc#1111666). - ath10k: Change the warning message string (bsc#1051510). - ath10k: Drop WARN_ON()s that always trigger during system resume (bsc#1111666). - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510). - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08). - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510). - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510). - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510). - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes). - bcache: Revert 'bcache: use sysfs_match_string() instead of __sysfs_match_string()' (git fixes). - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510). - bio: fix improper use of smp_mb__before_atomic() (git fixes). - blk-flush: do not run queue for requests bypassing flush (bsc#1137959). - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959). - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661). - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959). - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610). - blk-mq: Fix spelling in a source code comment (git fixes). - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959). - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661). - blk-mq: introduce blk_mq_request_completed() (bsc#1149446). - blk-mq: introduce blk_mq_tagset_wait_completed_request() (bsc#1149446). - blk-mq: kABI fixes for blk-mq.h (bsc#1137959). - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959). - blk-mq: punt failed direct issue to dispatch list (bsc#1137959). - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959). - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - block, documentation: Fix wbt_lat_usec documentation (git fixes). - block: fix timeout changes for legacy request drivers (bsc#1149446). - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076). - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076). - Bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510). - Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510). - Bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510). - Bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510). - Bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510). - Bluetooth: validate BLE connection interval updates (bsc#1051510). - bnx2fc_fcoe: Use skb_queue_walk_safe() (bsc#1136502 jsc#SLE-4703). - bnx2x: Disable multi-cos feature (bsc#1136498 jsc#SLE-4699). - bnx2x: Disable multi-cos feature (networking-stable-19_08_08). - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25). - bnxt_en: Fix to include flow direction in L2 key (bsc#1104745 ). - bnxt_en: Fix VNIC clearing logic for 57500 chips (bsc#1104745 ). - bnxt_en: Improve RX doorbell sequence (bsc#1104745). - bnxt_en: Use correct src_fid to determine direction of the flow (bsc#1104745). - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013). - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013). - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - bonding: Always enable vlan tx offload (networking-stable-19_07_02). - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013). - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013). - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25). - bpf: sockmap, only create entry if ulp is not already enabled (bsc#1109837). - bpf: sockmap, sock_map_delete needs to use xchg (bsc#1109837). - bpf: sockmap, synchronize_rcu before free'ing map (bsc#1109837). - btrfs: add a helper to retrive extent inline ref type (bsc#1149325). - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911). - btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487). - btrfs: add one more sanity check for shared ref type (bsc#1149325). - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911). - btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325). - btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933). - btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562). - btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941). - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911). - btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942). - btrfs: fix incremental send failure after deduplication (bsc#1145940). - btrfs: fix pinned underflow after transaction aborted (bsc#1050911). - btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059). - btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937). - btrfs: fix use-after-free when using the tree modification log (bsc#1151891). - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911). - btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059). - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975). - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972). - btrfs: remove BUG() in add_data_reference (bsc#1149325). - btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325). - btrfs: remove BUG() in print_extent_item (bsc#1149325). - btrfs: remove BUG_ON in __add_tree_block (bsc#1149325). - btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103). - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911). - btrfs: start readahead also in seed devices (bsc#1144886). - btrfs: track running balance in a simpler way (bsc#1145059). - btrfs: use GFP_KERNEL in init_ipath (bsc#1086103). - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25). - can: m_can: implement errata 'Needless activation of MRAF irq' (bsc#1051510). - can: mcp251x: add support for mcp25625 (bsc#1051510). - can: peak_usb: fix potential double kfree_skb() (bsc#1051510). - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510). - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510). - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510). - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510). - can: sja1000: force the string buffer NULL-terminated (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1142635). - ceph: add btime field to ceph_inode_info (bsc#1148133 bsc#1136682). - ceph: add ceph.snap.btime vxattr (bsc#1148133 bsc#1148570). - ceph: add change_attr field to ceph_inode_info (bsc#1148133 bsc#1136682). - ceph: always get rstat from auth mds (bsc#1146346). - ceph: carry snapshot creation time with inodes (bsc#1148133 bsc#1148570). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: clear page dirty before invalidate page (bsc#1148133). - ceph: decode feature bits in session message (bsc#1146346). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix 'ceph.dir.rctime' vxattr value (bsc#1148133 bsc#1135219). - ceph: fix decode_locker to use ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix infinite loop in get_quota_realm() (bsc#1148133). - ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450). - ceph: fix listxattr vxattr buffer length calculation (bsc#1148133 bsc#1148570). - ceph: handle btime in cap messages (bsc#1148133 bsc#1136682). - ceph: handle change_attr in cap messages (bsc#1148133 bsc#1136682). - ceph: have MDS map decoding use entity_addr_t decoder (bsc#1148133 bsc#1136682). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: increment change_attribute on local changes (bsc#1148133 bsc#1136682). - ceph: initialize superblock s_time_gran to 1 (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: remove unused vxattr length helpers (bsc#1148133 bsc#1148570). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: support cephfs' own feature bits (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: use bit flags to define vxattr attributes (bsc#1146346). - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133). - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333). - cifs: add a new SMB2_close_flags function (bsc#1144333). - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333). - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333). - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333). - cifs: add compound_send_recv() (bsc#1144333). - cifs: add CONFIG_CIFS_DEBUG_KEYS to dump encryption keys (bsc#1144333). - cifs: add credits from unmatched responses/messages (bsc#1144333). - cifs: add debug output to show nocase mount option (bsc#1144333). - cifs: Add DFS cache routines (bsc#1144333). - cifs: Add direct I/O functions to file_operations (bsc#1144333). - cifs: add fiemap support (bsc#1144333). - cifs: add iface info to struct cifs_ses (bsc#1144333). - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333). - cifs: add lease tracking to the cached root fid (bsc#1144333). - cifs: Add minor debug message during negprot (bsc#1144333). - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333). - cifs: add missing GCM module dependency (bsc#1144333). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333). - cifs: add ONCE flag for cifs_dbg type (bsc#1144333). - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333). - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333). - cifs: address trivial coverity warning (bsc#1144333). - cifs: add server argument to the dump_detail method (bsc#1144333). - cifs: add server->vals->header_preamble_size (bsc#1144333). - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333). - cifs: add sha512 secmech (bsc#1051510, bsc#1144333). - cifs: Adds information-level logging function (bsc#1144333). - cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333). - cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333). - cifs: add SMB2_query_info_[init|free]() (bsc#1144333). - cifs: Add smb2_send_recv (bsc#1144333). - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333). - cifs: add .splice_write (bsc#1144333). - cifs: Add support for direct I/O read (bsc#1144333). - cifs: Add support for direct I/O write (bsc#1144333). - cifs: Add support for direct pages in rdata (bsc#1144333). - cifs: Add support for direct pages in wdata (bsc#1144333). - cifs: Add support for failover in cifs_mount() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333). - cifs: Add support for failover in smb2_reconnect() (bsc#1144333). - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333). - cifs: add support for ioctl on directories (bsc#1144333). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Adjust MTU credits before reopening a file (bsc#1144333). - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333). - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333). - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333). - cifs: allow disabling insecure dialects in the config (bsc#1144333). - cifs: allow disabling less secure legacy dialects (bsc#1144333). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333). - cifs: always add credits back for unsolicited PDUs (bsc#1144333). - cifs: Always reset read error to -EIO if no response (bsc#1144333). - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333). - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333). - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333). - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333). - cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333). - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333). - cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333). - cifs: Call MID callback before destroying transport (bsc#1144333). - cifs: change mkdir to use a compound (bsc#1144333). - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333). - cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333). - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333). - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333). - cifs: change unlink to use a compound (bsc#1144333). - cifs: change validate_buf to validate_iov (bsc#1144333). - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333). - cifs: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333). - cifs: Check for reconnects before sending async requests (bsc#1144333). - cifs: Check for reconnects before sending compound requests (bsc#1144333). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333). - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333). - cifs: check kmalloc before use (bsc#1051510, bsc#1144333). - cifs: check kzalloc return (bsc#1144333). - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333). - cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333). - cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333). - cifs: clean up indentation, replace spaces with tab (bsc#1144333). - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333). - cifs: complete PDU definitions for interface queries (bsc#1144333). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333). - cifs: Count SMB3 credits for malformed pending responses (bsc#1144333). - cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333). - cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333). - cifs: create a helper function for compound query_info (bsc#1144333). - cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333). - cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333). - cifs: Display SMB2 error codes in the hex format (bsc#1144333). - cifs: document tcon/ses/server refcount dance (bsc#1144333). - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333). - cifs: Do not assume one credit for async responses (bsc#1144333). - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333). - cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333). - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333). - cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333). - cifs: Do not log credits when unmounting a share (bsc#1144333). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333). - cifs: Do not match port on SMBDirect transport (bsc#1144333). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333). - cifs: do not return atime less than mtime (bsc#1144333). - cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333). - cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333). - cifs: do not show domain= in mount output when domain is empty (bsc#1144333). - cifs: Do not skip SMB2 message IDs on send failures (bsc#1144333). - cifs: do not use __constant_cpu_to_le32() (bsc#1144333). - cifs: dump every session iface info (bsc#1144333). - cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333). - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333). - cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333). - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333). - cifs: fix a credits leak for compund commands (bsc#1144333). - cifs: Fix a debug message (bsc#1144333). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333). - cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix a race condition with cifs_echo_request (bsc#1144333). - cifs: Fix a tiny potential memory leak (bsc#1144333). - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333). - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333). - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333). - cifs: fix build errors for SMB_DIRECT (bsc#1144333). - cifs: Fix check for matching with existing mount (bsc#1144333). - cifs: fix circular locking dependency (bsc#1064701, bsc#1144333). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333). - cifs: fix confusing warning message on reconnect (bsc#1144333). - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333). - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333). - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix credit calculations in compound mid callback (bsc#1144333). - cifs: Fix credit computation for compounded requests (bsc#1144333). - cifs: Fix credits calculation for cancelled requests (bsc#1144333). - cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333). - cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333). - cifs: fix deadlock in cached root handling (bsc#1144333). - cifs: Fix DFS cache refresher for DFS links (bsc#1144333). - cifs: fix encryption in SMB3.1.1 (bsc#1144333). - cifs: Fix encryption/signing (bsc#1144333). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333). - cifs: Fix error paths in writeback code (bsc#1144333). - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333). - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333). - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333). - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333). - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333). - cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333). - cifs: fix kref underflow in close_shroot() (bsc#1144333). - cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333). - cifs: Fix lease buffer length error (bsc#1144333). - cifs: fix memory leak and remove dead code (bsc#1144333). - cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333). - cifs: fix memory leak in SMB2_read (bsc#1144333). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333). - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333). - cifs: Fix module dependency (bsc#1144333). - cifs: Fix mounts if the client is low on credits (bsc#1144333). - cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333). - cifs: Fix NULL ptr deref (bsc#1144333). - cifs: fix page reference leak with readv/writev (bsc#1144333). - cifs: fix panic in smb2_reconnect (bsc#1144333). - cifs: fix parsing of symbolic link error response (bsc#1144333). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333). - cifs: Fix possible oops and memory leaks in async IO (bsc#1144333). - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333). - cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333). - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333). - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333). - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333). - cifs: fix signed/unsigned mismatch on aio_read patch (bsc#1144333). - cifs: Fix signing for SMB2/3 (bsc#1144333). - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333). - cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333). - cifs: fix SMB1 breakage (bsc#1144333). - cifs: fix smb3_zero_range for Azure (bsc#1144333). - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333). - cifs: fix sparse warning on previous patch in a few printks (bsc#1144333). - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333). - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333). - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333). - cifs: Fix trace command logging for SMB2 reads and writes (bsc#1144333). - cifs: fix typo in cifs_dbg (bsc#1144333). - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333). - cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333). - cifs: Fix use-after-free in SMB2_read (bsc#1144333). - cifs: Fix use-after-free in SMB2_write (bsc#1144333). - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333). - cifs: fix use-after-free of the lease keys (bsc#1144333). - cifs: Fix validation of signed data in smb2 (bsc#1144333). - cifs: Fix validation of signed data in smb3+ (bsc#1144333). - cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333). - cifs: flush before set-info if we have writeable handles (bsc#1144333). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333). - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333). - cifs: handle netapp error codes (bsc#1136261). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333). - cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333). - cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333). - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333). - cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333). - cifs: Limit memory used by lock request calls to a page (bsc#1144333). - cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333). - cifs_lookup(): switch to d_splice_alias() (bsc#1144333). - cifs: make arrays static const, reduces object code size (bsc#1144333). - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333). - cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333). - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333). - cifs: make mknod() an smb_version_op (bsc#1144333). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333). - cifs: make rmdir() use compounding (bsc#1144333). - cifs: make smb_send_rqst take an array of requests (bsc#1144333). - cifs: Make sure all data pages are signed correctly (bsc#1144333). - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333). - cifs: Mask off signals when sending SMB packets (bsc#1144333). - cifs: minor clarification in comments (bsc#1144333). - cifs: Minor Kconfig clarification (bsc#1144333). - cifs: minor updates to module description for cifs.ko (bsc#1144333). - cifs: Move credit processing to mid callbacks for SMB3 (bsc#1144333). - cifs: move default port definitions to cifsglob.h (bsc#1144333). - cifs: move large array from stack to heap (bsc#1144333). - cifs: Move open file handling to writepages (bsc#1144333). - cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333). - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333). - cifs: Only free DFS target list if we actually got one (bsc#1144333). - cifs: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333). - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333). - cifs: parse and store info on iface queries (bsc#1144333). - cifs: pass flags down into wait_for_free_credits() (bsc#1144333). - cifs: Pass page offset for calculating signature (bsc#1144333). - cifs: Pass page offset for encrypting (bsc#1144333). - cifs: pass page offsets on SMB1 read/write (bsc#1144333). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333). - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333). - cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333). - cifs: Print message when attempting a mount (bsc#1144333). - cifs: Properly handle auto disabling of serverino option (bsc#1144333). - cifs: protect against server returning invalid file system block size (bsc#1144333). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: push rfc1002 generation down the stack (bsc#1144333). - cifs: read overflow in is_valid_oplock_break() (bsc#1144333). - cifs: Reconnect expired SMB sessions (bnc#1060662). - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333). - cifs: Refactor out cifs_mount() (bsc#1144333). - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333). - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333). - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333). - cifs: Remove custom credit adjustments for SMB2 async IO (bsc#1144333). - cifs: remove header_preamble_size where it is always 0 (bsc#1144333). - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333). - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333). - cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333). - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333). - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333). - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333). - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333). - cifs: remove set but not used variable 'sep' (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variable 'smb_buf' (bsc#1144333). - cifs: remove small_smb2_init (bsc#1144333). - cifs: remove smb2_send_recv() (bsc#1144333). - cifs: remove struct smb2_hdr (bsc#1144333). - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333). - cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333). - cifs: remove unused stats (bsc#1144333). - cifs: remove unused value pointed out by Coverity (bsc#1144333). - cifs: remove unused variable from SMB2_read (bsc#1144333). - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333). - cifs: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333). - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - cifs: replace snprintf with scnprintf (bsc#1144333). - cifs: Respect reconnect in MTU credits calculations (bsc#1144333). - cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333). - cifs: Respect SMB2 hdr preamble size in read responses (bsc#1144333). - cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333). - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333). - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333). - cifs: Return error code when getting file handle for writeback (bsc#1144333). - cifs: return error on invalid value written to cifsFYI (bsc#1144333). - cifs: Save TTL value when parsing DFS referrals (bsc#1144333). - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333). - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333). - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333). - cifs: Set reconnect instance to one initially (bsc#1144333). - cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333). - cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333). - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333). - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333). - cifs: Silence uninitialized variable warning (bsc#1144333). - cifs: simple stats should always be enabled (bsc#1144333). - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files. - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333). - cifs: Skip any trailing backslashes from UNC (bsc#1144333). - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333). - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333). - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333). - cifs: smbd: Add parameter rdata to smb2_new_read_req (bsc#1144333). - cifs: smbd: Add rdma mount option (bsc#1144333). - cifs: smbd: Add SMB Direct debug counters (bsc#1144333). - cifs: smbd: Add SMB Direct protocol initial values and constants (bsc#1144333). - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333). - cifs: smbd: avoid reconnect lockup (bsc#1144333). - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333). - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333). - cifs: smbd: Disable signing on SMB direct transport (bsc#1144333). - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333). - cifs: smbd: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333). - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333). - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333). - cifs: smbd: Dump SMB packet when configured (bsc#1144333). - cifs: smbd: Enable signing with smbdirect (bsc#1144333). - cifs: smbd: Establish SMB Direct connection (bsc#1144333). - cifs: smbd: export protocol initial values (bsc#1144333). - cifs: smbd: fix spelling mistake: faield and legnth (bsc#1144333). - cifs: smbd: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333). - cifs: smbd: Implement function to create a SMB Direct connection (bsc#1144333). - cifs: smbd: Implement function to destroy a SMB Direct connection (bsc#1144333). - cifs: smbd: Implement function to receive data via RDMA receive (bsc#1144333). - cifs: smbd: Implement function to reconnect to a SMB Direct transport (bsc#1144333). - cifs: smbd: Implement function to send data via RDMA send (bsc#1144333). - cifs: smbd: Implement RDMA memory registration (bsc#1144333). - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333). - cifs: smbd: Introduce kernel config option CONFIG_CIFS_SMB_DIRECT (bsc#1144333). - cifs: smbd: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333). - cifs: smbd: Retry on memory registration failure (bsc#1144333). - cifs: smbd: Return EINTR when interrupted (bsc#1144333). - cifs: smbd: Set SMB Direct maximum read or write size for I/O (bsc#1144333). - cifs: smbd: _smbd_get_connection() can be static (bsc#1144333). - cifs: smbd: Support page offset in memory registration (bsc#1144333). - cifs: smbd: Support page offset in RDMA recv (bsc#1144333). - cifs: smbd: Support page offset in RDMA send (bsc#1144333). - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333). - cifs: smbd: Upper layer connects to SMBDirect session (bsc#1144333). - cifs: smbd: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333). - cifs: smbd: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333). - cifs: smbd: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333). - cifs: smbd: Upper layer receives data via RDMA receive (bsc#1144333). - cifs: smbd: Upper layer reconnects to SMB Direct session (bsc#1144333). - cifs: smbd: Upper layer sends data via RDMA send (bsc#1144333). - cifs: smbd: Use the correct DMA direction when sending data (bsc#1144333). - cifs: smbd: When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333). - cifs: smbd: work around gcc -Wmaybe-uninitialized warning (bsc#1144333). - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333). - cifs: suppress some implicit-fallthrough warnings (bsc#1144333). - cifs: track writepages in vfs operation counters (bsc#1144333). - cifs: Try to acquire credits at once for compound requests (bsc#1144333). - cifs: update calc_size to take a server argument (bsc#1144333). - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333). - cifs: update internal module number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333). - cifs: update module internal version number (bsc#1144333). - cifs: update multiplex loop to handle compounded responses (bsc#1144333). - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333). - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333). - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333). - cifs: update smb2_queryfs() to use compounding (bsc#1144333). - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333). - cifs: use a compound for setting an xattr (bsc#1144333). - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333). - cifs: use correct format characters (bsc#1144333). - cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333). - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333). - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333). - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333). - cifs: Use kzfree() to free password (bsc#1144333). - cifs: Use offset when reading pages (bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333). - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333). - cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333). - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333). - cifs: we can not use small padding iovs together with encryption (bsc#1144333). - cifs: When sending data on socket, pass the correct page offset (bsc#1144333). - cifs: zero-range does not require the file is sparse (bsc#1144333). - cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333). - cifs: Cleanup some minor endian issues in smb3 rdma (bsc#1144333). - clk: add clk_bulk_get accessories (bsc#1144813). - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510). - clk: bcm2835: remove pllb (jsc#SLE-7294). - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294). - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813). - clk: Export clk_bulk_prepare() (bsc#1144813). - clk: qoriq: add support for lx2160a (). - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294). - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510). - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813). - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510). - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510). - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510). - Compile nvme.ko as module (bsc#1150846) - config: arm64: Remove CONFIG_ARM64_MODULE_CMODEL_LARGE Option removed by patches in bsc#1148219 - coredump: split pipe command whitespace before expanding template (bsc#1051510). - cpufreq: add driver for Raspberry Pi (jsc#SLE-7294). - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294). - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279). - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510). - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510). - crypto: caam/qi - fix error handling in ERN handler (bsc#1111666). - crypto: cavium/zip - Add missing single_release() (bsc#1051510). - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510). - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510). - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934). - crypto: ccp - Reduce maximum stack usage (bsc#1051510). - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510). - crypto: qat - Silence smp_processor_id() warning (bsc#1051510). - crypto: skcipher - Unmap pages after an external error (bsc#1051510). - crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510). - crypto: virtio - Read crypto services and algorithm masks (jsc#SLE-5844 jsc#SLE-6331 bsc#1145446 LTC#175307). - crypto: virtio - Register an algo only if it's supported (jsc#SLE-5844 jsc#SLE-6331 bsc#1145446 LTC#175307). - cx82310_eth: fix a memory leak bug (bsc#1051510). - dax: dax_layout_busy_page() should not unmap cow pages (bsc#1148698). - devres: always use dev_name() in devm_ioremap_resource() (git fixes). - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333). - dma-buf: balance refcount inbalance (bsc#1051510). - dma-buf/sw_sync: Synchronize signal vs syncpt free (bsc#1111666). - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510). - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510). - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510). - dm btree: fix order of block initialization in btree_split_beneath (git fixes). - dm bufio: fix deadlock with loop device (git fixes). - dm cache metadata: Fix loading discard bitset (git fixes). - dm crypt: do not overallocate the integrity tag space (git fixes). - dm crypt: fix parsing of extended IV arguments (git fixes). - dm delay: fix a crash when invalid device is specified (git fixes). - dm: fix to_sector() for 32bit (git fixes). - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes). - dm integrity: correctly calculate the size of metadata area (git fixes). - dm integrity: fix a crash due to BUG_ON in __journal_read_write() (git fixes). - dm integrity: fix deadlock with overlapping I/O (git fixes). - dm integrity: limit the rate of error messages (git fixes). - dm kcopyd: always complete failed jobs (git fixes). - dm log writes: make sure super sector log updates are written in order (git fixes). - dm raid: add missing cleanup in raid_ctr() (git fixes). - dm: revert 8f50e358153d ('dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE') (git fixes). - dm space map metadata: fix missing store of apply_bops() return value (git fixes). - dm table: fix invalid memory accesses with too high sector number (git fixes). - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes). - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes). - dm thin: fix passdown_double_checking_shared_status() (git fixes). - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes). - dm zoned: Fix zone report handling (git fixes). - dm zoned: fix zone state management race (git fixes). - dm zoned: improve error handling in i/o map code (git fixes). - dm zoned: improve error handling in reclaim (git fixes). - dm zoned: properly handle backing device failure (git fixes). - dm zoned: Silence a static checker warning (git fixes). - Documentation: Add nospectre_v1 parameter (bsc#1051510). - Documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510). - Documentation: Update Documentation for iommu.passthrough (bsc#1136039). - Do not log confusing message on reconnect by default (bsc#1129664, bsc#1144333). - Do not log expected error on DFS referral request (bsc#1051510, bsc#1144333). - driver core: Fix use-after-free and double free on glue directory (bsc#1131281). - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510). - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510). - drm/amd/display: Always allocate initial connector state state (bsc#1111666). - drm/amd/display: Disable ABM before destroy ABM struct (bsc#1111666). - drm/amd/display: Fill prescale_params->scale for RGB565 (bsc#1111666). - drm/amd/display: fix compilation error (bsc#1111666). - drm/amd/display: Fix dc_create failure handling and 666 color depths (bsc#1111666). - drm/amd/display: Increase size of audios array (bsc#1111666). - drm/amd/display: num of sw i2c/aux engines less than num of connectors (bsc#1145946). - drm/amd/display: Only enable audio if speaker allocation exists (bsc#1111666). - drm/amd/display: Remove redundant non-zero and overflow check (bsc#1145946). - drm/amd/display: use encoder's engine id to find matched free audio device (bsc#1111666). - drm/amd/display: Wait for backlight programming completion in set backlight level (bsc#1111666). - drm/amdgpu: Add APTX quirk for Dell Latitude 5495 (bsc#1142635) - drm/amdgpu: added support 2nd UVD instance (bsc#1143331). - drm/amdgpu:change VEGA booting with firmware loaded by PSP (bsc#1143331). - drm/amdgpu: fix a potential information leaking bug (bsc#1111666). - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642) - drm/amdgpu/sriov: Need to initialize the HDP_NONSURFACE_BAStE (bsc#1111666). - drm/amdkfd: Fix a potential memory leak (bsc#1111666). - drm/amdkfd: Fix sdma queue map issue (bsc#1111666). - drm/bridge: lvds-encoder: Fix build error while CONFIG_DRM_KMS_HELPER=m (bsc#1111666). - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510). - drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510). - drm/crc-debugfs: Also sprinkle irqrestore over early exits (bsc#1051510). - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510). - drm/edid: parse CEA blocks embedded in DisplayID (bsc#1111666). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642) - drm/exynos: fix missing decrement of retry counter (bsc#1111666). - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635) - drm/i915: Fix GEN8_MCR_SELECTOR programming (bsc#1111666). - drm/i915: Fix HW readout for crtc_clock in HDMI mode (bsc#1111666). - drm/i915: Fix the TBT AUX power well enabling (bsc#1111666). - drm/i915: Fix various tracepoints for gen2 (bsc#1113722) - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1051510). - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635) - drm/i915/gvt: fix incorrect cache entry for guest page mapping (bsc#1111666). - drm/i915/perf: ensure we keep a reference on the driver (bsc#1051510). - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635) - drm/i915/perf: fix ICL perf register offsets (bsc#1111666). - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635) - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510). - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722) - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642) - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642) - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642) - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642) - drm/mediatek: fix unbind functions (bsc#1135642) - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1111666). - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635) - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642) - drm/mediatek: use correct device to import PRIME buffers (bsc#1111666). - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635) - drm/msm: Depopulate platform on probe failure (bsc#1051510). - drm: msm: Fix add_gpu_components (bsc#1051510). - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635) - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635) - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510). - drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1142635) - drm: silence variable 'conn' set but not used (bsc#1051510). - drm/udl: introduce a macro to convert dev to udl. (bsc#1113722) - drm/udl: move to embedding drm device inside udl device. (bsc#1113722) - drm/virtio: Add memory barriers for capset cache (bsc#1051510). - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642) - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642) - Drop an ASoC fix that was reverted in 4.14.y stable - eCryptfs: fix a couple type promotion bugs (bsc#1051510). - EDAC/amd64: Add Family 17h Model 30h PCI IDs (bsc#1112178). - EDAC, amd64: Add Family 17h, models 10h-2fh support (bsc#1112178). - EDAC/amd64: Adjust printed chip select sizes when interleaved (bsc#1131489). - EDAC/amd64: Cache secondary Chip Select registers (bsc#1131489). - EDAC/amd64: Decode syndrome before translating address (bsc#1114279). - EDAC/amd64: Decode syndrome before translating address (bsc#1131489). - EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1131489). - EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1131489). - EDAC/amd64: Recognize DRAM device type ECC capability (bsc#1131489). - EDAC/amd64: Recognize x16 symbol size (bsc#1131489). - EDAC/amd64: Set maximum channel layer size depending on family (bsc#1131489). - EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1131489). - EDAC/amd64: Support more than two controllers for chip selects handling (bsc#1131489). - EDAC/amd64: Support more than two Unified Memory Controllers (bsc#1131489). - EDAC/amd64: Use a macro for iterating over Unified Memory Controllers (bsc#1131489). - EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279). - eeprom: at24: make spd world-readable again (git-fixes). - efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510). - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510). - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025). - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024). - ext4: use jbd2_inode dirty range scoping (bsc#1148616). - firmware: raspberrypi: register clk device (jsc#SLE-7294). - firmware: ti_sci: Always request response from firmware (bsc#1051510). - Fix encryption labels and lengths for SMB3.1.1 (bsc#1085536, bsc#1144333). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333). - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes). - Fix match_server check to allow for auto dialect negotiate (bsc#1144333). - Fix SMB3.1.1 guest authentication to Samba (bsc#1085536, bsc#1144333). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333). - fix struct ufs_req removal of unused field (git-fixes). - Fix warning messages when mounting to older servers (bsc#1144333). - floppy: fix invalid pointer dereference in drive_name (bsc#1111666). - floppy: fix out-of-bounds read in next_valid_format (bsc#1111666). - floppy: fix usercopy direction (bsc#1111666). - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333). - fs/cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333). - fs/cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333). - fs/cifs: fix uninitialised variable warnings (bsc#1144333). - fs/cifs: Kconfig: pedantic formatting (bsc#1144333). - fs/cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333). - fs/cifs: require sha512 (bsc#1051510, bsc#1144333). - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333). - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333). - fs/cifs: suppress a string overflow warning (bsc#1144333). - fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333). - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510). - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031). - fs/xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033). - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418). - ftrace: Check for successful allocation of hash (bsc#1149424). - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413). - gpio: Fix build error of function redefinition (bsc#1051510). - gpio: fix line flag validation in lineevent_create (bsc#1051510). - gpio: fix line flag validation in linehandle_create (bsc#1051510). - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510). - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510). - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510). - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510). - gpiolib: only check line handle flags once (bsc#1051510). - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510). - gpio: mxs: Get rid of external API call (bsc#1051510). - gpio: omap: ensure irq is enabled before wakeup (bsc#1051510). - gpio: pxa: handle corner case of unprobed device (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635) - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510). - HID: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510). - HID: cp2112: prevent sleeping function called from invalid context (bsc#1051510). - HID: hiddev: avoid opening a disconnected device (bsc#1051510). - HID: hiddev: do cleanup in failure of opening a device (bsc#1051510). - HID: holtek: test for sanity of intfdata (bsc#1051510). - HID: sony: Fix race condition between rumble and device remove (bsc#1051510). - HID: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635). - HID: wacom: correct misreported EKR ring values (bsc#1142635). - HID: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510). - hpet: Fix division by zero in hpet_time_div() (bsc#1051510). - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510). - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510). - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510). - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510). - i2c: designware: Synchronize IRQs when unregistering slave client (bsc#1111666). - i2c: emev2: avoid race when unregistering slave client (bsc#1051510). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510). - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510). - i40e: Add support for X710 device (bsc#1151067). - ia64: Get rid of iommu_pass_through (bsc#1136039). - IB/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678). - ibmveth: Convert multicast list size for little-endian system (bsc#1061843). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - ife: error out when nla attributes are empty (networking-stable-19_08_08). - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25). - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510). - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510). - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510). - iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510). - Improve security, move default dialect to SMB3 from old CIFS (bsc#1051510, bsc#1144333). - include/linux/bitops.h: sanitize rotate primitives (git fixes). - Input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510). - Input: alps - fix a mismatch between a condition check and its comment (bsc#1051510). - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510). - Input: iforce - add sanity checks (bsc#1051510). - Input: kbtab - sanity check for endpoint type (bsc#1051510). - Input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510). - Input: synaptics - whitelist Lenovo T580 SMBus intertouch (bsc#1051510). - Input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510). - intel_th: pci: Add Ice Lake NNPI support (bsc#1051510). - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510). - intel_th: pci: Add Tiger Lake support (bsc#1051510). - iommu: Add helpers to set/get default domain type (bsc#1136039). - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010). - iommu/amd: Fix race in increase_address_space() (bsc#1150860). - iommu/amd: Flush old domains in kdump kernel (bsc#1150861). - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105). - iommu/amd: Request passthrough mode from IOMMU core (bsc#1136039). - iommu: Disable passthrough mode when SME is active (bsc#1136039). - iommu/dma: Fix for dereferencing before null checking (bsc#1151667). - iommu/dma: Handle SG length overflow better (bsc#1146084). - iommu: Do not use sme_active() in generic code (bsc#1151661). - iommu/iova: Avoid false sharing on fq_timer_on (bsc#1151662). - iommu/iova: Remove stale cached32_node (bsc#1145018). - iommu: Print default domain type on boot (bsc#1136039). - iommu: Remember when default domain type was set on kernel command line (bsc#1136039). - iommu: Set default domain type at runtime (bsc#1136039). - iommu: Use Functions to set default domain type in iommu_set_def_domain_type() (bsc#1136039). - iommu/vt-d: Request passthrough mode from IOMMU core (bsc#1136039). - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08). - ipip: validate header length in ipip_tunnel_xmit (git-fixes). - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25). - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28). - irqchip/gic-v2m: Add support for Amazon Graviton variant of GICv3+GICv2m (SLE-9332). - irqchip/gic-v3-its: fix build warnings (bsc#1144880). - isdn/capi: check message length in capi_write() (bsc#1051510). - isdn: hfcsusb: checking idx of ep configuration (bsc#1051510). - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510). - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510). - iversion: add a routine to update a raw value with a larger one (bsc#1148133). - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086). - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510). - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902). - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version < 41 (bsc#1142635). - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510). - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635). - ixgbe: fix possible deadlock in ixgbe_service_task() (bsc#1113994). - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843). - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616). - kABI: Fix kABI for 'struct amd_iommu' (bsc#1145010). - kABI: Fix kABI for x86 pci-dma code (bsc#1136039). - kABI: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI - kABI: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI - KABI protect struct vmem_altmap (bsc#1150305). - kasan: remove redundant initialization of variable 'real_size' (git fixes). - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510). - keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510). - kvm: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021). - kvm: arm/arm64: Close VMID generation race (bsc#1133021). - kvm: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1133021). - kvm: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021). - kvm: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021). - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021). - kvm: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021). - kvm: arm/arm64: Skip updating PMD entry if no change (bsc#1133021). - kvm: arm/arm64: Skip updating PTE entry if no change (bsc#1133021). - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021). - kvm: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021). - kvm: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021). - kvm: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021). - kvm/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021). - kvm: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388). - kvm: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408). - kvm: mmu: Fix overlap between public and private memslots (bsc#1133021). - kvm: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389). - kvm: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390). - kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391). - kvm: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392). - kvm: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840). - kvm: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840). - kvm: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840). - kvm: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840). - kvm: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840). - kvm: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840). - kvm: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840). - kvm: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840). - kvm: Reject device ioctls from processes other than the VM's creator (bsc#1133021). - kvm: s390: add debug logging for cpu model subfunctions (jsc#SLE-6240). - kvm: s390: add deflate conversion facilty to cpu model (jsc#SLE-6240). - kvm: s390: add enhanced sort facilty to cpu model (jsc#SLE-6240 ). - kvm: s390: add MSA9 to cpumodel (jsc#SLE-6240). - kvm: s390: add vector BCD enhancements facility to cpumodel (jsc#SLE-6240). - kvm: s390: add vector enhancements facility 2 to cpumodel (jsc#SLE-6240). - kvm: s390: enable MSA9 keywrapping functions depending on cpu model (jsc#SLE-6240). - kvm: s390: implement subfunction processor calls (jsc#SLE-6240 ). - kvm: s390: provide query function for instructions returning 32 byte (jsc#SLE-6240). - kvm: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393). - kvm: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394). - kvm: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395). - kvm: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409). - kvm: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104). - kvm: x86: fix backward migration with async_PF (bsc#1146074). - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: x86: Unconditionally enable irqs in guest context (bsc#1145396). - kvm: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397). - lan78xx: Fix memory leaks (bsc#1051510). - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510). - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510). - libata: add SG safety checks in SFF pio transfers (bsc#1051510). - libata: do not request sense data on !ZAC ATA devices (bsc#1051510). - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510). - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510). - libceph: add ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450). - libceph: ADDR2 support for monmap (bsc#1148133 bsc#1136682). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: correctly decode ADDR2 addresses in incremental OSD maps (bsc#1148133 bsc#1136682). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: fix sa_family just after reading address (bsc#1148133 bsc#1136682). - libceph: fix unaligned accesses in ceph_entity_addr handling (bsc#1136682). - libceph: fix watch_item_t decoding to use ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - libceph: handle zero-length data items (bsc#1141450). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce BVECS data type (bsc#1141450). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: make ceph_pr_addr take an struct ceph_entity_addr pointer (bsc#1136682). - libceph: preallocate message data items (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450). - libceph: rename ceph_encode_addr to ceph_encode_banner_addr (bsc#1148133 bsc#1136682). - libceph: switch osdmap decoding to use ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - libceph: turn on CEPH_FEATURE_MSG_ADDR2 (bsc#1148133 bsc#1136682). - libceph: use single request data item for cmp/setxattr (bsc#1139101). - libceph: use TYPE_LEGACY for entity addrs instead of TYPE_NONE (bsc#1148133 bsc#1136682). - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510). - libiscsi: do not try to bypass SCSI EH (bsc#1142076). - libnvdimm/altmap: Track namespace boundaries in altmap (bsc#1150305). - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720). - libnvdimm: prevent nvdimm from requesting key when security is disabled (bsc#1137982). - lightnvm: remove dependencies on BLK_DEV_NVME and PCI (bsc#1150846). - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510). - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995). - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes). - lpfc: fix 12.4.0.0 GPF at boot (bsc#1148308). - mac80211: Correctly set noencrypt for PAE frames (bsc#1111666). - mac80211: Do not memset RXCB prior to PAE intercept (bsc#1111666). - mac80211: do not warn about CW params when not using them (bsc#1051510). - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510). - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635). - mac80211: fix possible sta leak (bsc#1051510). - mac80211_hwsim: Fix possible null-pointer dereferences in hwsim_dump_radio_nl() (bsc#1111666). - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510). - macsec: fix checksumming after decryption (bsc#1051510). - macsec: fix use-after-free of skb during RX (bsc#1051510). - macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510). - macsec: update operstate when lower device changes (bsc#1051510). - mailbox: handle failed named mailbox channel request (bsc#1051510). - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes). - md: do not report active array_state until after revalidate_disk() completes (git-fixes). - md: only call set_in_sync() when it is expected to succeed (git-fixes). - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes). - md/raid: raid5 preserve the writeback action after the parity check (git fixes). - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510). - media: au0828: fix null dereference in error path (bsc#1051510). - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510). - media: coda: fix mpeg2 sequence number handling (bsc#1051510). - media: coda: increment sequence offset for the last returned frame (bsc#1051510). - media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510). - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510). - media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510). - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). - media: em28xx: stop rewriting device's struct (bsc#1051510). - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510). - media: hdpvr: fix locking and a missing msleep (bsc#1051510). - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510). - media: mc-device.c: do not memset __user pointer contents (bsc#1051510). - media: media_device_enum_links32: clean a reserved field (bsc#1051510). - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510). - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510). - media: pvrusb2: use a different format for warnings (bsc#1051510). - media: replace strcpy() by strscpy() (bsc#1051510). - media: Revert '[media] marvell-ccic: reset ccic phy when stop streaming for stability' (bsc#1051510). - media: spi: IR LED: add missing of table registration (bsc#1051510). - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510). - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510). - media: tm6000: double free if usb disconnect while streaming (bsc#1051510). - media: vb2: Fix videobuf2 to map correct area (bsc#1051510). - media: vpss: fix a potential NULL pointer dereference (bsc#1051510). - media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510). - mfd: arizona: Fix undefined behavior (bsc#1051510). - mfd: core: Set fwnode for created devices (bsc#1051510). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510). - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875). - mic: avoid statically declaring a 'struct device' (bsc#1051510). - mlxsw: spectrum: Fix error path in mlxsw_sp_module_init() (bsc#1112374). - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616). - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510). - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510). - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510). - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635). - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086). - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510). - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875). - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875). - mmc: sdhci-pci: Fix BYT OCP setting (bsc#1051510). - mm: do not stall register_shrinker() (bsc#1104902, VM Performance). - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality). - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality). - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality). - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality). - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality). - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality). - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality). - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality). - mm: move MAP_SYNC to asm-generic/mman-common.h (bsc#1148297). - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality). - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality). - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality). - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689). - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality). - mm, vmscan: do not special-case slab reclaim when watermarks are boosted (git fixes (mm/vmscan)). - move a few externs to smbdirect.h to eliminate warning (bsc#1144333). - move core networking kabi patches to the end of the section - move irq_data_get_effective_affinity_mask prior the sorted section - mpls: fix warning with multi-label encap (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510). - mvpp2: refactor MTU change code (networking-stable-19_08_08). - nbd: replace kill_bdev() with __invalidate_device() again (git fixes). - Negotiate and save preferred compression algorithms (bsc#1144333). - net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510). - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25). - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08). - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25). - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25). - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25). - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021). - net: ena: add good checksum counter (bsc#1139020 bsc#1139021). - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021). - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021). - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021). - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021). - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021). - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021). - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021). - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021). - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021). - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021). - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021). - net: fix bpf_xdp_adjust_head regression for generic-XDP (bsc#1109837). - net: fix ifindex collision during namespace removal (networking-stable-19_08_08). - net: Fix netdev_WARN_ONCE macro (git-fixes). - net: hns3: add a check to pointer in error_detected and slot_reset (bsc#1104353). - net: hns3: add all IMP return code (bsc#1104353). - net: hns3: add aRFS support for PF (bsc#1104353). - net: hns3: add Asym Pause support to fix autoneg problem (bsc#1104353). - net: hns3: add check to number of buffer descriptors (bsc#1104353). - net: hns3: add default value for tc_size and tc_offset (bsc#1104353). - net: hns3: add exception handling when enable NIC HW error interrupts (bsc#1104353). - net: hns3: add handling of two bits in MAC tunnel interrupts (bsc#1104353). - net: hns3: add handshake with hardware while doing reset (bsc#1104353). - net: hns3: Add missing newline at end of file (bsc#1104353 ). - net: hns3: add opcode about query and clear RAS & MSI-X to special opcode (bsc#1104353). - net: hns3: add recovery for the H/W errors occurred before the HNS dev initialization (bsc#1104353). - net: hns3: add some error checking in hclge_tm module (bsc#1104353). - net: hns3: add support for dump firmware statistics by debugfs (bsc#1104353). - net: hns3: adjust hns3_uninit_phy()'s location in the hns3_client_uninit() (bsc#1104353). - net: hns3: bitwise operator should use unsigned type (bsc#1104353). - net: hns3: change SSU's buffer allocation according to UM (bsc#1104353). - net: hns3: check msg_data before memcpy in hclgevf_send_mbx_msg (bsc#1104353). - net: hns3: clear restting state when initializing HW device (bsc#1104353). - net: hns3: code optimizaition of hclge_handle_hw_ras_error() (bsc#1104353). - net: hns3: delay and separate enabling of NIC and ROCE HW errors (bsc#1104353). - net: hns3: delay ring buffer clearing during reset (bsc#1104353 ). - net: hns3: delay setting of reset level for hw errors until slot_reset is called (bsc#1104353). - net: hns3: delete the redundant user NIC codes (bsc#1104353 ). - net: hns3: do not configure new VLAN ID into VF VLAN table when it's full (bsc#1104353). - net: hns3: enable broadcast promisc mode when initializing VF (bsc#1104353). - net: hns3: enable DCB when TC num is one and pfc_en is non-zero (bsc#1104353). - net: hns3: extract handling of mpf/pf msi-x errors into functions (bsc#1104353). - net: hns3: fix a memory leak issue for hclge_map_unmap_ring_to_vf_vector (bsc#1104353). - net: hns3: fix a statistics issue about l3l4 checksum error (bsc#1104353). - net: hns3: fix avoid unnecessary resetting for the H/W errors which do not require reset (bsc#1104353). - net: hns3: fix a -Wformat-nonliteral compile warning (bsc#1104353). - net: hns3: fix compile warning without CONFIG_RFS_ACCEL (bsc#1104353). - net: hns3: fix dereference of ae_dev before it is null checked (bsc#1104353). - net: hns3: fixes wrong place enabling ROCE HW error when loading (bsc#1104353). - net: hns3: fix flow control configure issue for fibre port (bsc#1104353). - net: hns3: fix for dereferencing before null checking (bsc#1104353). - net: hns3: fix for skb leak when doing selftest (bsc#1104353 ). - net: hns3: fix __QUEUE_STATE_STACK_XOFF not cleared issue (bsc#1104353). - net: hns3: fix race conditions between reset and module loading & unloading (bsc#1104353). - net: hns3: fix some coding style issues (bsc#1104353 ). - net: hns3: fix VLAN filter restore issue after reset (bsc#1104353). - net: hns3: fix wrong size of mailbox responding data (bsc#1104353). - net: hns3: free irq when exit from abnormal branch (bsc#1104353 ). - net: hns3: handle empty unknown interrupt (bsc#1104353 ). - net: hns3: initialize CPU reverse mapping (bsc#1104353 ). - net: hns3: log detail error info of ROCEE ECC and AXI errors (bsc#1104353). - net: hns3: make HW GRO handling compliant with SW GRO (bsc#1104353). - net: hns3: modify handling of out of memory in hclge_err.c (bsc#1104353). - net: hns3: modify hclge_init_client_instance() (bsc#1104353 ). - net: hns3: modify hclgevf_init_client_instance() (bsc#1104353 ). - net: hns3: optimize the CSQ cmd error handling (bsc#1104353 ). - net: hns3: process H/W errors occurred before HNS dev initialization (bsc#1104353). - net: hns3: refactor hns3_get_new_int_gl function (bsc#1104353 ). - net: hns3: refactor PF/VF RSS hash key configuration (bsc#1104353). - net: hns3: refine the flow director handle (bsc#1104353 ). - net: hns3: remove override_pci_need_reset (bsc#1104353 ). - net: hns3: remove redundant core reset (bsc#1104353 ). - net: hns3: remove RXD_VLD check in hns3_handle_bdinfo (bsc#1104353). - net: hns3: remove setting bit of reset_requests when handling mac tunnel interrupts (bsc#1104353). - net: hns3: remove unused linkmode definition (bsc#1104353 ). - net: hns3: remove VF VLAN filter entry inexistent warning print (bsc#1104353). - net: hns3: replace numa_node_id with numa_mem_id for buffer reusing (bsc#1104353). - net: hns3: re-schedule reset task while VF reset fail (bsc#1104353). - net: hns3: set default value for param 'type' in hclgevf_bind_ring_to_vector (bsc#1104353). - net: hns3: set maximum length to resp_data_len for exceptional case (bsc#1104353). - net: hns3: set ops to null when unregister ad_dev (bsc#1104353 ). - net: hns3: set the port shaper according to MAC speed (bsc#1104353). - net: hns3: small changes for magic numbers (bsc#1104353 ). - net: hns3: some changes of MSI-X bits in PPU(RCB) (bsc#1104353 ). - net: hns3: some modifications to simplify and optimize code (bsc#1104353). - net: hns3: some variable modification (bsc#1104353). - net: hns3: stop schedule reset service while unloading driver (bsc#1104353). - net: hns3: sync VLAN filter entries when kill VLAN ID failed (bsc#1104353). - net: hns3: trigger VF reset if a VF had an over_8bd_nfe_err (bsc#1104353). - net: hns3: typo in the name of a constant (bsc#1104353 ). - net: hns3: use HCLGE_STATE_NIC_REGISTERED to indicate PF NIC client has registered (bsc#1104353). - net: hns3: use HCLGE_STATE_ROCE_REGISTERED to indicate PF ROCE client has registered (bsc#1104353). - net: hns3: use HCLGEVF_STATE_NIC_REGISTERED to indicate VF NIC client has registered (bsc#1104353). - net: hns3: use macros instead of magic numbers (bsc#1104353 ). - net: hns: add support for vlan TSO (bsc#1104353). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - net: Introduce netdev_*_once functions (networking-stable-19_07_25). - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678). - net/mlx5e: always initialize frag->last_in_page (bsc#1103990 ). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25). - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21). - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08). - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21). - net/mlx5: Fix modify_cq_in alignment (bsc#1103990). - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08). - net: mvpp2: Do not check for 3 consecutive Idle frames for 10G links (bsc#1119113). - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25). - net: openvswitch: fix csum updates for MPLS actions (networking-stable-19_07_25). - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21). - net: phylink: Fix flow control for fixed-link (bsc#1119113 ). - net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02). - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25). - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25). - net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25). - net: sched: verify that q!=NULL before setting q->flags (git-fixes). - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28). - net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02). - net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02). - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510). - nfc: fix potential illegal memory access (bsc#1051510). - NFS4: Fix v4.0 client state corruption when mount (git-fixes). - NFS: Cleanup if nfs_match_client is interrupted (bsc#1134291). - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381). - nfsd: Do not release the callback slot unless it was actually held (git-fixes). - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381). - nfsd: fix performance-limiting session calculation (bsc#1150381). - nfsd: give out fewer session slots as limit approaches (bsc#1150381). - nfsd: handle drc over-allocation gracefully (bsc#1150381). - nfsd: increase DRC cache limit (bsc#1150381). - NFS: Do not interrupt file writeout due to fatal errors (git-fixes). - NFS: Do not open code clearing of delegation state (git-fixes). - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes). - NFS: Fix a double unlock from nfs_match,get_client (bsc#1134291). - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes). - NFS: Fix the inode request accounting when pages have subrequests (bsc#1140012). - NFS: Forbid setting AF_INET6 to 'struct sockaddr_in'->sin_family (git-fixes). - NFS: make nfs_match_client killable (bsc#1134291). - NFS: Refactor nfs_lookup_revalidate() (git-fixes). - NFS: Remove redundant semicolon (git-fixes). - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes). - NFSv4.1: Fix open stateid recovery (git-fixes). - NFSv4.1: Only reap expired delegations (git-fixes). - NFSv4: Check the return value of update_open_stateid() (git-fixes). - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes). - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes). - NFSv4: Fix delegation state recovery (git-fixes). - NFSv4: Fix lookup revalidate of regular files (git-fixes). - NFSv4: Fix OPEN / CLOSE race (git-fixes). - NFSv4: Handle the special Linux file open access mode (git-fixes). - NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes). - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - null_blk: complete requests from ->timeout (bsc#1149446). - null_blk: wire up timeouts (bsc#1149446). - nvme: cancel request synchronously (bsc#1145661). - nvme: change locking for the per-subsystem controller list (bsc#1142541). - nvme-core: Fix extra device_put() call on error path (bsc#1142541). - nvme: do not abort completed request in nvme_cancel_request (bsc#1149446). - nvme-fc: fix module unloads while lports still pending (bsc#1150033). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvme: fix possible use-after-free in connect error flow (bsc#1139500) - nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426) - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938). - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554). - nvme-multipath: relax ANA state check (bsc#1123105). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876). - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes). - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,). - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076). - nvme-rdma: centralize controller setup sequence (bsc#1142076). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: remove redundant reference between ib_device and tagset (bsc#149446). - nvme-rdma: stop admin queue before freeing it (bsc#1140155). - nvme-rdma: support up to 4 segments of inline data (bsc#1142076). - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076). - nvme-rdma: use dynamic dma mapping per command (bsc#1149446). - nvme: remove ns sibling before clearing path (bsc#1140155). - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076). - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076). - nvme-tcp: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-tcp: fix timeout handler (bsc#1149446). - nvme: wait until all completed request's complete fn is called (bsc#1149446). - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302). - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300). - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510). - PCI: Add ACS quirk for Amazon Annapurna Labs root ports (bsc#1152187,bsc#1152525). - PCI: Add Amazon's Annapurna Labs vendor ID (bsc#1152187,bsc#1152525). - PCI: Add quirk to disable MSI-X support for Amazon's Annapurna Labs Root Port (bsc#1152187,bsc#1152525). - PCI: al: Add Amazon Annapurna Labs PCIe host controller driver (SLE-9332). - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423). - PCI: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701). - PCI: PM/ACPI: Refresh all stale power state data in pci_pm_complete() (bsc#1149106). - PCI: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635). - PCI: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841). - PCI/VPD: Prevent VPD access for Amazon's Annapurna Labs Root Port (bsc#1152187,bsc#1152525). - PCI: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635). - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510). - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510). - pinctrl: pistachio: fix leaked of_node references (bsc#1051510). - pinctrl: rockchip: fix leaked of_node references (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510). - PM / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813). - PM / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813). - PM / OPP: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294). - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510). - PNFS fallback to MDS if no deviceid found (git-fixes). - pnfs/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes). - pNFS/flexfiles: Turn off soft RPC calls (git-fixes). - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729). - powerpc/64s: Include cpu header (bsc#1065729). - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664). - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729). - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729). - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664). - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664). - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764). - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes). - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664). - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664). - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729). - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729). - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729). - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958). - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376). - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729). - powerpc/irq: drop arch_early_irq_init() (bsc#1065729). - powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600). - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729). - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664). - powerpc/mm: Handle page table allocation failures (bsc#1065729). - powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509). - powerpc/mm/nvdimm: Add an informative message if we fail to allocate altmap block (bsc#1142685 LTC#179509). - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664). - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664). - powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509). - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729). - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729). - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729). - powerpc/nvdimm: Add support for multibyte read/write for metadata (bsc#1142685 LTC#179509). - powerpc/nvdimm: Pick nearby online node if the device node is not online (bsc#1142685 ltc#179509). - powerpc/papr_scm: Fix an off-by-one check in papr_scm_meta_{get, set} (bsc#1152243 ltc#181472). - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686). - powerpc/perf: Add mem access events to sysfs (bsc#1124370). - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686). - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686). - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686). - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729). - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958). - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840). - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840). - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729). - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729). - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes). - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958). - powerpc/pseries: add missing cpumask.h include file (bsc#1065729). - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158). - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925). - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729). - powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes). - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729). - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958). - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158). - powerpc/pseries/scm: Mark the region volatile if cache flush not required (bsc#1142685 LTC#179509). - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868). - powerpc/rtas: use device model APIs and serialization during LPM (bsc#1144123 ltc#178840). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729). - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762). - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729). - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019). - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019). - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729). - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510). - power: supply: Init device wakeup after device_add() (bsc#1051510). - ppp: Fix memory leak in ppp_write (git-fixes). - printk: Do not lose last line in kmsg buffer dump (bsc#1152460). - printk: fix printk_time race (bsc#1152466). - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712). - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510). - qla2xxx: kABI fixes for v10.01.00.18-k (bcs#1082635 bcs#1141340 bcs#1143706). - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len & size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - quota: fix wrong condition in is_quota_modification() (bsc#1152026). - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510). - raid5-cache: Need to do start() part job after adding journal device (git fixes). - rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450). - rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450). - rbd: get rid of img_req->copyup_pages (bsc#1141450). - rbd: move from raw pages to bvec data descriptors (bsc#1141450). - rbd: remove bio cloning helpers (bsc#1141450). - rbd: start enums at 1 instead of 0 (bsc#1141450). - rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450). - RDMA/hns: Add mtr support for mixed multihop addressing (bsc#1104427). - RDMA/hns: Bugfix for calculating qp buffer size (bsc#1104427 ). - RDMA/hns: Bugfix for filling the sge of srq (bsc#1104427 ). - RDMa/hns: Do not stuck in endless timeout loop (bsc#1104427 ). - RDMA/hns: Fix an error code in hns_roce_set_user_sq_size() (bsc#1104427). - RDMA/hns: fix inverted logic of readl read and shift (bsc#1104427). - RDMA/hns: Fixs hw access invalid dma memory error (bsc#1104427 ). - RDMA/hns: Fixup qp release bug (bsc#1104427). - RDMA/hns: Modify ba page size for cqe (bsc#1104427). - RDMA/hns: Remove set but not used variable 'fclr_write_fail_flag' (bsc#1104427). - RDMA/hns: Remove unnecessary print message in aeq (bsc#1104427 ). - RDMA/hns: Replace magic numbers with #defines (bsc#1104427 ). - RDMA/hns: reset function when removing module (bsc#1104427 ). - RDMA/hns: Set reset flag when hw resetting (bsc#1104427 ). - RDMA/hns: Use %pK format pointer print (bsc#1104427 ). - refresh: soc: fsl: guts: Add definition for LX2160A (). - regmap: fix bulk writes on paged registers (bsc#1051510). - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510). - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510). - Remove ifdef since SMB3 (and later) now STRONGLY preferred (bsc#1051510, bsc#1144333). - Revert 'Bluetooth: validate BLE connection interval updates' (bsc#1051510). - Revert 'cfg80211: fix processing world regdomain when non modular' (bsc#1051510). - Revert 'dm bufio: fix deadlock with loop device' (git fixes). - Revert i915 userptr page lock patch (bsc#1145051) This patch potentially causes a deadlock between kcompactd, as reported on 5.3-rc3. Revert it until a proper fix is found. - Revert 'mwifiex: fix system hang problem after resume' (bsc#1051510). - Revert 'net: ena: ethtool: add extra properties retrieval via get_priv_flags' (bsc#1139020 bsc#1139021). - Revert patches.suse/0001-blk-wbt-Avoid-lock-contention-and-thundering-herd-is.patch (bsc#1141543) As we see stalls / crashes recently with the relevant code path, revert this patch tentatively. - Revert 'scsi: ncr5380: Increase register polling limit' (git-fixes). - Revert 'scsi: prefix header search paths with $(srctree)/ (bsc#1136346' This reverts commit 5f679430713da59f5367aa9499e544e6187ac17c. Reverting this commit fixes build for me. - Revert 'scsi: ufs: disable vccq if it's not needed by UFS device' (git-fixes). - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510). - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510). - rpmsg: smd: fix memory leak on channel create (bsc#1051510). - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510). - rslib: Fix decoding of shortened codes (bsc#1051510). - rslib: Fix handling of of caller provided syndrome (bsc#1051510). - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510). - rtc: pcf8563: Clear event flags and disable interrupts before requesting irq (bsc#1051510). - rtc: pcf8563: Fix interrupt trigger method (bsc#1051510). - rtlwifi: Fix file release memory leak (bsc#1111666). - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25). - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339). - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331). - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339). - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339). - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339). - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339). - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339). - samples, bpf: fix to change the buffer size for read() (bsc#1051510). - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510). - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510). - scripts/gdb: fix lx-version string output (bsc#1051510). - scsi: aacraid: Fix missing break in switch statement (git-fixes). - scsi: aacraid: Fix performance issue on logical drives (git-fixes). - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes). - scsi: aic94xx: fix module loading (git-fixes). - scsi: bfa: Avoid implicit enum conversion in bfad_im_post_vendor_event (bsc#1136496 jsc#SLE-4698). - scsi: bfa: bfa_fcs_lport: Mark expected switch fall-throughs (bsc#1136496 jsc#SLE-4698). - scsi: bfa: bfa_fcs_rport: Mark expected switch fall-throughs (bsc#1136496 jsc#SLE-4698). - scsi: bfa: bfa_ioc: Mark expected switch fall-throughs (bsc#1136496 jsc#SLE-4698). - scsi: bfa: clean up a couple of indentation issues (bsc#1136496 jsc#SLE-4698). - scsi: bfa: convert to strlcpy/strlcat (git-fixes). - scsi: bfa: fix calls to dma_set_mask_and_coherent() (bsc#1136496 jsc#SLE-4698). - scsi: bfa: no need to check return value of debugfs_create functions (bsc#1136496 jsc#SLE-4698). - scsi: bfa: remove ScsiResult macro (bsc#1136496 jsc#SLE-4698). - scsi: bfa: Remove unused functions (bsc#1136496 jsc#SLE-4698). - scsi: bfa: use dma_set_mask_and_coherent (bsc#1136496 jsc#SLE-4698). - scsi: bnx2fc: Do not allow both a cleanup completion and abort completion for the same request (bsc#1144582). - scsi: bnx2fc: fix bnx2fc_cmd refcount imbalance in send_rec (bsc#1144582). - scsi: bnx2fc: fix bnx2fc_cmd refcount imbalance in send_srr (bsc#1144582). - scsi: bnx2fc: Fix error handling in probe() (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes). - scsi: bnx2fc: Fix NULL dereference in error handling (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes). - scsi: bnx2fc: Limit the IO size according to the FW capability (bsc#1144582). - scsi: bnx2fc: Only put reference to io_req in bnx2fc_abts_cleanup if cleanup times out (bsc#1144582). - scsi: bnx2fc: Redo setting source FCoE MAC (bsc#1144582). - scsi: bnx2fc: Remove set but not used variable 'oxid' (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: remove unneeded variable (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: Separate out completion flags and variables for abort and cleanup (bsc#1144582). - scsi: bnx2fc: Update the driver version to 2.12.10 (bsc#1144582). - scsi: core: Fix race on creating sense cache (git-fixes). - scsi: core: set result when the command cannot be dispatched (git-fixes). - scsi: core: Synchronize request queue PM status only on successful resume (git-fixes). - scsi: cxgb4i: fix incorrect spelling 'reveive' -> 'receive' (bsc#1136346 jsc#SLE-4682). - scsi: cxgb4i: get pf number from lldi->pf (bsc#1136346 jsc#SLE-4682). - scsi: cxgb4i: validate tcp sequence number only if chip version <= T5 (bsc#1136346 jsc#SLE-4682). - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868). - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes). - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes. - scsi: fas216: fix sense buffer initialization (git-fixes). - scsi: hisi_sas: Add support for DIX feature for v3 hw (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: change queue depth from 512 to 4096 (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Change SERDES_CFG init value to increase reliability of HiLink (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Disable stash for v3 hw (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Fix losing directly attached disk when hot-plug (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Ignore the error code between phy down to phy up (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Issue internal abort on all relevant queues (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: kabi fixes (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: print PHY RX errors count for later revision of v3 hw (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Reduce HISI_SAS_SGE_PAGE_CNT in size (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Reject setting programmed minimum linkrate > 1.5G (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: send primitive NOTIFY to SSP situation only (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: shutdown axi bus to avoid exception CQ returned (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Use pci_irq_get_affinity() for v3 hw as experimental (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes). - scsi: libcxgbi: find cxgbi device by MAC address (bsc#1136352 jsc#SLE-4687). - scsi: libcxgbi: remove uninitialized variable len (bsc#1136352 jsc#SLE-4687). - scsi: libcxgbi: update route finding logic (bsc#1136352 jsc#SLE-4687) - scsi: libfc: fix null pointer dereference on a null lport (git-fixes). - scsi: libsas: delete sas port if expander discover failed (git-fixes). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes). - scsi: libsas: kABI protect struct sas_task_slow (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: libsas: only clear phy->in_shutdown after shutdown event done (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: lpfc: add check for loss of ndlp when sending RRQ (bsc#1148308). - scsi: lpfc: Add first and second level hardware revisions to sysfs (bsc#1146215). - scsi: lpfc: Add MDS driver loopback diagnostics support (bsc#1146215). - scsi: lpfc: Add NVMe sequence level error recovery support (bsc#1146215). - scsi: lpfc: Add simple unlikely optimizations to reduce NVME latency (bsc#1146215). - scsi: lpfc: Avoid unused function warnings (bsc#1148308). - scsi: lpfc: change snprintf to scnprintf for possible overflow (bsc#1146215). - scsi: lpfc: Convert timers to use timer_setup() (bsc#1148308). - scsi: lpfc: correct rcu unlock issue in lpfc_nvme_info_show (bsc#1148308). - scsi: lpfc: Default fdmi_on to on (bsc#1148308). - scsi: lpfc: Fix ADISC reception terminating login state if a NVME (bsc#1146215). - scsi: lpfc: Fix BlockGuard enablement on FCoE adapters (bsc#1146215). - scsi: lpfc: Fix coverity warnings (bsc#1146215). - scsi: lpfc: Fix crash due to port reset racing vs adapter error (bsc#1146215). - scsi: lpfc: Fix crash on driver unload in wq free (bsc#1146215). - scsi: lpfc: Fix crash when cpu count is 1 and null irq affinity mask (bsc#1146215). - scsi: lpfc: Fix deadlock on host_lock during cable pulls (bsc#1146215). - scsi: lpfc: Fix devices that do not return after devloss followed by (bsc#1146215). - scsi: lpfc: Fix discovery when target has no GID_FT information (bsc#1146215). - scsi: lpfc: Fix ELS field alignments (bsc#1146215). - scsi: lpfc: Fix error in remote port address change (bsc#1146215). - scsi: lpfc: Fix failure to clear non-zero eq_delay after io rate (bsc#1146215). - scsi: lpfc: Fix FLOGI handling across multiple link up/down (bsc#1146215). - scsi: lpfc: Fix hang when downloading fw on port enabled for nvme (bsc#1146215). - scsi: lpfc: Fix irq raising in lpfc_sli_hba_down (bsc#1146215). - scsi: lpfc: Fix issuing init_vpi mbox on SLI-3 card (bsc#1146215). - scsi: lpfc: Fix leak of ELS completions on adapter reset (bsc#1146215). - scsi: lpfc: Fix loss of remote port after devloss due to lack of RPIs (bsc#1146215). - scsi: lpfc: Fix Max Frame Size value shown in fdmishow output (bsc#1146215). - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs (bsc#1146215). - scsi: lpfc: Fix nvme first burst module parameter description (bsc#1146215). - scsi: lpfc: Fix nvme sg_seg_cnt display if HBA does not support NVME (bsc#1146215). - scsi: lpfc: Fix nvme target mode ABTSing a received ABTS (bsc#1146215). - scsi: lpfc: Fix Oops in nvme_register with target logout/login (bsc#1146215). - scsi: lpfc: Fix oops when fewer hdwqs than cpus (bsc#1146215). - scsi: lpfc: Fix PLOGI failure with high remoteport count (bsc#1146215). - scsi: lpfc: Fix port relogin failure due to GID_FT interaction (bsc#1146215). - scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1146215). - scsi: lpfc: Fix reported physical link speed on a disabled trunked (bsc#1146215). - scsi: lpfc: Fix reset recovery paths that are not recovering (bsc#1144375). - scsi: lpfc: Fix sg_seg_cnt for HBAs that do not support NVME (bsc#1146215). - scsi: lpfc: Fix sli4 adapter initialization with MSI (bsc#1146215). - scsi: lpfc: Fix too many sg segments spamming in kernel log (bsc#1146215). - scsi: lpfc: Fix upcall to bsg done in non-success cases (bsc#1146215). - scsi: lpfc: Limit xri count for kdump environment (bsc#1146215). - scsi: lpfc: lpfc_sli: Mark expected switch fall-throughs (bsc#1148308). - scsi: lpfc: Make some symbols static (bsc#1148308). - scsi: lpfc: Merge per-protocol WQ/CQ pairs into single per-cpu pair (bsc#1146215). - scsi: lpfc: Migrate to %px and %pf in kernel print calls (bsc#1146215). - scsi: lpfc: no need to check return value of debugfs_create functions (bsc#1148308). - scsi: lpfc: nvme: avoid hang / use-after-free when destroying localport (bsc#1148308). - scsi: lpfc: nvmet: avoid hang / use-after-free when destroying targetport (bsc#1148308). - scsi: lpfc: remove a bogus pci_dma_sync_single_for_device call (bsc#1148308). - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375). - scsi: lpfc: remove NULL check before some freeing functions (bsc#1146215). - scsi: lpfc: remove null check on nvmebuf (bsc#1148308). - scsi: lpfc: remove ScsiResult macro (bsc#1148308). - scsi: lpfc: Remove set but not used variable 'psli' (bsc#1148308). - scsi: lpfc: Remove set but not used variables 'fc_hdr' and 'hw_page_size' (bsc#1148308). - scsi: lpfc: Remove set but not used variables 'qp' (bsc#1148308). - scsi: lpfc: Remove set but not used variables 'tgtp' (bsc#1148308). - scsi: lpfc: Resolve checker warning for lpfc_new_io_buf() (bsc#1144375). - scsi: lpfc: resolve lockdep warnings (bsc#1148308). - scsi: lpfc: Support dynamic unbounded SGL lists on G7 hardware (bsc#1146215). - scsi: lpfc: Update lpfc version to 12.4.0.0 (bsc#1146215). - scsi: lpfc: Use dma_zalloc_coherent (bsc#1148308). - scsi: lpfc: use sg helper to iterate over scatterlist (bsc#1148308). - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes). - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes). - scsi: megaraid: fix out-of-bound array accesses (git-fixes). - scsi: megaraid_sas: Fix calculation of target ID (git-fixes). - scsi: megaraid_sas: IRQ poll to avoid CPU hard lockups (bsc#1143962). - scsi: megaraid_sas: Release Mutex lock before OCR in case of DCMD timeout (bsc#1143962). - scsi: mpt3sas: Determine smp affinity on per HBA basis (bsc#1143738). - scsi: mpt3sas: Fix msix load balance on and off settings (bsc#1143738). - scsi: mpt3sas: make driver options visible in sys (bsc#1143738). - scsi: mpt3sas: Mark expected switch fall-through (bsc#1143738). - scsi: mpt3sas: Remove CPU arch check to determine perf_mode (bsc#1143738). - scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA (bsc#1143738). - scsi: mpt3sas: Use configured PCIe link speed, not max (bsc#1143738). - scsi: mpt3sas: use DEVICE_ATTR_{RO, RW} (bsc#1143738). - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes). - scsi: pmcraid: do not allocate a dma coherent buffer for sense data (bsc#1135990 jsc#SLE-4709). - scsi: pmcraid: simplify pmcraid_cancel_all a bit (bsc#1135990 jsc#SLE-4709). - scsi: pmcraid: use generic DMA API (bsc#1135990 jsc#SLE-4709). - scsi: pmcraid: use sg helper to iterate over scatterlist (bsc#1135990 jsc#SLE-4709). - scsi: prefix header search paths with $(srctree)/ (bsc#1136346 jsc#SLE-4682). - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976). - scsi: qedf: Add shutdown callback handler (bsc#1149976). - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976). - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976). - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976). - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976). - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976). - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976). - scsi: qedf: Print message during bailout conditions (bsc#1149976). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes). - scsi: qedf: remove set but not used variables (bsc#1149976). - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976). - scsi: qedf: Update module description string (bsc#1149976). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976). - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976). - scsi: qedf: Use discovery list to traverse rports (bsc#1149976). - scsi: qedi: remove declaration of nvm_image from stack (git-fixes). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1143706). - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change a stack variable into a static const variable (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change data_dsd into an array (bsc#1143706). - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1143706). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1143706). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1143706). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1143706). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1134476). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1143706). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1143706). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1143706). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1143706). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1143706). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1143706). - scsi: qla2xxx: Declare local symbols static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1143706). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1143706). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1143706). - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs. - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1143706). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a format specifier (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix a format specifier (git-fixes). - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1143706). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1143706). - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix device staying in blocked state (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix device staying in blocked state (git-fixes). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1143706). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes). - scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1143706). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw dump corruption (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1143706). - scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix premature timer expiration (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1143706). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1143706). - scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake 'initializatin' -> 'initialization' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1143706). - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stuck login session (bsc#1143706). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1143706). - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Include the <asm/unaligned.h> header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Include the <asm/unaligned.h> header file from qla_dsd.h (bsc#1143706). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1143706). - scsi: qla2xxx: Insert spaces where required (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1143706). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1143706). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1143706). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1143706). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1143706). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1143706). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1143706). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1143706). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1143706). - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Modify NVMe include directives (bsc#1143706). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h> include directive (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h> include directive (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1134476). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1143706). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1143706). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1143706). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1143706). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1143706). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1143706). - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove dead code (bsc#1143706). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1143706). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous casts (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1143706). - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous tests (bsc#1143706). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary null check (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1143706). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1143706). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1143706). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1143706). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1143706). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1143706). - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1143706). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1143706). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1143706). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1143706). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1143706). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Unregister chrdev if module initialization fails (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1143706). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update two source code comments (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Update two source code comments (git-fixes). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use __le64 instead of uint32_t[2] for sending DMA addresses to firmware (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1143706). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1143706). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1143706). - scsi: qla2xxx: Use tabs to indent code (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1143706). - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes). - scsi: raid_attrs: fix unused variable warning (git-fixes). - scsi: sas: Convert timers to use timer_setup() (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes). - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes). - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes). - scsi: sd: Fix cache_type_store() (git-fixes). - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes). - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes). - scsi: sd: use mempool for discard special page (git-fixes). - scsi: sd_zbc: Fix potential memory leak (git-fixes). - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes). - scsi: target: iscsi: cxgbit: add missing spin_lock_init() (bsc#1136349 jsc#SLE-4685). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi_transport_fc: complete requests from ->timeout (bsc#1142076). - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes). - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes). - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes). - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes). - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes). - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes). - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes). - sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02). - sctp: fix the transport error_count check (networking-stable-19_08_21). - sdhci-fujitsu: add support for setting the CMD_DAT_DELAY attribute (bsc#1145256). - secure boot lockdown: Fix-up backport of /dev/mem access restriction The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned. - serial: 8250: Fix TX interrupt handling condition (bsc#1051510). - set CONFIG_FB_HYPERV=m to avoid conflict with efifb (bsc#1145134) - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333). - sis900: fix TX completion (bsc#1051510). - sky2: Disable MSI on ASUS P6T (bsc#1142496). - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510). - slip: make slhc_free() silently accept an error pointer (bsc#1051510). - slip: sl_alloc(): remove unused parameter 'dev_t line' (bsc#1051510). - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333). - smb2: fix typo in definition of a few error flags (bsc#1144333). - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333). - SMB3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333). - SMB3.1.1 dialect is no longer experimental (bsc#1051510, bsc#1144333). - SMB311: Fix reconnect (bsc#1051510, bsc#1144333). - SMB311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333). - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333). - smb3: add credits we receive from oplock/break PDUs (bsc#1144333). - smb3: add debug for unexpected mid cancellation (bsc#1144333). - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333). - smb3: add define for id for posix create context and corresponding struct (bsc#1144333). - smb3: Add defines for new negotiate contexts (bsc#1144333). - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333). - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333). - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333). - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333). - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333). - smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333). - smb3: Add handling for different FSCTL access flags (bsc#1144333). - smb3: add missing read completion trace point (bsc#1144333). - smb3: add module alias for smb3 to cifs.ko (bsc#1144333). - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333). - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333). - smb3: Add protocol structs for change notify support (bsc#1144333). - smb3: add reconnect tracepoints (bsc#1144333). - smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333). - smb3: add smb3.1.1 to default dialect list (bsc#1144333). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333). - smb3: add support for posix negotiate context (bsc#1144333). - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333). - smb3: add tracepoint for sending lease break responses to server (bsc#1144333). - smb3: add tracepoint for session expired or deleted (bsc#1144333). - smb3: add tracepoint for slow responses (bsc#1144333). - smb3: add trace point for tree connection (bsc#1144333). - smb3: add tracepoints for query dir (bsc#1144333). - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333). - smb3: add tracepoints for smb2/smb3 open (bsc#1144333). - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333). - smb3: add way to control slow response threshold for logging and stats (bsc#1144333). - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333). - smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333). - smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333). - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333). - smb3: Allow query of symlinks stored as reparse points (bsc#1144333). - smb3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing from compounded ops (bsc#1144333). - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333). - smb3 - clean up debug output displaying network interfaces (bsc#1144333). - smb3: Cleanup license mess (bsc#1144333). - smb3: Clean up query symlink when reparse point (bsc#1144333). - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333). - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333). - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333). - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333). - smb3: display session id in debug data (bsc#1144333). - smb3: display stats counters for number of slow commands (bsc#1144333). - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333). - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333). - smb3: do not display confusing message on mount to Azure servers (bsc#1144333). - smb3: do not display empty interface list (bsc#1144333). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333). - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333). - smb3: do not send compression info by default (bsc#1144333). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333). - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333). - smb3: fix bytes_read statistics (bsc#1144333). - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333). - smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333). - smb3: Fix endian warning (bsc#1144333, bsc#1137884). - smb3: Fix enumerating snapshots to Azure (bsc#1144333). - smb3: fix large reads on encrypted connections (bsc#1144333). - smb3: fix lease break problem introduced by compounding (bsc#1144333). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333). - smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333). - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333). - smb3: Fix potential memory leak when processing compound chain (bsc#1144333). - smb3: fix redundant opens on root (bsc#1144333). - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333). - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333). - smb3: fix various xid leaks (bsc#1051510, bsc#1144333). - smb3: for kerberos mounts display the credential uid used (bsc#1144333). - smb3: handle new statx fields (bsc#1085536, bsc#1144333). - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333). - smb3: if server does not support posix do not allow posix mount option (bsc#1144333). - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333). - smb3: increase initial number of credits requested to allow write (bsc#1144333). - smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333). - smb3: Log at least once if tree connect fails during reconnect (bsc#1144333). - smb3: make default i/o size for smb3 mounts larger (bsc#1144333). - smb3: minor cleanup of compound_send_recv (bsc#1144333). - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333). - smb3: minor missing defines relating to reparse points (bsc#1144333). - smb3: missing defines and structs for reparse point handling (bsc#1144333). - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333). - smb3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333). - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333). - smb3: optimize open to not send query file internal info (bsc#1144333). - smb3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333). - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333). - smb3: query inode number on open via create context (bsc#1144333). - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333). - smb3: remove per-session operations from per-tree connection stats (bsc#1144333). - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333). - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333). - smb3: request more credits on tree connect (bsc#1144333). - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333). - smb3: send backup intent on compounded query info (bsc#1144333). - smb3: send CAP_DFS capability during session setup (bsc#1144333). - smb3: Send netname context during negotiate protocol (bsc#1144333). - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333). - smb3: smbdirect no longer experimental (bsc#1144333). - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333). - smb3: track the instance of each session for debugging (bsc#1144333). - smb3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333). - smb3: trivial cleanup to smb2ops.c (bsc#1144333). - smb3: update comment to clarify enumerating snapshots (bsc#1144333). - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333). - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333). - smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333). - smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333). - smbd: Make upper layer decide when to destroy the transport (bsc#1144333). - SMB: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333). - SMB: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333). - SMB: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333). - smpboot: Place the __percpu annotation correctly (git fixes). - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813). - sound: fix a memory leak bug (bsc#1051510). - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510). - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510). - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510). - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1111666). - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510). - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510). - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510). - staging: fsl-dpaa2/ethsw: fix memory leak of switchdev_work (bsc#1111666). - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510). - SUNRPC fix regression in umount of a secure mount (git-fixes). - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes). - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add vfio_ccw (bsc#1151192 jsc#SLE-6138). - supported.conf: Mark vfio_ccw supported by SUSE, because bugs can be routed to IBM via SUSE support (jsc#SLE-6138, bsc#1151192). - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28). - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25). - team: Add vlan tx offload to hw_enc_features (bsc#1051510). - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - test_firmware: fix a memory leak bug (bsc#1051510). - tipc: change to use register_pernet_device (networking-stable-19_07_02). - tools: bpftool: close prog FD before exit on showing a single program (bsc#1109837). - tools: bpftool: fix error message (prog -> object) (bsc#1109837). - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555). - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555). - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555). - tpm: Unify the send callback behaviour (bsc#1082555). - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555). - tracing: Fix header include guards in trace event headers (bsc#1144474). - Tree connect for SMB3.1.1 must be signed for non-encrypted shares (bsc#1051510, bsc#1144333). - treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333). - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510). - tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510). - tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510). - tty: serial: fsl_lpuart: Use appropriate lpuart32_* I/O funcs (bsc#1111666). - tty: serial: msm_serial: avoid system lockup condition (bsc#1051510). - tua6100: Avoid build warnings (bsc#1051510). - tun: fix use-after-free when register netdev failed (bsc#1111666). - tun: mark small packets as owned by the tap sock (bsc#1109837). - tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02). - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617). - Update config files. (bsc#1145687) Add the following kernel config to ARM64: CONFIG_ACPI_PCI_SLOT=y CONFIG_HOTPLUG_PCI_ACPI=y - update internal version number for cifs.ko (bsc#1144333). - Update patches.arch/powerpc-pseries-Fix-xive-off-command-line.patch (bsc#1085030, bsc#1144518, LTC#178833). - Update patches.fixes/0001-docs-Fix-conf.py-for-Sphinx-2.0.patch (bsc#1135642). Fix patch header. - Update patches.fixes/MD-fix-invalid-stored-role-for-a-disk-try2.patch (bsc#1143765). - Update patches.fixes/tracing-Fix-bad-use-of-igrab-in-trace_uprobe.c.patch (bsc#1120046, bsc#1146141). - Update patches.suse/ceph-remove-request-from-waiting-list-before-unregister.patch (bsc#1148133 bsc#1138539). - Update patches.suse/ext4-unsupported-features.patch (SLE-8615, bsc#1149651, SLE-9243). - Update patches.suse/powerpc-powernv-Return-for-invalid-IMC-domain.patch (bsc#1054914, git-fixes). - Update s390 config files (bsc#1151192). - VFIO_CCW=m - S390_CCW_IOMMU=y - Update session and share information displayed for debugging SMB2/SMB3 (bsc#1144333). - Update version of cifs module (bsc#1144333). - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635). - usb: CDC: fix sanity checks in CDC union parser (bsc#1142635). - usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510). - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510). - usb: core: Fix races in character device registration and deregistraion (bsc#1051510). - usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510). - usb: gadget: composite: Clear 'suspended' on reset/disconnect (bsc#1051510). - usb: gadget: udc: renesas_usb3: Fix sysfs interface of 'role' (bsc#1142635). - usb: Handle USB3 remote wakeup for LPM enabled devices correctly (bsc#1051510). - usb: host: fotg2: restart hcd after port reset (bsc#1051510). - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510). - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510). - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510). - usb: iowarrior: fix deadlock on disconnect (bsc#1051510). - usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510). - usb: serial: option: Add Motorola modem UARTs (bsc#1051510). - usb: serial: option: Add support for ZTE MF871A (bsc#1051510). - usb: serial: option: add the BroadMobi BM818 card (bsc#1051510). - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510). - usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510). - usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510). - usb: typec: tcpm: free log buf memory when remove debug file (bsc#1111666). - usb: typec: tcpm: Ignore unsupported/unknown alternate mode requests (bsc#1111666). - usb: typec: tcpm: remove tcpm dir if no children (bsc#1111666). - usb: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510). - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510). - usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510). - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510). - vfs: fix page locking deadlocks when deduping files (bsc#1148619). - vhost/test: fix build for vhost test (bsc#1111666). - video: ssd1307fb: Start page range at page_offset (bsc#1113722) - virtio/s390: fix race on airq_areas (bsc#1145357). - VMCI: Release resource if the work is already queued (bsc#1051510). - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25). - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510). - watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510). - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510). - watchdog: fix compile time error of pretimeout governors (bsc#1051510). - wcn36xx: use dynamic allocation for large variables (bsc#1111666). - wimax/i2400m: fix a memory leak bug (bsc#1051510). - x86/asm: Remove dead __GNUC__ conditionals (bsc#1112178). - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279). - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279). - x86/dma: Get rid of iommu_pass_through (bsc#1136039). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955). - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279). - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689). - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689). - x86/resctrl: Prevent NULL pointer dereference when local MBM is disabled (bsc#1112178). - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279). - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279). - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279). - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279). - xdp: unpin xdp umem pages in error path (bsc#1109837). - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21). - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600). - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600). - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600). - xen/xenbus: fix self-deadlock after killing user process (bsc#1065600). - xfrm: Fix bucket count reported to userspace (bsc#1143300). - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300). - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300). - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035). - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053). - xfs: dump transaction usage details on log reservation overrun (bsc#1145235). - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235). - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032). - xfs: fix semicolon.cocci warnings (bsc#1145235). - xfs: fix up agi unlinked list reservations (bsc#1145235). - xfs: include an allocfree res for inobt modifications (bsc#1145235). - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235). - xfs: print transaction log reservation on overrun (bsc#1145235). - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235). - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235). - xfs: remove more ondisk directory corruption asserts (bsc#1148034). - xfs: separate shutdown from ticket reservation print helper (bsc#1145235). - xfs: truncate transaction does not modify the inobt (bsc#1145235). - xsk: avoid store-tearing when assigning queues (bsc#1111666). - xsk: avoid store-tearing when assigning umem (bsc#1111666). - {nl,mac}80211: fix interface combinations on crypto controlled devices (bsc#1111666). ----------------------------------------- Patch: SUSE-2019-2674 Released: Tue Oct 15 16:53:28 2019 Summary: Security update for tcpdump Severity: important References: 1068716,1153098,1153332,CVE-2017-16808,CVE-2018-10103,CVE-2018-10105,CVE-2018-14461,CVE-2018-14462,CVE-2018-14463,CVE-2018-14464,CVE-2018-14465,CVE-2018-14466,CVE-2018-14467,CVE-2018-14468,CVE-2018-14469,CVE-2018-14470,CVE-2018-14879,CVE-2018-14880,CVE-2018-14881,CVE-2018-14882,CVE-2018-16227,CVE-2018-16228,CVE-2018-16229,CVE-2018-16230,CVE-2018-16300,CVE-2018-16301,CVE-2018-16451,CVE-2018-16452,CVE-2019-1010220,CVE-2019-15166,CVE-2019-15167 Description: This update for tcpdump fixes the following issues: - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098). - CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098). - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098). - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098). - CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098). - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098). - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098). - CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098). - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098). - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098). - CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098). - CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098). - CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098). - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098). - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098). - CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098). - CVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098). - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098). - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098). - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098). - CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN (bsc#1153098). - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098). - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098). - CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098). ----------------------------------------- Patch: SUSE-2019-2675 Released: Tue Oct 15 21:06:30 2019 Summary: Recommended update for clone-master-clean-up Severity: moderate References: 1139667,1149322 Description: This update for clone-master-clean-up fixes the following issues: - Bugfixes: * Deleted /var/lib/wicked/* files for cloning. If machines with identical settings exist in the same network multiple times, IP addresses may change with each renewal (bsc#1139667) ----------------------------------------- Patch: SUSE-2019-2676 Released: Tue Oct 15 21:06:54 2019 Summary: Recommended update for e2fsprogs Severity: moderate References: 1145716,1152101,CVE-2019-5094 Description: This update for e2fsprogs fixes the following issues: Security issue fixed: - CVE-2019-5094: Fixed an arbitrary code execution via specially crafted ext4 file systems. (bsc#1152101) Non-security issue fixed: - libext2fs: Call fsync(2) to clear stale errors for a new a unix I/O channel. (bsc#1145716) ----------------------------------------- Patch: SUSE-2019-2681 Released: Tue Oct 15 22:01:40 2019 Summary: Recommended update for libdb-4_8 Severity: moderate References: 1148244 Description: This update for libdb-4_8 fixes the following issues: - Add off-page deadlock patch as found and documented by Red Hat. (bsc#1148244) ----------------------------------------- Patch: SUSE-2019-2693 Released: Wed Oct 16 16:43:30 2019 Summary: Recommended update for rpcbind Severity: moderate References: 1142343 Description: This update for rpcbind fixes the following issues: - Return correct IP address with multiple ip addresses in the same subnet. (bsc#1142343) ----------------------------------------- Patch: SUSE-2019-2702 Released: Wed Oct 16 18:41:30 2019 Summary: Security update for gcc7 Severity: moderate References: 1071995,1141897,1142649,1148517,1149145,CVE-2019-14250,CVE-2019-15847 Description: This update for gcc7 to r275405 fixes the following issues: Security issues fixed: - CVE-2019-14250: Fixed an integer overflow in binutils (bsc#1142649). - CVE-2019-15847: Fixed an optimization in the POWER9 backend of gcc that could reduce the entropy of the random number generator (bsc#1149145). Non-security issue fixed: - Move Live Patching technology stack from kGraft to upstream klp (bsc#1071995, fate#323487). ----------------------------------------- Patch: SUSE-2019-2705 Released: Thu Oct 17 13:05:45 2019 Summary: Recommended update for yast2-hana-firewall and for yast2-sap-ha Severity: moderate References: 1117765,1146220 Description: This update for yast2-hana-firewall provides the following fix: - Fix the following crash in Yast2 HA Setup for SAP Products: 'cannot import namespace 'SystemdService'. (bsc#1146220) This update for yast2-sap-ha fixes the following issues: - Fix break caused by systemd service library reorganization. (bsc#1146220) - Fix bug stopping the non-productive HANA system in the cost-optimized scenario. (bsc#1117765) - Enhanced the module to be used on Azure with unattended mode support. (fate#324542, fate#325956) - Fix the rpc server error when Y2DIR variable is set. (fate#325957) - Fix the copy_ssfs_keys method to not fail when no password is informed but there is passwordless ssh access between the nodes. (fate#325957) - Enhanced the module to be used in hands-free WF on Bare Metal. (fate#325957) ----------------------------------------- Patch: SUSE-2019-2707 Released: Thu Oct 17 16:04:52 2019 Summary: Security update for postgresql10 Severity: important References: 1145092,CVE-2019-10208 Description: This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092). ----------------------------------------- Patch: SUSE-2019-2722 Released: Mon Oct 21 11:14:20 2019 Summary: Recommended update for pciutils-ids Severity: moderate References: 1127840,1133581 Description: This is a version update for pciutils-ids to version 20190830 (bsc#1133581, bsc#1127840) ----------------------------------------- Patch: SUSE-2019-2730 Released: Mon Oct 21 16:04:57 2019 Summary: Security update for procps Severity: important References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 Description: This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences ----------------------------------------- Patch: SUSE-2019-2734 Released: Tue Oct 22 11:00:58 2019 Summary: Recommended update for tcsh Severity: moderate References: 1151630 Description: This update for tcsh fixes the following issues: - Restore cleanup routines in case of an error (bsc#1151630) ----------------------------------------- Patch: SUSE-2019-2737 Released: Tue Oct 22 12:02:36 2019 Summary: Security update for openconnect Severity: moderate References: 1151178,CVE-2019-16239 Description: This update for openconnect fixes the following issues: - CVE-2019-16239: Fixed a buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. (bsc#1151178) ----------------------------------------- Patch: SUSE-2019-2743 Released: Tue Oct 22 15:50:02 2019 Summary: Security update for python Severity: moderate References: 1130840,1149955,1153238,CVE-2019-16056,CVE-2019-16935,CVE-2019-9947 Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-9947: Fixed an insufficient validation of URL paths with embedded whitespace or control characters that could allow HTTP header injections. (bsc#1130840) - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). ----------------------------------------- Patch: SUSE-2019-2746 Released: Tue Oct 22 16:50:50 2019 Summary: Recommended update for yast2-sap-ha Severity: important References: 1146220 Description: This update for yast2-sap-ha fixes the following issues: - Update yast2-sap-ha to version 1.0.8. - Fix a regression that was introduced in a previous update. Under certain circumstances, HA Setup for SAP Products used to crash with the error message 'cannot import namespace 'SystemdService''. [bsc#1146220] ----------------------------------------- Patch: SUSE-2019-2749 Released: Wed Oct 23 09:08:41 2019 Summary: Security update for sysstat Severity: moderate References: 1150114,CVE-2019-16167 Description: This update for sysstat fixes the following issue: - CVE-2019-16167: Fixed a memory corruption due to an integer overflow. (bsc#1150114) ----------------------------------------- Patch: SUSE-2019-2750 Released: Wed Oct 23 09:22:42 2019 Summary: Security update for zziplib Severity: moderate References: 1107424,1129403,CVE-2018-16548 Description: This update for zziplib fixes the following issues: Security issue fixed: - CVE-2018-16548: Prevented memory leak from __zzip_parse_root_directory(). Free allocated structure if its address is not passed back. (bsc#1107424) Other issue addressed: - Prevented a division by zero (bsc#1129403). ----------------------------------------- Patch: SUSE-2019-2755 Released: Wed Oct 23 15:24:26 2019 Summary: Security update for rust Severity: moderate References: 1096945,1100691,1133283,1134978,CVE-2018-1000622,CVE-2019-12083 Description: This update for rust fixes the following issues: Rust was updated to version 1.36.0. Security issues fixed: - CVE-2019-12083: a standard method can be overridden violating Rust's safety guarantees and causing memory unsafety (bsc#1134978) - CVE-2018-1000622: rustdoc loads plugins from world writable directory allowing for arbitrary code execution (bsc#1100691) ----------------------------------------- Patch: SUSE-2019-2758 Released: Thu Oct 24 07:06:45 2019 Summary: Recommended update for tuned Severity: low References: 1153341 Description: This update for tuned fixes the following issues: - Removed an unused config file: /etc/tuned/sap-hana-vmware-variables.conf (bsc#1153341) ----------------------------------------- Patch: SUSE-2019-2762 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Severity: moderate References: 1150451 Description: This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------- Patch: SUSE-2019-2763 Released: Thu Oct 24 07:08:52 2019 Summary: Recommended update for mysql-connector-cpp Severity: moderate References: 1149792 Description: This update for mysql-connector-cpp fixes the following issues: - Add missing zlib build dependency, which used to be pulled in by libopenssl-devel. (bsc#1149792) ----------------------------------------- Patch: SUSE-2019-2766 Released: Thu Oct 24 07:09:49 2019 Summary: Recommended update for migrate-sles-to-sles4sap Severity: moderate References: 1112548 Description: This update for migrate-sles-to-sles4sap fixes the following issues: - Fixed /etc/os-release issue after using migration script from SLES to SLES4SAP: (bsc#1112548) * Removed several hacks that aren't necessary anymore, due to changes in SUSEConnect * Bootloader change isn't necessary anymore as SLES will always be shown in GRUB2 regardless if SLES or SLES for SAP * removed hardcoded version dependencies to make the script version independent * added rollback in case of failed migration * added additional runtime warnings and infos for user * restructured code for cleaner readability * fixed ShellCheck issues * changed parsing for variables like VERSION and CPE from /etc/os-release to /etc/products.d/baseproduct, as /etc/os-release doesn't differ on SLES and SLES for SAP * Checks the SSL certificate of SMT and RMT servers. * Added user input to allow self-signed SSL certificates on SMT and RMT servers. * Fixed RMT registration issue. ----------------------------------------- Patch: SUSE-2019-2772 Released: Thu Oct 24 13:55:37 2019 Summary: Recommended update for lifecycle-data-sle-module-live-patching Severity: moderate References: 1020320 Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: - Added data for 4_12_14-150_27, 4_12_14-150_32, 4_12_14-150_35, 4_12_14-197_10, 4_12_14-197_15. (bsc#1020320) ----------------------------------------- Patch: SUSE-2019-2777 Released: Thu Oct 24 16:13:20 2019 Summary: Recommended update for fipscheck Severity: moderate References: 1149792 Description: This update for fipscheck fixes the following issues: - Remove #include of unused fips.h to fix build with OpenSSL 1.1.1 (bsc#1149792) ----------------------------------------- Patch: SUSE-2019-2779 Released: Thu Oct 24 16:57:42 2019 Summary: Security update for binutils Severity: moderate References: 1109412,1109413,1109414,1111996,1112534,1112535,1113247,1113252,1113255,1116827,1118644,1118830,1118831,1120640,1121034,1121035,1121056,1133131,1133232,1141913,1142772,1152590,1154016,1154025,CVE-2018-1000876,CVE-2018-17358,CVE-2018-17359,CVE-2018-17360,CVE-2018-17985,CVE-2018-18309,CVE-2018-18483,CVE-2018-18484,CVE-2018-18605,CVE-2018-18606,CVE-2018-18607,CVE-2018-19931,CVE-2018-19932,CVE-2018-20623,CVE-2018-20651,CVE-2018-20671,CVE-2018-6323,CVE-2018-6543,CVE-2018-6759,CVE-2018-6872,CVE-2018-7208,CVE-2018-7568,CVE-2018-7569,CVE-2018-7570,CVE-2018-7642,CVE-2018-7643,CVE-2018-8945,CVE-2019-1010180,ECO-368,SLE-6206 Description: This update for binutils fixes the following issues: binutils was updated to current 2.32 branch [jsc#ECO-368]. Includes following security fixes: - CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412) - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413) - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414) - CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827) - CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996) - CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535) - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534) - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255) - CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252) - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247) - CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831) - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830) - CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035) - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034) - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056) - CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640) - CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772) - enable xtensa architecture (Tensilica lc6 and related) - Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913). - Fixed some LTO build issues (bsc#1133131 bsc#1133232). - riscv: Don't check ABI flags if no code section - Fixed a segfault in ld when building some versions of pacemaker (bsc#1154025, bsc#1154016). - Add avr, epiphany and rx to target_list so that the common binutils can handle all objects we can create with crosses (bsc#1152590). Update to binutils 2.32: * The binutils now support for the C-SKY processor series. * The x86 assembler now supports a -mvexwig=[0|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property notes. * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE. * The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary. * Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly. Disassembly will continue from this symbol up to the next symbol or the end of the function. * The BFD linker will now report property change in linker map file when merging GNU properties. * The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report. * The GOLD linker has improved warning messages for relocations that refer to discarded sections. - Improve relro support on s390 [fate#326356] - Fix broken debug symbols (bsc#1118644) - Handle ELF compressed header alignment correctly. ----------------------------------------- Patch: SUSE-2019-2782 Released: Fri Oct 25 14:27:52 2019 Summary: Security update for nfs-utils Severity: moderate References: 1150733,CVE-2019-3689 Description: This update for nfs-utils fixes the following issues: - CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733) ----------------------------------------- Patch: SUSE-2019-2786 Released: Fri Oct 25 15:56:35 2019 Summary: Security update for docker-runc Severity: moderate References: 1152308,CVE-2019-16884 Description: This update for docker-runc fixes the following issues: - CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. (bsc#1152308) ----------------------------------------- Patch: SUSE-2019-2790 Released: Mon Oct 28 14:54:13 2019 Summary: Recommended update for java-1_8_0-ibm Severity: moderate References: 1143080 Description: This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 41 [bsc#1143080]: * JIT compiler crash: Remove implicit sign extension assumptions from iRegStore evaluator (https://github.com/eclipse/omr/pull/4103) ----------------------------------------- Patch: SUSE-2019-2799 Released: Mon Oct 28 17:11:16 2019 Summary: Recommended update for tcsh Severity: important References: 1153839,1154877 Description: This update for tcsh fixes the following issues: - Avoid breakage in sourcing standard system files (bsc#1153839) - A regression has been fixed where glob expansion would not work properly. (bsc#1154877) ----------------------------------------- Patch: SUSE-2019-2802 Released: Tue Oct 29 11:39:05 2019 Summary: Security update for python3 Severity: moderate References: 1149121,1149792,1149955,1151490,1153238,CVE-2019-16056,CVE-2019-16935,PM-1350,SLE-9426 Description: This update for python3 to 3.6.9 fixes the following issues: Security issues fixed: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). Non-security issues fixed: - Fixed regression of OpenSSL 1.1.1b-1 in EVP_PBE_scrypt() with salt=NULL. (bsc#1151490) - Improved locale handling by implementing PEP 538. ----------------------------------------- Patch: SUSE-2019-2806 Released: Tue Oct 29 11:47:15 2019 Summary: Recommended update for libspectre Severity: moderate References: 1153337 Description: This update for libspectre aligns the libspectre build with the current ghostscript 9.27 release. (bsc#1153337) ----------------------------------------- Patch: SUSE-2019-2810 Released: Tue Oct 29 14:56:44 2019 Summary: Security update for runc Severity: moderate References: 1131314,1131553,1152308,CVE-2019-16884 Description: This update for runc fixes the following issues: Security issue fixed: - CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. (bsc#1152308) Non-security issues fixed: - Includes upstreamed patches for regressions (bsc#1131314 bsc#1131553). ----------------------------------------- Patch: SUSE-2019-2811 Released: Tue Oct 29 14:57:18 2019 Summary: Recommended update for llvm7 Severity: moderate References: 1138457 Description: This update for llvm7 doesn't address any user visible issues. ----------------------------------------- Patch: SUSE-2019-2812 Released: Tue Oct 29 14:57:55 2019 Summary: Recommended update for systemd Severity: moderate References: 1139459,1140631,1145023,1150595,SLE-7687 Description: This update for systemd provides the following fixes: - Fix a problem that would cause invoking try-restart to an inactive service to hang when a daemon-reload is invoked before the try-restart returned. (bsc#1139459) - man: Add a note about _netdev usage. - units: Replace remote-cryptsetup-pre.target with remote-fs-pre.target. - units: Add [Install] section to remote-cryptsetup.target. - cryptsetup: Ignore _netdev, since it is used in generator. - cryptsetup-generator: Use remote-cryptsetup.target when _netdev is present. (jsc#SLE-7687) - cryptsetup-generator: Add a helper utility to create symlinks. - units: Add remote-cryptsetup.target and remote-cryptsetup-pre.target. - man: Add an explicit description of _netdev to systemd.mount(5). - man: Order fields alphabetically in crypttab(5). - man: Make crypttab(5) a bit easier to read. - units: Order cryptsetup-pre.target before cryptsetup.target. - Fix reporting of enabled-runtime units. - sd-bus: Deal with cookie overruns. (bsc#1150595) - rules: Add by-id symlinks for persistent memory. (bsc#1140631) - Buildrequire polkit so /usr/share/polkit-1/rules.d subdir can be only owned by polkit. (bsc#1145023) ----------------------------------------- Patch: SUSE-2019-2870 Released: Thu Oct 31 08:09:14 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1051143,1138869,1151023 Description: This update for aaa_base provides the following fixes: - Check if variables can be set before modifying them to avoid warnings on login with a restricted shell. (bsc#1138869) - Add s390x compressed kernel support. (bsc#1151023) - service: Check if there is a second argument before using it. (bsc#1051143) ----------------------------------------- Patch: SUSE-2019-2880 Released: Mon Nov 4 11:56:58 2019 Summary: Recommended update for libcontainers-common Severity: moderate References: 1139526,1151028,1152752 Description: This update for libcontainers-common fixes the following issues: Update to image 1.4.4: - Hard-code the kernel keyring use to be disabled for now Update to libpod 1.5.1: - The hostname of pods is now set to the pod's name - Minor bugfixes Update to storage 1.12.16: - Ignore ro mount options in btrfs and windows drivers - Check /var/lib/containers if possible before setting btrfs backend (bsc#1151028) - Add a default registries.d configuration file, used to specify images signatures storage location. Update to image v3.0.0: - Add 'Env' to ImageInspectInfo - Add API function TryUpdatingCache - Add ability to install man pages - Add user registry auth to kernel keyring - Fix policy.json.md -> containers-policy.json.5.md references - Fix typo in docs/containers-registries.conf.5.md - Remove pkg/sysregistries - Touch up transport man page - Try harder in storageImageDestination.TryReusingBlob - Use the same HTTP client for contacting the bearer token server and the registry - ci: change GOCACHE to a writeable path - config.go: improve debug message - config.go: log where credentials come from - docker client: error if registry is blocked - docker: allow deleting OCI images - docker: delete: support all MIME types - ostree: default is no OStree support - ostree: improve error message - progress bar: use spinners for unknown blob sizes - use 'containers_image_ostree' as build tag - use keyring when authfile empty - Update to storage v1.12.16 - Add cirrus vendor check - Add storage options to IgnoreChownErrors - Add support for UID as well as UserName in /etc/subuid files. - Add support for ignoreChownErrors to vfs - Add support for installing man pages - Fix cross-compilation - Keep track of the UIDs and GIDs used in applied layers - Move lockfiles to their own package - Remove merged directory when it is unmounted - Switch to go modules - Switch to golangci-lint - Update generated files - Use same variable name on both commands - cirrus: ubuntu: try removing cryptsetup-initramfs - compression: add support for the zstd algorithm - getLockfile(): use the absolute path - loadMounts(): reset counts before merging just-loaded data - lockfile: don't bother releasing a lock when closing a file - locking test updates - locking: take read locks on read-only stores - make local-cross more reliable for CI - overlay: cache the results of supported/using-metacopy/use-naive-diff feature tests - overlay: fix small piece of repeated work - utils: fix check for missing conf file - zstd: use github.com/klauspost/compress directly Update to libpod v1.4.4: - Fixed a bug where rootless Podman would attempt to use the entire root configuration if no rootless configuration was present for the user, breaking rootless Podman for new installations - Fixed a bug where rootless Podman's pause process would block SIGTERM, preventing graceful system shutdown and hanging until the system's init send SIGKILL - Fixed a bug where running Podman as root with sudo -E would not work after running rootless Podman at least once - Fixed a bug where options for tmpfs volumes added with the --tmpfs flag were being ignored - Fixed a bug where images with no layers could not properly be displayed and removed by Podman - Fixed a bug where locks were not properly freed on failure to create a container or pod - Podman now has greatly improved support for containers using multiple OCI runtimes. Containers now remember if they were created with a different runtime using --runtime and will always use that runtime - The cached and delegated options for volume mounts are now allowed for Docker compatability (#3340) - The podman diff command now supports the --latest flag - Fixed a bug where podman cp on a single file would create a directory at the target and place the file in it (#3384) - Fixed a bug where podman inspect --format '{{.Mounts}}' would print a hexadecimal address instead of a container's mounts - Fixed a bug where rootless Podman would not add an entry to container's /etc/hosts files for their own hostname (#3405) - Fixed a bug where podman ps --sync would segfault (#3411) - Fixed a bug where podman generate kube would produce an invalid ports configuration (#3408) - Podman now performs much better on systems with heavy I/O load - The --cgroup-manager flag to podman now shows the correct default setting in help if the default was overridden by libpod.conf - For backwards compatability, setting --log-driver=json-file in podman run is now supported as an alias for --log-driver=k8s-file. This is considered deprecated, and json-file will be moved to a new implementation in the future ([#3363](https://github.com/containers/libpod/issues/3363)) - Podman's default libpod.conf file now allows the crun OCI runtime to be used if it is installed - Fixed a bug where Podman could not run containers using an older version of Systemd as init (#3295) - Updated vendored Buildah to v1.9.0 to resolve a critical bug with Dockerfile RUN instructions - The error message for running podman kill on containers that are not running has been improved - The Podman remote client can now log to a file if syslog is not available - The MacOS dmg file is experimental, use at your own risk. - The podman exec command now sets its error code differently based on whether the container does not exist, and the command in the container does not exist - The podman inspect command on containers now outputs Mounts JSON that matches that of docker inspect, only including user-specified volumes and differentiating bind mounts and named volumes - The podman inspect command now reports the path to a container's OCI spec with the OCIConfigPath key (only included when the container is initialized or running) - The podman run --mount command now supports the bind-nonrecursive option for bind mounts (#3314) - Fixed a bug where podman play kube would fail to create containers due to an unspecified log driver - Fixed a bug where Podman would fail to build with musl libc (#3284) - Fixed a bug where rootless Podman using slirp4netns networking in an environment with no nameservers on the host other than localhost would result in nonfunctional networking (#3277) - Fixed a bug where podman import would not properly set environment variables, discarding their values and retaining only keys - Fixed a bug where Podman would fail to run when built with Apparmor support but run on systems without the Apparmor kernel module loaded (#3331) - Remote Podman will now default the username it uses to log in to remote systems to the username of the current user - Podman now uses JSON logging with OCI runtimes that support it, allowing for better error reporting Updated vendored Buildah to v1.8.4 Updated vendored containers/image to v2.0 Update to image v2.0.0: - Add registry mirror support - Include missing man pages (bsc#1139526) Update to storage v1.12.10: - Add support for UID as well as UserName in /etc/subuid files. - utils: fix check for missing conf file - compression: add support for the zstd algorithm - overlay: cache the results of supported/using-metacopy/use-naive-diff feature tests Update to libpod v1.4.0 ----------------------------------------- Patch: SUSE-2019-2888 Released: Mon Nov 4 17:33:58 2019 Summary: Recommended update for neon Severity: low References: 1149792 Description: This update for neon provides the following fixes: - Fix build with openssl 1.1.1. (bsc#1149792) - Make sure the license gets installed properly. ----------------------------------------- Patch: SUSE-2019-2891 Released: Mon Nov 4 17:47:10 2019 Summary: Security update for python-ecdsa Severity: moderate References: 1153165,1154217,CVE-2019-14853,CVE-2019-14859 Description: This update for python-ecdsa to version 0.13.3 fixes the following issues: Security issues fixed: - CVE-2019-14853: Fixed unexpected exceptions during signature decoding (bsc#1153165). - CVE-2019-14859: Fixed a signature malleability caused by insufficient checks of DER encoding (bsc#1154217). ----------------------------------------- Patch: SUSE-2019-2905 Released: Wed Nov 6 12:10:59 2019 Summary: Recommended update for scout Severity: moderate References: 1135598 Description: This update for scout fixes the following issues: - Fix bug where sbin packages would print as bytes strings (bsc#1135598) ----------------------------------------- Patch: SUSE-2019-2908 Released: Wed Nov 6 13:49:01 2019 Summary: Recommended update for perl-Mail-SPF Severity: low References: 1141089 Description: This update for perl-Mail-SPF fixes the following issues: - Sets the executable bit for the /usr/sbin/spfd binary (bsc#1141089) - The license file is now located in the /usr/share/licenses directory of perl-Mail-SPF ----------------------------------------- Patch: SUSE-2019-2913 Released: Thu Nov 7 11:33:39 2019 Summary: Security update for gdb Severity: moderate References: 1115034,1142772,1145692,CVE-2019-1010180,ECO-368 Description: This update for gdb fixes the following issues: Update to gdb 8.3.1: (jsc#ECO-368) Security issues fixed: - CVE-2019-1010180: Fixed a potential buffer overflow when loading ELF sections larger than the file. (bsc#1142772) Upgrade libipt from v2.0 to v2.0.1. - Enable librpm for version > librpm.so.3 [bsc#1145692]: * Allow any librpm.so.x * Add %build test to check for 'zypper install ' message - Copy gdbinit from fedora master @ 25caf28. Add gdbinit.without-python, and use it for --without=python. Rebase to 8.3 release (as in fedora 30 @ 1e222a3). * DWARF index cache: GDB can now automatically save indices of DWARF symbols on disk to speed up further loading of the same binaries. * Ada task switching is now supported on aarch64-elf targets when debugging a program using the Ravenscar Profile. * Terminal styling is now available for the CLI and the TUI. * Removed support for old demangling styles arm, edg, gnu, hp and lucid. * Support for new native configuration RISC-V GNU/Linux (riscv*-*-linux*). - Implemented access to more POWER8 registers. [fate#326120, fate#325178] - Handle most of new s390 arch13 instructions. [fate#327369, jsc#ECO-368] ----------------------------------------- Patch: SUSE-2019-2933 Released: Fri Nov 8 11:46:01 2019 Summary: Recommended update for llvm7 Severity: moderate References: 1139584 Description: This update for llvm7 fixes the following issues: - Enable RTTI (run time type information) by built for LLVM. (bsc#1139584) ----------------------------------------- Patch: SUSE-2019-2934 Released: Fri Nov 8 13:17:50 2019 Summary: Security update for apache2-mod_auth_openidc Severity: important References: 1153666,CVE-2019-14857 Description: This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2019-14857: Fixed an open redirect issue that exists in URLs with trailing slashes (bsc#1153666). ----------------------------------------- Patch: SUSE-2019-2952 Released: Tue Nov 12 19:13:13 2019 Summary: Security update for the Linux Kernel Severity: important References: 1046299,1046303,1046305,1050244,1050536,1050545,1051510,1055186,1061840,1064802,1065600,1066129,1073513,1082635,1083647,1086323,1087092,1089644,1090631,1093205,1096254,1097583,1097584,1097585,1097586,1097587,1097588,1098291,1101674,1109158,1111666,1112178,1113994,1114279,1117665,1119461,1119465,1123034,1123080,1133140,1134303,1135642,1135854,1135873,1135967,1137040,1137799,1137861,1138190,1140090,1140729,1140845,1140883,1141600,1142635,1142667,1143706,1144338,1144375,1144449,1144903,1145099,1146612,1148410,1149119,1149853,1150452,1150457,1150465,1150875,1151508,1151807,1152033,1152624,1152665,1152685,1152696,1152697,1152788,1152790,1152791,1153112,1153158,1153236,1153263,1153476,1153509,1153607,1153646,1153681,1153713,1153717,1153718,1153719,1153811,1153969,1154108,1154189,1154242,1154268,1154354,1154372,1154521,1154578,1154607,1154608,1154610,1154611,1154651,1154737,1154747,1154848,1154858,1154905,1154956,1155061,1155178,1155179,1155184,1155186,1155671,CVE-2018-12207,CVE-2019-10220,CVE-2019-11135,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16995,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666 Description: The SUSE Linux Enterprise 15-SP1 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW). The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 - CVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port failed to add a port, which may have caused denial of service (bsc#1152685). - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457). - CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903). - CVE-2019-17666: rtlwifi: Fix potential overflow in P2P code (bsc#1154372). - CVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell libertas driver (bsc#1150465). - CVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150452). - CVE-2019-17133: cfg80211 wireless extension did not reject a long SSID IE, leading to a Buffer Overflow (bsc#1153158). - CVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bsc#1152788). The following non-security bugs were fixed: - 9p: avoid attaching writeback_fid on mmap with type PRIVATE (bsc#1051510). - Add kernel module compression support (bsc#1135854) - acpi / CPPC: do not require the _PSD method (bsc#1051510). - acpi / processor: do not print errors for processorIDs == 0xff (bsc#1051510). - acpi: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bsc#1051510). - act_mirred: Fix mirred_init_module error handling (bsc#1051510). - alsa: bebob: Fix prototype of helper function to return negative value (bsc#1051510). - alsa: firewire-motu: add support for MOTU 4pre (bsc#1111666). - alsa: hda - Add a quirk model for fixing Huawei Matebook X right speaker (bsc#1051510). - alsa: hda - Add laptop imic fixup for ASUS M9V laptop (bsc#1051510). - alsa: hda - Apply AMD controller workaround for Raven platform (bsc#1051510). - alsa: hda - Define a fallback_pin_fixup_tbl for alc269 family (bsc#1051510). - alsa: hda - Drop unsol event handler for Intel HDMI codecs (bsc#1051510). - alsa: hda - Expand pin_match function to match upcoming new tbls (bsc#1051510). - alsa: hda - Force runtime PM on Nvidia HDMI codecs (bsc#1051510). - alsa: hda - Inform too slow responses (bsc#1051510). - alsa: hda - Show the fatal CORB/RIRB error more clearly (bsc#1051510). - alsa: hda/hdmi - Do not report spurious jack state changes (bsc#1051510). - alsa: hda/hdmi: remove redundant assignment to variable pcm_idx (bsc#1051510). - alsa: hda/realtek - Add support for ALC623 (bsc#1051510). - alsa: hda/realtek - Add support for ALC711 (bsc#1051510). - alsa: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 (bsc#1051510). - alsa: hda/realtek - Check beep whitelist before assigning in all codecs (bsc#1051510). - alsa: hda/realtek - Enable headset mic on Asus MJ401TA (bsc#1051510). - alsa: hda/realtek - Fix 2 front mics of codec 0x623 (bsc#1051510). - alsa: hda/realtek - Fix alienware headset mic (bsc#1051510). - alsa: hda/realtek - pci quirk for Medion E4254 (bsc#1051510). - alsa: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 (bsc#1051510). - alsa: hda/sigmatel - remove unused variable 'stac9200_core_init' (bsc#1051510). - alsa: hda: Add Elkhart Lake pci ID (bsc#1051510). - alsa: hda: Add Tigerlake/Jasperlake pci ID (bsc#1051510). - alsa: hda: Add support of Zhaoxin controller (bsc#1051510). - alsa: hda: Flush interrupts on disabling (bsc#1051510). - alsa: hda: Set fifo_size for both playback and capture streams (bsc#1051510). - alsa: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() (bsc#1051510). - alsa: line6: sizeof (byte) is always 1, use that fact (bsc#1051510). - alsa: timer: Fix mutex deadlock at releasing card (bsc#1051510). - alsa: usb-audio: Add DSD support for EVGA NU Audio (bsc#1051510). - alsa: usb-audio: Add DSD support for Gustard U16/X26 USB Interface (bsc#1051510). - alsa: usb-audio: Add Hiby device family to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add Pioneer DDJ-SX3 PCM quirck (bsc#1051510). - alsa: usb-audio: Clean up check_input_term() (bsc#1051510). - alsa: usb-audio: DSD auto-detection for Playback Designs (bsc#1051510). - alsa: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1051510). - alsa: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1111666). - alsa: usb-audio: Fix copy&paste error in the validator (bsc#1111666). - alsa: usb-audio: Fix possible NULL dereference at create_yamaha_midi_quirk() (bsc#1051510). - alsa: usb-audio: More validations of descriptor units (bsc#1051510). - alsa: usb-audio: Remove superfluous bLength checks (bsc#1051510). - alsa: usb-audio: Simplify parse_audio_unit() (bsc#1051510). - alsa: usb-audio: Skip bSynchAddress endpoint check if it is invalid (bsc#1051510). - alsa: usb-audio: Unify audioformat release code (bsc#1051510). - alsa: usb-audio: Unify the release of usb_mixer_elem_info objects (bsc#1051510). - alsa: usb-audio: Update DSD support quirks for Oppo and Rotel (bsc#1051510). - alsa: usb-audio: fix PCM device order (bsc#1051510). - alsa: usb-audio: remove some dead code (bsc#1051510). - appletalk: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - arcnet: provide a buffer big enough to actually receive packets (networking-stable-19_09_30). - arm64/cpufeature: Convert hook_lock to raw_spin_lock_t in cpu_enable_ssbs() (jsc#ECO-561). - arm64: Add decoding macros for CP15_32 and CP15_64 traps (jsc#ECO-561). - arm64: Add part number for Neoverse N1 (jsc#ECO-561). - arm64: Add silicon-errata.txt entry for ARM erratum 1188873 (jsc#ECO-561). - arm64: Apply ARM64_ERRATUM_1188873 to Neoverse-N1 (jsc#ECO-561). - arm64: Fake the IminLine size on systems affected by Neoverse-N1 #1542419 (jsc#ECO-561,jsc#SLE-10671). - arm64: Fix mismatched cache line size detection (jsc#ECO-561,jsc#SLE-10671). - arm64: Fix silly typo in comment (jsc#ECO-561). - arm64: Force SSBS on context switch (jsc#ECO-561). - arm64: Introduce sysreg_clear_set() (jsc#ECO-561). - arm64: Make ARM64_ERRATUM_1188873 depend on COMPAT (jsc#ECO-561). - arm64: Restrict ARM64_ERRATUM_1188873 mitigation to AArch32 (jsc#ECO-561). - arm64: arch_timer: avoid unused function warning (jsc#ECO-561). - arm64: compat: Add CNTFRQ trap handler (jsc#ECO-561). - arm64: compat: Add CNTVCT trap handler (jsc#ECO-561). - arm64: compat: Add condition code checks and IT advance (jsc#ECO-561). - arm64: compat: Add cp15_32 and cp15_64 handler arrays (jsc#ECO-561). - arm64: compat: Add separate CP15 trapping hook (jsc#ECO-561). - arm64: compat: Workaround Neoverse-N1 #1542419 for compat user-space (jsc#ECO-561,jsc#SLE-10671). - arm64: cpu: Move errata and feature enable callbacks closer to callers (jsc#ECO-561). - arm64: cpu_errata: Remove ARM64_MISMATCHED_CACHE_LINE_SIZE (jsc#ECO-561,jsc#SLE-10671). - arm64: cpufeature: Fix handling of CTR_EL0.IDC field (jsc#ECO-561,jsc#SLE-10671). - arm64: cpufeature: Trap CTR_EL0 access only where it is necessary (jsc#ECO-561,jsc#SLE-10671). - arm64: cpufeature: ctr: Fix cpu capability check for late CPUs (jsc#ECO-561,jsc#SLE-10671). - arm64: entry: Allow handling of undefined instructions from EL1 (jsc#ECO-561). - arm64: errata: Hide CTR_EL0.DIC on systems affected by Neoverse-N1 #1542419 (jsc#ECO-561,jsc#SLE-10671). - arm64: fix SSBS sanitization (jsc#ECO-561). - arm64: force_signal_inject: WARN if called from kernel context (jsc#ECO-561). - arm64: kill change_cpacr() (jsc#ECO-561). - arm64: kill config_sctlr_el1() (jsc#ECO-561). - arm64: kvm: Add invalidate_icache_range helper (jsc#ECO-561,jsc#SLE-10671). - arm64: kvm: PTE/PMD S2 XN bit definition (jsc#ECO-561,jsc#SLE-10671). - arm64: move SCTLR_EL{1,2} assertions to <asm/sysreg.h> (jsc#ECO-561). - arm64: ssbd: Drop #ifdefs for PR_SPEC_STORE_BYPASS (jsc#ECO-561). - arm: kvm: Add optimized PIPT icache flushing (jsc#ECO-561,jsc#SLE-10671). - asoc: Define a set of DAPM pre/post-up events (bsc#1051510). - asoc: Intel: Fix use of potentially uninitialized variable (bsc#1051510). - asoc: Intel: NHLT: Fix debug print format (bsc#1051510). - asoc: dmaengine: Make the pcm->name equal to pcm->id if the name is not set (bsc#1051510). - asoc: rockchip: i2s: Fix RPM imbalance (bsc#1051510). - asoc: rsnd: Reinitialize bit clock inversion flag for every format setting (bsc#1051510). - asoc: sgtl5000: Fix charge pump source assignment (bsc#1051510). - auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach (bsc#1051510). - ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - blk-wbt: abstract out end IO completion handler (bsc#1135873). - blk-wbt: fix has-sleeper queueing check (bsc#1135873). - blk-wbt: improve waking of tasks (bsc#1135873). - blk-wbt: move disable check into get_limit() (bsc#1135873). - blk-wbt: use wq_has_sleeper() for wq active check (bsc#1135873). - block: add io timeout to sysfs (bsc#1148410). - block: add io timeout to sysfs (bsc#1148410). - block: do not show io_timeout if driver has no timeout handler (bsc#1148410). - block: do not show io_timeout if driver has no timeout handler (bsc#1148410). - bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices (bsc#1051510). - bnx2x: Fix VF's VLAN reconfiguration in reload (bsc#1086323 ). - bnxt_en: Add pci IDs for 57500 series NPAR devices (bsc#1153607). - boot: Sign non-x86 kernels when possible (boo#1134303) - bpf: fix use after free in prog symbol exposure (bsc#1083647). - brcmfmac: sdio: Disable auto-tuning around commands expected to fail (bsc#1111666). - brcmfmac: sdio: Do not tune while the card is off (bsc#1111666). - bridge/mdb: remove wrong use of NLM_F_MULTI (networking-stable-19_09_15). - btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to date values (bsc#1154651). - btrfs: Ensure replaced device does not have pending chunk allocation (bsc#1154607). - btrfs: bail out gracefully rather than BUG_ON (bsc#1153646). - btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() (bsc#1155178). - btrfs: check for the full sync flag while holding the inode lock during fsync (bsc#1153713). - btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() (bsc#1155179). - btrfs: remove wrong use of volume_mutex from btrfs_dev_replace_start (bsc#1154651). - btrfs: tracepoints: Fix bad entry members of qgroup events (bsc#1155186). - btrfs: tracepoints: Fix wrong parameter order for qgroup events (bsc#1155184). - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset (bsc#1051510). - can: xilinx_can: xcan_probe(): skip error message on deferred probe (bsc#1051510). - cdc_ether: fix rndis support for Mediatek based smartphones (networking-stable-19_09_15). - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize (bsc#1051510). - ceph: fix directories inode i_blkbits initialization (bsc#1153717). - ceph: reconnect connection if session hang in opening state (bsc#1153718). - ceph: update the mtime when truncating up (bsc#1153719). - cfg80211: Purge frame registrations on iftype change (bsc#1051510). - cfg80211: add and use strongly typed element iteration macros (bsc#1051510). - clk: at91: select parent if main oscillator or bypass is enabled (bsc#1051510). - clk: qoriq: Fix -Wunused-const-variable (bsc#1051510). - clk: sirf: Do not reference clk_init_data after registration (bsc#1051510). - clk: zx296718: Do not reference clk_init_data after registration (bsc#1051510). - config: arm64: enable erratum 1418040 and 1542419 - crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t (bsc#1154737). - crypto: af_alg - Initialize sg_num_bytes in error code path (bsc#1051510). - crypto: af_alg - consolidation of duplicate code (bsc#1154737). - crypto: af_alg - fix race accessing cipher request (bsc#1154737). - crypto: af_alg - remove locking in async callback (bsc#1154737). - crypto: af_alg - update correct dst SGL entry (bsc#1051510). - crypto: af_alg - wait for data at beginning of recvmsg (bsc#1154737). - crypto: algif - return error code when no data was processed (bsc#1154737). - crypto: algif_aead - copy AAD from src to dst (bsc#1154737). - crypto: algif_aead - fix reference counting of null skcipher (bsc#1154737). - crypto: algif_aead - overhaul memory management (bsc#1154737). - crypto: algif_aead - skip SGL entries with NULL page (bsc#1154737). - crypto: algif_skcipher - overhaul memory management (bsc#1154737). - crypto: talitos - fix missing break in switch statement (bsc#1142635). - cxgb4: Signedness bug in init_one() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: do not dma memory off of the stack (bsc#1152790). - cxgb4: fix endianness for vlan value in cxgb4_tc_flower (bsc#1064802 bsc#1066129). - cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1064802 bsc#1066129). - cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() (bsc#1073513). - cxgb4: smt: Add lock for atomic_dec_and_test (bsc#1064802 bsc#1066129). - cxgb4:Fix out-of-bounds MSI-X info array access (networking-stable-19_10_05). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - drm/amd/display: Restore backlight brightness after system resume (bsc#1112178) - drm/amd/display: fix issue where 252-255 values are clipped (bsc#1111666). - drm/amd/display: reprogram VM config when system resume (bsc#1111666). - drm/amd/display: support spdif (bsc#1111666). - drm/amd/dm: Understand why attaching path/tile properties are needed (bsc#1111666). - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) (bsc#1051510). - drm/amd/pp: Fix truncated clock value when set watermark (bsc#1111666). - drm/amdgpu/gfx9: Update gfx9 golden settings (bsc#1111666). - drm/amdgpu/si: fix ASIC tests (git-fixes). - drm/amdgpu: Check for valid number of registers to read (bsc#1051510). - drm/amdgpu: Fix KFD-related kernel oops on Hawaii (bsc#1111666). - drm/amdgpu: Update gc_9_0 golden settings (bsc#1111666). - drm/amdkfd: Add missing Polaris10 ID (bsc#1111666). - drm/ast: Fixed reboot test may cause system hanged (bsc#1051510). - drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors (bsc#1111666). - drm/atomic_helper: Disallow new modesets on unregistered connectors (bsc#1111666). - drm/atomic_helper: Stop modesets on unregistered connectors harder (bsc#1111666). - drm/bridge: tc358767: Increase AUX transfer length limit (bsc#1051510). - drm/bridge: tfp410: fix memleak in get_modes() (bsc#1111666). - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 (bsc#1051510). - drm/i915/cmdparser: Add support for backward jumps (bsc#1135967) - drm/i915/cmdparser: Ignore Length operands during (bsc#1135967) - drm/i915/cmdparser: Use explicit goto for error paths (bsc#1135967) - drm/i915/gen8+: Add RC6 CTX corruption WA (bsc#1135967) - drm/i915/gvt: update vgpu workload head pointer correctly (bsc#1112178) - drm/i915: Add gen9 BCS cmdparsing (bsc#1135967) - drm/i915: Add support for mandatory cmdparsing (bsc#1135967) - drm/i915: Allow parsing of unsized batches (bsc#1135967) - drm/i915: Cleanup gt powerstate from gem (bsc#1111666). - drm/i915: Disable Secure Batches for gen6+ (bsc#1135967) - drm/i915: Fix intel_dp_mst_best_encoder() (bsc#1111666). - drm/i915: Lower RM timeout to avoid DSI hard hangs (bsc#1135967) - drm/i915: Remove Master tables from cmdparser (bsc#1135967) - drm/i915: Rename gen7 cmdparser tables (bsc#1135967) - drm/i915: Restore sane defaults for KMS on GEM error load (bsc#1111666). - drm/i915: Support ro ppgtt mapped cmdparser shadow (bsc#1135967) - drm/mediatek: set DMA max segment size (bsc#1111666). - drm/msm/dsi: Fix return value check for clk_get_parent (bsc#1111666). - drm/msm/dsi: Implement reset correctly (bsc#1051510). - drm/nouveau/disp/nv50-: fix center/aspect-corrected scaling (bsc#1111666). - drm/nouveau/kms/nv50-: Do not create MSTMs for eDP connectors (bsc#1112178) - drm/nouveau/volt: Fix for some cards having 0 maximum voltage (bsc#1111666). - drm/omap: fix max fclk divider for omap36xx (bsc#1111666). - drm/panel: check failure cases in the probe func (bsc#1111666). - drm/panel: make drm_panel.h self-contained (bsc#1111666). - drm/panel: simple: fix AUO g185han01 horizontal blanking (bsc#1051510). - drm/radeon: Bail earlier when radeon.cik_/si_support=0 is passed (bsc#1111666). - drm/radeon: Fix EEH during kexec (bsc#1051510). - drm/rockchip: Check for fast link training before enabling psr (bsc#1111666). - drm/stm: attach gem fence to atomic state (bsc#1111666). - drm/tilcdc: Register cpufreq notifier after we have initialized crtc (bsc#1051510). - drm/vmwgfx: Fix double free in vmw_recv_msg() (bsc#1051510). - drm: Flush output polling on shutdown (bsc#1051510). - drm: add __user attribute to ptr_to_compat() (bsc#1111666). - drm: panel-orientation-quirks: Add extra quirk table entry for GPD MicroPC (bsc#1111666). - drm: rcar-du: lvds: Fix bridge_to_rcar_lvds (bsc#1111666). - e1000e: add workaround for possible stalled packet (bsc#1051510). - efi/arm: Show SMBIOS bank/device location in CPER and GHES error logs (bsc#1152033). - efi/memattr: Do not bail on zero VA if it equals the region's PA (bsc#1051510). - efi: cper: print AER info of pcie fatal error (bsc#1051510). - efivar/ssdt: Do not iterate over EFI vars if no SSDT override was specified (bsc#1051510). - firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices (git-fixes). - gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() (bsc#1051510). - hid: apple: Fix stuck function keys when using FN (bsc#1051510). - hid: fix error message in hid_open_report() (bsc#1051510). - hid: hidraw: Fix invalid read in hidraw_ioctl (bsc#1051510). - hid: logitech-hidpp: do all FF cleanup in hidpp_ff_destroy() (bsc#1051510). - hid: logitech: Fix general protection fault caused by Logitech driver (bsc#1051510). - hid: prodikeys: Fix general protection fault during probe (bsc#1051510). - hid: sony: Fix memory corruption issue on cleanup (bsc#1051510). - hso: fix NULL-deref on tty open (bsc#1051510). - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' (bsc#1051510). - hwrng: core - do not wait on add_early_randomness() (git-fixes). - hyperv: set nvme msi interrupts to unmanaged (jsc#SLE-8953, jsc#SLE-9221, jsc#SLE-4941, bsc#1119461, bsc#1119465, bsc#1138190, bsc#1154905). - i2c: riic: Clear NACK in tend isr (bsc#1051510). - ib/core, ipoib: Do not overreact to SM LID change event (bsc#1154108) - ib/core: Add mitigation for Spectre V1 (bsc#1155671) - ib/hfi1: Remove overly conservative VM_EXEC flag check (bsc#1144449). - ib/mlx5: Consolidate use_umr checks into single function (bsc#1093205). - ib/mlx5: Fix MR re-registration flow to use UMR properly (bsc#1093205). - ib/mlx5: Report correctly tag matching rendezvous capability (bsc#1046305). - ieee802154: atusb: fix use-after-free at disconnect (bsc#1051510). - ieee802154: ca8210: prevent memory leak (bsc#1051510). - ieee802154: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - iio: adc: ad799x: fix probe error handling (bsc#1051510). - iio: light: opt3001: fix mutex unlock race (bsc#1051510). - ima: always return negative code for error (bsc#1051510). - input: da9063 - fix capability and drop KEY_SLEEP (bsc#1051510). - input: synaptics-rmi4 - avoid processing unknown IRQs (bsc#1051510). - integrity: prevent deadlock during digsig verification (bsc#1090631). - iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41 (bsc#1137799). - iommu/amd: Check PM_LEVEL_SIZE() condition in locked section (bsc#1154608). - iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems (bsc#1137799). - iommu/amd: Remove domain->updated (bsc#1154610). - iommu/amd: Wait for completion of IOTLB flush in attach_device (bsc#1154611). - ipmi_si: Only schedule continuously in the thread in maintenance mode (bsc#1051510). - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' (networking-stable-19_09_15). - ipv6: Handle missing host route in __ipv6_ifa_notify (networking-stable-19_10_05). - ipv6: drop incoming packets having a v4mapped source address (networking-stable-19_10_05). - irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices (jsc#ECO-561). - irqchip/gic-v3-its: Fix command queue pointer comparison bug (jsc#ECO-561). - irqchip/gic-v3-its: Fix misuse of GENMASK macro (jsc#ECO-561). - iwlwifi: pcie: fix memory leaks in iwl_pcie_ctxt_info_gen3_init (bsc#1111666). - ixgbe: Fix secpath usage for IPsec TX offload (bsc#1113994 bsc#1151807). - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us (bsc#1101674). - ixgbe: sync the first fragment unconditionally (bsc#1133140). - kABI workaround for crypto/af_alg changes (bsc#1154737). - kABI workaround for drm_connector.registered type changes (bsc#1111666). - kABI workaround for mmc_host retune_crc_disable flag addition (bsc#1111666). - kABI workaround for snd_hda_pick_pin_fixup() changes (bsc#1051510). - kabi/severities: Whitelist functions internal to radix mm. To call these functions you have to first detect if you are running in radix mm mode which can't be expected of OOT code. - kabi: net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - kernel-binary.spec.in: Fix build of non-modular kernels (boo#1154578). - kernel/sysctl.c: do not override max_threads provided by userspace (bnc#1150875). - ksm: cleanup stable_node chain collapse case (bnc#1144338). - ksm: fix use after free with merge_across_nodes = 0 (bnc#1144338). - ksm: introduce ksm_max_page_sharing per page deduplication limit (bnc#1144338). - ksm: optimize refile of stable_node_dup at the head of the chain (bnc#1144338). - ksm: swap the two output parameters of chain/chain_prune (bnc#1144338). - kvm: Convert kvm_lock to a mutex (bsc#1117665). - kvm: MMU: drop vcpu param in gpte_access (bsc#1117665). - kvm: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag (bsc#1061840). - kvm: arm/arm64: Clean dcache to PoC when changing PTE due to CoW (jsc#ECO-561,jsc#SLE-10671). - kvm: arm/arm64: Detangle kvm_mmu.h from kvm_hyp.h (jsc#ECO-561,jsc#SLE-10671). - kvm: arm/arm64: Drop vcpu parameter from guest cache maintenance operartions (jsc#ECO-561,jsc#SLE-10671). - kvm: arm/arm64: Limit icache invalidation to prefetch aborts (jsc#ECO-561,jsc#SLE-10671). - kvm: arm/arm64: Only clean the dcache on translation fault (jsc#ECO-561,jsc#SLE-10671). - kvm: arm/arm64: Preserve Exec permission across R/W permission faults (jsc#ECO-561,jsc#SLE-10671). - kvm: arm/arm64: Split dcache/icache flushing (jsc#ECO-561,jsc#SLE-10671). - kvm: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe (jsc#ECO-561). - kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (bsc#1117665). - kvm: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665). - kvm: x86: Do not release the page inside mmu_set_spte() (bsc#1117665). - kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665). - kvm: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665). - kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665). - kvm: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665). - kvm: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665). - lib/mpi: Fix karactx leak in mpi_powm (bsc#1051510). - libertas: Add missing sentinel at end of if_usb.c fw_table (bsc#1051510). - libnvdimm/security: provide fix for secure-erase to use zero-key (bsc#1149853). - lpfc: Add FA-WWN Async Event reporting (bsc#1154521). - lpfc: Add FC-AL support to lpe32000 models (bsc#1154521). - lpfc: Add additional discovery log messages (bsc#1154521). - lpfc: Add log macros to allow print by serverity or verbocity setting (bsc#1154521). - lpfc: Fix SLI3 hba in loop mode not discovering devices (bsc#1154521). - lpfc: Fix bad ndlp ptr in xri aborted handling (bsc#1154521). - lpfc: Fix hardlockup in lpfc_abort_handler (bsc#1154521). - lpfc: Fix lockdep errors in sli_ringtx_put (bsc#1154521). - lpfc: Fix reporting of read-only fw error errors (bsc#1154521). - lpfc: Make FW logging dynamically configurable (bsc#1154521). - lpfc: Remove lock contention target write path (bsc#1154521). - lpfc: Revise interrupt coalescing for missing scenarios (bsc#1154521). - lpfc: Slight fast-path Performance optimizations (bsc#1154521). - lpfc: Update lpfc version to 12.6.0.0 (bsc#1154521). - lpfc: fix coverity error of dereference after null check (bsc#1154521). - lpfc: fix lpfc_nvmet_mrq to be bound by hdw queue count (bsc#1154521). - mISDN: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - mac80211: Reject malformed SSID elements (bsc#1051510). - mac80211: accept deauth frames in IBSS mode (bsc#1051510). - mac80211: fix txq null pointer dereference (bsc#1051510). - macsec: drop skb sk before calling gro_cells_receive (bsc#1051510). - md/raid0: avoid RAID0 data corruption due to layout confusion (bsc#1140090). - md/raid0: fix warning message for parameter default_layout (bsc#1140090). - media: atmel: atmel-isc: fix asd memory allocation (bsc#1135642). - media: cpia2_usb: fix memory leaks (bsc#1051510). - media: dvb-core: fix a memory leak bug (bsc#1051510). - media: exynos4-is: fix leaked of_node references (bsc#1051510). - media: gspca: zero usb_buf on error (bsc#1051510). - media: hdpvr: Add device num check and handling (bsc#1051510). - media: hdpvr: add terminating 0 at end of string (bsc#1051510). - media: i2c: ov5645: Fix power sequence (bsc#1051510). - media: iguanair: add sanity checks (bsc#1051510). - media: omap3isp: Do not set streaming state on random subdevs (bsc#1051510). - media: omap3isp: Set device on omap3isp subdevs (bsc#1051510). - media: ov9650: add a sanity check (bsc#1051510). - media: radio/si470x: kill urb on error (bsc#1051510). - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() (bsc#1051510). - media: saa7146: add cleanup in hexium_attach() (bsc#1051510). - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table (bsc#1051510). - media: stkwebcam: fix runtime PM after driver unbind (bsc#1051510). - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (bsc#1051510). - memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' (bsc#1051510). - mfd: intel-lpss: Remove D3cold delay (bsc#1051510). - mld: fix memory leak in mld_del_delrec() (networking-stable-19_09_05). - mmc: core: API to temporarily disable retuning for SDIO CRC errors (bsc#1111666). - mmc: core: Add sdio_retune_hold_now() and sdio_retune_release() (bsc#1111666). - mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence (bsc#1051510). - mmc: sdhci: Fix incorrect switch to HS mode (bsc#1051510). - mmc: sdhci: improve ADMA error reporting (bsc#1051510). - net/ibmvnic: Fix EOI when running in XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/mlx4_en: fix a memory leak bug (bsc#1046299). - net/mlx5: Add device ID of upcoming BlueField-2 (bsc#1046303 ). - net/mlx5: Fix error handling in mlx5_load() (bsc#1046305 ). - net/phy: fix DP83865 10 Mbps HDX loopback disable function (networking-stable-19_09_30). - net/rds: Fix error handling in rds_ib_add_one() (networking-stable-19_10_05). - net/rds: fix warn in rds_message_alloc_sgs (bsc#1154848). - net/rds: remove user triggered WARN_ON in rds_sendmsg (bsc#1154848). - net/sched: act_sample: do not push mac header on ip6gre ingress (networking-stable-19_09_30). - net: Fix null de-reference of device refcount (networking-stable-19_09_15). - net: Replace NF_CT_ASSERT() with WARN_ON() (bsc#1146612). - net: Unpublish sk from sk_reuseport_cb before call_rcu (networking-stable-19_10_05). - net: fix skb use after free in netpoll (networking-stable-19_09_05). - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list (networking-stable-19_09_15). - net: openvswitch: free vport unless register_netdevice() succeeds (git-fixes). - net: qlogic: Fix memory leak in ql_alloc_large_buffers (networking-stable-19_10_05). - net: qrtr: Stop rx_worker before freeing node (networking-stable-19_09_30). - net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - net: stmmac: dwmac-rk: Do not fail if phy regulator is absent (networking-stable-19_09_05). - net_sched: add policy validation for action attributes (networking-stable-19_09_30). - net_sched: fix backward compatibility for TCA_ACT_KIND (git-fixes). - netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612). - nfc: fix attrs checks in netlink interface (bsc#1051510). - nfc: fix memory leak in llcp_sock_bind() (bsc#1051510). - nfc: pn533: fix use-after-free and memleaks (bsc#1051510). - nfs: fix incorrectly backported patch (boo#1154189 bsc#1154747). - nfsv4.1 - backchannel request should hold ref on xprt (bsc#1152624). - nl80211: fix null pointer dereference (bsc#1051510). - objtool: Clobber user CFLAGS variable (bsc#1153236). - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC (networking-stable-19_09_30). - packaging: add support for riscv64 - pci: Correct pci=resource_alignment parameter example (bsc#1051510). - pci: PM: Fix pci_power_up() (bsc#1051510). - pci: dra7xx: Fix legacy INTD IRQ handling (bsc#1087092). - pci: hv: Use bytes 4 and 5 from instance ID as the pci domain numbers (bsc#1153263). - pinctrl: cherryview: restore Strago DMI workaround for all versions (bsc#1111666). - pinctrl: tegra: Fix write barrier placement in pmx_writel (bsc#1051510). - platform/x86: classmate-laptop: remove unused variable (bsc#1051510). - platform/x86: i2c-multi-instantiate: Derive the device name from parent (bsc#1111666). - platform/x86: i2c-multi-instantiate: Fail the probe if no IRQ provided (bsc#1111666). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC277E to critclk_systems DMI table (bsc#1051510). - power: supply: sysfs: ratelimit property read error message (bsc#1051510). - powerpc/64s/pseries: radix flush translations before MMU is enabled at boot (bsc#1055186). - powerpc/64s/radix: keep kernel ERAT over local process/guest invalidates (bsc#1055186). - powerpc/64s/radix: tidy up TLB flushing code (bsc#1055186). - powerpc/64s: Rename PPC_INVALIDATE_ERAT to PPC_ISA_3_0_INVALIDATE_ERAT (bsc#1055186). - powerpc/mm/book3s64: Move book3s64 code to pgtable-book3s64 (bsc#1055186). - powerpc/mm/radix: mark __radix__flush_tlb_range_psize() as __always_inline (bsc#1055186). - powerpc/mm/radix: mark as __tlbie_pid() and friends as__always_inline (bsc#1055186). - powerpc/mm: Properly invalidate when setting process table base (bsc#1055186). - powerpc/mm: mark more tlb functions as __always_inline (bsc#1055186). - powerpc/pseries/mobility: use cond_resched when updating device tree (bsc#1153112 ltc#181778). - powerpc/pseries: Remove confusing warning message (bsc#1109158). - powerpc/rtas: allow rescheduling while changing cpu states (bsc#1153112 ltc#181778). - powerplay: Respect units on max dcfclk watermark (bsc#1111666). - qed: iWARP - Fix default window size to be based on chip (bsc#1050536 bsc#1050545). - qed: iWARP - Fix tc for MPA ll2 connection (bsc#1050536 bsc#1050545). - qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state (bsc#1050536 bsc#1050545). - qed: iWARP - fix uninitialized callback (bsc#1050536 bsc#1050545). - qmi_wwan: add support for Cinterion CLS8 devices (networking-stable-19_10_05). - r8152: Set macpassthru in reset_resume callback (bsc#1051510). - rdma/bnxt_re: Fix spelling mistake 'missin_resp' -> 'missing_resp' (bsc#1050244). - rdma/hns: Add reset process for function-clear (bsc#1155061). - rdma/hns: Remove the some magic number (bsc#1155061). - rdma: Fix goto target to release the allocated memory (bsc#1050244). - rds: Fix warning (bsc#1154848). - rpm/constraints.in: lower disk space required for ARM With a requirement of 35GB, only 2 slow workers are usable for ARM. Current aarch64 build requires 27G and armv6/7 requires 14G. Set requirements respectively to 30GB and 20GB. - rpm/dtb.spec.in.in: do not make dtb directory inaccessible There is no reason to lock down the dtb directory for ordinary users. - rpm/kernel-binary.spec.in: build kernel-*-kgraft only for default SLE kernel RT and Azure variants are excluded for the moment. (bsc#1141600) - rpm/kernel-binary.spec.in: handle modules.builtin.modinfo It was added in 5.2. - rpm/kernel-binary.spec.in: support partial rt debug config. - rpm/kernel-subpackage-spec: Mention debuginfo in the subpackage description (bsc#1149119). - rpm/macros.kernel-source: KMPs should depend on kmod-compat to build. kmod-compat links are used in find-provides.ksyms, find-requires.ksyms, and find-supplements.ksyms in rpm-config-SUSE. - rpm/mkspec: Correct tarball URL for rc kernels. - rpm/mkspec: Make building DTBs optional. - rpm/modflist: Simplify compression support. - rpm: raise required disk space for binary packages Current disk space constraints (10 GB on s390x, 25 GB on other architectures) no longer suffice for 5.3 kernel builds. The statistics show ~30 GB of disk consumption on x86_64 and ~11 GB on s390x so raise the constraints to 35 GB in general and 14 GB on s390x. - rpm: support compressed modules Some of our scripts and scriptlets in rpm/ do not expect module files not ending with '.ko' which currently leads to failure in preuninstall scriptlet of cluster-md-kmp-default (and probably also other subpackages). Let those which could be run on compressed module files recognize '.ko.xz' in addition to '.ko'. - rtlwifi: rtl8192cu: Fix value set in descriptor (bsc#1142635). - s390/cmf: set_schib_wait add timeout (bsc#1153509, bsc#1153476). - s390/cpumsf: Check for CPU Measurement sampling (bsc#1153681 LTC#181855). - s390/crypto: fix gcm-aes-s390 selftest failures (bsc#1137861 LTC#178091). - s390/pci: add mio_enabled attribute (bsc#1152665 LTC#181729). - s390/pci: correctly handle MIO opt-out (bsc#1152665 LTC#181729). - s390/pci: deal with devices that have no support for MIO instructions (bsc#1152665 LTC#181729). - s390/pci: fix MSI message data (bsc#1152697 LTC#181730). - s390: add support for IBM z15 machines (bsc#1152696 LTC#181731). - s390: fix setting of mio addressing control (bsc#1152665 LTC#181729). - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash (networking-stable-19_10_05). - sch_dsmark: fix potential NULL deref in dsmark_init() (networking-stable-19_10_05). - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (networking-stable-19_09_15). - sch_netem: fix a divide by zero in tabledist() (networking-stable-19_09_30). - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - scripts/arch-symbols: add missing link. - scsi: lpfc: Check queue pointer before use (bsc#1154242). - scsi: lpfc: Complete removal of FCoE T10 PI support on SLI-4 adapters (bsc#1154521). - scsi: lpfc: Convert existing %pf users to %ps (bsc#1154521). - scsi: lpfc: Fix GPF on scsi command completion (bsc#1154521). - scsi: lpfc: Fix NVME io abort failures causing hangs (bsc#1154521). - scsi: lpfc: Fix NVMe ABTS in response to receiving an ABTS (bsc#1154521). - scsi: lpfc: Fix coverity errors on NULL pointer checks (bsc#1154521). - scsi: lpfc: Fix device recovery errors after PLOGI failures (bsc#1154521). - scsi: lpfc: Fix devices that do not return after devloss followed by rediscovery (bsc#1137040). - scsi: lpfc: Fix discovery failures when target device connectivity bounces (bsc#1154521). - scsi: lpfc: Fix hdwq sgl locks and irq handling (bsc#1154521). - scsi: lpfc: Fix host hang at boot or slow boot (bsc#1154521). - scsi: lpfc: Fix list corruption detected in lpfc_put_sgl_per_hdwq (bsc#1154521). - scsi: lpfc: Fix list corruption in lpfc_sli_get_iocbq (bsc#1154521). - scsi: lpfc: Fix locking on mailbox command completion (bsc#1154521). - scsi: lpfc: Fix miss of register read failure check (bsc#1154521). - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs attribute (bsc#1140845). - scsi: lpfc: Fix premature re-enabling of interrupts in lpfc_sli_host_down (bsc#1154521). - scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1140883). - scsi: lpfc: Fix pt2pt discovery on SLI3 HBAs (bsc#1154521). - scsi: lpfc: Fix rpi release when deleting vport (bsc#1154521). - scsi: lpfc: Fix spinlock_irq issues in lpfc_els_flush_cmd() (bsc#1154521). - scsi: lpfc: Make function lpfc_defer_pt2pt_acc static (bsc#1154521). - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375). - scsi: lpfc: Update async event logging (bsc#1154521). - scsi: lpfc: Update lpfc version to 12.4.0.1 (bsc#1154521). - scsi: lpfc: cleanup: remove unused fcp_txcmlpq_cnt (bsc#1154521). - scsi: lpfc: remove left-over BUILD_NVME defines (bsc#1154268). - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1098291). - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1098291). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link reset (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link reset (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link up fail (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link up fail (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix partial flash write of MBI (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix wait condition in loop (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Improve logging for scan thread (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Improve logging for scan thread (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Initialized mailbox to prevent driver load failure (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Set remove flag for all VP (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Set remove flag for all VP (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Silence fwdump template message (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Silence fwdump template message (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: fixup incorrect usage of host_byte (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: remove redundant assignment to pointer host (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: remove redundant assignment to pointer host (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: stop timer in shutdown path (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue (bsc#1140729). - scsi: zfcp: fix reaction on bit error threshold notification (bsc#1154956 LTC#182054). - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (networking-stable-19_09_15). - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike (networking-stable-19_09_15). - skge: fix checksum byte order (networking-stable-19_09_30). - sock_diag: fix autoloading of the raw_diag module (bsc#1152791). - sock_diag: request _diag module only when the family or proto has been registered (bsc#1152791). - staging: bcm2835-audio: Fix draining behavior regression (bsc#1111666). - staging: vt6655: Fix memory leak in vt6655_probe (bsc#1051510). - staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS (bsc#1051510). - supporte.conf: add efivarfs to kernel-default-base (bsc#1154858). - tcp: Do not dequeue SYN/FIN-segments from write-queue (git-gixes). - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR (networking-stable-19_09_15). - tcp: inherit timestamp on mtu probe (networking-stable-19_09_05). - tcp: remove empty skb from write queue in error cases (networking-stable-19_09_05). - thermal: Fix use-after-free when unregistering thermal zone device (bsc#1051510). - thermal_hwmon: Sanitize thermal_zone type (bsc#1051510). - tipc: add NULL pointer check before calling kfree_rcu (networking-stable-19_09_15). - tipc: fix unlimited bundling of small messages (networking-stable-19_10_05). - tracing: Initialize iter->seq after zeroing in tracing_read_pipe() (bsc#1151508). - tun: fix use-after-free when register netdev failed (networking-stable-19_09_15). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - usb: adutux: fix NULL-derefs on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on release (bsc#1051510). - usb: chaoskey: fix use-after-free on release (bsc#1051510). - usb: dummy-hcd: fix power budget for SuperSpeed mode (bsc#1051510). - usb: iowarrior: fix use-after-free after driver unbind (bsc#1051510). - usb: iowarrior: fix use-after-free on disconnect (bsc#1051510). - usb: iowarrior: fix use-after-free on release (bsc#1051510). - usb: ldusb: fix NULL-derefs on driver unbind (bsc#1051510). - usb: ldusb: fix memleak on disconnect (bsc#1051510). - usb: ldusb: fix read info leaks (bsc#1051510). - usb: legousbtower: fix a signedness bug in tower_probe() (bsc#1051510). - usb: legousbtower: fix deadlock on disconnect (bsc#1142635). - usb: legousbtower: fix memleak on disconnect (bsc#1051510). - usb: legousbtower: fix open after failed reset request (bsc#1142635). - usb: legousbtower: fix potential NULL-deref on disconnect (bsc#1142635). - usb: legousbtower: fix slab info leak at probe (bsc#1142635). - usb: legousbtower: fix use-after-free on release (bsc#1051510). - usb: microtek: fix info-leak at probe (bsc#1142635). - usb: serial: fix runtime PM after driver unbind (bsc#1051510). - usb: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20 (bsc#1051510). - usb: serial: keyspan: fix NULL-derefs on open() and write() (bsc#1051510). - usb: serial: option: add Telit FN980 compositions (bsc#1051510). - usb: serial: option: add support for Cinterion CLS8 devices (bsc#1051510). - usb: serial: ti_usb_3410_5052: fix port-close races (bsc#1051510). - usb: udc: lpc32xx: fix bad bit shift operation (bsc#1051510). - usb: usb-skeleton: fix NULL-deref on disconnect (bsc#1051510). - usb: usb-skeleton: fix runtime PM after driver unbind (bsc#1051510). - usb: usb-skeleton: fix use-after-free after driver unbind (bsc#1051510). - usb: usblcd: fix I/O after disconnect (bsc#1142635). - usb: usblp: fix runtime PM after driver unbind (bsc#1051510). - usb: usblp: fix use-after-free on disconnect (bsc#1051510). - usb: xhci: wait for CNR controller not ready bit in xhci resume (bsc#1051510). - usb: yurex: Do not retry on unexpected errors (bsc#1051510). - usb: yurex: fix NULL-derefs on disconnect (bsc#1051510). - usbnet: ignore endpoints with invalid wMaxPacketSize (bsc#1051510). - usbnet: sanity checking of packet sizes and device mtu (bsc#1051510). - vfio_pci: Restore original state on release (bsc#1051510). - vhost_net: conditionally enable tx polling (bsc#1145099). - video: of: display_timing: Add of_node_put() in of_get_display_timing() (bsc#1051510). - vsock: Fix a lockdep warning in __vsock_release() (networking-stable-19_10_05). - watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout (bsc#1051510). - x86/asm: Fix MWAITX C-state hint value (bsc#1114279). - x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (bnc#1153969). - x86/boot/64: Round memory hole size up to next PMD page (bnc#1153969). - x86/mm: Use WRITE_ONCE() when setting PTEs (bsc#1114279). - xen/netback: fix error path of xenvif_connect_data() (bsc#1065600). - xen/pv: Fix Xen PV guest int3 handling (bsc#1153811). - xhci: Check all endpoints for LPM timeout (bsc#1051510). - xhci: Fix false warning message about wrong bounce buffer write length (bsc#1051510). - xhci: Increase STS_SAVE timeout in xhci_suspend() (bsc#1051510). - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long (bsc#1051510). ----------------------------------------- Patch: SUSE-2019-2971 Released: Thu Nov 14 12:02:26 2019 Summary: Security update for libjpeg-turbo Severity: important References: 1156402,CVE-2019-2201 Description: This update for libjpeg-turbo fixes the following issues: - CVE-2019-2201: Several integer overflow issues and subsequent segfaults occurred in libjpeg-turbo, when attempting to compress or decompress gigapixel images. [bsc#1156402] ----------------------------------------- Patch: SUSE-2019-2975 Released: Thu Nov 14 17:02:38 2019 Summary: Security update for squid Severity: important References: 1133089,1140738,1141329,1141330,1141332,1141442,1156323,1156324,1156326,1156328,1156329,CVE-2019-12523,CVE-2019-12525,CVE-2019-12526,CVE-2019-12527,CVE-2019-12529,CVE-2019-12854,CVE-2019-13345,CVE-2019-18676,CVE-2019-18677,CVE-2019-18678,CVE-2019-18679,CVE-2019-3688 Description: This update for squid to version 4.9 fixes the following issues: Security issues fixed: - CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi (bsc#1140738). - CVE-2019-12526: Fixed potential remote code execution during URN processing (bsc#1156326). - CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI processing (bsc#1156329). - CVE-2019-18677: Fixed Cross-Site Request Forgery in HTTP Request processing (bsc#1156328). - CVE-2019-18678: Fixed incorrect message parsing which could have led to HTTP request splitting issue (bsc#1156323). - CVE-2019-18679: Fixed information disclosure when processing HTTP Digest Authentication (bsc#1156324). Other issues addressed: * Fixed DNS failures when peer name was configured with any upper case characters * Fixed several rock cache_dir corruption issues ----------------------------------------- Patch: SUSE-2019-2978 Released: Thu Nov 14 22:42:51 2019 Summary: Recommended update for helm-mirror Severity: moderate References: 1153244 Description: This update for helm-mirror fixes the following issues: - Getting charts now only downloads the altest versions of the charts. (bsc#1153244) - The --all-versions flags allows to download all versions of the charts. (bsc#1153244) - The flags --chart-name and --chart-version allow the user to only get the desired chart. (bsc#1153244) - Fixes issue with go module when installing with `helm plugin install`. (bsc#1153244) ----------------------------------------- Patch: SUSE-2019-2981 Released: Fri Nov 15 10:46:06 2019 Summary: Security update for ghostscript Severity: important References: 1156275,CVE-2019-14869 Description: This update for ghostscript fixes the following issues: - CVE-2019-14869: Fixed a possible dSAFER escape which could have allowed an attacker to gain high privileges by a specially crafted Postscript code (bsc#1156275). ----------------------------------------- Patch: SUSE-2019-2982 Released: Fri Nov 15 10:46:21 2019 Summary: Security update for enigmail Severity: moderate References: 1141025,1151317 Description: This update for enigmail fixes the following issues: - SeaMonkey is no longer supported. Update description and no longer put in SeaMonkey addons path (bsc#1151317) enigmail was updated 2.1.2: * compatibility with Mozilla Thunderbird 68 * New simplified setup wizard * Full support for keys.openpgp.org * Default to ECC keys on GnuPG 2.1 or later * Autocrypt: implemented key-gossip and updates to known keys enimail was updated to 2.0.12: * set the default keyserver to keys.openpgp.org in order to mitigate the SKS Keyserver Network Attack (bsc#1141025) ----------------------------------------- Patch: SUSE-2019-2993 Released: Mon Nov 18 11:52:23 2019 Summary: Recommended update for tftp Severity: moderate References: 1153625 Description: This update for tftp fixes the following issues: - Add tftp.socket requirement to the service unit section. (bsc#1153625) ----------------------------------------- Patch: SUSE-2019-2997 Released: Mon Nov 18 15:16:38 2019 Summary: Security update for ncurses Severity: moderate References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595 Description: This update for ncurses fixes the following issues: Security issues fixed: - CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037). Non-security issue fixed: - Removed screen.xterm from terminfo database (bsc#1103320). ----------------------------------------- Patch: SUSE-2019-2998 Released: Mon Nov 18 15:17:23 2019 Summary: Security update for java-11-openjdk Severity: important References: 1152856,1154212,CVE-2019-2894,CVE-2019-2933,CVE-2019-2945,CVE-2019-2949,CVE-2019-2958,CVE-2019-2962,CVE-2019-2964,CVE-2019-2973,CVE-2019-2975,CVE-2019-2977,CVE-2019-2978,CVE-2019-2981,CVE-2019-2983,CVE-2019-2987,CVE-2019-2988,CVE-2019-2989,CVE-2019-2992,CVE-2019-2999 Description: This update for java-11-openjdk to version jdk-11.0.5-10 fixes the following issues: Security issues fixed (October 2019 CPU bsc#1154212): - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Better Processes - CVE-2019-2964: Better support for patterns - CVE-2019-2962: Better Glyph Images - CVE-2019-2973: Better pattern compilation - CVE-2019-2975: Unexpected exception in jjs - CVE-2019-2978: Improved handling of jar files - CVE-2019-2977: Improve String index handling - CVE-2019-2981: Better Path supports - CVE-2019-2983: Better serial attributes - CVE-2019-2987: Better rendering of native glyphs - CVE-2019-2988: Better Graphics2D drawing - CVE-2019-2989: Improve TLS connection support - CVE-2019-2992: Enhance font glyph mapping - CVE-2019-2999: Commentary on Javadoc comments - CVE-2019-2894: Enhance ECDSA operations (bsc#1152856). ----------------------------------------- Patch: SUSE-2019-3008 Released: Tue Nov 19 11:38:27 2019 Summary: Recommended update for fwupdate Severity: moderate References: 1152928 Description: This update for fwupdate fixes the following issues: - Add update to the linker script for AArch64 to match the one in gnu-efi. (bsc#1152928) ----------------------------------------- Patch: SUSE-2019-3009 Released: Tue Nov 19 18:10:39 2019 Summary: Recommended update for cloud-regionsrv-client Severity: moderate References: 1149528,1152567,1154533 Description: This update for cloud-regionsrv-client fixes the following issues: - Ignore exception if the new registration flag file does not exist but there is an attempt to remove it. (bsc#1149528) - Include requirement for python3-six in specfile. (bsc#1152567) - Adds support for repositories with different credentials files (bsc#1154533) ----------------------------------------- Patch: SUSE-2019-3012 Released: Tue Nov 19 18:11:26 2019 Summary: Recommended update for brp-check-suse Severity: moderate References: 1114695 Description: This update for brp-check-suse fixes the following issues: - Deal with libs where file outputs more text after 'not stripped'. (bsc#1114695) ----------------------------------------- Patch: SUSE-2019-3018 Released: Wed Nov 20 12:48:21 2019 Summary: Recommended update for xkeyboard-config Severity: moderate References: 1153774 Description: This update for xkeyboard-config fixes the following issues: - Fix capslock in Old Hungarian layout (bsc#1153774) ----------------------------------------- Patch: SUSE-2019-3030 Released: Thu Nov 21 19:11:25 2019 Summary: Security update for cups Severity: important References: 1146358,1146359,CVE-2019-8675,CVE-2019-8696 Description: This update for cups fixes the following issues: - CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358). - CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359). ----------------------------------------- Patch: SUSE-2019-3047 Released: Mon Nov 25 12:44:49 2019 Summary: Recommended update for python-M2Crypto Severity: moderate References: 1149792,SLE-9135 Description: This update for python-M2Crypto fixes the following issues: - Fix compatibility with OpenSSL 1.1.1c (bsc#1149792) - Upgrade OpenSSL (jsc#SLE-9135) ----------------------------------------- Patch: SUSE-2019-3053 Released: Mon Nov 25 17:28:17 2019 Summary: Security update for clamav Severity: moderate References: 1144504,1149458,1151839,CVE-2019-12625,CVE-2019-12900 Description: This update for clamav fixes the following issues: Security issue fixed: - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issues fixed: - Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504). - Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839). ----------------------------------------- Patch: SUSE-2019-3059 Released: Mon Nov 25 17:33:07 2019 Summary: Security update for cpio Severity: moderate References: 1155199,CVE-2019-14866 Description: This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct() function which could have led to unexpected TAR generation (bsc#1155199). ----------------------------------------- Patch: SUSE-2019-3061 Released: Mon Nov 25 17:34:22 2019 Summary: Security update for gcc9 Severity: moderate References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536 Description: This update includes the GNU Compiler Collection 9. A full changelog is provided by the GCC team on: https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages. To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) ----------------------------------------- Patch: SUSE-2019-3086 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 Description: This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------- Patch: SUSE-2019-3087 Released: Thu Nov 28 10:03:00 2019 Summary: Security update for libxml2 Severity: low References: 1123919 Description: This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past. ----------------------------------------- Patch: SUSE-2019-3096 Released: Thu Nov 28 16:48:21 2019 Summary: Security update for cloud-init Severity: moderate References: 1099358,1129124,1136440,1142988,1144363,1151488,1154092,CVE-2019-0816 Description: This update for cloud-init to version 19.2 fixes the following issues: Security issue fixed: - CVE-2019-0816: Fixed the unnecessary extra ssh keys that were added to authorized_keys (bsc#1129124). Non-security issues fixed: - Short circuit the conditional for identifying the sysconfig renderer (bsc#1154092, bsc#1142988). - If /etc/resolv.conf is a symlink, break it. This will avoid netconfig from clobbering the changes cloud-init applied (bsc#1151488). ----------------------------------------- Patch: SUSE-2019-3104 Released: Fri Nov 29 06:47:08 2019 Summary: Recommended update for sysstat Severity: moderate References: 1144923,SLE-5958 Description: This update for sysstat fixes the following issues: - Enable log information of starting/stoping services. (bsc#1144923, jsc#SLE-5958) ----------------------------------------- Patch: SUSE-2019-3118 Released: Fri Nov 29 14:41:35 2019 Summary: Recommended update for e2fsprogs Severity: moderate References: 1154295 Description: This update for e2fsprogs fixes the following issues: - Make minimum size estimates more reliable for mounted filesystem. (bsc#1154295) ----------------------------------------- Patch: SUSE-2019-3120 Released: Fri Nov 29 14:43:42 2019 Summary: Recommended update for python Severity: moderate References: 1149792 Description: This update for python fixes the following issues: - Skipping tests for failing build with OpenSSL 1.1.1c. (bpo#36576, bsc#1149792) ----------------------------------------- Patch: SUSE-2019-3165 Released: Wed Dec 4 11:23:21 2019 Summary: Recommended update for cronie Severity: moderate References: 1155114,1155929 Description: This update for cronie fixes the following issues: - Update crontab so it doesn't print the headers of crontab with the 'crontab -l' command. (bsc#1155114) - Remove 'checkproc' from the run-crons script as the usage is bogus and has a potential of risks. (bsc#1155929) ----------------------------------------- Patch: SUSE-2019-3166 Released: Wed Dec 4 11:24:42 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1007715,1084934,1157278 Description: This update for aaa_base fixes the following issues: - Use official key binding functions in inputrc that is replace up-history with previous-history, down-history with next-history and backward-delete-word with backward-kill-word. (bsc#1084934) - Add some missed key escape sequences for urxvt-unicode terminal as well. (bsc#1007715) - Clear broken ghost entry in patch which breaks 'readline'. (bsc#1157278) ----------------------------------------- Patch: SUSE-2019-3170 Released: Wed Dec 4 11:45:48 2019 Summary: Recommended update for cjose Severity: moderate References: 1149887 Description: This update for cjose provides the following fix: - Fix concatkdf failures on big endian architectures. (bsc#1149887) ----------------------------------------- Patch: SUSE-2019-3173 Released: Wed Dec 4 20:22:45 2019 Summary: Recommended update for growpart, growpart-rootgrow Severity: moderate References: 1154357,ECO-550 Description: This update for growpart, growpart-rootgrow contains the following fixes: growpart: - Removed rootgrow sub-package as it is a standalone package now. (bsc#1154357, jsc#ECO-550) growpart-rootgrow: - Added growpart-rootgrow as a standalone package. (bsc#1154357, jsc#ECO-550) - Bump from version 1.0.0 to 1.0.1: - Fixed binary location in service unit file. ----------------------------------------- Patch: SUSE-2019-3176 Released: Thu Dec 5 11:41:01 2019 Summary: Security update for clamav Severity: important References: 1157763,CVE-2019-15961 Description: This update for clamav fixes the following issues: - CVE-2019-15961: Fixed a denial of service which might occur when scanning a specially crafted email file as (bsc#1157763). ----------------------------------------- Patch: SUSE-2019-3189 Released: Thu Dec 5 11:45:13 2019 Summary: Security update for dnsmasq Severity: moderate References: 1076958,1138743,1152539,1154849,1156543,CVE-2017-15107,CVE-2019-14834 Description: This update for dnsmasq fixes the following issues: Security issues fixed: - CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation (bsc#1154849) - CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing of wildcard synthesized NSEC records may result improper validation for non-existance (bsc#1076958). Other issues addressed: - Included linux/sockios.h to get SIOCGSTAMP (bsc#1156543). - Removed cache size limit (bsc#1138743). - bsc#1152539: include config files from /etc/dnsmasq.d/*.conf . ----------------------------------------- Patch: SUSE-2019-3192 Released: Thu Dec 5 11:46:10 2019 Summary: Security update for opencv Severity: moderate References: 1144348,1144352,1149742,1154091,CVE-2019-14491,CVE-2019-14492,CVE-2019-15939 Description: This update for opencv fixes the following issues: Security issues fixed: - CVE-2019-14491: Fixed an out of bounds read in the function cv:predictOrdered, leading to DOS (bsc#1144352). - CVE-2019-14492: Fixed an out of bounds read/write in the function HaarEvaluator:OptFeature:calc, which leads to denial of service (bsc#1144348). - CVE-2019-15939: Fixed a divide-by-zero error in cv:HOGDescriptor:getDescriptorSize (bsc#1149742). Non-security issue fixed: - Fixed an issue in opencv-devel that broke builds with 'No rule to make target opencv_calib3d-NOTFOUND' (bsc#1154091). ----------------------------------------- Patch: SUSE-2019-3193 Released: Thu Dec 5 13:36:57 2019 Summary: Recommended update for openpgm Severity: moderate References: 1146257 Description: This update for openpgm fixes the following issues: - Build 32bit packages for zeromq 32bit implementation. (bsc#1146257) ----------------------------------------- Patch: SUSE-2019-3195 Released: Thu Dec 5 21:32:12 2019 Summary: Recommended update for perl-DBD-mysql Severity: low References: 1149792 Description: This update for perl-DBD-mysql fixes the following issues: - Fix the package build by adding the missing zlib-devel build dependency. It used to be pulled in by libopenssl-devel but has changed. (bsc#1149792) ----------------------------------------- Patch: SUSE-2019-3205 Released: Mon Dec 9 13:48:28 2019 Summary: Recommended update for insserv-compat Severity: moderate References: 1052837,1133306 Description: This update for insserv-compat fixes the following issues: - Fix handling of start parameters. (bsc#1133306) - Remove unnecessary entry from configuration file. (bsc#1052837) ----------------------------------------- Patch: SUSE-2019-3210 Released: Tue Dec 10 08:54:15 2019 Summary: Recommended update for rubygem-mail Severity: moderate References: 1156721 Description: This update for rubygem-mail fixes the following issues: Compatibility fixes: - Restore conversions for properly encoded non-binary emails. - Gracefully parse certain invalid Content-Type headers. (rafbm) Bug fixes: - Fix transfer encoding when message encoding is blank. (bsc#1156721) - Fix 7bit/base64 content transfer encoding mismatch. (bsc#1156721) - Fix UTF-8 attachment filename quoting. (bsc#1156721) - Fix 'delete_all' using a readonly IMAP connection. (bsc#1156721) ----------------------------------------- Patch: SUSE-2019-3238 Released: Tue Dec 10 10:21:59 2019 Summary: Security update for java-1_8_0-openjdk Severity: important References: 1138529,1152856,1154212,CVE-2019-2894,CVE-2019-2933,CVE-2019-2945,CVE-2019-2949,CVE-2019-2958,CVE-2019-2962,CVE-2019-2964,CVE-2019-2973,CVE-2019-2975,CVE-2019-2978,CVE-2019-2981,CVE-2019-2983,CVE-2019-2987,CVE-2019-2988,CVE-2019-2989,CVE-2019-2992,CVE-2019-2999 Description: This update for java-1_8_0-openjdk (jdk8u232/icedtea 3.14.0) fixes the following issues: Security issues fixed (bsc#1154212): - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Better Processes - CVE-2019-2964: Better support for patterns - CVE-2019-2962: Better Glyph Images - CVE-2019-2973: Better pattern compilation - CVE-2019-2975: Unexpected exception in jjs - CVE-2019-2978: Improved handling of jar files - CVE-2019-2981: Better Path supports - CVE-2019-2983: Better serial attributes - CVE-2019-2987: Better rendering of native glyphs - CVE-2019-2988: Better Graphics2D drawing - CVE-2019-2989: Improve TLS connection support - CVE-2019-2992: Enhance font glyph mapping - CVE-2019-2999: Commentary on Javadoc comments - CVE-2019-2894: Enhance ECDSA operations (bsc#1152856) Bug fixes: - Fixed build failuers on ARM (bsc#1138529). ----------------------------------------- Patch: SUSE-2019-3240 Released: Tue Dec 10 10:40:19 2019 Summary: Recommended update for ca-certificates-mozilla, p11-kit Severity: moderate References: 1154871 Description: This update for ca-certificates-mozilla, p11-kit fixes the following issues: Changes in ca-certificates-mozilla: - export correct p11kit trust attributes so Firefox detects built in certificates (bsc#1154871). Changes in p11-kit: - support loading NSS attribute CKA_NSS_MOZILLA_CA_POLICY so Firefox detects built in certificates (bsc#1154871) ----------------------------------------- Patch: SUSE-2019-3245 Released: Wed Dec 11 10:12:19 2019 Summary: Recommended update for azure-li-services Severity: moderate References: 1157040,1157041 Description: This update for azure-li-services fixes the following issues: - Bump version: 1.2.3 to 1.2.4 - Reference commit for SUSE maintenance This submission creates a reference to bsc#1157041 - Reference commit for SUSE maintenance This submission creates a reference to bsc#1157040 - Bump version: 1.2.2 to 1.2.3 - Right name for vli sp2 folder - Add folder for SLES15 SP2 VLI images - Fixed VLI package list for sle15 cpp48 does not exist on sle15, instead the cpp package by its name provides is used. On sle15 this resolved to cpp7. This is related to Issue #186 - Bump version: 1.2.1 to 1.2.2 - Added Microsoft requested packages to VLI images This Fixes #186 - Add retry loop to setup sbd device There is no deterministic way to know when the iSCSI device is ready to be processed by sbd. Thus the calls to setup the sbd device has been placed into a retry loop that runs max 3 times with a 2sec wait period in between. This Fixes #188 - Add directory for SLES15-SP2 - Saptune setup As pointed before, saptune supersedes sapconf. This is the right path to setup saptune. Update image descriptions not to install sapconf. This Fixes #185 - Update LI image versions For the refresh of the images in the SUSE namespace the version number has been increased - Bump version: 1.2.0 to 1.2.1 - Right sequence saptune One of the issues is that `saptune` is a different tool that supersedes `sapconf`. Then the `saptune daemon restart` command will always overwrite the profile with `saptune`. Two different tools that can't be mixed. Only one should be used. In case of SLES (not SLES for SAP), the sequence should be For SLES 12 ``` tuned-adm profile sap-hana systemctl enable --now sapconf.service ``` and for SLES15 ``` tuned-adm profile sapconf systemctl enable --now sapconf.service ``` For SLES for SAP, the sequence is the same for 12 and 15: ``` saptune daemon start saptune solution apply HANA ``` This Fixes #172 - Bump version: 1.1.39 to 1.2.0 - Change the setup of the login shell The login shell was setup based on assumption regarding other user attributes set. This way caused some negative side effects which lets us change the behavior. This patch does the following * Adds a new attribute named: loginshell * If loginshell is present the value for loginshell will be used, if not the default /sbin/nologin applies * All implicit assumptions for setting up the login shell got deleted This Fixes #178 - sbd device to wait for udev to finish This Fixes #179 - Bump version: 1.1.38 to 1.1.39 - Consolidate all image descriptions in git Instead of maintaining image descriptions in obs we want to maintain them in git. With this change only a service and multibuild configuration applies in obs but the data to build the image will live in git. This allows for real development and review regarding changes to the kiwi image descriptions. - Restart iscsi subsystem after device discovery Only after restart of the iscsi subsystem the device nodes from a previous device discovery gets created properly. This Fixes #170 - Bump version: 1.1.37 to 1.1.38 - Added more logging to the process Add a log file /var/log/azure-li-services.log which adds logging information from the service process. Usually error log information is present on the systemd level but for checking the process, it's calls and potential further information it's also useful to have a processing log file. The log file will be created on the host and gets also copied to the config lun in the same way as the systemd workload log - Bump version: 1.1.36 to 1.1.37 - Delete ineffective startup.nsh code startup.nsh is read by the firmware in an early boot phase. It doesn't make sense to write that file as part of the boot services because it's too late in the process. startup.nsh if required needs to be provided by the image itself - Extend storage service dependencies The storage service can be used for remote storage like NFS storage to be attached to the machine. This requires the network to be online. Having the network only configured is not enough it must also be online. Thus the storage service unit is extended to wait for the network-online.target - Bump version: 1.1.35 to 1.1.36 - Fixed network setup for bonding on vlan vlan network definitions that uses bonding etherdevices were missing a switch to correctly assign the ip configuration This Fixes #164 - Bump version: 1.1.34 to 1.1.35 - Apply saptune startup sequence suggested by $MS Implementing startup sequence as suggested in SAP Note 1275776. This Fixes #149 - Log command calls on the console Implements a simple logging facility for the Command classes and write the commands called to the console. This will lead to more detailed information about the command calls in the systemd status information - Load yaml in safe mode The default yaml loader is unsafe, thus we should switch to the safe_load method. For details see: https://msg.pyyaml.org/load - Bump version: 1.1.33 to 1.1.34 - Start saptune daemon after applying profile For some reason the saptune daemon needs to restart if a profile has been set through the tuned-adm profile command. This Fixes #149 - Revert fix for service order of saptune daemon It has turned out that the simple change in order did not solve the problem. In fact the daemon needs to be restarted on profile setup - Allow ssh access with shell Allow access through ssh without shadow hash and with shell. Fixes #151 - Bump version: 1.1.32 to 1.1.33 - Fix service order on startup of saptune daemon The tuned profile must be applied prior to the start of the saptune daemon. This Fixes #149 - Bump version: 1.1.31 to 1.1.32 - Fixed travis badge link - Mount LUN in sync mode Per request from Microsoft the location that holds the config file and is also used for the status flag and log should be mounted with the sync option. This Fixes #144 - Activate SAP Hana profile via tuned-adm Check for the presence of the sap-hana profile and switch to sapconf if not found. Activate the selected profile via the tuned-adm control command. This Fixes #142 ----------------------------------------- Patch: SUSE-2019-3267 Released: Wed Dec 11 11:19:53 2019 Summary: Security update for libssh Severity: important References: 1158095,CVE-2019-14889 Description: This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095). ----------------------------------------- Patch: SUSE-2019-3269 Released: Wed Dec 11 11:53:50 2019 Summary: Recommended update for nss_ldap Severity: moderate References: 1154340 Description: This update for nss_ldap fixes the following issues: - Implement export for build to avoid INET6 failing in nss_ldap. (bsc#1154340) ----------------------------------------- Patch: SUSE-2019-3298 Released: Sat Dec 14 00:59:01 2019 Summary: Recommended update for gnu-compilers-hpc Severity: moderate References: 1149414,SLE-7765,SLE-7766 Description: This update for gnu-compilers-hpc fixes the following issues: - Add support for gcc7 and gcc8 variants of gnu-compilers-hpc (jsc#SLE-7766) - For the base compiler add a 'Provides' for the versioned form. ----------------------------------------- Patch: SUSE-2019-3301 Released: Mon Dec 16 10:47:20 2019 Summary: Recommended update for mariadb-connector-c Severity: moderate References: 1156669 Description: This update for mariadb-connector-c fixes the following issues: New upstream version 3.1.5 (bsc#1156669) - Plugin dialog could not be loaded (wrong path) - Fix for unknown/not handled schannel error codes - Use windows crypto libraries on Windows platforms - Fix crash in GnuTLS when key and certificate are in the same file - Fix location of PLUGINDIR if Connector/C is a subproject ----------------------------------------- Patch: SUSE-2019-3327 Released: Tue Dec 17 15:45:47 2019 Summary: Recommended update for libtcnative-1-0 Severity: moderate References: 1130843,202339,622430 Description: This update for libtcnative-1-0 fixes the following issues: - Fix incompatibility with Tomcat. (bsc#1130843) - Include 'libtcnative-1.so' in the main package. (bsc#622430) - Enable 'jsvc' and 'apr/epoll' in Tomcat packages. (bsc#202339) ----------------------------------------- Patch: SUSE-2019-3329 Released: Tue Dec 17 15:46:18 2019 Summary: Recommended update to python-tornado Severity: low References: 1149792 Description: - Add patch to skip tests failing with OpenSSL 1.1.1 (bsc#1149792) * it happens only when using TLS 1.3, so if user wants to use tornado, they can hand disable the TLS 1.3 and continue ----------------------------------------- Patch: SUSE-2019-3345 Released: Thu Dec 19 15:02:29 2019 Summary: Optional update for container-diff Severity: low References: 1148768,ECO-338 Description: Added container-diff package to SUSE Linux Enterprise 15 Containers Module and SUSE Linux Enterprise 15 SP1 Containers Module. ----------------------------------------- Patch: SUSE-2019-3348 Released: Thu Dec 19 16:13:04 2019 Summary: Security update for spectre-meltdown-checker Severity: moderate References: 1117665,1139073,CVE-2018-12207,CVE-2019-11135 Description: This update for spectre-meltdown-checker fixes the following issues: - feat: implement TAA detection (CVE-2019-11135 bsc#1139073) - feat: implement MCEPSC / iTLB Multihit detection (CVE-2018-12207 bsc#1117665) - feat: taa: add TSX_CTRL MSR detection in hardware info - feat: fwdb: use both Intel GitHub repo and MCEdb to build our firmware version database - feat: use --live with --kernel/--config/--map to override file detection in live mode - enh: rework the vuln logic of MDS with --paranoid (fixes #307) - enh: explain that Enhanced IBRS is better for performance than classic IBRS - enh: kernel: autodetect customized arch kernels from cmdline - enh: kernel decompression: better tolerance against missing tools - enh: mock: implement reading from /proc/cmdline - fix: variant3a: Silvermont CPUs are not vulnerable to variant 3a - fix: lockdown: detect Red Hat locked down kernels (impacts MSR writes) - fix: lockdown: detect locked down mode in vanilla 5.4+ kernels - fix: sgx: on locked down kernels, fallback to CPUID bit for detection - fix: fwdb: builtin version takes precedence if the local cached version is older - fix: pteinv: don't check kernel image if not available - fix: silence useless error from grep (fixes #322) - fix: msr: fix msr module detection under Ubuntu 19.10 (fixes #316) - fix: mocking value for read_msr - chore: rename mcedb cmdline parameters to fwdb, and change db version scheme - chore: fwdb: update to v130.20191104+i20191027 - chore: add GitHub check workflow ----------------------------------------- Patch: SUSE-2019-3349 Released: Thu Dec 19 16:13:12 2019 Summary: Security update for trousers Severity: moderate References: 1157651,CVE-2019-18898 Description: This update for trousers fixes the following issues: - CVE-2019-18898: Fixed a local symlink attack where a rogue tss user could have gain ownership of arbitrary files in the system during installation/update of the trousers package (bsc#1157651). ----------------------------------------- Patch: SUSE-2019-3372 Released: Fri Dec 20 07:24:28 2019 Summary: Security update for the Linux Kernel Severity: important References: 1048942,1051510,1071995,1078248,1082635,1089644,1091041,1103990,1103991,1104353,1104427,1104745,1108043,1109837,1111666,1112178,1112374,1113722,1113956,1113994,1114279,1117169,1118661,1119113,1120853,1126390,1127354,1127371,1129770,1131107,1134983,1135966,1135967,1137223,1137236,1138039,1140948,1142095,1142635,1142924,1143706,1144333,1146544,1149448,1150466,1151067,1151548,1151900,1152782,1153628,1153811,1154043,1154058,1154124,1154355,1154526,1154601,1155021,1155689,1155692,1155836,1155897,1155921,1156187,1156258,1156429,1156466,1156471,1156494,1156609,1156700,1156729,1156882,1156928,1157032,1157038,1157042,1157044,1157045,1157046,1157049,1157070,1157115,1157143,1157145,1157158,1157160,1157162,1157171,1157173,1157178,1157180,1157182,1157183,1157184,1157191,1157193,1157197,1157298,1157304,1157307,1157324,1157333,1157386,1157424,1157463,1157499,1157678,1157698,1157778,1157908,1158049,1158063,1158064,1158065,1158066,1158067,1158068,1158071,1158082,1158381,1158394,1158398,1158407,1158410,1158413,1158417,1158427,1158445,1158637,1158638,1158639,1158640,1158641,1158643,1158644,1158645,1158646,1158647,1158649,1158651,1158652,CVE-2019-0154,CVE-2019-14895,CVE-2019-14901,CVE-2019-15213,CVE-2019-15916,CVE-2019-16231,CVE-2019-17055,CVE-2019-18660,CVE-2019-18683,CVE-2019-18805,CVE-2019-18809,CVE-2019-19046,CVE-2019-19049,CVE-2019-19052,CVE-2019-19056,CVE-2019-19057,CVE-2019-19058,CVE-2019-19060,CVE-2019-19062,CVE-2019-19063,CVE-2019-19065,CVE-2019-19067,CVE-2019-19068,CVE-2019-19073,CVE-2019-19074,CVE-2019-19075,CVE-2019-19077,CVE-2019-19078,CVE-2019-19080,CVE-2019-19081,CVE-2019-19082,CVE-2019-19083,CVE-2019-19227,CVE-2019-19524,CVE-2019-19525,CVE-2019-19528,CVE-2019-19529,CVE-2019-19530,CVE-2019-19531,CVE-2019-19534,CVE-2019-19536,CVE-2019-19543,SLE-4805 Description: The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-15213: An issue was discovered in the Linux kernel, there was a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544). - CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1158445). - CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427). - CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver (bnc#1158417). - CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (bnc#1158410). - CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394). - CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver (bnc#1158413). - CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (bnc#1158407). - CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398). - CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver (bnc#1158381). - CVE-2019-14901: A heap overflow flaw was found in the Linux kernel in Marvell WiFi chip driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system (bnc#1157042). - CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158). - CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038). - CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897). - CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1156258). - CVE-2019-19046: A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure (bnc#1157304). - CVE-2019-19078: A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157032). - CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333). - CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). - CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). - CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157307). - CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157298). - CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client (bnc#1157678). - CVE-2019-19081: A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157045). - CVE-2019-19080: Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157044). - CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures (bnc#1157191). - CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171). - CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324). - CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures (bsc#1157180). - CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157178). - CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures (bsc#1157173). - CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures (bnc#1157162). - CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures (bnc#1157145). - CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157143). - CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function (bnc#1157070). - CVE-2019-19083: Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel allowed attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, the dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, and the dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c (bnc#1157049). - CVE-2019-19082: Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel allowed attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, the dce100_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, and the dce112_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c (bnc#1157046). - CVE-2019-15916: An issue was discovered in the Linux kernel There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448). - CVE-2019-0154: Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1135966). - CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466). - CVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel There was a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact (bnc#1156187). - CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket (bnc#1152782). The following non-security bugs were fixed: - bnxt_en: Update firmware interface spec. to 1.10.0.47 (bsc#1157115) - ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask (bsc#1051510). - ACPI / SBS: Fix rare oops when removing modules (bsc#1051510). - ACPI / hotplug / PCI: Allocate resources directly under the non-hotplug bridge (bsc#1111666). - ACPICA: Never run _REG on system_memory and system_IO (bsc#1051510). - ACPICA: Use %d for signed int print formatting instead of %u (bsc#1051510). - ALSA: 6fire: Drop the dead code (git-fixes). - ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series (git-fixes). - ALSA: cs4236: fix error return comparison of an unsigned integer (git-fixes). - ALSA: firewire-motu: Correct a typo in the clock proc string (git-fixes). - ALSA: hda - Add mute led support for HP ProBook 645 G4 (git-fixes). - ALSA: hda - Fix pending unsol events at shutdown (git-fixes). - ALSA: hda/ca0132 - Fix possible workqueue stall (bsc#1155836). - ALSA: hda/hdmi - Clear codec->relaxed_resume flag at unbinding (git-fixes). - ALSA: hda/intel: add CometLake PCI IDs (bsc#1156729). - ALSA: hda/realtek - Enable internal speaker of ASUS UX431FLC (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Move some alc236 pintbls to fallback table (git-fixes). - ALSA: hda/realtek - Move some alc256 pintbls to fallback table (git-fixes). - ALSA: hda: Add Cometlake-S PCI ID (git-fixes). - ALSA: hda: Fix racy display power access (bsc#1156928). - ALSA: hda: hdmi - fix port numbering for ICL and TGL platforms (git-fixes). - ALSA: hda: hdmi - remove redundant code comments (git-fixes). - ALSA: i2c/cs8427: Fix int to char conversion (bsc#1051510). - ALSA: intel8x0m: Register irq handler after register initializations (bsc#1051510). - ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() (git-fixes). - ALSA: pcm: Yet another missing check of non-cached buffer type (bsc#1111666). - ALSA: pcm: signedness bug in snd_pcm_plug_alloc() (bsc#1051510). - ALSA: seq: Do error checks at creating system ports (bsc#1051510). - ALSA: timer: Fix incorrectly assigned timer instance (git-fixes). - ALSA: usb-audio: Add skip_validation option (git-fixes). - ALSA: usb-audio: Fix Focusrite Scarlett 6i6 gen1 - input handling (git-fixes). - ALSA: usb-audio: Fix NULL dereference at parsing BADD (git-fixes). - ALSA: usb-audio: Fix incorrect NULL check in create_yamaha_midi_quirk() (git-fixes). - ALSA: usb-audio: Fix incorrect size check for processing/extension units (git-fixes). - ALSA: usb-audio: Fix missing error check at mixer resolution test (git-fixes). - ALSA: usb-audio: not submit urb for stopped endpoint (git-fixes). - ALSA: usb-audio: sound: usb: usb true/false for bool return type (git-fixes). - ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation (bsc#1051510). - ASoC: davinci-mcasp: Handle return value of devm_kasprintf (stable 4.14.y). - ASoC: davinci: Kill BUG_ON() usage (stable 4.14.y). - ASoC: dpcm: Properly initialise hw->rate_max (bsc#1051510). - ASoC: kirkwood: fix external clock probe defer (git-fixes). - ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX (git-fixes). - ASoC: sgtl5000: avoid division by zero if lo_vag is zero (bsc#1051510). - ASoC: tegra_sgtl5000: fix device_node refcounting (bsc#1051510). - ASoC: tlv320aic31xx: Handle inverted BCLK in non-DSP modes (stable 4.14.y). - ASoC: tlv320dac31xx: mark expected switch fall-through (stable 4.14.y). - Bluetooth: Fix invalid-free in bcsp_close() (git-fixes). - Bluetooth: Fix memory leak in hci_connect_le_scan (bsc#1051510). - Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS (bsc#1051510). - Bluetooth: btusb: fix PM leak in error case of setup (bsc#1051510). - Bluetooth: delete a stray unlock (bsc#1051510). - Bluetooth: hci_core: fix init for HCI_USER_CHANNEL (bsc#1051510). - Btrfs: fix log context list corruption after rename exchange operation (bsc#1156494). - CIFS: Fix SMB2 oplock break processing (bsc#1144333, bsc#1154355). - CIFS: Fix oplock handling for SMB 2.1+ protocols (bsc#1144333, bsc#1154355). - CIFS: Fix retry mid list corruption on reconnects (bsc#1144333, bsc#1154355). - CIFS: Fix use after free of file info structures (bsc#1144333, bsc#1154355). - CIFS: Force reval dentry if LOOKUP_REVAL flag is set (bsc#1144333, bsc#1154355). - CIFS: Force revalidate inode when dentry is stale (bsc#1144333, bsc#1154355). - CIFS: Gracefully handle QueryInfo errors during open (bsc#1144333, bsc#1154355). - CIFS: avoid using MID 0xFFFF (bsc#1144333, bsc#1154355). - CIFS: fix max ea value size (bsc#1144333, bsc#1154355). - Documentation: debugfs: Document debugfs helper for unsigned long values (git-fixes). - Documentation: x86: convert protection-keys.txt to reST (bsc#1078248). - EDAC/ghes: Fix Use after free in ghes_edac remove path (bsc#1114279). - EDAC/ghes: Fix locking and memory barrier issues (bsc#1114279). EDAC/ghes: Do not warn when incrementing refcount on 0 (bsc#1114279). - HID: Add ASUS T100CHI keyboard dock battery quirks (bsc#1051510). - HID: Add quirk for Microsoft PIXART OEM mouse (bsc#1051510). - HID: Fix assumption that devices have inputs (git-fixes). - HID: asus: Add T100CHI bluetooth keyboard dock special keys mapping (bsc#1051510). - HID: wacom: generic: Treat serial number and related fields as unsigned (git-fixes). - IB/mlx5: Free mpi in mp_slave mode (bsc#1103991). - IB/mlx5: Support MLX5_CMD_OP_QUERY_LAG as a DEVX general command (bsc#1103991). - Input: ff-memless - kill timer in destroy() (bsc#1051510). - Input: silead - try firmware reload after unsuccessful resume (bsc#1051510). - Input: st1232 - set INPUT_PROP_DIRECT property (bsc#1051510). - Input: synaptics-rmi4 - clear IRQ enables for F54 (bsc#1051510). - Input: synaptics-rmi4 - destroy F54 poller workqueue when removing (bsc#1051510). - Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver (bsc#1051510). - Input: synaptics-rmi4 - do not consume more data than we have (F11, F12) (bsc#1051510). - Input: synaptics-rmi4 - fix video buffer size (git-fixes). - KVM: SVM: Guard against DEACTIVATE when performing WBINVD/DF_FLUSH (bsc#1114279). - KVM: SVM: Serialize access to the SEV ASID bitmap (bsc#1114279). - KVM: VMX: Consider PID.PIR to determine if vCPU has pending interrupts (bsc#1158064). - KVM: VMX: Fix conditions for guest IA32_XSS support (bsc#1158065). - KVM: s390: fix __insn32_query() inline assembly (git-fixes). - KVM: s390: vsie: Do not shadow CRYCB when no AP and no keys (git-fixes). - KVM: s390: vsie: Return correct values for Invalid CRYCB format (git-fixes). - KVM: x86/mmu: Take slots_lock when using kvm_mmu_zap_all_fast() (bsc#1158067). - KVM: x86: Introduce vcpu->arch.xsaves_enabled (bsc#1158066). - NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error (git-fixes). - PCI/ACPI: Correct error message for ASPM disabling (bsc#1051510). - PCI/MSI: Fix incorrect MSI-X masking on resume (bsc#1051510). - PCI/PM: Clear PCIe PME Status even for legacy power management (bsc#1111666). - PCI/PME: Fix possible use-after-free on remove (git-fixes). - PCI/PTM: Remove spurious 'd' from granularity message (bsc#1051510). - PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3 (bsc#1051510). - PCI: Fix Intel ACS quirk UPDCR register address (bsc#1051510). - PCI: dwc: Fix find_next_bit() usage (bsc#1051510). - PCI: pciehp: Do not disable interrupt twice on suspend (bsc#1111666). - PCI: rcar: Fix missing MACCTLR register setting in initialization sequence (bsc#1051510). - PCI: sysfs: Ignore lockdep for remove attribute (git-fixes). - PCI: tegra: Enable Relaxed Ordering only for Tegra20 and Tegra30 (git-fixes). - PM / devfreq: Check NULL governor in available_governors_show (git-fixes). - PM / devfreq: Lock devfreq in trans_stat_show (git-fixes). - PM / devfreq: exynos-bus: Correct clock enable sequence (bsc#1051510). - PM / devfreq: passive: Use non-devm notifiers (bsc#1051510). - PM / devfreq: passive: fix compiler warning (bsc#1051510). - PM / hibernate: Check the success of generating md5 digest before hibernation (bsc#1051510). - RDMA/bnxt_re: Fix stat push into dma buffer on gen p5 devices (bsc#1157115) - RDMA/efa: Add Amazon EFA driver (jsc#SLE-4805) - RDMA/efa: Clear the admin command buffer prior to its submission (git-fixes) Patch was already picked through Amazon driver repo but was not marked with a Git-commit tag - RDMA/hns: Fix comparison of unsigned long variable 'end' with less than zero (bsc#1104427 bsc#1137236). - RDMA/hns: Fix wrong assignment of qp_access_flags (bsc#1104427 ). - RDMA/restrack: Track driver QP types in resource tracker (jsc#SLE-4805) - README.BRANCH: Removing myself from the maintainer list - UAS: Revert commit 3ae62a42090f ('UAS: fix alignment of scatter/gather segments'). - USB: chaoskey: fix error case of a timeout (git-fixes). - USB: gadget: Reject endpoints with 0 maxpacket value (bsc#1051510). - USB: ldusb: fix control-message timeout (bsc#1051510). - USB: ldusb: fix ring-buffer locking (bsc#1051510). - USB: misc: appledisplay: fix backlight update_status return code (bsc#1051510). - USB: serial: mos7720: fix remote wakeup (git-fixes). - USB: serial: mos7840: add USB ID to support Moxa UPort 2210 (bsc#1051510). - USB: serial: mos7840: fix remote wakeup (git-fixes). - USB: serial: option: add support for DW5821e with eSIM support (bsc#1051510). - USB: serial: option: add support for Foxconn T77W968 LTE modules (bsc#1051510). - USB: serial: whiteheat: fix line-speed endianness (bsc#1051510). - USB: serial: whiteheat: fix potential slab corruption (bsc#1051510). - USBIP: add config dependency for SGL_ALLOC (git-fixes). - acpi/nfit, device-dax: Identify differentiated memory with a unique numa-node (bsc#1158071). - appledisplay: fix error handling in the scheduled work (git-fixes). - arm64: Update config files. (bsc#1156466) Enable HW_RANDOM_OMAP driver and mark driver omap-rng as supported. - ata: ep93xx: Use proper enums for directions (bsc#1051510). - ath10k: Correct error handling of dma_map_single() (bsc#1111666). - ath10k: allocate small size dma memory in ath10k_pci_diag_write_mem (bsc#1111666). - ath10k: assign 'n_cipher_suites = 11' for WCN3990 to enable WPA3 (bsc#1111666). - ath10k: avoid possible memory access violation (bsc#1111666). - ath10k: fix kernel panic by moving pci flush after napi_disable (bsc#1051510). - ath10k: fix vdev-start timeout on error (bsc#1051510). - ath10k: limit available channels via DT ieee80211-freq-limit (bsc#1051510). - ath10k: skip resetting rx filter for WCN3990 (bsc#1111666). - ath10k: wmi: disable softirq's while calling ieee80211_rx (bsc#1051510). - ath9k: Fix a locking bug in ath9k_add_interface() (bsc#1051510). - ath9k: add back support for using active monitor interfaces for tx99 (bsc#1051510). - ath9k: fix reporting calculated new FFT upper max (bsc#1051510). - ath9k: fix tx99 with monitor mode interface (bsc#1051510). - ath9k_hw: fix uninitialized variable data (bsc#1051510). - ax88172a: fix information leak on short answers (bsc#1051510). - backlight: lm3639: Unconditionally call led_classdev_unregister (bsc#1051510). - bnxt_en: Increase timeout for HWRM_DBG_COREDUMP_XX commands (bsc#1104745). - bnxt_en: Update firmware interface spec. to 1.10.0.89 (bsc#1157115) - bnxt_en: Update firmware interface to 1.10.0.69 (bsc#1157115) - bpf: Fix use after free in subprog's jited symbol removal (bsc#1109837). - bpf: fix BTF limits (bsc#1109837). - bpf: fix BTF verification of enums (bsc#1109837). - brcmfmac: fix full timeout waiting for action frame on-channel tx (bsc#1051510). - brcmfmac: fix wrong strnchr usage (bsc#1111666). - brcmfmac: increase buffer for obtaining firmware capabilities (bsc#1111666). - brcmfmac: reduce timeout for action frame scan (bsc#1051510). - brcmsmac: AP mode: update beacon when TIM changes (bsc#1051510). - brcmsmac: Use kvmalloc() for ucode allocations (bsc#1111666). - brcmsmac: never log 'tid x is not agg'able' by default (bsc#1051510). - can: c_can: c_can_poll(): only read status register after status IRQ (git-fixes). - can: dev: call netif_carrier_off() in register_candev() (bsc#1051510). - can: mcba_usb: fix use-after-free on disconnect (git-fixes). - can: peak_usb: fix a potential out-of-sync while decoding packets (git-fixes). - can: peak_usb: fix slab info leak (git-fixes). - can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max (git-fixes). - can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak (git-fixes). - can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak (git-fixes). - can: usb_8dev: fix use-after-free on disconnect (git-fixes). - ceph: add missing check in d_revalidate snapdir handling (bsc#1157183). - ceph: do not try to handle hashed dentries in non-O_CREAT atomic_open (bsc#1157184). - ceph: fix use-after-free in __ceph_remove_cap() (bsc#1154058). - ceph: just skip unrecognized info in ceph_reply_info_extra (bsc#1157182). - cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set (bsc#1051510). - cfg80211: Prevent regulatory restore during STA disconnect in concurrent interfaces (bsc#1051510). - cfg80211: call disconnect_wk when AP stops (bsc#1051510). - cfg80211: validate wmm rule when setting (bsc#1111666). - cgroup,writeback: do not switch wbs immediately on dead wbs if the memcg is dead (bsc#1158645). - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bsc#1144333, bsc#1154355). - cifs: Fix missed free operations (bsc#1144333, bsc#1154355). - cifs: Use kzfree() to zero out the password (bsc#1144333, bsc#1154355). - cifs: add a helper to find an existing readable handle to a file (bsc#1144333, bsc#1154355). - cifs: create a helper to find a writeable handle by path name (bsc#1144333, bsc#1154355). - cifs: move cifsFileInfo_put logic into a work-queue (bsc#1144333, bsc#1154355). - cifs: prepare SMB2_Flush to be usable in compounds (bsc#1144333, bsc#1154355). - cifs: set domainName when a domain-key is used in multiuser (bsc#1144333, bsc#1154355). - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bsc#1144333, bsc#1154355). - cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1144333, bsc#1154355). - clk: at91: avoid sleeping early (git-fixes). - clk: pxa: fix one of the pxa RTC clocks (bsc#1051510). - clk: samsung: Use clk_hw API for calling clk framework from clk notifiers (bsc#1051510). - clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume (bsc#1051510). - clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume (git-fixes). - clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 (git-fixes). - clocksource/drivers/sh_cmt: Fix clocksource width for 32-bit machines (bsc#1051510). - clocksource/drivers/sh_cmt: Fixup for 64-bit machines (bsc#1051510). - compat_ioctl: handle SIOCOUTQNSD (bsc#1051510). - component: fix loop condition to call unbind() if bind() fails (bsc#1051510). - cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() (bsc#1051510). - cpufreq: Skip cpufreq resume if it's not suspended (bsc#1051510). - cpufreq: intel_pstate: Register when ACPI PCCH is present (bsc#1051510). - cpufreq: powernv: fix stack bloat and hard limit on number of CPUs (bsc#1051510). - cpufreq: ti-cpufreq: add missing of_node_put() (bsc#1051510). - cpupower : Fix cpupower working when cpu0 is offline (bsc#1051510). - cpupower : frequency-set -r option misses the last cpu in related cpu list (bsc#1051510). - cpupower: Fix coredump on VMWare (bsc#1051510). - crypto: af_alg - cast ki_complete ternary op to int (bsc#1051510). - crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr (bsc#1051510). - crypto: ecdh - fix big endian bug in ECC library (bsc#1051510). - crypto: fix a memory leak in rsa-kcs1pad's encryption mode (bsc#1051510). - crypto: geode-aes - switch to skcipher for cbc(aes) fallback (bsc#1051510). - crypto: mxs-dcp - Fix AES issues (bsc#1051510). - crypto: mxs-dcp - Fix SHA null hashes and output length (bsc#1051510). - crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static (bsc#1051510). - crypto: s5p-sss: Fix Fix argument list alignment (bsc#1051510). - crypto: tgr192 - remove unneeded semicolon (bsc#1051510). - cw1200: Fix a signedness bug in cw1200_load_firmware() (bsc#1051510). - cxgb4: fix panic when attaching to ULD fail (networking-stable-19_11_05). - cxgb4: request the TX CIDX updates to status page (bsc#1127354 bsc#1127371). - dccp: do not leak jiffies on the wire (networking-stable-19_11_05). - dlm: do not leak kernel pointer to userspace (bsc#1051510). - dlm: fix invalid free (bsc#1051510). - dmaengine: bcm2835: Print error in case setting DMA mask fails (bsc#1051510). - dmaengine: dma-jz4780: Do not depend on MACH_JZ4780 (bsc#1051510). - dmaengine: dma-jz4780: Further residue status fix (bsc#1051510). - dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction (bsc#1051510). - dmaengine: imx-sdma: fix size check for sdma script_number (bsc#1051510). - dmaengine: imx-sdma: fix use-after-free on probe error path (bsc#1051510). - dmaengine: rcar-dmac: set scatter/gather max segment size (bsc#1051510). - dmaengine: timb_dma: Use proper enum in td_prep_slave_sg (bsc#1051510). - docs: move protection-keys.rst to the core-api book (bsc#1078248). - drm/amd/display: fix odm combine pipe reset (bsc#1111666). - drm/amd/powerplay: issue no PPSMC_MSG_GetCurrPkgPwr on unsupported (bsc#1113956) - drm/amdgpu/powerplay/vega10: allow undervolting in p7 (bsc#1111666). - drm/amdgpu: fix bad DMA from INTERRUPT_CNTL2 (bsc#1111666). - drm/amdgpu: fix memory leak (bsc#1111666). - drm/etnaviv: fix dumping of iommuv2 (bsc#1113722) - drm/i915/cmdparser: Add support for backward jumps (bsc#1135967) - drm/i915/cmdparser: Ignore Length operands during command matching (bsc#1135967) - drm/i915/cmdparser: Use explicit goto for error paths (bsc#1135967) - drm/i915/cml: Add second PCH ID for CMP (bsc#1111666). - drm/i915/gen8+: Add RC6 CTX corruption WA (bsc#1135967) - drm/i915/gtt: Add read only pages to gen8_pte_encode (bsc#1135967) - drm/i915/gtt: Disable read-only support under GVT (bsc#1135967) - drm/i915/gtt: Read-only pages for insert_entries on bdw (bsc#1135967) - drm/i915/gvt: fix dropping obj reference twice (bsc#1111666). - drm/i915/ilk: Fix warning when reading emon_status with no output (bsc#1111666). - drm/i915/pmu: 'Frequency' is reported as accumulated cycles (bsc#1112178) - drm/i915: Add gen9 BCS cmdparsing (bsc#1135967) - drm/i915: Add support for mandatory cmdparsing (bsc#1135967) - drm/i915: Allow parsing of unsized batches (bsc#1135967) - drm/i915: Disable Secure Batches for gen6+ - drm/i915: Do not dereference request if it may have been retired when (bsc#1142635) - drm/i915: Fix and improve MCR selection logic (bsc#1112178) - drm/i915: Lock the engine while dumping the active request (bsc#1142635) - drm/i915: Lower RM timeout to avoid DSI hard hangs (bsc#1135967) - drm/i915: Prevent writing into a read-only object via a GGTT mmap (bsc#1135967) - drm/i915: Reacquire priolist cache after dropping the engine lock (bsc#1129770) - drm/i915: Remove Master tables from cmdparser - drm/i915: Rename gen7 cmdparser tables (bsc#1135967) - drm/i915: Skip modeset for cdclk changes if possible (bsc#1156928). - drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (bsc#1135967) - drm/msm/dpu: handle failures while initializing displays (bsc#1111666). - drm/msm: fix memleak on release (bsc#1111666). - drm/omap: fix max fclk divider for omap36xx (bsc#1113722) - drm/radeon: fix bad DMA from INTERRUPT_CNTL2 (git-fixes). - drm/radeon: fix si_enable_smc_cac() failed issue (bsc#1113722) - drm: fix module name in edid_firmware log message (bsc#1113956) - e1000e: Drop unnecessary __E1000_DOWN bit twiddling (bsc#1158049). - e1000e: Use dev_get_drvdata where possible (bsc#1158049). - e1000e: Use rtnl_lock to prevent race conditions between net and pci/pm (bsc#1158049). - ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable (bsc#1158646). - ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either (bsc#1158647). - ext4: fix punch hole for inline_data file systems (bsc#1158640). - ext4: update direct I/O read lock pattern for IOCB_NOWAIT (bsc#1158639). - extcon: cht-wc: Return from default case to avoid warnings (bsc#1051510). - fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper() (bsc#1051510). - fbdev: sbuslib: use checked version of put_user() (bsc#1051510). - fix SCTP regression (bsc#1158082) - ftrace: Introduce PERMANENT ftrace_ops flag (bsc#1120853). - gpio: mpc8xxx: Do not overwrite default irq_set_type callback (bsc#1051510). - gpio: syscon: Fix possible NULL ptr usage (bsc#1051510). - gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist (bsc#1051510). - gsmi: Fix bug in append_to_eventlog sysfs handler (bsc#1051510). - hwmon: (ina3221) Fix INA3221_CONFIG_MODE macros (bsc#1051510). - hwmon: (pwm-fan) Silence error on probe deferral (bsc#1051510). - hwrng: omap - Fix RNG wait loop timeout (bsc#1051510). - hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled (bsc#1051510). - hypfs: Fix error number left in struct pointer member (bsc#1051510). - i2c: of: Try to find an I2C adapter matching the parent (bsc#1129770) - i40e: enable X710 support (bsc#1151067). - ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047). - ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047). - ibmvnic: Serialize device queries (bsc#1155689 ltc#182047). - ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047). - ice: fix potential infinite loop because loop counter being too small (bsc#1118661). - iio: adc: max9611: explicitly cast gain_selectors (bsc#1051510). - iio: adc: stm32-adc: fix stopping dma (git-fixes). - iio: dac: mcp4922: fix error handling in mcp4922_write_raw (bsc#1051510). - iio: imu: adis16480: assign bias value only if operation succeeded (git-fixes). - iio: imu: adis16480: make sure provided frequency is positive (git-fixes). - iio: imu: adis: assign read val in debugfs hook only if op successful (git-fixes). - iio: imu: adis: assign value only if return code zero in read funcs (git-fixes). - include/linux/bitrev.h: fix constant bitrev (bsc#1114279). - inet: stop leaking jiffies on the wire (networking-stable-19_11_05). - intel_th: Fix a double put_device() in error path (git-fixes). - iomap: Fix pipe page leakage during splicing (bsc#1158651). - iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros (bsc#1158063). - ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address (bsc#1051510). - ipv4: Return -ENETUNREACH if we can't create route but saddr is valid (networking-stable-19_10_24). - irqdomain: Add the missing assignment of domain->fwnode for named fwnode (bsc#1111666). - iwlwifi: api: annotate compressed BA notif array sizes (bsc#1051510). - iwlwifi: check kasprintf() return value (bsc#1051510). - iwlwifi: do not panic in error path on non-msix systems (bsc#1155692). - iwlwifi: drop packets with bad status in CD (bsc#1111666). - iwlwifi: exclude GEO SAR support for 3168 (bsc#1111666). - iwlwifi: exclude GEO SAR support for 3168 (git-fixes). - iwlwifi: fw: do not send GEO_TX_POWER_LIMIT command to FW version 36 (bsc#1111666). - iwlwifi: mvm: avoid sending too many BARs (bsc#1051510). - iwlwifi: mvm: do not send keys when entering D3 (bsc#1051510). - iwlwifi: mvm: use correct FIFO length (bsc#1111666). - iwlwifi: pcie: fit reclaim msg to MAX_MSG_LEN (bsc#1111666). - iwlwifi: pcie: read correct prph address for newer devices (bsc#1111666). - ixgbe: fix double clean of Tx descriptors with xdp (bsc#1113994 ). - ixgbevf: Fix secpath usage for IPsec Tx offload (bsc#1113994 ). - kABI fixup alloc_dax_region (bsc#1158071). - kABI workaround for ath10k hw_filter_reset_required field (bsc#1111666). - kABI workaround for ath10k last_wmi_vdev_start_status field (bsc#1051510). - kABI workaround for drm_vma_offset_node readonly field addition (bsc#1135967) - kABI workaround for iwlwifi iwl_rx_cmd_buffer change (bsc#1111666). - kABI workaround for struct mwifiex_power_cfg change (bsc#1051510). - kABI: Fix for 'KVM: x86: Introduce vcpu->arch.xsaves_enabled' (bsc#1158066). - kabi protect enum RDMA_DRIVER_EFA (jsc#SLE-4805) - kabi: s390: struct subchannel (git-fixes). - lib/scatterlist: Fix chaining support in sgl_alloc_order() (git-fixes). - lib/scatterlist: Introduce sgl_alloc() and sgl_free() (git-fixes). - libnvdimm: Export the target_node attribute for regions and namespaces (bsc#1158071). - liquidio: fix race condition in instruction completion processing (bsc#1051510). - livepatch: Allow to distinguish different version of system state changes (bsc#1071995). - livepatch: Basic API to track system state changes (bsc#1071995 ). - livepatch: Keep replaced patches until post_patch callback is called (bsc#1071995). - livepatch: Selftests of the API for tracking system state changes (bsc#1071995). - loop: add ioctl for changing logical block size (bsc#1108043). - loop: fix no-unmap write-zeroes request behavior (bsc#1158637). - lpfc: size cpu map by last cpu id set (bsc#1157160). - mISDN: Fix type of switch control variable in ctrl_teimanager (bsc#1051510). - mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED (bsc#1051510). - mac80211: minstrel: fix CCK rate group streams value (bsc#1051510). - mac80211: minstrel: fix sampling/reporting of CCK rates in HT mode (bsc#1051510). - macvlan: schedule bc_work even if error (bsc#1051510). - mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone (git-fixes). - media: au0828: Fix incorrect error messages (bsc#1051510). - media: bdisp: fix memleak on release (git-fixes). - media: cxusb: detect cxusb_ctrl_msg error in query (bsc#1051510). - media: davinci: Fix implicit enum conversion warning (bsc#1051510). - media: exynos4-is: Fix recursive locking in isp_video_release() (git-fixes). - media: fix: media: pci: meye: validate offset to avoid arbitrary access (bsc#1051510). - media: flexcop-usb: ensure -EIO is returned on error condition (git-fixes). - media: imon: invalid dereference in imon_touch_event (bsc#1051510). - media: isif: fix a NULL pointer dereference bug (bsc#1051510). - media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() (bsc#1051510). - media: pxa_camera: Fix check for pdev->dev.of_node (bsc#1051510). - media: radio: wl1273: fix interrupt masking on release (git-fixes). - media: ti-vpe: vpe: Fix Motion Vector vpdma stride (git-fixes). - media: usbvision: Fix races among open, close, and disconnect (bsc#1051510). - media: vim2m: Fix abort issue (git-fixes). - media: vivid: Set vid_cap_streaming and vid_out_streaming to true (bsc#1051510). - mei: fix modalias documentation (git-fixes). - mei: samples: fix a signedness bug in amt_host_if_call() (bsc#1051510). - mfd: intel-lpss: Add default I2C device properties for Gemini Lake (bsc#1051510). - mfd: max8997: Enale irq-wakeup unconditionally (bsc#1051510). - mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values (bsc#1051510). - mfd: palmas: Assign the right powerhold mask for tps65917 (git-fixes). - mfd: ti_am335x_tscadc: Keep ADC interface on if child is wakeup capable (bsc#1051510). - mlx5: add parameter to disable enhanced IPoIB (bsc#1142095) - mlxsw: spectrum_flower: Fail in case user specifies multiple mirror actions (bsc#1112374). - mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() (git fixes (mm/gup)). - mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone (git fixes (mm/compaction)). - mm/debug.c: PageAnon() is true for PageKsm() pages (git fixes (mm/debug)). - mmc: core: fix wl1251 sdio quirks (git-fixes). - mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card (git-fixes). - mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail (bsc#1051510). - mmc: sdhci-esdhc-imx: correct the fix of ERR004536 (git-fixes). - mmc: sdhci-of-at91: fix quirk2 overwrite (git-fixes). - mmc: sdio: fix wl1251 vendor id (git-fixes). - mt7601u: fix bbp version check in mt7601u_wait_bbp_ready (bsc#1051510). - mt76x0: init hw capabilities. - mtd: nand: mtk: fix incorrect register setting order about ecc irq. - mtd: spear_smi: Fix Write Burst mode (bsc#1051510). - mtd: spi-nor: fix silent truncation in spi_nor_read() (bsc#1051510). - mwifex: free rx_cmd skb in suspended state (bsc#1111666). - mwifiex: Fix NL80211_TX_POWER_LIMITED (bsc#1051510). - mwifiex: do no submit URB in suspended state (bsc#1111666). - nbd: prevent memory leak (bsc#1158638). - net/ibmvnic: Ignore H_FUNCTION return from H_EOI to tolerate XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/mlx4_core: Dynamically set guaranteed amount of counters per VF (networking-stable-19_11_05). - net/mlx5: FWTrace, Reduce stack usage (bsc#1103990). - net/mlx5e: Fix eswitch debug print of max fdb flow (bsc#1103990 ). - net/mlx5e: Fix ethtool self test: link speed (bsc#1103990 ). - net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget (networking-stable-19_11_05). - net/mlx5e: Print a warning when LRO feature is dropped or not allowed (bsc#1103990). - net/sched: cbs: Fix not adding cbs instance to list (bsc#1109837). - net/sched: cbs: Set default link speed to 10 Mbps in cbs_set_port_rate (bsc#1109837). - net/smc: Fix error path in smc_init (git-fixes). - net/smc: avoid fallback in case of non-blocking connect (git-fixes). - net/smc: do not schedule tx_work in SMC_CLOSED state (git-fixes). - net/smc: fix SMCD link group creation with VLAN id (git-fixes). - net/smc: fix closing of fallback SMC sockets (git-fixes). - net/smc: fix ethernet interface refcounting (git-fixes). - net/smc: fix fastopen for non-blocking connect() (git-fixes). - net/smc: fix refcount non-blocking connect() -part 2 (git-fixes). - net/smc: fix refcounting for non-blocking connect() (git-fixes). - net/smc: keep vlan_id for SMC-R in smc_listen_work() (git-fixes). - net/smc: original socket family in inet_sock_diag (git-fixes). - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() (networking-stable-19_11_05). - net: add READ_ONCE() annotation in __skb_wait_for_more_packets() (networking-stable-19_11_05). - net: add skb_queue_empty_lockless() (networking-stable-19_11_05). - net: annotate accesses to sk->sk_incoming_cpu (networking-stable-19_11_05). - net: annotate lockless accesses to sk->sk_napi_id (networking-stable-19_11_05). - net: avoid potential infinite loop in tc_ctl_action() (networking-stable-19_10_24). - net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3 (networking-stable-19_10_24). - net: bcmgenet: Set phydev->dev_flags only for internal PHYs (networking-stable-19_10_24). - net: bcmgenet: reset 40nm EPHY on energy detect (networking-stable-19_11_05). - net: dsa: b53: Do not clear existing mirrored port mask (networking-stable-19_11_05). - net: dsa: bcm_sf2: Fix IMP setup for port different than 8 (networking-stable-19_11_05). - net: dsa: fix switch tree list (networking-stable-19_11_05). - net: ethernet: ftgmac100: Fix DMA coherency issue with SW checksum (networking-stable-19_11_05). - net: fix sk_page_frag() recursion from memory reclaim (networking-stable-19_11_05). - net: hisilicon: Fix ping latency when deal with high throughput (networking-stable-19_11_05). - net: hns3: change GFP flag during lock period (bsc#1104353 ). - net: hns3: do not query unsupported commands in debugfs (bsc#1104353). - net: hns3: fix GFP flag error in hclge_mac_update_stats() (bsc#1126390). - net: hns3: fix some reset handshake issue (bsc#1104353 ). - net: hns3: prevent unnecessary MAC TNL interrupt (bsc#1104353 bsc#1134983). - net: hns: Fix the stray netpoll locks causing deadlock in NAPI path (bsc#1104353). - net: phy: bcm7xxx: define soft_reset for 40nm EPHY (bsc#1119113 ). - net: phylink: Fix flow control resolution (bsc#1119113 ). - net: sched: cbs: Avoid division by zero when calculating the port rate (bsc#1109837). - net: sched: fix possible crash in tcf_action_destroy() (bsc#1109837). - net: sched: fix reordering issues (bsc#1109837). - net: sock_map, fix missing ulp check in sock hash case (bsc#1109837). - net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow (networking-stable-19_10_24). - net: use skb_queue_empty_lockless() in busy poll contexts (networking-stable-19_11_05). - net: use skb_queue_empty_lockless() in poll() handlers (networking-stable-19_11_05). - net: wireless: ti: remove local VENDOR_ID and DEVICE_ID definitions (git-fixes). - net: wireless: ti: wl1251 use new SDIO_VENDOR_ID_TI_WL1251 definition (git-fixes). - netns: fix GFP flags in rtnl_net_notifyid() (networking-stable-19_11_05). - nfc: netlink: fix double device reference drop (git-fixes). - nfc: port100: handle command failure cleanly (git-fixes). - nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs (bsc#1109837). - nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs (bsc#1109837). - nl80211: Fix a GET_KEY reply attribute (bsc#1051510). - nvme-tcp: support C2HData with SUCCESS flag (bsc#1157386). - ocfs2: fix panic due to ocfs2_wq is null (bsc#1158644). - ocfs2: fix passing zero to 'PTR_ERR' warning (bsc#1158649). - openvswitch: fix flow command message size (git-fixes). - padata: use smp_mb in padata_reorder to avoid orphaned padata jobs (git-fixes). - perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp (bsc#1142924). - phy: phy-twl4030-usb: fix denied runtime access (git-fixes). - phylink: fix kernel-doc warnings (bsc#1111666). - pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call (git-fixes). - pinctrl: at91: do not use the same irqchip with multiple gpiochips (git-fixes). - pinctrl: cherryview: Allocate IRQ chip dynamic (git-fixes). - pinctrl: lewisburg: Update pin list according to v1.1v6 (bsc#1051510). - pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT (bsc#1051510). - pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in init code (bsc#1051510). - pinctrl: sunxi: Fix a memory leak in 'sunxi_pinctrl_build_state()' (bsc#1051510). - pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD (bsc#1051510). - power: reset: at91-poweroff: do not procede if at91_shdwc is allocated (bsc#1051510). - power: supply: ab8500_fg: silence uninitialized variable warnings (bsc#1051510). - power: supply: max14656: fix potential use-after-free (bsc#1051510). - power: supply: twl4030_charger: disable eoc interrupt on linear charge (bsc#1051510). - power: supply: twl4030_charger: fix charging current out-of-bounds (bsc#1051510). - powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041). - powerpc/book3s64/hash: Use secondary hash for bolted mapping if the primary is full (bsc#1157778 ltc#182520). - powerpc/bpf: Fix tail call implementation (bsc#1157698). - powerpc/pseries: Do not fail hash page table insert for bolted mapping (bsc#1157778 ltc#182520). - powerpc/pseries: Do not opencode HPTE_V_BOLTED (bsc#1157778 ltc#182520). - powerpc/pseries: address checkpatch warnings in dlpar_offline_cpu (bsc#1156700 ltc#182459). - powerpc/pseries: safely roll back failed DLPAR cpu add (bsc#1156700 ltc#182459). - powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041). - powerpc/security: Fix wrong message when RFI Flush is disable (bsc#1131107). - powerpc/xive: Prevent page fault issues in the machine crash handler (bsc#1156882 ltc#182435). - ppdev: fix PPGETTIME/PPSETTIME ioctls (bsc#1051510). - printk: Export console_printk (bsc#1071995). - pwm: bcm-iproc: Prevent unloading the driver module while in use (git-fixes). - pwm: lpss: Only set update bit if we are actually changing the settings (bsc#1051510). - qxl: fix null-pointer crash during suspend (bsc#1111666). - r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2 (networking-stable-19_11_05). - regulator: ab8500: Remove AB8505 USB regulator (bsc#1051510). - regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id (bsc#1051510). - remoteproc: Check for NULL firmwares in sysfs interface (git-fixes). - reset: Fix potential use-after-free in __of_reset_control_get() (bsc#1051510). - reset: fix of_reset_simple_xlate kerneldoc comment (bsc#1051510). - reset: fix reset_control_get_exclusive kerneldoc comment (bsc#1051510). - rpm/kernel-binary.spec.in: add COMPRESS_VMLINUX (bnc#1155921) Let COMPRESS_VMLINUX determine the compression used for vmlinux. By default (historically), it is gz. - rpm/kernel-source.spec.in: Fix dependency of kernel-devel (bsc#1154043) - rt2800: remove errornous duplicate condition (git-fixes). - rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument (bsc#1051510). - rtlwifi: Remove unnecessary NULL check in rtl_regd_init (bsc#1051510). - rtlwifi: btcoex: Use proper enumerated types for Wi-Fi only interface (bsc#1111666). - rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information (bsc#1051510). - rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address (bsc#1051510). - rtlwifi: rtl8192de: Fix missing enable interrupt flag (bsc#1051510). - s390/bpf: fix lcgr instruction encoding (bsc#1051510). - s390/bpf: use 32-bit index for tail calls (bsc#1051510). - s390/cio: avoid calling strlen on null pointer (bsc#1051510). - s390/cio: exclude subchannels with no parent from pseudo check (bsc#1051510). - s390/cio: fix virtio-ccw DMA without PV (git-fixes). - s390/cmm: fix information leak in cmm_timeout_handler() (bsc#1051510). - s390/idle: fix cpu idle time calculation (bsc#1051510). - s390/mm: properly clear _PAGE_NOEXEC bit when it is not supported (bsc#1051510). - s390/process: avoid potential reading of freed stack (bsc#1051510). - s390/qdio: (re-)initialize tiqdio list entries (bsc#1051510). - s390/qdio: do not touch the dsci in tiqdio_add_input_queues() (bsc#1051510). - s390/qeth: return proper errno on IO error (bsc#1051510). - s390/setup: fix boot crash for machine without EDAT-1 (bsc#1051510 bsc#1140948). - s390/setup: fix early warning messages (bsc#1051510 bsc#1140948). - s390/topology: avoid firing events before kobjs are created (bsc#1051510). - s390/zcrypt: fix memleak at release (git-fixes). - s390: fix stfle zero padding (bsc#1051510). - s390: vsie: Use effective CRYCBD.31 to check CRYCBD validity (git-fixes). - sc16is7xx: Fix for 'Unexpected interrupt: 8' (bsc#1051510). - scsi: lpfc: Add enablement of multiple adapter dumps (bsc#1154601). - scsi: lpfc: Add registration for CPU Offline/Online events (bsc#1154601). - scsi: lpfc: Change default IRQ model on AMD architectures (bsc#1154601). - scsi: lpfc: Clarify FAWNN error message (bsc#1154601). - scsi: lpfc: Fix NULL check before mempool_destroy is not needed (bsc#1154601). - scsi: lpfc: Fix Oops in nvme_register with target logout/login (bsc#1151900). - scsi: lpfc: Fix a kernel warning triggered by lpfc_get_sgl_per_hdwq() (bsc#1154601). - scsi: lpfc: Fix a kernel warning triggered by lpfc_sli4_enable_intr() (bsc#1154601). - scsi: lpfc: Fix configuration of BB credit recovery in service parameters (bsc#1154601). - scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow (bsc#1154601). - scsi: lpfc: Fix dynamic fw log enablement check (bsc#1154601). - scsi: lpfc: Fix kernel crash at lpfc_nvme_info_show during remote port bounce (bsc#1154601). - scsi: lpfc: Fix lpfc_cpumask_of_node_init() (bsc#1154601). - scsi: lpfc: Fix unexpected error messages during RSCN handling (bsc#1154601). - scsi: lpfc: Honor module parameter lpfc_use_adisc (bsc#1153628). - scsi: lpfc: Honor module parameter lpfc_use_adisc (bsc#1154601). - scsi: lpfc: Initialize cpu_map for not present cpus (bsc#1154601). - scsi: lpfc: Limit xri count for kdump environment (bsc#1154124). - scsi: lpfc: Make lpfc_debugfs_ras_log_data static (bsc#1154601). - scsi: lpfc: Mitigate high memory pre-allocation by SCSI-MQ (bsc#1154601). - scsi: lpfc: Raise config max for lpfc_fcp_mq_threshold variable (bsc#1154601). - scsi: lpfc: Sync with FC-NVMe-2 SLER change to require Conf with SLER (bsc#1154601). - scsi: lpfc: Update lpfc version to 12.6.0.1 (bsc#1154601). - scsi: lpfc: Update lpfc version to 12.6.0.2 (bsc#1154601). - scsi: lpfc: fix build error of lpfc_debugfs.c for vfree/vmalloc (bsc#1154601). - scsi: lpfc: fix inlining of lpfc_sli4_cleanup_poll_list() (bsc#1154601). - scsi: lpfc: fix spelling error in MAGIC_NUMER_xxx (bsc#1154601). - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences (bsc#1154601). - scsi: lpfc: fix: Coverity: lpfc_get_scsi_buf_s3(): Null pointer dereferences (bsc#1154601). - scsi: lpfc: lpfc_attr: Fix Use plain integer as NULL pointer (bsc#1154601). - scsi: lpfc: lpfc_nvmet: Fix Use plain integer as NULL pointer (bsc#1154601). - scsi: lpfc: revise nvme max queues to be hdwq count (bsc#1154601). - scsi: lpfc: use hdwq assigned cpu for allocation (bsc#1157160). - scsi: qla2xxx: Add debug dump of LOGO payload and ELS IOCB (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Allow PLOGI in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Change discovery state before PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Configure local loop for N2N target (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Do command completion on abort timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Do not call qlt_async_event twice (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Do not defer relogin unconditonally (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Drop superfluous INIT_WORK of del_work (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix SRB leak on switch command timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix a dma_pool_free() call (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix device connect issues in P2P configuration (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix double scsi_done for abort path (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix driver unload hang (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix memory leak when sending I/O fails (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Ignore NULL pointer in tcm_qla2xxx_free_mcmd (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Initialize free_work before flushing it (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Remove an include directive (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Send Notify ACK after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Update driver version to 10.01.00.21-k (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Use correct number of vectors for online CPUs (bsc#1137223). - scsi: qla2xxx: Use explicit LOGO in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: do not use zero for FC4_PRIORITY_NVME (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan (bsc#1138039). - scsi: qla2xxx: initialize fc4_type_priority (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: unregister ports after GPN_FT failure (bsc#1138039). - scsi: sd: Ignore a failure to sync cache due to lack of authorization (git-fixes). - scsi: storvsc: Add ability to change scsi queue depth (bsc#1155021). - scsi: zfcp: fix request object use-after-free in send path causing wrong traces (bsc#1051510). - sctp: change sctp_prot .no_autobind with true (networking-stable-19_10_24). - selftests: net: reuseport_dualstack: fix uninitalized parameter (networking-stable-19_11_05). - serial: fix kernel-doc warning in comments (bsc#1051510). - serial: mctrl_gpio: Check for NULL pointer (bsc#1051510). - serial: mxs-auart: Fix potential infinite loop (bsc#1051510). - serial: samsung: Enable baud clock for UART reset procedure in resume (bsc#1051510). - serial: uartlite: fix exit path null pointer (bsc#1051510). - serial: uartps: Fix suspend functionality (bsc#1051510). - signal: Properly set TRACE_SIGNAL_LOSE_INFO in __send_signal (bsc#1157463). - slcan: Fix memory leak in error path (bsc#1051510). - slip: Fix memory leak in slip_open error path (bsc#1051510). - slip: Fix use-after-free Read in slip_open (bsc#1051510). - smb3: Incorrect size for netname negotiate context (bsc#1144333, bsc#1154355). - smb3: fix leak in 'open on server' perf counter (bsc#1144333, bsc#1154355). - smb3: fix signing verification of large reads (bsc#1144333, bsc#1154355). - smb3: fix unmount hang in open_shroot (bsc#1144333, bsc#1154355). - smb3: improve handling of share deleted (and share recreated) (bsc#1144333, bsc#1154355). - soc: imx: gpc: fix PDN delay (bsc#1051510). - soc: qcom: wcnss_ctrl: Avoid string overflow (bsc#1051510). - spi: atmel: Fix CS high support (bsc#1051510). - spi: atmel: fix handling of cs_change set on non-last xfer (bsc#1051510). - spi: fsl-lpspi: Prevent FIFO under/overrun by default (bsc#1051510). - spi: mediatek: Do not modify spi_transfer when transfer (bsc#1051510). - spi: mediatek: use correct mata->xfer_len when in fifo transfer (bsc#1051510). - spi: pic32: Use proper enum in dmaengine_prep_slave_rg (bsc#1051510). - spi: rockchip: initialize dma_slave_config properly (bsc#1051510). - spi: spidev: Fix OF tree warning logic (bsc#1051510). - staging: rtl8188eu: fix null dereference when kzalloc fails (bsc#1051510). - supported.conf: - synclink_gt(): fix compat_ioctl() (bsc#1051510). - tcp_nv: fix potential integer overflow in tcpnv_acked (bsc#1051510). - thunderbolt: Fix lockdep circular locking depedency warning (git-fixes). - tipc: Avoid copying bytes beyond the supplied data (bsc#1051510). - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable (bsc#1051510). - tipc: check link name with right length in tipc_nl_compat_link_set (bsc#1051510). - tipc: check msg->req data len in tipc_nl_compat_bearer_disable (bsc#1051510). - tipc: compat: allow tipc commands without arguments (bsc#1051510). - tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path (bsc#1051510). - tipc: fix wrong timeout input for tipc_wait_for_cond() (bsc#1051510). - tipc: handle the err returned from cmd header function (bsc#1051510). - tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb (bsc#1051510). - tipc: tipc clang warning (bsc#1051510). - tools/power/x86/intel-speed-select: Fix a read overflow in isst_set_tdp_level_msr() (bsc#1111666). - tools: bpftool: fix arguments for p_err() in do_event_pipe() (bsc#1109837). - tpm: add check after commands attribs tab allocation (bsc#1051510). - tracing: Get trace_array reference for available_tracers files (bsc#1156429). - tty: serial: fsl_lpuart: use the sg count from dma_map_sg (bsc#1051510). - tty: serial: imx: use the sg count from dma_map_sg (bsc#1051510). - tty: serial: msm_serial: Fix flow control (bsc#1051510). - tty: serial: pch_uart: correct usage of dma_unmap_sg (bsc#1051510). - tun: fix data-race in gro_normal_list() (bsc#1111666). - ubifs: Correctly initialize c->min_log_bytes (bsc#1158641). - ubifs: Limit the number of pages in shrink_liability (bsc#1158643). - udp: use skb_queue_empty_lockless() (networking-stable-19_11_05). - usb-serial: cp201x: support Mark-10 digital force gauge (bsc#1051510). - usb-storage: Revert commit 747668dbc061 ('usb-storage: Set virt_boundary_mask to avoid SG overflows') (bsc#1051510). - usb: chipidea: Fix otg event handler (bsc#1051510). - usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started (bsc#1051510). - usb: dwc3: gadget: Check ENBLSLPM before sending ep command (bsc#1051510). - usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode (bsc#1051510). - usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status() (bsc#1051510). - usb: gadget: uvc: Factor out video USB request queueing (bsc#1051510). - usb: gadget: uvc: Only halt video streaming endpoint in bulk mode (bsc#1051510). - usb: gadget: uvc: configfs: Drop leaked references to config items (bsc#1051510). - usb: gadget: uvc: configfs: Prevent format changes after linking header (bsc#1051510). - usb: handle warm-reset port requests on hub resume (bsc#1051510). - usb: xhci-mtk: fix ISOC error when interval is zero (bsc#1051510). - usbip: Fix free of unallocated memory in vhci tx (git-fixes). - usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path (git-fixes). - usbip: Implement SG support to vhci-hcd and stub driver (git-fixes). - usbip: tools: fix fd leakage in the function of read_attr_usbip_status (git-fixes). - vfio-ccw: Fix misleading comment when setting orb.cmd.c64 (bsc#1051510). - vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn (bsc#1051510). - vfio: ccw: push down unsupported IDA check (bsc#1156471 LTC#182362). - video/hdmi: Fix AVI bar unpack (git-fixes). - virtio/s390: fix race on airq_areas (bsc#1051510). - virtio_console: allocate inbufs in add_port() only if it is needed (git-fixes). - virtio_ring: fix return code on DMA mapping fails (git-fixes). - vmxnet3: turn off lro when rxcsum is disabled (bsc#1157499). - vsock/virtio: fix sock refcnt holding during the shutdown (git-fixes). - watchdog: meson: Fix the wrong value of left time (bsc#1051510). - wil6210: drop Rx multicast packets that are looped-back to STA (bsc#1111666). - wil6210: fix L2 RX status handling (bsc#1111666). - wil6210: fix RGF_CAF_ICR address for Talyn-MB (bsc#1111666). - wil6210: fix debugfs memory access alignment (bsc#1111666). - wil6210: fix freeing of rx buffers in EDMA mode (bsc#1111666). - wil6210: fix invalid memory access for rx_buff_mgmt debugfs (bsc#1111666). - wil6210: fix locking in wmi_call (bsc#1111666). - wil6210: prevent usage of tx ring 0 for eDMA (bsc#1111666). - wil6210: set edma variables only for Talyn-MB devices (bsc#1111666). - x86/alternatives: Add int3_emulate_call() selftest (bsc#1153811). - x86/alternatives: Fix int3_emulate_call() selftest stack corruption (bsc#1153811). - x86/mm/pkeys: Fix typo in Documentation/x86/protection-keys.txt (bsc#1078248). - x86/pkeys: Update documentation about availability (bsc#1078248). - x86/resctrl: Fix potential lockdep warning (bsc#1114279). - x86/resctrl: Prevent NULL pointer dereference when reading mondata (bsc#1114279). - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (bsc#1158068). - xfrm: Fix xfrm sel prefix length validation (git-fixes). - xfrm: fix sa selector validation (bsc#1156609). - xfs: Sanity check flags of Q_XQUOTARM call (bsc#1158652). - xsk: Fix registration of Rx-only sockets (bsc#1109837). - xsk: relax UMEM headroom alignment (bsc#1109837). ----------------------------------------- Patch: SUSE-2019-3374 Released: Fri Dec 20 10:39:16 2019 Summary: Recommended update for python-CherryPy Severity: moderate References: 1158120 Description: This update for python-CherryPy fixes the following issues: - Add compatibility to make tests pass with the recent versions of Python with fixed http.client.HTTPConnection.putrequest(). (bsc#1158120, jsc#PM-1350) - Run spec-cleaner on the SPEC file. ----------------------------------------- Patch: SUSE-2019-3383 Released: Mon Dec 23 16:55:01 2019 Summary: Recommended update for google-compute-engine Severity: moderate References: 1151398 Description: This update for google-compute-engine the following fix: - Add a wait limit to retrying DNS resolution to avoid a forever loop. (bsc#1151398) ----------------------------------------- Patch: SUSE-2019-3391 Released: Fri Dec 27 13:33:16 2019 Summary: Security update for dia Severity: moderate References: 1158194,CVE-2019-19451 Description: This update for dia fixes the following issue: - CVE-2019-19451: Fixed an endless loop on filenames with invalid encoding (bsc#1158194). ----------------------------------------- Patch: SUSE-2019-3392 Released: Fri Dec 27 13:33:29 2019 Summary: Security update for libgcrypt Severity: moderate References: 1148987,1155338,1155339,CVE-2019-13627 Description: This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigation against an ECDSA timing attack (bsc#1148987). Bug fixes: - Added CMAC AES self test (bsc#1155339). - Added CMAC TDES self test missing (bsc#1155338). - Fix test dsa-rfc6979 in FIPS mode. ----------------------------------------- Patch: SUSE-2019-3395 Released: Mon Dec 30 14:05:06 2019 Summary: Security update for mozilla-nspr, mozilla-nss Severity: moderate References: 1141322,1158527,1159819,CVE-2018-18508,CVE-2019-11745,CVE-2019-17006 Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.47.1: Security issues fixed: - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). - CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23: - Whitespace in C files was cleaned up and no longer uses tab characters for indenting. ----------------------------------------- Patch: SUSE-2019-3400 Released: Tue Dec 31 08:18:40 2019 Summary: Recommended update for libsodium Severity: moderate References: 1146257 Description: This update for libsodium fixes the following issues: - build libsodium23-32bit, which is required by zeromq's -32bit packages. (bsc#1146257) ----------------------------------------- Patch: SUSE-2020-1 Released: Thu Jan 2 09:47:04 2020 Summary: Security update for java-1_8_0-ibm Severity: moderate References: 1154212,1158442,CVE-2019-17631,CVE-2019-2933,CVE-2019-2945,CVE-2019-2958,CVE-2019-2962,CVE-2019-2964,CVE-2019-2973,CVE-2019-2975,CVE-2019-2978,CVE-2019-2981,CVE-2019-2983,CVE-2019-2988,CVE-2019-2989,CVE-2019-2992,CVE-2019-2996,CVE-2019-2999 Description: This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 [bsc#1158442, bsc#1154212] * Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2975 CVE-2019-2978 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 CVE-2019-17631 ----------------------------------------- Patch: SUSE-2020-9 Released: Thu Jan 2 12:33:47 2020 Summary: Recommended update for xfsprogs Severity: moderate References: 1157438 Description: This update for xfsprogs fixes the following issues: - Remove the 'xfs_scrub_all' script from the package, and the corresponding dependency of python. (bsc#1157438) ----------------------------------------- Patch: SUSE-2020-10 Released: Thu Jan 2 12:35:06 2020 Summary: Recommended update for gcc7 Severity: moderate References: 1146475 Description: This update for gcc7 fixes the following issues: - Fix miscompilation with thread-safe localstatic initialization (gcc#85887). - Fix debug info created for array definitions that complete an earlier declaration (bsc#1146475). ----------------------------------------- Patch: SUSE-2020-17 Released: Tue Jan 7 11:19:17 2020 Summary: Security update for virglrenderer Severity: important References: 1159478,1159479,1159482,1159486,CVE-2019-18388,CVE-2019-18389,CVE-2019-18390,CVE-2019-18391 Description: This update for virglrenderer fixes the following issues: - CVE-2019-18388: Fixed a null pointer dereference which could have led to denial of service (bsc#1159479). - CVE-2019-18390: Fixed an out of bound read which could have led to denial of service (bsc#1159478). - CVE-2019-18389: Fixed a heap buffer overflow which could have led to guest escape or denial of service (bsc#1159482). - CVE-2019-18391: Fixed a heap based buffer overflow which could have led to guest escape or denial of service (bsc#1159486). ----------------------------------------- Patch: SUSE-2020-19 Released: Tue Jan 7 11:28:10 2020 Summary: Recommended update for lifecycle-data-sle-module-live-patching Severity: moderate References: 1020320 Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: - Added data for 4_12_14-150_38, 4_12_14-150_41, 4_12_14-197_18, 4_12_14-197_21, 4_12_14-197_26. (bsc#1020320) ----------------------------------------- Patch: SUSE-2020-32 Released: Tue Jan 7 16:09:04 2020 Summary: Recommended update for rpmlint Severity: moderate References: 1151418,1157663 Description: This update for rpmlint contains the following fixes: - Whitelist sssd infopipe. (bsc#1157663) - Whitelist sysprof3 D-Bus services. (bsc#1151418) ----------------------------------------- Patch: SUSE-2020-35 Released: Wed Jan 8 09:06:32 2020 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Severity: moderate References: 1122469,1143349,1150397,1152308,1153367,1158590,CVE-2019-16884 Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Security issue fixed: - CVE-2019-16884: Fixed incomplete patch for LSM bypass via malicious Docker image that mount over a /proc directory (bsc#1152308). Bug fixes: - Update to Docker 19.03.5-ce (bsc#1158590). - Update to Docker 19.03.3-ce (bsc#1153367). - Update to Docker 19.03.2-ce (bsc#1150397). - Fixed default installation such that --userns-remap=default works properly (bsc#1143349). - Fixed nginx blocked by apparmor (bsc#1122469). ----------------------------------------- Patch: SUSE-2020-37 Released: Wed Jan 8 10:42:00 2020 Summary: - Fix test getdate [bsc#1159990] Severity: low References: Description: - Fix test getdate [bsc#1159990] - Add perl-TimeDate-getdate.patch ----------------------------------------- Patch: SUSE-2020-45 Released: Wed Jan 8 14:56:48 2020 Summary: Security update for git Severity: important References: 1082023,1149792,1158785,1158787,1158788,1158789,1158790,1158791,1158792,1158793,1158795,CVE-2019-1348,CVE-2019-1349,CVE-2019-1350,CVE-2019-1351,CVE-2019-1352,CVE-2019-1353,CVE-2019-1354,CVE-2019-1387,CVE-2019-19604 Description: This update for git fixes the following issues: Security issues fixed: - CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787). - CVE-2019-19604: Fixed a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795). - CVE-2019-1387: Fixed recursive clones that are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793). - CVE-2019-1354: Fixed issue on Windows that refuses to write tracked files with filenames that contain backslashes (bsc#1158792). - CVE-2019-1353: Fixed issue when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791). - CVE-2019-1352: Fixed issue on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790). - CVE-2019-1351: Fixed issue on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789). - CVE-2019-1350: Fixed incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788). - CVE-2019-1348: Fixed the --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785). - Fixes an issue where git send-email failed to authenticate with SMTP server (bsc#1082023) Bug fixes: - Add zlib dependency, which used to be provided by openssl-devel, so that package can compile successfully after openssl upgrade to 1.1.1. (bsc#1149792). ----------------------------------------- Patch: SUSE-2020-52 Released: Thu Jan 9 10:09:11 2020 Summary: Optional update for openslp Severity: low References: 1149792 Description: This update for openslp doesn't fix any user visible bugs. ----------------------------------------- Patch: SUSE-2020-58 Released: Thu Jan 9 13:29:49 2020 Summary: Security update for LibreOffice Severity: moderate References: 1061210,1105173,1144522,1152684,CVE-2019-9853,SLE-8705 Description: This update libreoffice and libraries fixes the following issues: LibreOffice was updated to 6.3.3 (jsc#SLE-8705), bringing many bug and stability fixes. More information for the 6.3 release at: https://wiki.documentfoundation.org/ReleaseNotes/6.3 Security issue fixed: - CVE-2019-9853: Fixed an issue where by executing macros, the security settings could have been bypassed (bsc#1152684). Other issues addressed: - Dropped disable-kde4 switch, since it is no longer known by configure - Disabled gtk2 because it will be removed in future releases - librelogo is now a standalone sub-package (bsc#1144522). - Partial fixes for an issue where Table(s) from DOCX showed wrong position or color (bsc#1061210). cmis-client was updated to 0.5.2: * Removed header for Uuid's sha1 header(bsc#1105173). * Fixed Google Drive login * Added support for Google Drive two-factor authentication * Fixed access to SharePoint root folder * Limited the maximal number of redirections to 20 * Switched library implementation to C++11 (the API remains C++98-compatible) * Fixed encoding of OAuth2 credentials * Dropped cppcheck run from 'make check'. A new 'make cppcheck' target was created for it * Added proper API symbol exporting * Speeded up building of tests a bit * Fixed a few issues found by coverity and cppcheck libixion was updated to 0.15.0: * Updated for new liborcus * Switched to spdlog for compile-time debug log outputs * Fixed various issues libmwaw was updated 0.3.15: * Fixed fuzzing issues liborcus was updated to 0.15.3: * Fixed various xml related bugs * Improved performance * Fixed multiple parser issues * Added map and structure mode to orcus-json * Other improvements and fixes mdds was updated to 1.5.0: * API changed to 1.5 * Moved the API incompatibility notes from README to the rst doc. * Added the overview section for flat_segment_tree. myspell-dictionaries was updated to 20191016: * Updated Slovenian thesaurus * Updated the da_DK dictionary * Removed the abbreviations from Thai hunspell dictionary * Updated the English dictionaries * Fixed the logo management for 'ca' spdlog was updated to 0.16.3: * Fixed sleep issue under MSVC that happens when changing the clock backwards * Ensured that macros always expand to expressions * Added global flush_on function ----------------------------------------- Patch: SUSE-2020-64 Released: Fri Jan 10 11:02:19 2020 Summary: Security update for openssl-1_0_0 Severity: moderate References: 1158809,CVE-2019-1551 Description: This update for openssl-1_0_0 fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). ----------------------------------------- Patch: SUSE-2020-94 Released: Tue Jan 14 12:28:26 2020 Summary: Recommended update for icu Severity: important References: 1103893,1146907 Description: This update for icu fixes the following issues: - Porting upstream's Japanese new era name support. (bsc#1103893, fate#325570, fate#325419) - Remove old obsoletes/provides for migration from very old products, as they break our shared library policy. (bsc#1146907) - IMPORTANT: Please force this update to install with 'zypper -f' to override the major version if you already installed the version 64. ----------------------------------------- Patch: SUSE-2020-108 Released: Wed Jan 15 14:19:08 2020 Summary: Recommended update for ClusterTools2 Severity: moderate References: 1084925,1097134 Description: This update for ClusterTools2 fixes the following issues: - Replace cron jobs with systemd timers. (bsc#1097134, jsc#SLE-9199) - Script refinement and first steps for an adaption to SLE15 codestream using 'shellcheck' to find and correct syntax problems, spelling errors and other problems. - Added /etc/ClusterTools2/cs_make_sbd_devices avoiding stuck and exit in case of doing a dump. (bsc#1084925) ----------------------------------------- Patch: SUSE-2020-109 Released: Wed Jan 15 14:19:28 2020 Summary: Recommended update for hawk2 Severity: moderate References: 1158681 Description: This update for hawk2 fixes the following issues: - Fix the 'acl_version' method when parsing the cib.xml avoid hanging of HAWK2 (bsc#1158681) ----------------------------------------- Patch: SUSE-2020-113 Released: Thu Jan 16 10:11:05 2020 Summary: Security update for tigervnc Severity: important References: 1159856,1159858,1159860,1160250,1160251,CVE-2019-15691,CVE-2019-15692,CVE-2019-15693,CVE-2019-15694,CVE-2019-15695 Description: This update for tigervnc fixes the following issues: - CVE-2019-15691: Fixed a use-after-return due to incorrect usage of stack memory in ZRLEDecoder (bsc#1159856). - CVE-2019-15692: Fixed a heap-based buffer overflow in CopyRectDecode (bsc#1160250). - CVE-2019-15693: Fixed a heap-based buffer overflow in TightDecoder::FilterGradient (bsc#1159858). - CVE-2019-15694: Fixed a heap-based buffer overflow, caused by improper error handling in processing MemOutStream (bsc#1160251). - CVE-2019-15695: Fixed a stack-based buffer overflow, which could be triggered from CMsgReader::readSetCursor (bsc#1159860). ----------------------------------------- Patch: SUSE-2020-114 Released: Thu Jan 16 10:11:52 2020 Summary: Security update for python3 Severity: important References: 1027282,1029377,1029902,1040164,1042670,1070853,1079761,1081750,1083507,1086001,1088004,1088009,1088573,1094814,1107030,1109663,1109847,1120644,1122191,1129346,1130840,1133452,1137942,1138459,1141853,1149121,1149792,1149955,1151490,1153238,1159035,1159622,637176,658604,673071,709442,743787,747125,751718,754447,754677,787526,809831,831629,834601,871152,885662,885882,917607,942751,951166,983582,984751,985177,985348,989523,CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2014-2667,CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20406,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947 Description: This update for python3 to version 3.6.10 fixes the following issues: - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). ----------------------------------------- Patch: SUSE-2020-119 Released: Thu Jan 16 15:42:39 2020 Summary: Recommended update for python-jsonpatch Severity: moderate References: 1160978 Description: This update for python-jsonpatch fixes the following issues: - Drop jsondiff binary to avoid conflict with python-jsondiff package. ----------------------------------------- Patch: SUSE-2020-122 Released: Fri Jan 17 10:56:07 2020 Summary: Recommended update for container-suseconnect Severity: moderate References: 1138731,1154247,1157960 Description: This update for container-suseconnect fixes the following issues: - Fix usage with RMT and SMT. (bsc#1157960) - Parse the /etc/products.d/*.prod files. - Fix function comments based on best practices from Effective Go. (bsc#1138731) - Implement interacting with SCC behind proxy and SMT. (bsc#1154247) ----------------------------------------- Patch: SUSE-2020-125 Released: Fri Jan 17 12:27:07 2020 Summary: Recommended update for icu Severity: important References: 1161007 Description: This update for icu provides the following fix: - Re-add the libicu provides to the spec file to fix installation of SAP HANA on SLE-15 and SLE-15-SP1. (bsc#1161007) ----------------------------------------- Patch: SUSE-2020-129 Released: Mon Jan 20 09:21:13 2020 Summary: Security update for libssh Severity: important References: 1158095,CVE-2019-14889 Description: This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095). ----------------------------------------- Patch: SUSE-2020-143 Released: Mon Jan 20 16:10:38 2020 Summary: Security update for libvpx Severity: important References: 1160611,1160612,1160613,1160614,1160615,CVE-2019-2126,CVE-2019-9232,CVE-2019-9325,CVE-2019-9371,CVE-2019-9433 Description: This update for libvpx fixes the following issues: - CVE-2019-2126: Fixed a double free in ParseContentEncodingEntry() (bsc#1160611). - CVE-2019-9325: Fixed an out-of-bounds read (bsc#1160612). - CVE-2019-9232: Fixed an out-of-bounds memory access on fuzzed data (bsc#1160613). - CVE-2019-9433: Fixed a use-after-free in vp8_deblock() (bsc#1160614). - CVE-2019-9371: Fixed a resource exhaustion after memory leak (bsc#1160615). ----------------------------------------- Patch: SUSE-2020-213 Released: Wed Jan 22 15:38:15 2020 Summary: Security update for java-11-openjdk Severity: important References: 1160968,CVE-2020-2583,CVE-2020-2590,CVE-2020-2593,CVE-2020-2601,CVE-2020-2604,CVE-2020-2654,CVE-2020-2655 Description: This update for java-11-openjdk fixes the following issues: Update to version jdk-11.0.6-10 (January 2020 CPU, bsc#1160968) Fixing these security related issues: - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2020-2590: Improve Kerberos interop capabilities - CVE-2020-2593: Normalize normalization for all - CVE-2020-2601: Better Ticket Granting Services - CVE-2020-2604: Better serial filter handling - CVE-2020-2655: Better TLS messaging support - CVE-2020-2654: Improve Object Identifier Processing ----------------------------------------- Patch: SUSE-2020-217 Released: Thu Jan 23 07:50:32 2020 Summary: Recommended update for perl-Crypt-SSLeay Severity: moderate References: 1149792 Description: This update for perl-Crypt-SSLeay fixes the following issues: - Fix build not testing content of returned version strings - Add missing zlib build dependency, which used to be pulled in by libopenssl-devel. (bsc#1149792) ----------------------------------------- Patch: SUSE-2020-225 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Severity: moderate References: 1158830 Description: This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------- Patch: SUSE-2020-231 Released: Fri Jan 24 13:34:17 2020 Summary: Security update for java-1_8_0-openjdk Severity: important References: 1160968,CVE-2020-2583,CVE-2020-2590,CVE-2020-2593,CVE-2020-2601,CVE-2020-2604,CVE-2020-2654,CVE-2020-2659 Description: This update for java-1_8_0-openjdk fixes the following issues: Update java-1_8_0-openjdk to version jdk8u242 (icedtea 3.15.0) (January 2020 CPU, bsc#1160968): - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2020-2590: Improve Kerberos interop capabilities - CVE-2020-2593: Normalize normalization for all - CVE-2020-2601: Better Ticket Granting Services - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support - CVE-2020-2654: Improve Object Identifier Processing ----------------------------------------- Patch: SUSE-2020-234 Released: Fri Jan 24 16:33:52 2020 Summary: Security update for python Severity: important References: 1027282,1041090,1042670,1068664,1073269,1073748,1078326,1078485,1079300,1081750,1083507,1084650,1086001,1088004,1088009,1109847,1111793,1113755,1122191,1129346,1130840,1130847,1138459,1141853,1149792,1149955,1153238,1153830,1159035,214983,298378,346490,367853,379534,380942,399190,406051,425138,426563,430761,432677,436966,437293,441088,462375,525295,534721,551715,572673,577032,581765,603255,617751,637176,638233,658604,673071,682554,697251,707667,718009,747125,747794,751718,754447,766778,794139,804978,827982,831442,834601,836739,856835,856836,857470,863741,885882,898572,901715,935856,945401,964182,984751,985177,985348,989523,997436,CVE-2007-2052,CVE-2008-1721,CVE-2008-2315,CVE-2008-2316,CVE-2008-3142,CVE-2008-3143,CVE-2008-3144,CVE-2011-1521,CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-1753,CVE-2013-4238,CVE-2014-1912,CVE-2014-4650,CVE-2014-7185,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-1000158,CVE-2017-18207,CVE-2018-1000030,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20852,CVE-2019-10160,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947,CVE-2019-9948 Description: This update for python fixes the following issues: Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions (bsc#1159035). ----------------------------------------- Patch: SUSE-2020-237 Released: Mon Jan 27 10:15:16 2020 Summary: Recommended update for saptune Severity: moderate References: 1142467,1142526,1149002,1152598,1159671 Description: This update for saptune fixes the following issues: - Add function 'delete' and 'rename' to the 'note' operation to manipulate a customer or vendor specific note, with confirmation. (jsc#SLE-9283) - Inform the customer that the command 'saptune note customise [NoteID]' does not apply changes immediately but writes the changes into a configuration file that can be applied in a second step. (bsc#1142467) - Add warning to man page, not to rename/remove/modify active configurations. (bsc#1149002) - Implement support of multi-queue I/O scheduler for block devices. (bsc#1152598) - Add missing search pattern to the update helper script to find all old and superfluous notes during upgrade from SLE12 to SLE15. (bsc#1142526) - If a parameter is not supported by the system, the note action 'verify' will no longer report this as an error even if the value is not compliant. (bsc#1159671) ----------------------------------------- Patch: SUSE-2020-245 Released: Tue Jan 28 09:42:30 2020 Summary: Recommended update for cloud-init Severity: moderate References: 1155376,1156139,1157894,1161132,1161133 Description: This update for cloud-init fixes the following issues: - Fixed an issue where it was not possible to add SSH keys and thus it was not possible to log into the system (bsc#1161132, bsc#1161133) - Fixes an issue where the IPv6 interface variable was not correctly set in an ifcfg file (bsc#1156139) - The route's destination network will now be written in CIDR notation. This provides support for correctly recording IPv6 routes (bsc#1155376) - Many smaller fixes came with this package as well. For a full list of all changes, refer to the rpm's changes file. ----------------------------------------- Patch: SUSE-2020-256 Released: Wed Jan 29 09:39:17 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1157794,1160970 Description: This update for aaa_base fixes the following issues: - Improves the way how the Java path is created to fix an issue with sapjvm. (bsc#1157794) - Drop 'dev.cdrom.autoclose' = 0 from sysctl config. (bsc#1160970) ----------------------------------------- Patch: SUSE-2020-265 Released: Thu Jan 30 14:05:34 2020 Summary: Security update for e2fsprogs Severity: moderate References: 1160571,CVE-2019-5188 Description: This update for e2fsprogs fixes the following issues: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). ----------------------------------------- Patch: SUSE-2020-271 Released: Thu Jan 30 16:14:56 2020 Summary: Recommended update for ldb Severity: moderate References: 1161417 Description: This update for ldb fixes the following issue: - ship the ldb-tools package. (bsc#1161417) ----------------------------------------- Patch: SUSE-2020-279 Released: Fri Jan 31 12:01:39 2020 Summary: Recommended update for p11-kit Severity: moderate References: 1013125 Description: This update for p11-kit fixes the following issues: - Also build documentation (bsc#1013125) ----------------------------------------- Patch: SUSE-2020-303 Released: Mon Feb 3 15:11:40 2020 Summary: Recommended update for perl-ldap Severity: moderate References: 1158918 Description: This update for perl-ldap fixes the following issues: The package is added to the Basesystem module, as it is required by the YAST modules 'dhcp-server' and 'dns-server'. (bsc#1158918) ----------------------------------------- Patch: SUSE-2020-314 Released: Tue Feb 4 14:13:27 2020 Summary: Recommended update for gssproxy Severity: moderate References: 1024309 Description: This update for gssproxy fixes the following issues: - Fix paths in tests and replace python's f-string usage - Initial check-in of gssproxy is needed on the NFS server if krb5 is used for NFS authentication using an AD directory server. (bsc#1024309)(FATE#322526) - 'krb5' may need 'auth_to_local = RULE:[1:$1@$0]' on the 'realms' section when 'winbind' is used for nsswitch.conf. (bsc#1024309)(FATE#322526) Also ding-libs was updated from 0.6.0 to 0.6.1 (jsc#ECO-248): - libini now supports validators that check for well-formed INI files. ----------------------------------------- Patch: SUSE-2020-322 Released: Wed Feb 5 09:02:56 2020 Summary: Recommended update for terraform-provider-aws, terraform-provider-susepubliccloud Severity: moderate References: 1162585 Description: This update for terraform-provider-aws, terraform-provider-susepubliccloud fixes the following issues: - terraform-provider-susepubliccloud was released in version 0.0.1 (bsc#1162585 jsc#ECO-134) - terraform-provider-aws was released in v2.29.0 (bsc#1162585 jsc#ECO-134) ----------------------------------------- Patch: SUSE-2020-325 Released: Wed Feb 5 14:57:02 2020 Summary: Recommended update for dmidecode Severity: moderate References: 1153533,1158833 Description: This update for dmidecode fixes the following issues: - Add enumerated values from SMBIOS 3.3.0 preventing incorrect report of new VGA card. (bsc#1153533, bsc#1158833, jsc#SLE-10875) - Only scan '/dev/mem' for entry point on x86 (fixes reboot on ARM64). - Fix formatting of TPM table output (missing newlines). - Fix displaying system slot information for PCIe SSD. ----------------------------------------- Patch: SUSE-2020-335 Released: Thu Feb 6 11:37:24 2020 Summary: Security update for systemd Severity: important References: 1084671,1092920,1106383,1133495,1151377,1154256,1155207,1155574,1156213,1156482,1158485,1159814,1161436,1162108,CVE-2019-20386,CVE-2020-1712 Description: This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) - bus_open leak sd_event_source when udevadm trigger。 (bsc#1161436 CVE-2019-20386) - fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814) - fileio: initialize errno to zero before we do fread() - fileio: try to read one byte too much in read_full_stream() - logind: consider 'greeter' sessions suitable as 'display' sessions of a user (bsc#1158485) - logind: never elect a session that is stopping as display - journal: include kmsg lines from the systemd process which exec()d us (#8078) - udevd: don't use monitor after manager_exit() - udevd: capitalize log messages in on_sigchld() - udevd: merge conditions to decrease indentation - Revert 'udevd: fix crash when workers time out after exit is signal caught' - core: fragments of masked units ought not be considered for NeedDaemonReload (#7060) (bsc#1156482) - udevd: fix crash when workers time out after exit is signal caught - udevd: wait for workers to finish when exiting (bsc#1106383) - Improve bash completion support (bsc#1155207) * shell-completion: systemctl: do not list template units in {re,}start * shell-completion: systemctl: pass current word to all list_unit* * bash-completion: systemctl: pass current partial unit to list-unit* (bsc#1155207) * bash-completion: systemctl: use systemctl --no-pager * bash-completion: also suggest template unit files * bash-completion: systemctl: add missing options and verbs * bash-completion: use the first argument instead of the global variable (#6457) - networkd: VXLan Make group and remote variable separate (bsc#1156213) - networkd: vxlan require Remote= to be a non multicast address (#8117) (bsc#1156213) - fs-util: let's avoid unnecessary strerror() - fs-util: introduce inotify_add_watch_and_warn() helper - ask-password: improve log message when inotify limit is reached (bsc#1155574) - shared/install: failing with -ELOOP can be due to the use of an alias in install_error() (bsc#1151377) - man: alias names can't be used with enable command (bsc#1151377) - Add boot option to not use swap at system start (jsc#SLE-7689) - Allow YaST to select Iranian (Persian, Farsi) keyboard layout (bsc#1092920) ----------------------------------------- Patch: SUSE-2020-336 Released: Thu Feb 6 12:45:08 2020 Summary: Recommended update for opus Severity: moderate References: 1162395 Description: This update for opus fixes the following issues: - Fixes an issue with the analysis on files with digital silence (all zeros), especially on x87 builds (mostly affects 32-bit builds) - Improved speech/music detection based on a neural network - Low-bitrate speech improvements - Added support for immersive audio using ambisonics - Improved tone quality This update also improves the security of this software. ----------------------------------------- Patch: SUSE-2020-338 Released: Thu Feb 6 13:00:23 2020 Summary: Recommended update for apr Severity: moderate References: 1151059 Description: This update for apr fixes the following issues: - Increase timeout to fix random failure of testsuite [bsc#1151059]. ----------------------------------------- Patch: SUSE-2020-339 Released: Thu Feb 6 13:03:22 2020 Summary: Recommended update for openldap2 Severity: low References: 1158921 Description: This update for openldap2 provides the following fix: - Add libldap-data to the product (as it contains ldap.conf). (bsc#1158921) ----------------------------------------- Patch: SUSE-2020-340 Released: Thu Feb 6 13:03:56 2020 Summary: Recommended update for python-rpm-macros Severity: moderate References: 1161770 Description: This update for python-rpm-macros fixes the following issues: - Add macros related to the Python dist metadata dependency generator. (bsc#1161770) ----------------------------------------- Patch: SUSE-2020-343 Released: Thu Feb 6 13:08:13 2020 Summary: Recommended update for SAPHanaSR Severity: moderate References: 1155423,1156067,1156150,1157453 Description: This update for SAPHanaSR fixes the following issues: - Restart sapstartsrv service on master nameserver node during monitor action, if needed. But NOT during probes. (bsc#1157453, bsc#1156150) - The SAPHana resource agent must not down-score a SAP HANA Database site, but keep high scoring during recovery of the master name server. (bsc#1156067) - Change HAWK2 templates to python3. (bsc#1155423) ----------------------------------------- Patch: SUSE-2020-344 Released: Thu Feb 6 13:08:33 2020 Summary: Recommended update for python-kiwi Severity: moderate References: 1139915,1150190,1155815,1156694,1156908,1157104,1157354,1159235,1159538 Description: This update for python-kiwi fixes the following issues: - Update libyui-ncurses-pkg10 to libyui-ncurses-pkg11 Tumbleweed there is no longer the libyui-ncurses-pkg10 its been superseded by libyui-ncurses-pkg11. (bsc#1159538) - Fix grub2 configuration for shim fallback setup if shim fallback setup is enabled the grub.cfg is copied to the EFI partition. (bsc#1159235, bsc#1155815) - No swap volume is added on btrfs as the volume manager is not LVM, so swap has its own volume. (bsc#1156908) - Fixed setup of default grub config preventing grub2-mkconfig to place the root device information twice. (bsc#1156908) - Include 'grub.cfg' inside the efi partition the vfat. (bsc#1157354) - Fix for kiwi relative path in repository element. (bsc#1157104) - Fixed 'zipl' bootloader setup for 's390' images. (bsc#1156694) - Fix the sha256 generated file content in a 'kiwi result bundle' call includes the filename with the correct extension. (bsc#1139915) - Fixed rpmdb compat link setup removing the hardcoded path '/var/lib/rpm' and use the rpm macro definition instead. (bsc#1150190) ----------------------------------------- Patch: SUSE-2020-359 Released: Fri Feb 7 10:39:59 2020 Summary: Security update for rubygem-rack Severity: moderate References: 1114828,1116600,1159548,CVE-2018-16471,CVE-2019-16782 Description: This update for rubygem-rack to version 2.0.8 fixes the following issues: - CVE-2018-16471: Fixed a cross-site scripting (XSS) flaw via the scheme method on Rack::Request (bsc#1116600). - CVE-2019-16782: Fixed a possible information leak and session hijack vulnerability (bsc#1159548). ----------------------------------------- Patch: SUSE-2020-362 Released: Fri Feb 7 11:14:20 2020 Summary: Recommended update for libXi Severity: moderate References: 1153311 Description: This update for libXi fixes the following issue: - The libXi6-32bit library on x86_64 are now shipped in the Basesystem module. (bsc#1153311) ----------------------------------------- Patch: SUSE-2020-365 Released: Fri Feb 7 13:48:54 2020 Summary: Recommended update for lmdb Severity: moderate References: 1159086 Description: This update for lmdb fixes the following issues: - Fix assert in LMBD during 'mdb_page_search_root'. (bsc#1159086). ----------------------------------------- Patch: SUSE-2020-375 Released: Fri Feb 7 17:30:25 2020 Summary: Security update for docker-runc Severity: moderate References: 1160452,CVE-2019-19921 Description: This update for docker-runc fixes the following issues: - CVE-2019-19921: Fixed a volume mount race condition with shared mounts (bsc#1160452). ----------------------------------------- Patch: SUSE-2020-392 Released: Tue Feb 18 11:23:50 2020 Summary: Recommended update for lifecycle-data-sle-module-live-patching Severity: moderate References: 1020320 Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: - Removed duplicate records and added data for 4_12_14-150_47, 4_12_14-197_29. (bsc#1020320) ----------------------------------------- Patch: SUSE-2020-395 Released: Tue Feb 18 14:16:48 2020 Summary: Recommended update for gcc7 Severity: moderate References: 1160086 Description: This update for gcc7 fixes the following issue: - Fixed a miscompilation in zSeries code (bsc#1160086) ----------------------------------------- Patch: SUSE-2020-398 Released: Tue Feb 18 16:59:27 2020 Summary: Recommended update for gnu-compilers-hpc Severity: moderate References: 1160924 Description: This update for gnu-compilers-hpc fixes the following issues: - Added gcc9 flavors (jsc#SLE-8604 bsc#1160924) ----------------------------------------- Patch: SUSE-2020-22 Released: Wed Feb 19 08:13:27 2020 Summary: Recommended update for python-numpy Severity: moderate References: 1149203,SLE-8532 Description: This update for python-numpy fixes the following issues: - Add new random module including selectable random number generators: MT19937, PCG64, Philox and SFC64 (bsc#1149203) - NumPy's FFT implementation was changed from fftpack to pocketfft, resulting in faster, more accurate transforms and better handling of datasets of prime length. (bsc#1149203) - New radix sort and timsort sorting methods. (bsc#1149203) ----------------------------------------- Patch: SUSE-2020-413 Released: Wed Feb 19 10:21:41 2020 Summary: Security update for enigmail Severity: moderate References: 1159973 Description: This update for enigmail fixes the following issues: enigmail was updated to 2.1.5: * Security issue: unsigned MIME parts displayed as signed (bsc#1159973) * Ensure that upgrading GnuPG 2.0.x to 2.2.x upgrade converts keyring format * Make Enigmail Compatible with Protected-Headers spec, draft 2 enigmail 2.1.4: * Fixes for UI glitches * Option to 'Attach public key to messages' was not restored properly enigmail 2.1.3: * fix a bug in the setup wizard that could lead the wizard to never complete scanning the inbox ----------------------------------------- Patch: SUSE-2020-417 Released: Wed Feb 19 11:40:02 2020 Summary: Recommended update for chrony Severity: moderate References: 1159840 Description: This update for chrony fixes the following issues: - Fix 'make check' builds made after 2019-12-20. Existing installations do not need to be updated as the bug only affects the test, but not chrony itself (bsc#1159840). ----------------------------------------- Patch: SUSE-2020-31 Released: Mon Feb 24 10:36:36 2020 Summary: Recommended update for cloud-netconfig Severity: moderate References: 1135592,1144282,1157117,1157190 Description: This update for cloud-netconfig contains the following fixes: - Removed obsolete Group tag from spec file. - Update to version 1.3: + Fix IPv4 address handling on secondary NICs in Azure. - Update to version 1.2: + support AWS IMDSv2 token. - Update to version 1.1: + fix use of GATEWAY variable. (bsc#1157117, bsc#1157190) + remove secondary IPv4 address only when added by cloud-netconfig. (bsc#1144282) + simplify routing setup for single NIC systems (partly fixes bsc#1135592) ----------------------------------------- Patch: SUSE-2020-440 Released: Mon Feb 24 15:31:42 2020 Summary: Security update for python-azure-agent Severity: moderate References: 1127838,CVE-2019-0804 Description: This update for python-azure-agent fixes the following issues: python-azure-agent was updated to version 2.2.45 (jsc#ECO-80) + Add support for Gen2 VM resource disks + Use alternate systemd detection + Fix /proc/net/route requirement that causes errors on FreeBSD + Add cloud-init auto-detect to prevent multiple provisioning mechanisms from relying on configuration for coordination + Disable cgroups when daemon is setup incorrectly + Remove upgrade extension loop for the same goal state + Add container id for extension telemetry events + Be more exact when detecting IMDS service health + Changing add_event to start sending missing fields From 2.2.44 update: + Remove outdated extension ZIP packages + Improved error handling when starting extensions using systemd + Reduce provisioning time of some custom images + Improve the handling of extension download errors + New API for extension authors to handle errors during extension update + Fix handling of errors in calls to openssl + Improve logic to determine current distro + Reduce verbosity of several logging statements From 2.2.42 update: + Poll for artifact blob, addresses goal state procesing issue From 2.2.41 update: + Rewriting the mechanism to start the extension using systemd-run for systems using systemd for managing + Refactoring of resource monitoring framework using cgroup for both systemd and non-systemd approaches [#1530, #1534] + Telemetry pipeline for resource monitoring data From 2.2.40 update: + Fixed tracking of memory/cpu usage + Do not prevent extensions from running if setting up cgroups fails + Enable systemd-aware deprovisioning on all versions >= 18.04 + Add systemd support for Debian Jessie, Stretch, and Buster + Support for Linux Openwrt From 2.2.38 update: Security issue fixed: + CVE-2019-0804: An issue with swapfile handling in the agent creates a data leak situation that exposes system memory data. (bsc#1127838) + Add fixes for handling swap file and other nit fixes From 2.2.37 update: + Improves re-try logic to handle errors while downloading extensions ----------------------------------------- Patch: SUSE-2020-445 Released: Tue Feb 25 10:49:36 2020 Summary: Recommended update for gdb Severity: moderate References: 1146167,1146475,1156284,1158539 Description: This update for gdb fixes the following issues: - Added support for official name of IBM s390 Arch13: z15. - Added descriptions for arch13 instructions. (jsc#SLE-7903) - Fixed build with gcc 10 [bsc#1158539, swo#24653]. - Make fpc optional (bsc#1156284) as fpc requires itself for bootstrapping. - Fixed a debugging information problem with a forwarding array declaration (bsc#1146475) - Fixed that logging redirect doesn't work for user-defined command (bsc#1146167) ----------------------------------------- Patch: SUSE-2020-447 Released: Tue Feb 25 10:49:51 2020 Summary: Recommended update for pcsc-tools Severity: moderate References: 1145779 Description: This update for pcsc-tools fixes the following issues: - added missing dependencies for gscriptor (bsc#1145779) ----------------------------------------- Patch: SUSE-2020-451 Released: Tue Feb 25 10:50:35 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1155337,1161215,1161216,1161218,1161219,1161220 Description: This update for libgcrypt fixes the following issues: - ECDSA: Check range of coordinates (bsc#1161216) - FIPS: libgcrypt DSA PQG parameter generation: Missing value [bsc#1161219] - FIPS: libgcrypt DSA PQG verification incorrect results [bsc#1161215] - FIPS: libgcrypt RSA siggen/keygen: 4k not supported [bsc#1161220] - FIPS: keywrap gives incorrect results [bsc#1161218] - FIPS: RSA/DSA/ECDSA are missing hashing operation [bsc#1155337] ----------------------------------------- Patch: SUSE-2020-453 Released: Tue Feb 25 10:51:53 2020 Summary: Recommended update for binutils Severity: moderate References: 1160590 Description: This update for binutils fixes the following issues: - Recognize the official name of s390 arch13: 'z15'. (bsc#1160590, jsc#SLE-7903 aka jsc#SLE-7464) ----------------------------------------- Patch: SUSE-2020-458 Released: Tue Feb 25 11:01:37 2020 Summary: Security update for libexif Severity: moderate References: 1120943,1160770,CVE-2018-20030,CVE-2019-9278 Description: This update for libexif fixes the following issues: - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). ----------------------------------------- Patch: SUSE-2020-462 Released: Tue Feb 25 11:49:30 2020 Summary: Recommended update for xfsprogs Severity: moderate References: 1158504,1158509,1158630,1158758 Description: This update for xfsprogs fixes the following issues: - Allow the filesystem utility xfs_io to suffix sizes with k,m,g for kilobytes, megabytes or gigabytes respectively. (bsc#1158630) - Validate extent size hint parameters through libxfs to avoid output mismatch. (bsc#1158509) - Fix for 'xfs_repair' not to fail recovery of orphaned shortform directories. (bsc#1158504) - Fix for 'xfs_quota' to avoid false error reporting of project inheritance flag is not set. (bsc#1158758) ----------------------------------------- Patch: SUSE-2020-466 Released: Tue Feb 25 11:59:19 2020 Summary: Security update for java-1_8_0-ibm Severity: important References: 1160968,1162972,CVE-2019-4732,CVE-2020-2583,CVE-2020-2593,CVE-2020-2604,CVE-2020-2659 Description: This update for java-1_8_0-ibm fixes the following issues: Java 8.0 was updated to Service Refresh 6 Fix Pack 5 (bsc#1162972, bsc#1160968) - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2019-4732: Untrusted DLL search path vulnerability - CVE-2020-2593: Normalize normalization for all - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support ----------------------------------------- Patch: SUSE-2020-467 Released: Tue Feb 25 12:00:39 2020 Summary: Security update for python3 Severity: moderate References: 1162224,1162367,1162423,1162825,CVE-2019-9674,CVE-2020-8492 Description: This update for python3 fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP (bsc#1162367). Non-security issue fixed: - If the locale is 'C', coerce it to C.UTF-8 (bsc#1162423). ----------------------------------------- Patch: SUSE-2020-480 Released: Tue Feb 25 17:38:22 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1160735 Description: This update for aaa_base fixes the following issues: - Change 'rp_filter' to increase the default priority to ethernet over the wifi. (bsc#1160735) ----------------------------------------- Patch: SUSE-2020-481 Released: Tue Feb 25 17:39:22 2020 Summary: Recommended update for perl-TimeDate Severity: moderate References: 1162433 Description: This update for perl-TimeDate fixes the following issues: - Fix for issues parsing date strings into time values correctly. (bsc#1162433) ----------------------------------------- Patch: SUSE-2020-489 Released: Wed Feb 26 11:44:03 2020 Summary: Security update for ppp Severity: important References: 1162610,CVE-2020-8597 Description: This update for ppp fixes the following security issue: - CVE-2020-8597: Fixed a buffer overflow in the eap_request and eap_response functions (bsc#1162610). ----------------------------------------- Patch: SUSE-2020-493 Released: Wed Feb 26 14:05:50 2020 Summary: Security update for squid Severity: moderate References: 1162687,1162689,1162691,CVE-2019-12528,CVE-2020-8449,CVE-2020-8450,CVE-2020-8517 Description: This update for squid to version 4.10 fixes the following issues: Security issues fixed: - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689). - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8450: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8517: Fixed a buffer overflow in ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). Non-security issue fixed: - Improved cache handling with chunked responses. ----------------------------------------- Patch: SUSE-2020-498 Released: Wed Feb 26 17:59:44 2020 Summary: Recommended update for aws-cli, python-boto3, python-botocore, python-s3transfer, python-aws-sam-translator, python-cfn-lint, python-nose2, python-parameterized Severity: moderate References: 1122669,1136184,1146853,1146854,1159018 Description: This update for aws-cli, python-aws-sam-translator, python-cfn-lint, python-nose2, python-parameterized, python-boto3, python-botocore, python-s3transfer fixes the following issues: python-aws-sam-translator was updated to 1.11.0 (bsc#1159018, jsc#PM-1507): Upgrade to 1.11.0: * Add ReservedConcurrentExecutions to globals * Fix ElasticsearchHttpPostPolicy resource reference * Support using AWS::Region in Ref and Sub * Documentation and examples updates * Add VersionDescription property to Serverless::Function * Update ServerlessRepoReadWriteAccessPolicy * Add additional template validation Upgrade to 1.10.0: * Add GSIs to DynamoDBReadPolicy and DynamoDBCrudPolicy * Add DynamoDBReconfigurePolicy * Add CostExplorerReadOnlyPolicy and OrganizationsListAccountsPolicy * Add EKSDescribePolicy * Add SESBulkTemplatedCrudPolicy * Add FilterLogEventsPolicy * Add SSMParameterReadPolicy * Add SESEmailTemplateCrudPolicy * Add s3:PutObjectAcl to S3CrudPolicy * Add allow_credentials CORS option * Add support for AccessLogSetting and CanarySetting Serverless::Api properties * Add support for X-Ray in Serverless::Api * Add support for MinimumCompressionSize in Serverless::Api * Add Auth to Serverless::Api globals * Remove trailing slashes from APIGW permissions * Add SNS FilterPolicy and an example application * Add Enabled property to Serverless::Function event sources * Add support for PermissionsBoundary in Serverless::Function * Fix boto3 client initialization * Add PublicAccessBlockConfiguration property to S3 bucket resource * Make PAY_PER_REQUEST default mode for Serverless::SimpleTable * Add limited support for resolving intrinsics in Serverless::LayerVersion * SAM now uses Flake8 * Add example application for S3 Events written in Go * Updated several example applications python-cfn-lint was added in version 0.21.4: - Add upstream patch to fix EOL dates for lambda runtimes - Add upstream patch to fix test_config_expand_paths test - Rename to python-cfn-lint. This package has a python API, which is required by python-moto. Update to version 0.21.4: + Features * Include more resource types in W3037 + CloudFormation Specifications * Add Resource Type `AWS::CDK::Metadata` + Fixes * Uncap requests dependency in setup.py * Check Join functions have lists in the correct sections * Pass a parameter value for AutoPublishAlias when doing a Transform * Show usage examples when displaying the help Update to version 0.21.3 + Fixes * Support dumping strings for datetime objects when doing a Transform Update to version 0.21.2 + CloudFormation Specifications * Update CloudFormation specs to 3.3.0 * Update instance types from pricing API as of 2019.05.23 Update to version 0.21.1 + Features * Add `Info` logging capability and set the default logging to `NotSet` + Fixes * Only do rule logging (start/stop/time) when the rule is going to be called * Update rule E1019 to allow `Fn::Transform` inside a `Fn::Sub` * Update rule W2001 to not break when `Fn::Transform` inside a `Fn::Sub` * Update rule E2503 to allow conditions to be used and to not default to `network` load balancer when an object is used for the Load Balancer type Update to version 0.21.0 + Features * New rule E3038 to check if a Serverless resource includes the appropriate Transform * New rule E2531 to validate a Lambda's runtime against the deprecated dates * New rule W2531 to validate a Lambda's runtime against the EOL dates * Update rule E2541 to include updates to Code Pipeline capabilities * Update rule E2503 to include checking of values for load balancer attributes + CloudFormation Specifications * Update CloudFormation specs to 3.2.0 * Update instance types from pricing API as of 2019.05.20 + Fixes * Include setuptools in setup.py requires Update to version 0.20.3 + CloudFormation Specifications * Update instance types from pricing API as of 2019.05.16 + Fixes * Update E7001 to allow float/doubles for mapping values * Update W1020 to check pre-transformed Fn::Sub(s) to determine if a Sub is needed * Pin requests to be below or equal to 2.21.0 to prevent issues with botocore Update to version 0.20.2 + Features * Add support for List Parameter types + CloudFormation Specifications * Add allowed values for AWS::EC2 EIP, FlowLog, CustomerGateway, DHCPOptions, EC2Fleet * Create new property type for Security Group IDs or Names * Add new Lambda runtime environment for NodeJs 10.x * Move AWS::ServiceDiscovery::Service Health checks from Only One to Exclusive * Update Glue Crawler Role to take an ARN or a name * Remove PrimitiveType from MaintenanceWindowTarget Targets * Add Min/Max values for Load Balancer Ports to be between 1-65535 + Fixes * Include License file in the pypi package to help with downstream projects * Filter out dynamic references from rule E3031 and E3030 * Convert Python linting and Code Coverage from Python 3.6 to 3.7 Update to version 0.20.1 + Fixes * Update rule E8003 to support more functions inside a Fn::Equals Update to version 0.20.0 + Features * Allow a rule's exception to be defined in a resource's metadata * Add rule configuration capabilities * Update rule E3012 to allow for non strict property checking * Add rule E8003 to test Fn::Equals structure and syntax * Add rule E8004 to test Fn::And structure and syntax * Add rule E8005 to test Fn::Not structure and syntax * Add rule E8006 to test Fn::Or structure and syntax * Include Path to error in the JSON output * Update documentation to describe how to install cfn-lint from brew + CloudFormation Specifications * Update CloudFormation specs to version 3.0.0 * Add new region ap-east-1 * Add list min/max and string min/max for CloudWatch Alarm Actions * Add allowed values for EC2::LaunchTemplate * Add allowed values for EC2::Host * Update allowed values for Amazon MQ to include 5.15.9 * Add AWS::Greengrass::ResourceDefinition to GreenGrass supported regions * Add AWS::EC2::VPCEndpointService to all regions * Update AWS::ECS::TaskDefinition ExecutionRoleArn to be a IAM Role ARN * Patch spec files for SSM MaintenanceWindow to look for Target and not Targets * Update ManagedPolicyArns list size to be 20 which is the hard limit. 10 is the soft limit. + Fixes * Fix rule E3033 to check the string size when the string is inside a list * Fix an issue in which AWS::NotificationARNs was not a list * Add AWS::EC2::Volume to rule W3010 * Fix an issue with W2001 where SAM translate would remove the Ref to a parameter causing this error to falsely trigger * Fix rule W3010 to not error when the availability zone is 'all' Update to version 0.19.1 + Fixes * Fix core Condition processing to support direct Condition in another Condition * Fix the W2030 to check numbers against string allowed values Update to version 0.19.0 + Features * Add NS and PTR Route53 record checking to rule E3020 * New rule E3050 to check if a Ref to IAM Role has a Role path of '/' * New rule E3037 to look for duplicates in a list that doesn't support duplicates * New rule I3037 to look for duplicates in a list when duplicates are allowed + CloudFormation Specifications * Add Min/Max values to AWS::ElasticLoadBalancingV2::TargetGroup HealthCheckTimeoutSeconds * Add Max JSON size to AWS::IAM::ManagedPolicy PolicyDocument * Add allowed values for AWS::EC2 SpotFleet, TransitGateway, NetworkAcl NetworkInterface, PlacementGroup, and Volume * Add Min/max values to AWS::Budgets::Budget.Notification Threshold * Update RDS Instance types by database engine and license definitions using the pricing API * Update AWS::CodeBuild::Project ServiceRole to support Role Name or ARN * Update AWS::ECS::Service Role to support Role Name or ARN + Fixes * Update E3025 to support the new structure of data in the RDS instance type json * Update E2540 to remove all nested conditions from the object * Update E3030 to not do strict type checking * Update E3020 to support conditions nested in the record sets * Update E3008 to better handle CloudFormation sub stacks with different GetAtt formats Update to version 0.18.1 + CloudFormation Specifications * Update CloudFormation Specs to 2.30.0 * Fix IAM Regex Path to support more character types * Update AWS::Batch::ComputeEnvironment.ComputeResources InstanceRole to reference an InstanceProfile or GetAtt the InstanceProfile Arn * Allow VPC IDs to Ref a Parameter of type String + Fixes * Fix E3502 to check the size of the property instead of the parent object Update to version 0.18.0 + Features * New rule E3032 to check the size of lists * New rule E3502 to check JSON Object Size using definitions in the spec file * New rule E3033 to test the minimum and maximum length of a string * New rule E3034 to validate the min and max of a number * Remove Ebs Iops check from E2504 and use rule E3034 instead * Remove rule E2509 and use rule E3033 instead * Remove rule E2508 as it replaced by E3032 and E3502 * Update rule E2503 to check that there are at least two 2 Subnets or SubnetMappings for ALBs * SAM requirement upped to minimal version of 1.10.0 + CloudFormation Specifications * Extend specs to include: > `ListMin` and `ListMax` for the minimum and maximum size of a list > `JsonMax` to check the max size of a JSON Object > `StringMin` and `StringMax` to check the minimum and maximum length of a String > `NumberMin` and `NumberMax` to check the minimum and maximum value of a Number, Float, Long * Update State and ExecutionRoleArn to be required on AWS::DLM::LifecyclePolicy * Add AllowedValues for PerformanceInsightsRetentionPeriod for AWS::RDS::Instance * Add AllowedValues for the AWS::GuardDuty Resources * Add AllowedValues for AWS::EC2 VPC and VPN Resources * Switch IAM Instance Profiles for certain resources to the type that only takes the name * Add regex pattern for IAM Instance Profile when a name (not Arn) is used * Add regex pattern for IAM Paths * Add Regex pattern for IAM Role Arn * Update OnlyOne spec to require require at least one of Subnets or SubnetMappings with ELB v2 + Fixes * Fix serverless transform to use DefinitionBody when Auth is in the API definition * Fix rule W2030 to not error when checking SSM or List Parameters Update to version 0.17.1 + Features * Update rule E2503 to make sure NLBs don't have a Security Group configured + CloudFormation Specifications * Add all the allowed values of the `AWS::Glue` Resources * Update OnlyOne check for `AWS::CloudWatch::Alarm` to only `MetricName` or `Metrics` * Update Exclusive check for `AWS::CloudWatch::Alarm` for properties mixed with `Metrics` and `Statistic` * Update CloudFormation specs to 2.29.0 * Fix type with MariaDB in the AllowedValues * Update pricing information for data available on 2018.3.29 + Fixes * Fix rule E1029 to not look for a sub is needed when looking for iot strings in policies * Fix rule E2541 to allow for ActionId Versions of length 1-9 and meets regex `[0-9A-Za-z_-]+` * Fix rule E2532 to allow for `Parameters` inside a `Pass` action * Fix an issue when getting the location of an error in which numbers are causing an attribute error Update to version 0.17.0 + Features * Add new rule E3026 to validate Redis cluster settings including AutomaticFailoverEnabled and NumCacheClusters. Status: Released * Add new rule W3037 to validate IAM resource policies. Status: Experimental * Add new parameter `-e/--include-experimental` to allow for new rules in that aren't ready to be fully released + CloudFormation Specifications * Update Spec files to 2.28.0 * Add all the allowed values of the AWS::Redshift::* Resources * Add all the allowed values of the AWS::Neptune::* Resources * Patch spec to make AWS::CloudFront::Distribution.LambdaFunctionAssociation.LambdaFunctionARN required * Patch spec to make AWS::DynamoDB::Table AttributeDefinitions required + Fixes * Remove extra blank lines when there is no errors in the output * Add exception to rule E1029 to have exceptions for EMR CloudWatchAlarmDefinition * Update rule E1029 to allow for literals in a Sub * Remove sub checks from rule E3031 as it won't match in all cases of an allowed pattern regex check * Correct typos for errors in rule W1001 * Switch from parsing a template as Yaml to Json when finding an escape character * Fix an issue with SAM related to transforming templates with Serverless Application and Lambda Layers * Fix an issue with rule E2541 when non strings were used for Stage Names Update to version 0.16.0 + Features * Add rule E3031 to look for regex patterns based on the patched spec file * Remove regex checks from rule E2509 * Add parameter `ignore-templates` to allow the ignoring of templates when doing bulk linting + CloudFormation Specifications * Update Spec files to 2.26.0 * Add all the allowed values of the AWS::DirectoryService::* Resources * Add all the allowed values of the AWS::DynamoDB::* Resources * Added AWS::Route53Resolver resources to the Spec Patches of ap-southeast-2 * Patch the spec file with regex patterns * Add all the allowed values of the AWS::DocDb::* Resources + Fixes * Update rule E2504 to have '20000' as the max value * Update rule E1016 to not allow ImportValue inside of Conditions * Update rule E2508 to check conditions when providing limit checks on managed policies * Convert unicode to strings when in Py 3.4/3.5 and updating specs * Convert from `awslabs` to `aws-cloudformation` organization * Remove suppression of logging that was removed from samtranslator >1.7.0 and incompatibility with samtranslator 1.10.0 Update to version 0.15.0 + Features * Add scaffolding for arbitrary Match attributes, adding attributes for Type checks * Add rule E3024 to validate that ProvisionedThroughput is not specified with BillingMode PAY_PER_REQUEST + CloudFormation Specifications * Update Spec files to 2.24.0 * Update OnlyOne spec to have BlockDeviceMapping to include NoDevice with Ebs and VirtualName * Add all the allowed values of the AWS::CloudFront::* Resources * Add all the allowed values of the AWS::DAX::* Resources + Fixes * Update config parsing to use the builtin Yaml decoder * Add condition support for Inclusive E2521, Exclusive E2520, and AtLeastOne E2522 rules * Update rule E1029 to better check Resource strings inside IAM Policies * Improve the line/column information of a Match with array support Update to version 0.14.1 + CloudFormation Specifications * Update CloudFormation Specs to version 2.23.0 * Add allowed values for AWS::Config::* resources * Add allowed values for AWS::ServiceDiscovery::* resources * Fix allowed values for Apache MQ + Fixes * Update rule E3008 to not error when using a list from a custom resource * Support simple types in the CloudFormation spec * Add tests for the formatters Update to version 0.14.0 + Features * Add rule E3035 to check the values of DeletionPolicy * Add rule E3036 to check the values of UpdateReplacePolicy * Add rule E2014 to check that there are no REFs in the Parameter section * Update rule E2503 to support TLS on NLBs + CloudFormation Specifications * Update CloudFormation spec to version 2.22.0 * Add allowed values for AWS::Cognito::* resources + Fixes * Update rule E3002 to allow GetAtts to Custom Resources under a Condition Update to version 0.13.2 + Features * Introducing the cfn-lint logo! * Update SAM dependency version + Fixes * Fix CloudWatchAlarmComparisonOperator allowed values. * Fix typo resoruce_type_spec in several files * Better support for nested And, Or, and Not when processing Conditions Update to version 0.13.1 + CloudFormation Specifications * Add allowed values for AWS::CloudTrail::Trail resources * Patch spec to have AWS::CodePipeline::CustomActionType Version included + Fixes * Fix conditions logic to use AllowedValues when REFing a Parameter that has AllowedValues specified Update to version 0.13.0 + Features * New rule W1011 to check if a FindInMap is using the correct map name and keys * New rule W1001 to check if a Ref/GetAtt to a resource that exists when Conditions are used * Removed logic in E1011 and moved it to W1011 for validating keys * Add property relationships for AWS::ApplicationAutoScaling::ScalingPolicy into Inclusive, Exclusive, and AtLeastOne * Update rule E2505 to check the netmask bit * Include the ability to update the CloudFormation Specs using the Pricing API + CloudFormation Specifications * Update to version 2.21.0 * Add allowed values for AWS::Budgets::Budget * Add allowed values for AWS::CertificateManager resources * Add allowed values for AWS::CodePipeline resources * Add allowed values for AWS::CodeCommit resources * Add allowed values for EC2 InstanceTypes from pricing API * Add allowed values for RedShift InstanceTypes from pricing API * Add allowed values for MQ InstanceTypes from pricing API * Add allowed values for RDS InstanceTypes from pricing API + Fixes * Fixed README indentation issue with .pre-commit-config.yaml * Fixed rule E2541 to allow for multiple inputs/outputs in a CodeBuild task * Fixed rule E3020 to allow for a period or no period at the end of a ACM registration record * Update rule E3001 to support UpdateReplacePolicy * Fix a cli issue where `--template` wouldn't be used when a .cfnlintrc was in the same folder * Update rule E3002 and E1024 to support packaging of AWS::Lambda::LayerVersion content - Initial build + Version 0.12.1 Update to 0.9.1 * the prof plugin now uses cProfile instead of hotshot for profiling * skipped tests now include the user's reason in junit XML's message field * the prettyassert plugin mishandled multi-line function definitions * Using a plugin's CLI flag when the plugin is already enabled via config no longer errors * nose2.plugins.prettyassert, enabled with --pretty-assert * Cleanup code for EOLed python versions * Dropped support for distutils. * Result reporter respects failure status set by other plugins * JUnit XML plugin now includes the skip reason in its output Upgrade to 0.8.0: - List of changes is too long to show here, see https://github.com/nose-devs/nose2/blob/master/docs/changelog.rst changes between 0.6.5 and 0.8.0 Update to 0.7.0: * Added parameterized_class feature, for parameterizing entire test classes (many thanks to @TobyLL for their suggestions and help testing!) * Fix DeprecationWarning on `inspect.getargs` (thanks @brettdh; https://github.com/wolever/parameterized/issues/67) * Make sure that `setUp` and `tearDown` methods work correctly (#40) * Raise a ValueError when input is empty (thanks @danielbradburn; https://github.com/wolever/parameterized/pull/48) * Fix the order when number of cases exceeds 10 (thanks @ntflc; https://github.com/wolever/parameterized/pull/49) aws-cli was updated to version 1.16.223: For detailed changes see the changes entries: https://github.com/aws/aws-cli/blob/1.16.223/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.189/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.182/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.176/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.103/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.94/CHANGELOG.rst https://github.com/aws/aws-cli/blob/1.16.84/CHANGELOG.rst python-boto3 was updated to 1.9.213, python-botocore was updated to 1.9.188, and python-s3transfer was updated to 1.12.74, fixing lots of bugs and adding features (bsc#1146853, bsc#1146854) ----------------------------------------- Patch: SUSE-2020-510 Released: Thu Feb 27 12:46:10 2020 Summary: Security update for python Severity: moderate References: 1162224,1162367,1162825,CVE-2019-9674,CVE-2020-8492 Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation, warning about dangers of zip-bombs (bsc#1162825). - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP (bsc#1162367). ----------------------------------------- Patch: SUSE-2020-511 Released: Thu Feb 27 13:07:38 2020 Summary: Security update for the Linux Kernel Severity: important References: 1046303,1050244,1050549,1051510,1051858,1061840,1065600,1065729,1071995,1083647,1085030,1086301,1086313,1086314,1088810,1090888,1103989,1103990,1103991,1104353,1104427,1104745,1105392,1109837,1111666,1112178,1112374,1112504,1113956,1114279,1114685,1115026,1118338,1118661,1123328,1126206,1127371,1127611,1127682,1129551,1133021,1133147,1134973,1140025,1142685,1143959,1144162,1144333,1151548,1151910,1151927,1152107,1152631,1153535,1153917,1154243,1154601,1154768,1154916,1155331,1155334,1155689,1156259,1156286,1156462,1157155,1157157,1157169,1157303,1157424,1157480,1157692,1157853,1157895,1157908,1157966,1158013,1158021,1158026,1158071,1158094,1158132,1158381,1158533,1158819,1158823,1158824,1158827,1158834,1158893,1158900,1158903,1158904,1158954,1159024,1159028,1159271,1159297,1159377,1159394,1159483,1159484,1159500,1159569,1159588,1159841,1159908,1159909,1159910,1159911,1159955,1160147,1160195,1160210,1160211,1160218,1160433,1160442,1160469,1160470,1160476,1160560,1160618,1160678,1160755,1160756,1160784,1160787,1160802,1160803,1160804,1160917,1160966,1160979,1161087,1161243,1161360,1161472,1161514,1161518,1161522,1161523,1161549,1161552,1161674,1161702,1161907,1161931,1161933,1161934,1161935,1161936,1161937,1162028,1162067,1162109,1162139,1162557,1162617,1162618,1162619,1162623,1162928,1162943,1163206,1163383,1163384,1163762,1163774,1163836,1163840,1163841,1163842,1163843,1163844,1163845,1163846,1163849,1163850,1163851,1163852,1163853,1163855,1163856,1163857,1163858,1163859,1163860,1163861,1163862,1163863,1163867,1163869,1163880,1164051,1164069,1164098,1164115,1164314,1164315,1164388,1164471,1164598,1164632,CVE-2019-14615,CVE-2019-14896,CVE-2019-14897,CVE-2019-16746,CVE-2019-16994,CVE-2019-18808,CVE-2019-19036,CVE-2019-19045,CVE-2019-19051,CVE-2019-19054,CVE-2019-19066,CVE-2019-19318,CVE-2019-19319,CVE-2019-19332,CVE-2019-19338,CVE-2019-19447,CVE-2019-19523,CVE-2019-19526,CVE-2019-19527,CVE-2019-19532,CVE-2019-19533,CVE-2019-19535,CVE-2019-19537,CVE-2019-19767,CVE-2019-19927,CVE-2019-19965,CVE-2019-19966,CVE-2019-20054,CVE-2019-20095,CVE-2019-20096,CVE-2020-7053,CVE-2020-8428,CVE-2020-8648,CVE-2020-8992 Description: The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-14615: An information disclosure vulnerability existed due to insufficient control flow in certain data structures for some Intel(R) Processors (bnc#1160195). - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bnc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bnc#1157155). - CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c. It did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107). - CVE-2019-16994: A memory leak existed in sit_init_net() in net/ipv6/sit.c which might have caused denial of service, aka CID-07f12b26e21a (bnc#1161523). - CVE-2019-18808: A memory leak in drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of service (memory consumption), aka CID-128c66429247 (bnc#1156259). - CVE-2019-19036: An issue discovered in btrfs_root_node in fs/btrfs/ctree.c allowed a NULL pointer dereference because rcu_dereference(root->node) can be zero (bnc#1157692). - CVE-2019-19045: A memory leak in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7 (bnc#1161522). - CVE-2019-19051: A memory leak in drivers/net/wimax/i2400m/op-rfkill.c allowed attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7 (bnc#1159024). - CVE-2019-19054: A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b (bnc#1161518). - CVE-2019-19066: A memory leak in drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of service (memory consumption), aka CID-0e62395da2bd (bnc#1157303). - CVE-2019-19318: Mounting a crafted btrfs image twice could have caused a use-after-free (bnc#1158026). - CVE-2019-19319: A slab-out-of-bounds write access could have occured when setxattr was called after mounting of a specially crafted ext4 image (bnc#1158021). - CVE-2019-19332: An out-of-bounds memory write issue was found in the way the KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could have used this flaw to crash the system (bnc#1158827). - CVE-2019-19338: There was an incomplete fix for an issue with Transactional Synchronisation Extensions in the KVM code (bsc#1158954). - CVE-2019-19447: Mounting a crafted ext4 filesystem image, performing some operations, and unmounting could have led to a use-after-free in fs/ext4/super.c (bnc#1158819). - CVE-2019-19523: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79 (bsc#1158823). - CVE-2019-19526: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098 (bsc#1158893). - CVE-2019-19527: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e (bsc#1158900). - CVE-2019-19532: There were multiple out-of-bounds write bugs that can be caused by a malicious USB HID device, aka CID-d9d4b1e46d95 (bsc#1158824). - CVE-2019-19533: There was an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464 (bsc#1158834). - CVE-2019-19535: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042 (bsc#1158903). - CVE-2019-19537: There was a race condition bug that could be caused by a malicious USB character device, aka CID-303911cfc5b9. (bsc#1158904). - CVE-2019-19767: There were multiple use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163 (bnc#1159297). - CVE-2019-19927: A slab-out-of-bounds read access could have been caused when mounting a crafted f2fs filesystem image and performing some operations on it, in drivers/gpu/drm/ttm/ttm_page_alloc.c (bnc#1160147). - CVE-2019-19965: There was a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5 (bnc#1159911). - CVE-2019-19966: There was a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that could have caused a denial of service, aka CID-dea37a972655 (bnc#1159841). - CVE-2019-20054: There was a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e (bnc#1159910). - CVE-2019-20095: Several memory leaks were found in drivers/net/wireless/marvell/mwifiex/cfg80211.c, aka CID-003b686ace82 (bnc#1159909). - CVE-2019-20096: There was a memory leak in __feat_register_sp() in net/dccp/feat.c, aka CID-1d3ff0950e2b (bnc#1159908). - CVE-2020-7053: There was a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c (bnc#1160966). - CVE-2020-8428: There was a use-after-free bug in fs/namei.c, which allowed local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9 (bnc#1162109). - CVE-2020-8648: There was a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bnc#1162928). - CVE-2020-8992: An issue was discovered in ext4_protect_reserved_inode in fs/ext4/block_validity.c that allowed attackers to cause a soft lockup via a crafted journal size (bnc#1164069). The following non-security bugs were fixed: - 6pack,mkiss: fix possible deadlock (bsc#1051510). - a typo in %kernel_base_conflicts macro name - ACPI / APEI: Do not wait to serialise with oops messages when panic()ing (bsc#1051510). - ACPI / APEI: Switch estatus pool to use vmalloc memory (bsc#1051510). - ACPI / LPSS: Ignore acpi_device_fix_up_power() return value (bsc#1051510). - ACPI / video: Add force_none quirk for Dell OptiPlex 9020M (bsc#1051510). - ACPI / watchdog: Fix init failure with overlapping register regions (bsc#1162557). - ACPI / watchdog: Set default timeout in probe (bsc#1162557). - ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() (bsc#1051510). - ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion() (bsc#1051510). - ACPI: OSL: only free map once in osl.c (bsc#1051510). - ACPI: PM: Avoid attaching ACPI PM domain to certain devices (bsc#1051510). - ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100 (bsc#1051510). - ACPI: video: Do not export a non working backlight interface on MSI MS-7721 boards (bsc#1051510). - ACPI: watchdog: Allow disabling WDAT at boot (bsc#1162557). - af_packet: set defaule value for tmo (bsc#1051510). - ALSA: control: remove useless assignment in .info callback of PCM chmap element (git-fixes). - ALSA: dummy: Fix PCM format loop in proc output (bsc#1111666). - ALSA: echoaudio: simplify get_audio_levels (bsc#1051510). - ALSA: fireface: fix return value in error path of isochronous resources reservation (bsc#1051510). - ALSA: hda - Add docking station support for Lenovo Thinkpad T420s (git-fixes). - ALSA: hda - Apply sync-write workaround to old Intel platforms, too (bsc#1111666). - ALSA: hda - constify and cleanup static NodeID tables (bsc#1111666). - ALSA: hda - Downgrade error message for single-cmd fallback (git-fixes). - ALSA: hda - fixup for the bass speaker on Lenovo Carbon X1 7th gen (git-fixes). - ALSA: hda/analog - Minor optimization for SPDIF mux connections (git-fixes). - ALSA: hda/ca0132 - Avoid endless loop (git-fixes). - ALSA: hda/ca0132 - Fix work handling in delayed HP detection (git-fixes). - ALSA: hda/ca0132 - Keep power on during processing DSP response (git-fixes). - ALSA: hda/hdmi - Add new pci ids for AMD GPU display audio (git-fixes). - ALSA: hda/hdmi - add retry logic to parse_intel_hdmi() (git-fixes). - ALSA: hda/hdmi - Clean up Intel platform-specific fixup checks (bsc#1111666). - ALSA: hda/hdmi - fix atpx_present when CLASS is not VGA (bsc#1051510). - ALSA: hda/hdmi - Fix duplicate unref of pci_dev (bsc#1051510). - ALSA: hda/hdmi - fix vgaswitcheroo detection for AMD (git-fixes). - ALSA: hda/realtek - Add Bass Speaker and fixed dac for bass speaker (bsc#1111666). - ALSA: hda/realtek - Add headset Mic no shutup for ALC283 (bsc#1051510). - ALSA: hda/realtek - Add Headset Mic supported for HP cPC (bsc#1111666). - ALSA: hda/realtek - Add new codec supported for ALCS1200A (bsc#1111666). - ALSA: hda/realtek - Add quirk for the bass speaker on Lenovo Yoga X1 7th gen (bsc#1111666). - ALSA: hda/realtek - Apply mic mute LED quirk for Dell E7xx laptops, too (bsc#1111666). - ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 (git-fixes). - ALSA: hda/realtek - Enable the bass speaker of ASUS UX431FLC (bsc#1111666). - ALSA: hda/realtek - Fix inverted bass GPIO pin on Acer 8951G (git-fixes). - ALSA: hda/realtek - Fix silent output on MSI-GL73 (git-fixes). - ALSA: hda/realtek - Fixed one of HP ALC671 platform Headset Mic supported (bsc#1111666). - ALSA: hda/realtek - Line-out jack does not work on a Dell AIO (bsc#1051510). - ALSA: hda/realtek - More constifications (bsc#1111666). - ALSA: hda/realtek - Set EAPD control to default for ALC222 (bsc#1111666). - ALSA: hda: Add Clevo W65_67SB the power_save blacklist (git-fixes). - ALSA: hda: Add JasperLake PCI ID and codec vid (bsc#1111666). - ALSA: hda: Clear RIRB status before reading WP (bsc#1111666). - ALSA: hda: constify copied structure (bsc#1111666). - ALSA: hda: Constify snd_kcontrol_new items (bsc#1111666). - ALSA: hda: Constify snd_pci_quirk tables (bsc#1111666). - ALSA: hda: correct kernel-doc parameter descriptions (bsc#1111666). - ALSA: hda: hdmi - add Tigerlake support (bsc#1111666). - ALSA: hda: hdmi - fix pin setup on Tigerlake (bsc#1111666). - ALSA: hda: More constifications (bsc#1111666). - ALSA: hda: patch_hdmi: remove warnings with empty body (bsc#1111666). - ALSA: hda: patch_realtek: fix empty macro usage in if block (bsc#1111666). - ALSA: hda: Reset stream if DMA RUN bit not cleared (bsc#1111666). - ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs (git-fixes). - ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code (bsc#1051510). - ALSA: oxfw: fix return value in error path of isochronous resources reservation (bsc#1051510). - ALSA: pcm: Avoid possible info leaks from PCM stream buffers (git-fixes). - ALSA: pcm: oss: Avoid potential buffer overflows (git-fixes). - ALSA: seq: Avoid concurrent access to queue flags (git-fixes). - ALSA: seq: Fix concurrent access to queue current tick/time (git-fixes). - ALSA: seq: Fix racy access for queue timer in proc read (bsc#1051510). - ALSA: sh: Fix compile warning wrt const (git-fixes). - ALSA: sh: Fix unused variable warnings (bsc#1111666). - ALSA: usb-audio: Apply sample rate quirk for Audioengine D1 (git-fixes). - ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5 (bsc#1111666). - ALSA: usb-audio: Fix endianess in descriptor validation (bsc#1111666). - ALSA: usb-audio: fix set_format altsetting sanity check (bsc#1051510). - ALSA: usb-audio: fix sync-ep altsetting sanity check (bsc#1051510). - apparmor: fix unsigned len comparison with less than zero (git-fixes). - ar5523: check NULL before memcpy() in ar5523_cmd() (bsc#1051510). - arm64: Revert support for execute-only user mappings (bsc#1160218). - ASoC: au8540: use 64-bit arithmetic instead of 32-bit (bsc#1051510). - ASoC: compress: fix unsigned integer overflow check (bsc#1051510). - ASoC: cs4349: Use PM ops 'cs4349_runtime_pm' (bsc#1051510). - ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report (bsc#1051510). - ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1 (bsc#1051510). - ASoC: samsung: i2s: Fix prescaler setting for the secondary DAI (bsc#1111666). - ASoC: sun8i-codec: Fix setting DAI data format (git-fixes). - ASoC: wm8962: fix lambda value (git-fixes). - ata: ahci: Add shutdown to freeze hardware resources of ahci (bsc#1164388). - ath10k: Correct the DMA direction for management tx buffers (bsc#1111666). - ath10k: fix fw crash by moving chip reset after napi disabled (bsc#1051510). - ath10k: pci: Fix comment on ath10k_pci_dump_memory_sram (bsc#1111666). - ath10k: pci: Only dump ATH10K_MEM_REGION_TYPE_IOREG when safe (bsc#1111666). - ath6kl: Fix off by one error in scan completion (bsc#1051510). - ath9k: fix storage endpoint lookup (git-fixes). - atl1e: checking the status of atl1e_write_phy_reg (bsc#1051510). - audit: Allow auditd to set pid to 0 to end auditing (bsc#1158094). - batman-adv: Fix DAT candidate selection on little endian systems (bsc#1051510). - bcache: add code comment bch_keylist_pop() and bch_keylist_pop_front() (bsc#1163762). - bcache: add code comments for state->pool in __btree_sort() (bsc#1163762). - bcache: add code comments in bch_btree_leaf_dirty() (bsc#1163762). - bcache: add cond_resched() in __bch_cache_cmp() (bsc#1163762). - bcache: add idle_max_writeback_rate sysfs interface (bsc#1163762). - bcache: add more accurate error messages in read_super() (bsc#1163762). - bcache: add readahead cache policy options via sysfs interface (bsc#1163762). - bcache: at least try to shrink 1 node in bch_mca_scan() (bsc#1163762). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (bsc#1163762). - bcache: check return value of prio_read() (bsc#1163762). - bcache: deleted code comments for dead code in bch_data_insert_keys() (bsc#1163762). - bcache: do not export symbols (bsc#1163762). - bcache: explicity type cast in bset_bkey_last() (bsc#1163762). - bcache: fix a lost wake-up problem caused by mca_cannibalize_lock (bsc#1163762). - bcache: Fix an error code in bch_dump_read() (bsc#1163762). - bcache: fix deadlock in bcache_allocator (bsc#1163762). - bcache: fix incorrect data type usage in btree_flush_write() (bsc#1163762). - bcache: fix memory corruption in bch_cache_accounting_clear() (bsc#1163762). - bcache: fix static checker warning in bcache_device_free() (bsc#1163762). - bcache: ignore pending signals when creating gc and allocator thread (bsc#1163762, bsc#1112504). - bcache: print written and keys in trace_bcache_btree_write (bsc#1163762). - bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan() (bsc#1163762). - bcache: reap from tail of c->btree_cache in bch_mca_scan() (bsc#1163762). - bcache: remove macro nr_to_fifo_front() (bsc#1163762). - bcache: remove member accessed from struct btree (bsc#1163762). - bcache: remove the extra cflags for request.o (bsc#1163762). - bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (bsc#1163762, bsc#1112504). - bcma: remove set but not used variable 'sizel' (git-fixes). - blk-mq: avoid sysfs buffer overflow with too many CPU cores (bsc#1159377). - blk-mq: avoid sysfs buffer overflow with too many CPU cores (bsc#1163840). - blk-mq: make sure that line break can be printed (bsc#1159377). - blk-mq: make sure that line break can be printed (bsc#1164098). - Bluetooth: Fix race condition in hci_release_sock() (bsc#1051510). - Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading (bsc#1051510). - bnxt: apply computed clamp value for coalece parameter (bsc#1104745). - bnxt_en: Fix MSIX request logic for RDMA driver (bsc#1104745 ). - bnxt_en: Return error if FW returns more data than dump length (bsc#1104745). - bonding: fix active-backup transition after link failure (git-fixes). - bonding: fix potential NULL deref in bond_update_slave_arr (bsc#1051510). - bonding: fix slave stuck in BOND_LINK_FAIL state (networking-stable-19_11_10). - bonding: fix state transition issue in link monitoring (networking-stable-19_11_10). - bonding: fix unexpected IFF_BONDING bit unset (bsc#1051510). - bpf, offload: Unlock on error in bpf_offload_dev_create() (bsc#1109837). - bpf/sockmap: Read psock ingress_msg before sk_receive_queue (bsc#1083647). - bpf/stackmap: Fix deadlock with rq_lock in bpf_get_stack() (bsc#1083647). - bpf: add self-check logic to liveness analysis (bsc#1160618). - bpf: add verifier stats and log_level bit 2 (bsc#1160618). - bpf: Fix incorrect verifier simulation of ARSH under ALU32 (bsc#1083647). - bpf: improve stacksafe state comparison (bco#1160618). - bpf: improve verification speed by droping states (bsc#1160618). - bpf: improve verification speed by not remarking live_read (bsc#1160618). - bpf: improve verifier branch analysis (bsc#1160618). - bpf: increase complexity limit and maximum program size (bsc#1160618). - bpf: increase verifier log limit (bsc#1160618). - bpf: Make use of probe_user_write in probe write helper (bsc#1083647). - bpf: Reject indirect var_off stack access in raw mode (bsc#1160618). - bpf: Reject indirect var_off stack access in unpriv mode (bco#1160618). - bpf: Sanity check max value for var_off stack access (bco#1160618). - bpf: skmsg, fix potential psock NULL pointer dereference (bsc#1109837). - bpf: speed up stacksafe check (bco#1160618). - bpf: Support variable offset stack access from helpers (bco#1160618). - bpf: verifier: teach the verifier to reason about the BPF_JSET instruction (bco#1160618). - brcmfmac: fix interface sanity check (git-fixes). - brcmfmac: Fix memory leak in brcmf_p2p_create_p2pdev() (bsc#1111666). - brcmfmac: Fix memory leak in brcmf_usbdev_qinit (git-fixes). - brcmfmac: Fix use after free in brcmf_sdio_readframes() (git-fixes). - brcmfmac: sdio: Fix OOB interrupt initialization on brcm43362 (bsc#1111666). - brcmfmac: set F2 watermark to 256 for 4373 (bsc#1111666). - brcmfmac: set SDIO F1 MesBusyCtrl for CYW4373 (bsc#1111666). - btrfs: abort transaction after failed inode updates in create_subvol (bsc#1161936). - btrfs: add missing extents release on file extent cluster relocation error (bsc#1159483). - btrfs: avoid fallback to transaction commit during fsync of files with holes (bsc#1159569). - btrfs: dev-replace: remove warning for unknown return codes when finished (dependency for bsc#1162067). - btrfs: do not call synchronize_srcu() in inode_tree_del (bsc#1161934). - btrfs: do not double lock the subvol_sem for rename exchange (bsc#1162943). - btrfs: Ensure we trim ranges across block group boundary (bsc#1151910). - btrfs: fix block group remaining RO forever after error during device replace (bsc#1160442). - btrfs: fix btrfs_write_inode vs delayed iput deadlock (bsc#1154243). - btrfs: fix infinite loop during fsync after rename operations (bsc#1163383). - btrfs: fix infinite loop during nocow writeback due to race (bsc#1160804). - btrfs: fix integer overflow in calc_reclaim_items_nr (bsc#1160433). - btrfs: fix missing data checksums after replaying a log tree (bsc#1161931). - btrfs: fix negative subv_writers counter and data space leak after buffered write (bsc#1160802). - btrfs: fix race between adding and putting tree mod seq elements and nodes (bsc#1163384). - btrfs: fix removal logic of the tree mod log that leads to use-after-free issues (bsc#1160803). - btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Fix for dependency of bsc#1157692). - btrfs: handle ENOENT in btrfs_uuid_tree_iterate (bsc#1161937). - btrfs: harden agaist duplicate fsid on scanned devices (bsc#1134973). - btrfs: inode: Verify inode mode to avoid NULL pointer dereference (dependency for bsc#1157692). - btrfs: make tree checker detect checksum items with overlapping ranges (bsc#1161931). - btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it (dependency for bsc#1157692). - btrfs: record all roots for rename exchange on a subvol (bsc#1161933). - btrfs: relocation: fix reloc_root lifespan and access (bsc#1159588). - btrfs: scrub: Require mandatory block group RO for dev-replace (bsc#1162067). - btrfs: send, skip backreference walking for extents with many references (bsc#1162139). - btrfs: simplify inode locking for RWF_NOWAIT (git-fixes). - btrfs: skip log replay on orphaned roots (bsc#1161935). - btrfs: tree-checker: Check chunk item at tree block read time (dependency for bsc#1157692). - btrfs: tree-checker: Check level for leaves and nodes (dependency for bsc#1157692). - btrfs: tree-checker: Enhance chunk checker to validate chunk profile (dependency for bsc#1157692). - btrfs: tree-checker: Fix wrong check on max devid (fixes for dependency of bsc#1157692). - btrfs: tree-checker: get fs_info from eb in block_group_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_block_group_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_csum_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_dev_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_dir_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_extent_data_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_inode_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_leaf (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_leaf_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in chunk_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in dev_item_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in dir_item_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in file_extent_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in generic_err (dependency for bsc#1157692). - btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO (dependency for bsc#1157692). - btrfs: tree-checker: Make chunk item checker messages more readable (dependency for bsc#1157692). - btrfs: tree-checker: Verify dev item (dependency for bsc#1157692). - btrfs: tree-checker: Verify inode item (dependency for bsc#1157692). - btrfs: volumes: Use more straightforward way to calculate map length (bsc#1151910). - can, slip: Protect tty->disc_data in write_wakeup and close with RCU (bsc#1051510). - can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs (bsc#1051510). - can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open (bsc#1051510). - can: gs_usb: gs_usb_probe(): use descriptors of current altsetting (bsc#1051510). - can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling to irq mode (bsc#1051510). - can: peak_usb: report bus recovery as well (bsc#1051510). - can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error (bsc#1051510). - can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error (bsc#1051510). - can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM (bsc#1051510). - can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors (bsc#1051510). - can: slcan: Fix use-after-free Read in slcan_open (bsc#1051510). - CDC-NCM: handle incomplete transfer of MTU (networking-stable-19_11_10). - cdrom: respect device capabilities during opening action (boo#1164632). - cfg80211/mac80211: make ieee80211_send_layer2_update a public function (bsc#1051510). - cfg80211: check for set_wiphy_params (bsc#1051510). - cfg80211: fix deadlocks in autodisconnect work (bsc#1111666). - cfg80211: fix memory leak in cfg80211_cqm_rssi_update (bsc#1111666). - cfg80211: fix page refcount issue in A-MSDU decap (bsc#1051510). - cgroup: pids: use atomic64_t for pids->limit (bsc#1161514). - chardev: Avoid potential use-after-free in 'chrdev_open()' (bsc#1163849). - cifs: add support for flock (bsc#1144333). - cifs: Close cached root handle only if it had a lease (bsc#1144333). - cifs: Close open handle after interrupted close (bsc#1144333). - cifs: close the shared root handle on tree disconnect (bsc#1144333). - cifs: Do not miss cancelled OPEN responses (bsc#1144333). - cifs: Fix lookup of root ses in DFS referral cache (bsc#1144333). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333). - cifs: fix mount option display for sec=krb5i (bsc#1161907). - cifs: Fix mount options set in automount (bsc#1144333). - cifs: Fix NULL pointer dereference in mid callback (bsc#1144333). - cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bsc#1144333). - cifs: Fix potential softlockups while refreshing DFS cache (bsc#1144333). - cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1144333). - cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1144333). - cifs: Properly process SMB3 lease breaks (bsc#1144333). - cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1144333). - cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1144333). - clk: Do not try to enable critical clocks if prepare failed (bsc#1051510). - clk: imx: clk-composite-8m: add lock to gate/mux (git-fixes). - clk: mmp2: Fix the order of timer mux parents (bsc#1051510). - clk: qcom: rcg2: Do not crash if our parent can't be found; return an error (bsc#1051510). - clk: rockchip: fix I2S1 clock gate register for rk3328 (bsc#1051510). - clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 (bsc#1051510). - clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering (bsc#1051510). - clk: rockchip: fix rk3188 sclk_smc gate data (bsc#1051510). - clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock (bsc#1051510). - clk: sunxi: sun9i-mmc: Implement reset callback for reset controls (bsc#1051510). - clk: tegra: Mark fuse clock as critical (bsc#1051510). - clocksource/drivers/bcm2835_timer: Fix memory leak of timer (bsc#1051510). - clocksource: Prevent double add_timer_on() for watchdog_timer (bsc#1051510). - closures: fix a race on wakeup from closure_sync (bsc#1163762). - configfs_register_group() shouldn't be (and isn't) called in rmdirable parts (bsc#1051510). - copy/pasted 'Recommends:' instead of 'Provides:', 'Obsoletes:' and 'Conflicts: - Cover up kABI breakage due to DH key verification (bsc#1155331). - crypto: af_alg - Use bh_lock_sock in sk_destruct (bsc#1051510). - crypto: api - Check spawn->alg under lock in crypto_drop_spawn (bsc#1051510). - crypto: api - Fix race condition in crypto_spawn_alg (bsc#1051510). - crypto: atmel-sha - fix error handling when setting hmac key (bsc#1051510). - crypto: caam/qi2 - fix typo in algorithm's driver name (bsc#1111666). - crypto: ccp - fix uninitialized list head (bsc#1051510). - crypto: chelsio - fix writing tfm flags to wrong place (bsc#1051510). - crypto: dh - add public key verification test (bsc#1155331). - crypto: dh - fix calculating encoded key size (bsc#1155331). - crypto: dh - fix memory leak (bsc#1155331). - crypto: dh - update test for public key verification (bsc#1155331). - crypto: DRBG - add FIPS 140-2 CTRNG for noise source (bsc#1155334). - crypto: ecdh - add public key verification test (bsc#1155331). - crypto: ecdh - fix typo of P-192 b value (bsc#1155331). - crypto: mxc-scc - fix build warnings on ARM64 (bsc#1051510). - crypto: pcrypt - Do not clear MAY_SLEEP flag in original request (bsc#1051510). - crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill (bsc#1051510). - crypto: reexport crypto_shoot_alg() (bsc#1051510, kABI fix). - cxgb4: request the TX CIDX updates to status page (bsc#1127371). - dma-buf: Fix memory leak in sync_file_merge() (git-fixes). - dma-mapping: fix return type of dma_set_max_seg_size() (bsc#1051510). - dmaengine: coh901318: Fix a double-lock bug (bsc#1051510). - dmaengine: coh901318: Remove unused variable (bsc#1051510). - dmaengine: Fix access to uninitialized dma_slave_caps (bsc#1051510). - Documentation: Document arm64 kpti control (bsc#1162623). - drivers/base/memory.c: cache blocks in radix tree to accelerate lookup (bsc#1159955 ltc#182993). - drivers/base/memory.c: do not access uninitialized memmaps in soft_offline_page_store() (bsc#1051510). - drivers/base/platform.c: kmemleak ignore a known leak (bsc#1051510). - drivers/regulator: fix a missing check of return value (bsc#1051510). - drm/amd/display: Retrain dongles when SINK_COUNT becomes non-zero (bsc#1111666). - drm/amd/powerplay: remove set but not used variable 'us_mvdd' (bsc#1111666). - drm/amdgpu/{uvd,vcn}: fetch ring's read_ptr after alloc (bsc#1111666). - drm/amdgpu: add function parameter description in 'amdgpu_device_set_cg_state' (bsc#1111666). - drm/amdgpu: add function parameter description in 'amdgpu_gart_bind' (bsc#1051510). - drm/amdgpu: fix bad DMA from INTERRUPT_CNTL2 (bsc#1114279) - drm/amdgpu: fix ring test failure issue during s3 in vce 3.0 (V2) (bsc#1111666). - drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table (bsc#1051510). - drm/amdgpu: remove always false comparison in 'amdgpu_atombios_i2c_process_i2c_ch' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'amdgpu_connector' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'dig' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'dig_connector' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'invalid' (bsc#1111666). - drm/amdgpu: remove set but not used variable 'mc_shared_chmap' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'mc_shared_chmap' from 'gfx_v6_0.c' and 'gfx_v7_0.c' (bsc#1051510). - drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ (bsc#1051510). - drm/fb-helper: Round up bits_per_pixel if possible (bsc#1051510). - drm/i810: Prevent underflow in ioctl (bsc#1114279) - drm/i915/gvt: Pin vgpu dma address before using (bsc#1112178) - drm/i915/gvt: set guest display buffer as readonly (bsc#1112178) - drm/i915/gvt: use vgpu lock for active state setting (bsc#1112178) - drm/i915/perf: add missing delay for OA muxes configuration (bsc#1111666). - drm/i915: Add missing include file (bsc#1051510). - drm/i915: Call dma_set_max_seg_size() in i915_driver_hw_probe() (bsc#1111666). - drm/i915: Fix pid leak with banned clients (bsc#1114279) - drm/i915: Handle vm_mmap error during I915_GEM_MMAP ioctl with WC set (bsc#1111666). - drm/i915: Make sure cdclk is high enough for DP audio on VLV/CHV (bsc#1111666). - drm/i915: Sanity check mmap length against object size (bsc#1111666). - drm/msm: include linux/sched/task.h (bsc#1112178) - drm/mst: Fix MST sideband up-reply failure handling (bsc#1051510). - drm/nouveau/bar/gf100: ensure BAR is mapped (bsc#1111666). - drm/nouveau/bar/nv50: check bar1 vmm return value (bsc#1111666). - drm/nouveau/mmu: qualify vmm during dtor (bsc#1111666). - drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new() (bsc#1051510). - drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler (bsc#1051510). - drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028) - drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028) - drm/radeon: fix r1xx/r2xx register checker for POT textures (bsc#1114279) - drm/rect: Avoid division by zero (bsc#1111666). - drm/rect: update kerneldoc for drm_rect_clip_scaled() (bsc#1111666). - drm/rockchip: lvds: Fix indentation of a #define (bsc#1051510). - drm/rockchip: Round up _before_ giving to the clock framework (bsc#1114279) - drm/sun4i: hdmi: Remove duplicate cleanup calls (bsc#1113956) - drm/sun4i: tcon: Set min division of TCON0_DCLK to 1 (bsc#1111666). - drm/sun4i: tcon: Set RGB DCLK min. divider based on hardware model (bsc#1111666). - drm/ttm: ttm_tt_init_fields() can be static (bsc#1111666). - drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add (bsc#1051510). - drm: bridge: dw-hdmi: constify copied structure (bsc#1051510). - drm: limit to INT_MAX in create_blob ioctl (bsc#1051510). - drm: meson: venc: cvbs: fix CVBS mode matching (bsc#1051510). - drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable (bsc#1111666). - drm: panel-lvds: Potential Oops in probe error handling (bsc#1114279) - e1000e: Add support for Comet Lake (bsc#1158533). - e1000e: Add support for Tiger Lake (bsc#1158533). - e1000e: Increase pause and refresh time (bsc#1158533). - e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait (bsc#1051510). - Enable CONFIG_BLK_DEV_SR_VENDOR (boo#1164632). - enic: prevent waking up stopped tx queues over watchdog reset (bsc#1133147). - exit: panic before exit_mm() on global init exit (bsc#1161549). - ext2: check err when partial != NULL (bsc#1163859). - ext4, jbd2: ensure panic when aborting with zero errno (bsc#1163853). - ext4: check for directory entries too close to block end (bsc#1163861). - ext4: fix a bug in ext4_wait_for_tail_page_commit (bsc#1163841). - ext4: fix checksum errors with indexed dirs (bsc#1160979). - ext4: fix deadlock allocating crypto bounce page from mempool (bsc#1163842). - ext4: Fix mount failure with quota configured as module (bsc#1164471). - ext4: fix mount failure with quota configured as module (bsc#1164471). - ext4: improve explanation of a mount failure caused by a misconfigured kernel (bsc#1163843). - extcon: max8997: Fix lack of path setting in USB device mode (bsc#1051510). - firestream: fix memory leaks (bsc#1051510). - fix autofs regression caused by follow_managed() changes (bsc#1159271). - fix dget_parent() fastpath race (bsc#1159271). - Fix partial checked out tree build ... so that bisection does not break. - Fix the locking in dcache_readdir() and friends (bsc#1123328). - fjes: fix missed check in fjes_acpi_add (bsc#1051510). - fs/namei.c: fix missing barriers when checking positivity (bsc#1159271). - fs/namei.c: pull positivity check into follow_managed() (bsc#1159271). - fs/open.c: allow opening only regular files during execve() (bsc#1163845). - fs: cifs: Fix atime update check vs mtime (bsc#1144333). - fscrypt: do not set policy for a dead directory (bsc#1163846). - ftrace: Add comment to why rcu_dereference_sched() is open coded (git-fixes). - ftrace: Avoid potential division by zero in function profiler (bsc#1160784). - ftrace: Protect ftrace_graph_hash with ftrace_sync (git-fixes). - genirq/proc: Return proper error code when irq_set_affinity() fails (bnc#1105392). - genirq: Prevent NULL pointer dereference in resend_irqs() (bsc#1051510). - genirq: Properly pair kobject_del() with kobject_add() (bsc#1051510). - gpio: Fix error message on out-of-range GPIO in lookup table (bsc#1051510). - gtp: avoid zero size hashtable (networking-stable-20_01_01). - gtp: do not allow adding duplicate tid and ms_addr pdp context (networking-stable-20_01_01). - gtp: fix an use-after-free in ipv4_pdp_find() (networking-stable-20_01_01). - gtp: fix wrong condition in gtp_genl_dump_pdp() (networking-stable-20_01_01). - HID: doc: fix wrong data structure reference for UHID_OUTPUT (bsc#1051510). - HID: hidraw, uhid: Always report EPOLLOUT (bsc#1051510). - HID: hidraw: Fix returning EPOLLOUT from hidraw_poll (bsc#1051510). - HID: intel-ish-hid: fixes incorrect error handling (bsc#1051510). - HID: uhid: Fix returning EPOLLOUT from uhid_char_poll (bsc#1051510). - hidraw: Return EPOLLOUT from hidraw_poll (bsc#1051510). - hotplug/drc-info: Add code to search ibm,drc-info property (bsc#1157480 ltc#181028). - hv_netvsc: Fix offset usage in netvsc_send_table() (bsc#1164598). - hv_netvsc: Fix send_table offset in case of a host bug (bsc#1164598). - hv_netvsc: Fix tx_table init in rndis_set_subchannel() (bsc#1164598). - hv_netvsc: Fix unwanted rx_table reset (bsc#1164598). - hwmon: (adt7475) Make volt2reg return same reg as reg2volt input (bsc#1051510). - hwmon: (core) Do not use device managed functions for memory allocations (bsc#1051510). - hwmon: (k10temp) Add support for AMD family 17h, model 70h CPUs (bsc#1163206). - hwmon: (nct7802) Fix voltage limits to wrong registers (bsc#1051510). - hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions (bsc#1051510). - hwrng: stm32 - fix unbalanced pm_runtime_enable (bsc#1051510). - i2c: imx: do not print error message on probe defer (bsc#1051510). - IB/hfi1: Do not cancel unused work item (bsc#1114685 ). - IB/mlx5: Fix steering rule of drop and count (bsc#1103991 ). - IB/mlx5: Remove dead code (bsc#1103991). - ibmveth: Detect unsupported packets before sending to the hypervisor (bsc#1159484 ltc#182983). - ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047). - ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047). - ibmvnic: Serialize device queries (bsc#1155689 ltc#182047). - ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047). - ice: fix stack leakage (bsc#1118661). - idr: Fix idr_alloc_u32 on 32-bit systems (bsc#1051510). - iio: adc: max9611: Fix too short conversion time delay (bsc#1051510). - iio: buffer: align the size of scan bytes to size of the largest element (bsc#1051510). - inet: protect against too small mtu values (networking-stable-19_12_16). - Input: aiptek - fix endpoint sanity check (bsc#1051510). - Input: cyttsp4_core - fix use after free bug (bsc#1051510). - Input: goodix - add upside-down quirk for Teclast X89 tablet (bsc#1051510). - Input: gtco - fix endpoint sanity check (bsc#1051510). - Input: keyspan-remote - fix control-message timeouts (bsc#1051510). - Input: pegasus_notetaker - fix endpoint sanity check (bsc#1051510). - Input: pm8xxx-vib - fix handling of separate enable register (bsc#1051510). - Input: rmi_f54 - read from FIFO in 32 byte blocks (bsc#1051510). - Input: sun4i-ts - add a check for devm_thermal_zone_of_sensor_register (bsc#1051510). - Input: sur40 - fix interface sanity checks (bsc#1051510). - Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus (bsc#1051510). - Input: synaptics-rmi4 - do not increment rmiaddr for SMBus transfers (bsc#1051510). - Input: synaptics-rmi4 - simplify data read in rmi_f54_work (bsc#1051510). - iommu/amd: Fix IOMMU perf counter clobbering during init (bsc#1162617). - iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA (bsc#1164314). - iommu/io-pgtable-arm: Fix race handling in split_blk_unmap() (bsc#1164115). - iommu/iova: Init the struct iova to fix the possible memleak (bsc#1160469). - iommu/mediatek: Correct the flush_iotlb_all callback (bsc#1160470). - iommu/vt-d: Unlink device if failed to add to group (bsc#1160756). - iommu: Remove device link to group on failure (bsc#1160755). - ipmi: Do not allow device module unload when in use (bsc#1154768). - ipv4: Fix table id reference in fib_sync_down_addr (networking-stable-19_11_10). - iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop (git-fixes). - iwlwifi: change monitor DMA to be coherent (bsc#1161243). - iwlwifi: clear persistence bit according to device family (bsc#1111666). - iwlwifi: do not throw error when trying to remove IGTK (bsc#1051510). - iwlwifi: mvm: fix NVM check for 3168 devices (bsc#1051510). - iwlwifi: mvm: force TCM re-evaluation on TCM resume (bsc#1111666). - iwlwifi: mvm: Send non offchannel traffic via AP sta (bsc#1051510). - iwlwifi: mvm: synchronize TID queue removal (bsc#1051510). - iwlwifi: pcie: fix erroneous print (bsc#1111666). - iwlwifi: trans: Clear persistence bit when starting the FW (bsc#1111666). - jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal (bsc#1163862). - jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer (bsc#1163836). - jbd2: Fix possible overflow in jbd2_log_space_left() (bsc#1163860). - jbd2: make sure ESHUTDOWN to be recorded in the journal superblock (bsc#1163863). - jbd2: move the clearing of b_modified flag to the journal_unmap_buffer() (bsc#1163880). - jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record (bsc#1163852). - kABI fix for 'ipmi: Do not allow device module unload when in use' (bsc#1154768). - kABI fixup for alloc_dax_region (bsc#1158071,bsc#1160678). - kABI workaround for can/skb.h inclusion (bsc#1051510). - kABI/severities: Whitelist rpaphp_get_drc_props (bsc#1157480 ltc#181028). - kABI: add _q suffix to exports that take struct dh (bsc#1155331). - kABI: protect struct sctp_ep_common (kabi). - kABI: Protest new fields in BPF structs (bsc#1160618). - kconfig: fix broken dependency in randconfig-generated .config (bsc#1051510). - kernel-binary.spec.in: do not recommend firmware for kvmsmall and azure flavor (boo#1161360). - kernel/trace: Fix do not unregister tracepoints when register sched_migrate_task fail (bsc#1160787). - kernfs: Fix range checks in kernfs_get_target_path (bsc#1051510). - kexec: bail out upon SIGKILL when allocating memory (git-fixes). - KVM: Clean up __kvm_gfn_to_hva_cache_init() and its callers (bsc#1133021). - KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails (bsc#1061840). - KVM: PPC: Book3S PR: Fix -Werror=return-type build failure (bsc#1061840). - KVM: PPC: Book3S PR: Free shared page if mmu initialization fails (bsc#1061840). - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl (git-fixes). - KVM: s390: Test for bad access register and size at the start of S390_MEM_OP (git-fixes). - KVM: SVM: Override default MMIO mask if memory encryption is enabled (bsc#1162618). - KVM: x86: Host feature SSBD does not imply guest feature SPEC_CTRL_SSBD (bsc#1160476). - KVM: x86: Remove a spurious export of a static function (bsc#1158954). - lcoking/rwsem: Add missing ACQUIRE to read_slowpath sleep loop (bsc#1050549). - leds: Allow to call led_classdev_unregister() unconditionally (bsc#1161674). - leds: class: ensure workqueue is initialized before setting brightness (bsc#1161674). - lib/scatterlist.c: adjust indentation in __sg_alloc_table (bsc#1051510). - lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more() (bsc#1051510). - lib: crc64: include for 'crc64_be' (bsc#1163762). - libnvdimm/namespace: Differentiate between probe mapping and runtime mapping (bsc#1153535). - libnvdimm/pfn: Account for PAGE_SIZE > info-block-size in nd_pfn_init() (bsc#1127682 bsc#1153535 ltc#175033 ltc#181834). - libnvdimm: Fix devm_nsio_enable() kabi (bsc#1153535). - livepatch/samples/selftest: Use klp_shadow_alloc() API correctly (bsc#1071995). - livepatch/selftest: Clean up shadow variable names and type (bsc#1071995). - locking/rwsem: Prevent decrement of reader count before increment (bsc#1050549). - mac80211: Do not send Layer 2 Update frame before authorization (bsc#1051510). - mac80211: fix ieee80211_txq_setup_flows() failure path (bsc#1111666). - mac80211: fix station inactive_time shortly after boot (bsc#1051510). - mac80211: Fix TKIP replay protection immediately after key setup (bsc#1051510). - mac80211: mesh: restrict airtime metric to peered established plinks (bsc#1051510). - macvlan: do not assume mac_header is set in macvlan_broadcast() (bsc#1051510). - macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() (bsc#1051510). - mailbox: mailbox-test: fix null pointer if no mmio (bsc#1051510). - md/raid0: Fix buffer overflow at debug print (bsc#1164051). - media/v4l2-core: set pages dirty upon releasing DMA buffers (bsc#1051510). - media: af9005: uninitialized variable printked (bsc#1051510). - media: cec.h: CEC_OP_REC_FLAG_ values were swapped (bsc#1051510). - media: cec: CEC 2.0-only bcast messages were ignored (git-fixes). - media: cec: report Vendor ID after initialization (bsc#1051510). - media: digitv: do not continue if remote control state can't be read (bsc#1051510). - media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 (bsc#1051510). - media: exynos4-is: fix wrong mdev and v4l2 dev order in error path (git-fixes). - media: gspca: zero usb_buf (bsc#1051510). - media: iguanair: fix endpoint sanity check (bsc#1051510). - media: ov6650: Fix control handler not freed on init error (git-fixes). - media: ov6650: Fix crop rectangle alignment not passed back (git-fixes). - media: ov6650: Fix incorrect use of JPEG colorspace (git-fixes). - media: pulse8-cec: fix lost cec_transmit_attempt_done() call. - media: pulse8-cec: return 0 when invalidating the logical address (bsc#1051510). - media: stkwebcam: Bugfix for wrong return values (bsc#1051510). - media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors (bsc#1051510). - media: uvcvideo: Fix error path in control parsing failure (git-fixes). - media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE (bsc#1051510). - media: v4l2-ioctl.c: zero reserved fields for S/TRY_FMT (bsc#1051510). - media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments (bsc#1051510). - mei: bus: prefix device names on bus with the bus name (bsc#1051510). - mfd: da9062: Fix watchdog compatible string (bsc#1051510). - mfd: dln2: More sanity checking for endpoints (bsc#1051510). - mfd: rn5t618: Mark ADC control register volatile (bsc#1051510). - missing escaping of backslashes in macro expansions Fixes: f3b74b0ae86b ('rpm/kernel-subpackage-spec: Unify dependency handling.') Fixes: 3fd22e219f77 ('rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959)') - mlxsw: spectrum_qdisc: Ignore grafting of invisible FIFO (bsc#1112374). - mlxsw: spectrum_router: Fix determining underlay for a GRE tunnel (bsc#1112374). - mm, memory_hotplug: do not clear numa_node association after hot_remove (bnc#1115026). - mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock (bsc#1159394). - mm: memory_hotplug: use put_device() if device_register fail (bsc#1159955 ltc#182993). - mmc: mediatek: fix CMD_TA to 2 for MT8173 HS200/HS400 mode (bsc#1051510). - mmc: sdhci-of-esdhc: fix P2020 errata handling (bsc#1051510). - mmc: sdhci-of-esdhc: Revert 'mmc: sdhci-of-esdhc: add erratum A-009204 support' (bsc#1051510). - mmc: sdhci: Add a quirk for broken command queuing (git-fixes). - mmc: sdhci: fix minimum clock rate for v3 controller (bsc#1051510). - mmc: sdhci: Workaround broken command queuing on Intel GLK (git-fixes). - mmc: spi: Toggle SPI polarity, do not hardcode it (bsc#1051510). - mmc: tegra: fix SDR50 tuning override (bsc#1051510). - moduleparam: fix parameter description mismatch (bsc#1051510). - mod_devicetable: fix PHY module format (networking-stable-19_12_28). - mqprio: Fix out-of-bounds access in mqprio_dump (bsc#1109837). - mtd: fix mtd_oobavail() incoherent returned value (bsc#1051510). - mwifiex: debugfs: correct histogram spacing, formatting (bsc#1051510). - mwifiex: delete unused mwifiex_get_intf_num() (bsc#1111666). - mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame() (git-fixes). - mwifiex: fix potential NULL dereference and use after free (bsc#1051510). - mwifiex: update set_mac_address logic (bsc#1111666). - namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1163851). - net, sysctl: Fix compiler warning when only cBPF is present (bsc#1109837). - net/ibmvnic: Fix typo in retry check (bsc#1155689 ltc#182047). - net/mlx4_en: fix mlx4 ethtool -N insertion (networking-stable-19_11_25). - net/mlx4_en: Fix wrong limitation for number of TX rings (bsc#1103989). - net/mlx5: Accumulate levels for chains prio namespaces (bsc#1103990). - net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq (bsc#1046303). - net/mlx5: Update the list of the PCI supported devices (bsc#1127611). - net/mlx5e: Fix set vf link state error flow (networking-stable-19_11_25). - net/mlx5e: Fix SFF 8472 eeprom length (git-fixes). - net/mlx5e: Query global pause state before setting prio2buffer (bsc#1103990). - net/mlxfw: Fix out-of-memory error in mfa2 flash burning (bsc#1051858). - net/sched: act_pedit: fix WARN() in the traffic path (networking-stable-19_11_25). - net: add sendmsg_locked and sendpage_locked to af_inet6 (bsc#1144162). - net: bridge: deny dev_set_mac_address() when unregistering (networking-stable-19_12_16). - net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size() (git-fixes). - net: dst: Force 4-byte alignment of dst_metrics (networking-stable-19_12_28). - net: ena: fix napi handler misbehavior when the napi budget is zero (networking-stable-20_01_01). - net: ethernet: octeon_mgmt: Account for second possible VLAN header (networking-stable-19_11_10). - net: ethernet: ti: cpsw: fix extra rx interrupt (networking-stable-19_12_16). - net: fix data-race in neigh_event_send() (networking-stable-19_11_10). - net: hisilicon: Fix a BUG trigered by wrong bytes_compl (networking-stable-19_12_28). - net: hns3: fix ETS bandwidth validation bug (bsc#1104353 ). - net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive() (networking-stable-19_12_28). - net: phy: at803x: Change error to EINVAL for invalid MAC (bsc#1051510). - net: phy: broadcom: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: Check against net_device being NULL (bsc#1051510). - net: phy: dp83867: Set up RGMII TX delay (bsc#1051510). - net: phy: Fix not to call phy_resume() if PHY is not attached (bsc#1051510). - net: phy: Fix the register offsets in Broadcom iProc mdio mux driver (bsc#1051510). - net: phy: fixed_phy: Fix fixed_phy not checking GPIO (bsc#1051510). - net: phy: marvell: clear wol event before setting it (bsc#1051510). - net: phy: marvell: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: meson-gxl: check phy_write return value (bsc#1051510). - net: phy: micrel: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32 (bsc#1051510). - net: phy: mscc: read 'vsc8531,vddmac' as an u32 (bsc#1051510). - net: phy: xgene: disable clk on error paths (bsc#1051510). - net: phy: xgmiitorgmii: Check phy_driver ready before accessing (bsc#1051510). - net: phy: xgmiitorgmii: Check read_status results (bsc#1051510). - net: phy: xgmiitorgmii: Support generic PHY status read (bsc#1051510). - net: psample: fix skb_over_panic (networking-stable-19_12_03). - net: qlogic: Fix error paths in ql_alloc_large_buffers() (networking-stable-19_12_28). - net: rtnetlink: prevent underflows in do_setvfinfo() (networking-stable-19_11_25). - net: sched: ensure opts_len <= IP_TUNNEL_OPTS_MAX in act_tunnel_key (bsc#1109837). - net: sched: fix dump qlen for sch_mq/sch_mqprio with NOLOCK subqueues (bsc#1109837). - net: sched: fix `tc -s class show` no bstats on class with nolock subqueues (networking-stable-19_12_03). - net: usb: lan78xx: Fix suspend/resume PHY register access error (networking-stable-19_12_28). - net: usb: lan78xx: limit size of local TSO packets (bsc#1051510). - net: usb: qmi_wwan: add support for DW5821e with eSIM support (networking-stable-19_11_10). - net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules (networking-stable-19_11_18). - netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes). - new helper: lookup_positive_unlocked() (bsc#1159271). - NFC: fdp: fix incorrect free object (networking-stable-19_11_10). - NFC: pn533: fix bulk-message timeout (bsc#1051510). - NFC: pn544: Adjust indentation in pn544_hci_check_presence (git-fixes). - NFC: st21nfca: fix double free (networking-stable-19_11_10). - nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info (bsc#1163774). - openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() (networking-stable-19_12_03). - openvswitch: remove another BUG_ON() (networking-stable-19_12_03). - openvswitch: support asymmetric conntrack (networking-stable-19_12_16). - orinoco_usb: fix interface sanity check (git-fixes). - PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() (bsc#1051510). - PCI/switchtec: Fix vep_vector_number ioread width (bsc#1051510). - PCI: Add DMA alias quirk for Intel VCA NTB (bsc#1051510). - PCI: Do not disable bridge BARs when assigning bus resources (bsc#1051510). - PCI: pciehp: Avoid returning prematurely from sysfs requests (git-fixes). - PCI: rpaphp: Add drc-info support for hotplug slot registration (bsc#1157480 ltc#181028). - PCI: rpaphp: Annotate and correctly byte swap DRC properties (bsc#1157480 ltc#181028). - PCI: rpaphp: Avoid a sometimes-uninitialized warning (bsc#1157480 ltc#181028). - PCI: rpaphp: Correctly match ibm, my-drc-index to drc-name when using drc-info (bsc#1157480 ltc#181028). - PCI: rpaphp: Do not rely on firmware feature to imply drc-info support (bsc#1157480 ltc#181028). - PCI: rpaphp: Fix up pointer to first drc-info entry (bsc#1157480 ltc#181028). - percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc#1114279). - perf/x86/intel: Fix inaccurate period in context switch for auto-reload (bsc#1164315). - phy: qualcomm: Adjust indentation in read_poll_timeout (bsc#1051510). - pinctrl: cherryview: Fix irq_valid_mask calculation (bsc#1111666). - pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B (bsc#1051510). - pinctrl: xway: fix gpio-hog related boot issues (bsc#1051510). - pktcdvd: remove warning on attempting to register non-passthrough dev (bsc#1051510). - platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 (bsc#1051510). - platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size (bsc#1051510). - platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer (bsc#1051510). - platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes (bsc#1051510). - platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table (bsc#1051510). - PM / AVS: SmartReflex: NULL check before some freeing functions is not needed (bsc#1051510). - PM / Domains: Deal with multiple states but no governor in genpd (bsc#1051510). - power: supply: ltc2941-battery-gauge: fix use-after-free (bsc#1051510). - powerpc/archrandom: fix arch_get_random_seed_int() (bsc#1065729). - powerpc/irq: fix stack overflow verification (bsc#1065729). - powerpc/mm: drop #ifdef CONFIG_MMU in is_ioremap_addr() (bsc#1065729). - powerpc/mm: Remove kvm radix prefetch workaround for Power9 DD2.2 (bsc#1061840). - powerpc/papr_scm: Do not enable direct map for a region by default (bsc#1129551). - powerpc/papr_scm: Fix leaking 'bus_desc.provider_name' in some paths (bsc#1142685 ltc#179509). - powerpc/pkeys: remove unused pkey_allows_readwrite (bsc#1065729). - powerpc/powernv: Disable native PCIe port management (bsc#1065729). - powerpc/pseries/hotplug-memory: Change rc variable to bool (bsc#1065729). - powerpc/pseries/lparcfg: Fix display of Maximum Memory (bsc#1162028 ltc#181740). - powerpc/pseries/mobility: notify network peers after migration (bsc#1152631 ltc#181798). - powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning (bsc#1065729). - powerpc/pseries: Add cpu DLPAR support for drc-info property (bsc#1157480 ltc#181028). - powerpc/pseries: Advance pfn if section is not present in lmb_is_removable() (bsc#1065729). - powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW (bsc#1065729). - powerpc/pseries: Drop pointless static qualifier in vpa_debugfs_init() (git-fixes). - powerpc/pseries: Enable support for ibm,drc-info property (bsc#1157480 ltc#181028). - powerpc/pseries: Fix bad drc_index_start value parsing of drc-info entry (bsc#1157480 ltc#181028). - powerpc/pseries: Fix drc-info mappings of logical cpus to drc-index (bsc#1157480 ltc#181028). - powerpc/pseries: Fix vector5 in ibm architecture vector table (bsc#1157480 ltc#181028). - powerpc/pseries: Revert support for ibm,drc-info devtree property (bsc#1157480 ltc#181028). - powerpc/security: Fix debugfs data leak on 32-bit (bsc#1065729). - powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal delivery (bsc#1118338 ltc#173734). - powerpc/tools: Do not quote $objdump in scripts (bsc#1065729). - powerpc/xive: Discard ESB load value when interrupt is invalid (bsc#1085030). - powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts (bsc#1085030). - powerpc/xmon: do not access ASDR in VMs (bsc#1065729). - powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB (bnc#1151927 5.3.17). - powerpc: Allow flush_icache_range to work across ranges >4GB (bnc#1151927 5.3.17). - powerpc: avoid adjusting memory_limit for capture kernel memory reservation (bsc#1140025 ltc#176086). - powerpc: Enable support for ibm,drc-info devtree property (bsc#1157480 ltc#181028). - powerpc: Fix vDSO clock_getres() (bsc#1065729). - powerpc: reserve memory for capture kernel after hugepages init (bsc#1140025 ltc#176086). - ppp: Adjust indentation into ppp_async_input (git-fixes). - prevent active file list thrashing due to refault detection (VM Performance, bsc#1156286). - pseries/drc-info: Search DRC properties for CPU indexes (bsc#1157480 ltc#181028). - pstore/ram: Write new dumps to start of recycled zones (bsc#1051510). - pwm: Clear chip_data in pwm_put() (bsc#1051510). - pwm: clps711x: Fix period calculation (bsc#1051510). - pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional (git-fixes). - pwm: Remove set but not set variable 'pwm' (git-fixes). - pxa168fb: Fix the function used to release some memory in an error (bsc#1114279) - qede: Disable hardware gro when xdp prog is installed (bsc#1086314 bsc#1086313 bsc#1086301 ). - qede: Fix multicast mac configuration (networking-stable-19_12_28). - qede: fix NULL pointer deref in __qede_remove() (networking-stable-19_11_10). - qmi_wwan: Add support for Quectel RM500Q (bsc#1051510). - quota: Check that quota is not dirty before release (bsc#1163858). - quota: fix livelock in dquot_writeback_dquots (bsc#1163857). - r8152: add missing endpoint sanity check (bsc#1051510). - r8152: get default setting of WOL before initializing (bsc#1051510). - random: move FIPS continuous test to output functions (bsc#1155334). - RDMA/bnxt_re: Avoid freeing MR resources if dereg fails (bsc#1050244). - RDMA/bnxt_re: Enable SRIOV VF support on Broadcom's 57500 adapter series (bsc#1154916). - RDMA/bnxt_re: Fix chip number validation Broadcom's Gen P5 series (bsc#1157895). - RDMA/bnxt_re: Fix missing le16_to_cpu (bsc#1157895). - RDMA/hns: Bugfix for qpc/cqc timer configuration (bsc#1104427 bsc#1126206). - RDMA/hns: Correct the value of srq_desc_size (bsc#1104427 ). - RDMA/hns: Fix to support 64K page for srq (bsc#1104427 ). - RDMA/hns: Prevent memory leaks of eq->buf_list (bsc#1104427 ). - README.BRANCH: Update the branch name to cve/linux-4.12 - regulator: Fix return value of _set_load() stub (bsc#1051510). - regulator: rk808: Lower log level on optional GPIOs being not available (bsc#1051510). - regulator: rn5t618: fix module aliases (bsc#1051510). - regulator: tps65910: fix a missing check of return value (bsc#1051510). - reiserfs: Fix memory leak of journal device string (bsc#1163867). - reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling (bsc#1163869). - reset: fix reset_control_ops kerneldoc comment (bsc#1051510). - resource: fix locking in find_next_iomem_res() (bsc#1114279). - Revert 'locking/pvqspinlock: Do not wait if vCPU is preempted' (bsc#1050549). - rpm/kabi.pl: support new (>=5.4) Module.symvers format (new symbol namespace field) - rpm/kernel-binary.spec.in: Conflict with too old powerpc-utils (jsc#ECO-920, jsc#SLE-11054, jsc#SLE-11322). - rpm/kernel-binary.spec.in: Replace Novell with SUSE - rpm/kernel-subpackage-spec: Exclude kernel-firmware recommends (bsc#1143959) For reducing the dependency on kernel-firmware in sub packages - rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959) - rpm/kernel-subpackage-spec: fix kernel-default-base build There were some issues with recent changes to subpackage dependencies handling: - rpm/kernel-subpackage-spec: Unify dependency handling. - rpm/modules.fips: update module list (bsc#1157853) - rsi_91x_usb: fix interface sanity check (git-fixes). - rtc: cmos: Stop using shared IRQ (bsc#1051510). - rtc: dt-binding: abx80x: fix resistance scale (bsc#1051510). - rtc: hym8563: Return -EINVAL if the time is known to be invalid (bsc#1051510). - rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()' (bsc#1051510). - rtc: msm6242: Fix reading of 10-hour digit (bsc#1051510). - rtc: pcf8523: set xtal load capacitance from DT (bsc#1051510). - rtc: s35390a: Change buf's type to u8 in s35390a_init (bsc#1051510). - rtl818x: fix potential use after free (bsc#1051510). - rtl8xxxu: fix interface sanity check (git-fixes). - rtlwifi: Fix MAX MPDU of VHT capability (git-fixes). - rtlwifi: Remove redundant semicolon in wifi.h (git-fixes). - rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer (bsc#1111666). - s390/qeth: clean up page frag creation (git-fixes). - s390/qeth: consolidate skb allocation (git-fixes). - s390/qeth: ensure linear access to packet headers (git-fixes). - s390/qeth: guard against runt packets (git-fixes). - sched/fair: Add tmp_alone_branch assertion (bnc#1156462). - sched/fair: Fix insertion in rq->leaf_cfs_rq_list (bnc#1156462). - sched/fair: Fix O(nr_cgroups) in the load balancing path (bnc#1156462). - sched/fair: Optimize update_blocked_averages() (bnc#1156462). - sched/fair: WARN() and refuse to set buddy when !se->on_rq (bsc#1158132). - scsi: lpfc: fix build failure with DEBUGFS disabled (bsc#1154601). - scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport (bsc#1158013). - scsi: qla2xxx: Add D-Port Diagnostic reason explanation logs (bsc#1158013). - scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Cleanup unused async_logout_done (bsc#1158013). - scsi: qla2xxx: Consolidate fabric scan (bsc#1158013). - scsi: qla2xxx: Correct fcport flags handling (bsc#1158013). - scsi: qla2xxx: Correctly retrieve and interpret active flash region (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Fix a NULL pointer dereference in an error path (bsc#1157966 bsc#1158013 bsc#1157424). - scsi: qla2xxx: Fix fabric scan hang (bsc#1158013). - scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Fix mtcp dump collection failure (bsc#1158013). - scsi: qla2xxx: Fix RIDA Format-2 (bsc#1158013). - scsi: qla2xxx: Fix stuck login session using prli_pend_timer (bsc#1158013). - scsi: qla2xxx: Fix stuck session in GNL (bsc#1158013). - scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type (bsc#1158013). - scsi: qla2xxx: Fix unbound NVME response length (bsc#1157966 bsc#1158013 bsc#1157424). - scsi: qla2xxx: Fix update_fcport for current_topology (bsc#1158013). - scsi: qla2xxx: Improve readability of the code that handles qla_flt_header (bsc#1158013). - scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (bsc#1158013). - scsi: qla2xxx: Update driver version to 10.01.00.22-k (bsc#1158013). - scsi: qla2xxx: Use common routine to free fcport struct (bsc#1158013). - scsi: qla2xxx: Use get_unaligned_*() instead of open-coding these functions (bsc#1158013). - scsi: zfcp: trace channel log even for FCP command responses (git-fixes). - sctp: cache netns in sctp_ep_common (networking-stable-19_12_03). - sctp: fully initialize v4 addr in some functions (networking-stable-19_12_28). - serial: 8250_bcm2835aux: Fix line mismatch on driver unbind (bsc#1051510). - serial: ifx6x60: add missed pm_runtime_disable (bsc#1051510). - serial: max310x: Fix tx_empty() callback (bsc#1051510). - serial: pl011: Fix DMA ->flush_buffer() (bsc#1051510). - serial: serial_core: Perform NULL checks for break_ctl ops (bsc#1051510). - serial: stm32: fix transmit_chars when tx is stopped (bsc#1051510). - sfc: Only cancel the PPS workqueue if it exists (networking-stable-19_11_25). - sfc: Remove 'PCIE error reporting unavailable' (bsc#1161472). - sh_eth: check sh_eth_cpu_data::dual_port when dumping registers (bsc#1051510). - sh_eth: fix dumping ARSTR (bsc#1051510). - sh_eth: fix invalid context bug while calling auto-negotiation by ethtool (bsc#1051510). - sh_eth: fix invalid context bug while changing link options by ethtool (bsc#1051510). - sh_eth: fix TSU init on SH7734/R8A7740 (bsc#1051510). - sh_eth: fix TXALCR1 offsets (bsc#1051510). - sh_eth: TSU_QTAG0/1 registers the same as TSU_QTAGM0/1 (bsc#1051510). - smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1144333). - smb3: Fix persistent handles reconnect (bsc#1144333). - smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1144333). - smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1144333). - soc/tegra: fuse: Correct straps' address for older Tegra124 device trees (bsc#1051510). - soc: renesas: rcar-sysc: Add goto to of_node_put() before return (bsc#1051510). - soc: ti: wkup_m3_ipc: Fix race condition with rproc_boot (bsc#1051510). - spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch (bsc#1051510). - spi: omap2-mcspi: Set FIFO DMA trigger level to word length (bsc#1051510). - spi: tegra114: clear packed bit for unpacked mode (bsc#1051510). - spi: tegra114: configure dma burst size to fifo trig level (bsc#1051510). - spi: tegra114: fix for unpacked mode transfers (bsc#1051510). - spi: tegra114: flush fifos (bsc#1051510). - spi: tegra114: terminate dma and reset on transfer timeout (bsc#1051510). - sr_vendor: support Beurer GL50 evo CD-on-a-chip devices (boo#1164632). - staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713 (bsc#1051510). - Staging: iio: adt7316: Fix i2c data reading, set the data field (bsc#1051510). - staging: rtl8188eu: fix interface sanity check (bsc#1051510). - staging: rtl8192e: fix potential use after free (bsc#1051510). - staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids (bsc#1051510). - staging: rtl8723bs: Drop ACPI device ids (bsc#1051510). - staging: vt6656: correct packet types for CTS protect, mode (bsc#1051510). - staging: vt6656: Fix false Tx excessive retries reporting (bsc#1051510). - staging: vt6656: use NULLFUCTION stack on mac80211 (bsc#1051510). - staging: wlan-ng: ensure error return is actually returned (bsc#1051510). - stm class: Fix a double free of stm_source_device (bsc#1051510). - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock (bsc#1088810, bsc#1161702). - stop_machine: Atomically queue and wake stopper threads (bsc#1088810, bsc#1161702). - stop_machine: Disable preemption after queueing stopper threads (bsc#1088810, bsc#1161702). - stop_machine: Disable preemption when waking two stopper threads (bsc#1088810, bsc#1161702). - tcp: clear tp->packets_out when purging write queue (bsc#1160560). - tcp: do not send empty skb from tcp_write_xmit() (networking-stable-20_01_01). - tcp: exit if nothing to retransmit on RTO timeout (bsc#1160560, stable 4.14.159). - tcp: md5: fix potential overestimation of TCP option space (networking-stable-19_12_16). - thermal: Fix deadlock in thermal thermal_zone_device_check (bsc#1051510). - tipc: fix a missing check of genlmsg_put (bsc#1051510). - tipc: fix link name length check (bsc#1051510). - tipc: fix memory leak in tipc_nl_compat_publ_dump (bsc#1051510). - tipc: fix skb may be leaky in tipc_link_input (bsc#1051510). - tracing: Annotate ftrace_graph_hash pointer with __rcu (git-fixes). - tracing: Annotate ftrace_graph_notrace_hash pointer with __rcu (git-fixes). - tracing: Fix tracing_stat return values in error handling paths (git-fixes). - tracing: Fix very unlikely race of registering two stat tracers (git-fixes). - tracing: Have the histogram compare functions convert to u64 first (bsc#1160210). - tracing: xen: Ordered comparison of function pointers (git-fixes). - tty/serial: atmel: Add is_half_duplex helper (bsc#1051510). - tty: n_hdlc: fix build on SPARC (bsc#1051510). - tty: serial: msm_serial: Fix lockup for sysrq and oops (bsc#1051510). - tty: vt: keyboard: reject invalid keycodes (bsc#1051510). - uaccess: Add non-pagefault user-space write function (bsc#1083647). - ubifs: do not trigger assertion on invalid no-key filename (bsc#1163850). - ubifs: Fix deadlock in concurrent bulk-read and writepage (bsc#1163856). - ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag (bsc#1163855). - ubifs: Reject unsupported ioctl flags explicitly (bsc#1163844). - udp: fix integer overflow while computing available space in sk_rcvbuf (networking-stable-20_01_01). - usb-storage: Disable UAS on JMicron SATA enclosure (bsc#1051510). - usb: adutux: fix interface sanity check (bsc#1051510). - usb: Allow USB device to be warm reset in suspended state (bsc#1051510). - usb: atm: ueagle-atm: add missing endpoint check (bsc#1051510). - usb: chipidea: host: Disable port power only if previously enabled (bsc#1051510). - usb: core: fix check for duplicate endpoints (git-fixes). - usb: core: hub: Improved device recognition on remote wakeup (bsc#1051510). - usb: core: urb: fix URB structure initialization function (bsc#1051510). - usb: documentation: flags on usb-storage versus UAS (bsc#1051510). - usb: dwc3: debugfs: Properly print/set link state for HS (bsc#1051510). - usb: dwc3: do not log probe deferrals; but do log other error codes (bsc#1051510). - usb: dwc3: ep0: Clear started flag on completion (bsc#1051510). - usb: dwc3: turn off VBUS when leaving host mode (bsc#1051510). - usb: EHCI: Do not return -EPIPE when hub is disconnected (git-fixes). - usb: gadget: f_ecm: Use atomic_t to track in-flight request (bsc#1051510). - usb: gadget: f_ncm: Use atomic_t to track in-flight request (bsc#1051510). - usb: gadget: legacy: set max_speed to super-speed (bsc#1051510). - usb: gadget: pch_udc: fix use after free (bsc#1051510). - usb: gadget: u_serial: add missing port entry locking (bsc#1051510). - usb: gadget: Zero ffs_io_data (bsc#1051510). - usb: host: xhci-hub: fix extra endianness conversion (bsc#1051510). - usb: idmouse: fix interface sanity checks (bsc#1051510). - usb: mon: Fix a deadlock in usbmon between mmap and read (bsc#1051510). - usb: mtu3: fix dbginfo in qmu_tx_zlp_error_handler (bsc#1051510). - usb: musb: dma: Correct parameter passed to IRQ handler (bsc#1051510). - usb: musb: fix idling for suspend after disconnect interrupt (bsc#1051510). - usb: roles: fix a potential use after free (git-fixes). - usb: serial: ch341: handle unbound port at reset_resume (bsc#1051510). - usb: serial: ftdi_sio: add device IDs for U-Blox C099-F9P (bsc#1051510). - usb: serial: io_edgeport: add missing active-port sanity check (bsc#1051510). - usb: serial: io_edgeport: fix epic endpoint lookup (bsc#1051510). - usb: serial: io_edgeport: handle unbound ports on URB completion (bsc#1051510). - usb: serial: io_edgeport: use irqsave() in USB's complete callback (bsc#1051510). - usb: serial: ir-usb: add missing endpoint sanity check (bsc#1051510). - usb: serial: ir-usb: fix IrLAP framing (bsc#1051510). - usb: serial: ir-usb: fix link-speed handling (bsc#1051510). - usb: serial: keyspan: handle unbound ports (bsc#1051510). - usb: serial: opticon: fix control-message timeouts (bsc#1051510). - usb: serial: option: Add support for Quectel RM500Q (bsc#1051510). - usb: serial: option: add support for Quectel RM500Q in QDL mode (git-fixes). - usb: serial: option: add Telit ME910G1 0x110a composition (git-fixes). - usb: serial: option: add ZLP support for 0x1bc7/0x9010 (git-fixes). - usb: serial: quatech2: handle unbound ports (bsc#1051510). - usb: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx (bsc#1051510). - usb: serial: suppress driver bind attributes (bsc#1051510). - usb: typec: tcpci: mask event interrupts when remove driver (bsc#1051510). - usb: uas: heed CAPACITY_HEURISTICS (bsc#1051510). - usb: uas: honor flag to avoid CAPACITY16 (bsc#1051510). - usb: xhci: Fix build warning seen with CONFIG_PM=n (bsc#1051510). - usb: xhci: only set D3hot for pci device (bsc#1051510). - usbip: Fix error path of vhci_recv_ret_submit() (git-fixes). - usbip: Fix receive error in vhci-hcd when using scatter-gather (bsc#1051510). - vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 (bsc#1051510). - vhost/vsock: accept only packets with the right dst_cid (networking-stable-20_01_01). - video: backlight: Add devres versions of of_find_backlight (bsc#1090888) Taken for 6010831dde5. - video: backlight: Add of_find_backlight helper in backlight.c (bsc#1090888) Taken for 6010831dde5. - watchdog: max77620_wdt: fix potential build errors (bsc#1051510). - watchdog: rn5t618_wdt: fix module aliases (bsc#1051510). - watchdog: sama5d4: fix WDD value to be always set to max (bsc#1051510). - watchdog: wdat_wdt: fix get_timeleft call for wdat_wdt (bsc#1162557). - wireless: fix enabling channel 12 for custom regulatory domain (bsc#1051510). - wireless: wext: avoid gcc -O3 warning (bsc#1051510). - workqueue: Fix pwq ref leak in rescuer_thread() (bsc#1160211). - x86/amd_nb: Add PCI device IDs for family 17h, model 70h (bsc#1163206). - x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR (bsc#1162619). - x86/intel_rdt: Split resource group removal in two (bsc#1112178). - x86/intel_rdt: Split resource group removal in two (bsc#1112178). - x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI (bsc#1114279). - x86/mce/AMD: Allow any CPU to initialize the smca_banks array (bsc#1114279). - x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks (bsc#1114279). - x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure() (bsc#1114279). - x86/mce: Fix possibly incorrect severity calculation on AMD (bsc#1114279). - x86/resctrl: Check monitoring static key in the MBM overflow handler (bsc#1114279). - x86/resctrl: Fix a deadlock due to inaccurate reference (bsc#1112178). - x86/resctrl: Fix a deadlock due to inaccurate reference (bsc#1112178). - x86/resctrl: Fix an imbalance in domain_remove_cpu() (bsc#1114279). - x86/resctrl: Fix potential memory leak (bsc#1114279). - x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup (bsc#1112178). - x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup (bsc#1112178). - x86/resctrl: Fix use-after-free when deleting resource groups (bsc#1114279). - x86/speculation: Fix incorrect MDS/TAA mitigation status (bsc#1114279). - x86/speculation: Fix redundant MDS mitigation message (bsc#1114279). - xen-blkfront: switch kcalloc to kvcalloc for large array allocation (bsc#1160917). - xen/balloon: Support xend-based toolstack take two (bsc#1065600). - xen/blkback: Avoid unmapping unmapped grant pages (bsc#1065600). - xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk (bsc#1065600). - xen: Enable interrupts when calling _cond_resched() (bsc#1065600). - xfrm: Fix transport mode skb control buffer usage (bsc#1161552). - xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1161087, bsc#1153917). - xhci: Fix memory leak in xhci_add_in_port() (bsc#1051510). - xhci: fix USB3 device initiated resume race with roothub autosuspend (bsc#1051510). - xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour (bsc#1051510). - xhci: Increase STS_HALT timeout in xhci_suspend() (bsc#1051510). - xhci: make sure interrupts are restored to correct state (bsc#1051510). - zd1211rw: fix storage endpoint lookup (git-fixes). ----------------------------------------- Patch: SUSE-2020-517 Released: Thu Feb 27 14:39:01 2020 Summary: Recommended update for cifs-utils Severity: moderate References: 1130528,1132087,1136031,1149164 Description: This update for cifs-utils fixes the following issues: Update cifs-utils 6.9; (bsc#1132087); (bsc#1136031). * follow SMB default version changes in the kernel. * adds fixes for Azure * new smbinfo utility - Fix double-free in mount.cifs; (bsc#1149164). ----------------------------------------- Patch: SUSE-2020-519 Released: Thu Feb 27 14:54:38 2020 Summary: Security update for texlive-filesystem Severity: moderate References: 1150556,1155381,1158910,1159740 Description: This update for texlive-filesystem fixes the following issues: Security issues fixed: - Changed default user for ls-R files and font cache directories to user nobody (bsc#1159740) - Switched to rm instead of safe-rm or safe-rmdir to avoid race conditions (bsc#1158910) . - Made cron script more failsafe (bsc#1150556) Non-security issue fixed: - Refreshed font map files on update (bsc#1155381) ----------------------------------------- Patch: SUSE-2020-521 Released: Thu Feb 27 18:08:56 2020 Summary: Recommended update for c-ares Severity: moderate References: 1125306,1159006 Description: This update for c-ares fixes the following issues: c-ares version update to 1.15.0: * Add ares_init_options() configurability for path to resolv.conf file * Ability to exclude building of tools (adig, ahost, acountry) in CMake * Report ARES_ENOTFOUND for .onion domain names as per RFC7686 (bsc#1125306) * Apply the IPv6 server blacklist to all nameserver sources * Prevent changing name servers while queries are outstanding * ares_set_servers_csv() on failure should not leave channel in a bad state * getaddrinfo - avoid infinite loop in case of NXDOMAIN * ares_getenv - return NULL in all cases * implement ares_getaddrinfo - Fixed a regression in DNS results that contain both A and AAAA answers. - Add netcfg as the build requirement and runtime requirement. ----------------------------------------- Patch: SUSE-2020-525 Released: Fri Feb 28 11:49:36 2020 Summary: Recommended update for pam Severity: moderate References: 1164562 Description: This update for pam fixes the following issues: - Add libdb as build-time dependency to enable pam_userdb module. Enable pam_userdb.so (jsc#sle-7258, bsc#1164562) ----------------------------------------- Patch: SUSE-2020-550 Released: Sat Feb 29 16:57:20 2020 Summary: Recommended update for go1.14 Severity: moderate References: 1164903 Description: This update for go1.14 fixes the following issues: go1.14 (released 2020-02-25) is a major release of Go. (bsc#1164903) go1.14.x minor releases will be provided through February 2021. https://github.com/golang/go/wiki/Go-Release-Cycle Most changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. * See release notes https://golang.org/doc/go1.14. Excerpts relevant to OBS environment and for SUSE/openSUSE follow: * Module support in the go command is now ready for production use, and we encourage all users to migrate to Go modules for dependency management. * RISC-V experimental support for 64-bit RISC-V on Linux (GOOS=linux, GOARCH=riscv64). Be aware that performance, assembly syntax stability, and possibly correctness are a work in progress. * When the main module contains a top-level vendor directory and its go.mod file specifies go 1.14 or higher, the go command now defaults to -mod=vendor for operations that accept that flag. A new value for that flag, -mod=mod, causes the go command to instead load modules from the module cache (as when no vendor directory is present). * When -mod=vendor is set (explicitly or by default), the go command now verifies that the main module's vendor/modules.txt file is consistent with its go.mod file. * go list -m no longer silently omits transitive dependencies that do not provide packages in the vendor directory. It now fails explicitly if -mod=vendor is set and information is requested for a module not mentioned in vendor/modules.txt. * The go get command no longer accepts the -mod flag. Previously, the flag's setting either was ignored or caused the build to fail. * mod=readonly is now set by default when the go.mod file is read-only and no top-level vendor directory is present. * modcacherw is a new flag that instructs the go command to leave newly-created directories in the module cache at their default permissions rather than making them read-only. The use of this flag makes it more likely that tests or other tools will accidentally add files not included in the module's verified checksum. However, it allows the use of rm -rf (instead of go clean -modcache) to remove the module cache. * modfile=file is a new flag that instructs the go command to read (and possibly write) an alternate go.mod file instead of the one in the module root directory. A file named go.mod must still be present in order to determine the module root directory, but it is not accessed. When -modfile is specified, an alternate go.sum file is also used: its path is derived from the -modfile flag by trimming the .mod extension and appending .sum. * packaging: drop patch gcc9-rsp-clobber.patch now merged in go1.14 * packaging: update version of LLVM compiler-rt * packaging: update _service definitions * packaging: update %doc entries rm devel/ add modules.md * doc: rename HTML element IDs to avoid duplicates * net: don't check LookupHost error in TestLookupNullByte * runtime: don't treat SIGURG as a bad signal * internal/bytealg: fix riscv64 offset names * doc: remove paragraph break for upgrading to modules * syscall: Revert 'release a js.Func object in fsCall' * doc/go1.14: note that all changes to the standard library are minor * doc/go1.14: fix broken links * doc/go1.14: remove TODO about Solaris port ----------------------------------------- Patch: SUSE-2020-556 Released: Mon Mar 2 13:32:14 2020 Summary: Recommended update for 389-ds Severity: moderate References: 1155951 Description: This update for 389-ds to version 1.4.2.2 fixes the following issues: 389-ds was updated to 1.4.2.6 (fate#326677, bsc#1155951), bringing many bug and stability fixes. Issue addressed: - Enabled python lib389 installer tooling to match upstream and suse documentation. More information for this release at: https://directory.fedoraproject.org/docs/389ds/releases/release-1-4-2-1.html ----------------------------------------- Patch: SUSE-2020-562 Released: Mon Mar 2 17:37:15 2020 Summary: Recommended update for mariadb-connector-c Severity: moderate References: 1162388 Description: This update for mariadb-connector-c fixes the following issues: New upstream version 3.1.7 (bsc#1162388) - TLS/SSL: when the client doesn't provide a CA file and the option ssl_verify_server_cert was set, the peer certificate will be validated against the system CA. - ERROR 2026 (HY000): SSL connection error due to Certificate signature check failed - Provide error code and message for SChannel errors - SEC_E_INVALID_TOKEN when server sends large message during SSL handshake ----------------------------------------- Patch: SUSE-2020-567 Released: Tue Mar 3 10:46:37 2020 Summary: Recommended update for sendmail Severity: moderate References: 1164084 Description: This update for sendmail fixes the following issues: - If sendmail tried to reuse an SMTP session which had already been closed by the server, then the connection cache could have invalid information about the session, possibly STARTTLS was not used even if it was offered. (bsc#1164084) ----------------------------------------- Patch: SUSE-2020-570 Released: Tue Mar 3 13:17:57 2020 Summary: Recommended update for python3-ec2imgutils Severity: moderate References: 1162712 Description: This update for python3-ec2imgutils fixes the following issues: - Enabling ena-support for aarch64 automatically (bsc#1162712) - Fixes the cleanup procedure with --use-root-swap img upload - Fixes a race condition error on security group creation ----------------------------------------- Patch: SUSE-2020-575 Released: Tue Mar 3 14:51:50 2020 Summary: Recommended update for hfst-ospell Severity: moderate References: 1164440 Description: This update for hfst-ospell fixes the following issue: - Fix the build with new ICU 65 (bsc#1164440) The fix is required for building the package on SLE-15-SP2 after upgrading to the new International Components for Unicode (ICU) 65 ----------------------------------------- Patch: SUSE-2020-591 Released: Thu Mar 5 12:33:06 2020 Summary: Recommended update for libfreehand Severity: moderate References: 1164434 Description: This update for libfreehand fixes the following issue: - Solve build errors with International Components for Unicode (ICU) 65.1: (bsc#1164434) ----------------------------------------- Patch: SUSE-2020-593 Released: Thu Mar 5 13:25:06 2020 Summary: Recommended update for umoci Severity: moderate References: 1165161 Description: This update for umoci fixes the following issues: Update to umoci v0.4.4: * Added full-stack verification of blob hashes and descriptors for all operations (improving our hardening against bad images). * For details, see CHANGELOG.md in the package. Update to umoci v0.4.3: * Added --no-history to all commands with --history.* flags. Should only be used for umoci-config(1). * Added `umoci insert --tag` to allow non-destructive modifications. * For details, see packaged /usr/share/doc/packages/umoci/CHANGELOG.md. Update to umoci v0.4.2: * umoci now has an exposed Go API * Added `umoci unpack --keep-dirlinks` * `umoci insert` now supports whiteouts two ways. * For details, see CHANGELOG.md in the package. Update to umoci v0.4.1. * Support more tags (the valid set of characters in tags has expanded). * Add 'umoci insert' and 'umoci raw unpack'. * 'umoci unpack' correctly handles out-of-order whiteouts now. * 'umoci unpack' and 'umoci repack' make sure of a more optimised gzip implementation now -- in some benchmarks 'umoci repack' can have a speedup of up to 3x. * For details, see CHANGELOG.md in the package. Update to umoci v0.4.0: + `umoci repack` now supports `--refresh-bundle` which will update the OCI bundle's metadata (mtree and umoci-specific manifests) after packing the image tag. This means that the bundle can be used as a base layer for future diffs without needing to unpack the image again. openSUSE/umoci#196 + Added a website, and reworked the documentation to be better structured. You can visit the website at [`umo.ci`][umo.ci]. openSUSE/umoci#188 + Added support for the `user.rootlesscontainers` specification, which allows for persistent on-disk emulation of `chown(2)` inside rootless containers. This implementation is interoperable with [@AkihiroSuda's `PRoot` fork][as-proot-fork] (though we do not test its interoperability at the moment) as both tools use [the same protobuf specification][rootlesscontainers-proto]. openSUSE/umoci#227 + `umoci unpack` now has support for opaque whiteouts (whiteouts which remove all children of a directory in the lower layer), though `umoci repack` does not currently have support for generating them. While this is technically a spec requirement, through testing we've never encountered an actual user of these whiteouts. openSUSE/umoci#224 openSUSE/umoci#229 + `umoci unpack` will now use some rootless tricks inside user namespaces for operations that are known to fail (such as `mknod(2)`) while other operations will be carried out as normal (such as `lchown(2)`). It should be noted that the `/proc/self/uid_map` checking we do can be tricked into not detecting user namespaces, but you would need to be trying to break it on purpose. openSUSE/umoci#171 openSUSE/umoci#230 * Fix a bug in our 'parent directory restore' code, which is responsible for ensuring that the mtime and other similar properties of a directory are not modified by extraction inside said directory. The bug would manifest as xattrs not being restored properly in certain edge-cases (which we incidentally hit in a test-case). openSUSE/umoci#161 openSUSE/umoci#162 * `umoci unpack` will now 'clean up' the bundle generated if an error occurs during unpacking. Previously this didn't happen, which made cleaning up the responsibility of the caller (which was quite difficult if you were unprivileged). This is a breaking change, but is in the error path so it's not critical. openSUSE/umoci#174 openSUSE/umoci#187 * `umoci gc` now will no longer remove unknown files and directories that aren't `flock(2)`ed, thus ensuring that any possible OCI image-spec extensions or other users of an image being operated on will no longer break. openSUSE/umoci#198 * `umoci unpack --rootless` will now correctly handle regular file unpacking when overwriting a file that `umoci` doesn't have write access to. In addition, the semantics of pre-existing hardlinks to a clobbered file are clarified (the hard-links will not refer to the new layer's inode). openSUSE/umoci#222 openSUSE/umoci#223 [as-proot-fork]: https://github.com/AkihiroSuda/runrootless [rootlesscontainers-proto]: https://rootlesscontaine.rs/proto/rootlesscontainers.proto [umo.ci]: https://umo.ci/ ----------------------------------------- Patch: SUSE-2020-597 Released: Thu Mar 5 15:24:09 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1164950 Description: This update for libgcrypt fixes the following issues: - FIPS: Run the self-tests from the constructor [bsc#1164950] ----------------------------------------- Patch: SUSE-2020-624 Released: Tue Mar 10 10:39:09 2020 Summary: Recommended update for python-PyNaCl Severity: important References: 1161557 Description: This update for python-PyNaCl fixes the following issues: - Add python-dkimpy as the python-PyNaCl requires that. (SLE-7686, bsc#1161557) ----------------------------------------- Patch: SUSE-2020-627 Released: Tue Mar 10 12:27:48 2020 Summary: Recommended update for osc Severity: important References: 1136584,1137477,1154972,1155953,1156501 Description: This update for osc fixes the following issues: - Fix for 'vc' option '--file=foo bar.changes' now writes the content from foo into bar.changes instead of creating a new file. (bsc#1155953) - Fix local build outside of the working copy of a package. (bsc#1136584) - Enable not to enforce password reuse. (bsc#1156501) - New password handling backend supporting password stores like 'plaintext', 'obfuscated', 'python-keyring' (kwallet, secret store), 'gnome-keyring' or not storing at all. (bsc#1154972) - Fix for using non-UTF8 characters in labels. (bsc#1137477) ----------------------------------------- Patch: SUSE-2020-633 Released: Tue Mar 10 16:23:08 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1139939,1151023 Description: This update for aaa_base fixes the following issues: - get_kernel_version: fix for current kernel on s390x (bsc#1151023, bsc#1139939) - added '-h'/'--help' to the command old - change feedback url from http://www.suse.de/feedback to https://github.com/openSUSE/aaa_base/issues ----------------------------------------- Patch: SUSE-2020-637 Released: Wed Mar 11 11:29:56 2020 Summary: Recommended update for cloud-netconfig Severity: moderate References: 1162705,1162707 Description: This update for cloud-netconfig fixes the following issues: - Copy routes from the default routing table. (bsc#1162705, bsc#1162707) On multi-NIC systems, cloud-netconfig creates separate routing tables with different default routes, so packets get routed via the network interfaces associated with the source IP address. Systems may have additional routing in place and in that case cloud-netconfig's NIC specific routing may bypass those routes. - Make the key CLOUD_NETCONFIG_MANAGE enable by default. Any network interface that has been configured automatically via cloud-netconfig has a configuration file associated. If the value is set to 'NO' (or the pair is removed altogether), cloud-netconfig will not handle secondary IPv4 addresses and routing policies for the associated network interface. ----------------------------------------- Patch: SUSE-2020-654 Released: Thu Mar 12 11:35:09 2020 Summary: Recommended update for wpa_supplicant Severity: moderate References: 1165266 Description: This update for wpa_supplicant fixes the following issues: - Adjust the wpa_supplicant service to start after network.target (bsc#1165266) ----------------------------------------- Patch: SUSE-2020-655 Released: Thu Mar 12 13:17:03 2020 Summary: Recommended update for growpart Severity: moderate References: 1164736 Description: This update for growpart fixes the following issues: - Operation system disk is not automatically resized beyond 2TB on Azure hosts. (bsc#1164736) ----------------------------------------- Patch: SUSE-2020-657 Released: Thu Mar 12 15:06:48 2020 Summary: Recommended update for cloud-regionsrv-client Severity: moderate References: 1158664 Description: This update for cloud-regionsrv-client contains the following fixes: - Update to version 9.0.8: + Properly handle IPv6 addresses in URLs - Update to version 9.0.7: + Fix crash with a stack trace if no current_smt is present. (bsc#1158664) ----------------------------------------- Patch: SUSE-2020-665 Released: Fri Mar 13 01:24:04 2020 Summary: Recommended update for ocr Severity: moderate References: Description: This update for ocr fixes the following issues: - Disable openmpi1 builds for SLE/Leap > 15.1. - Enable openmpi3 builds for Leap and SLE > 15.1 (jsc#SLE-7773). ----------------------------------------- Patch: SUSE-2020-689 Released: Fri Mar 13 17:09:01 2020 Summary: Recommended update for pam Severity: moderate References: 1166510 Description: This update for PAM fixes the following issue: - The license of libdb linked against pam_userdb is not always wanted, so we temporary disabled pam_userdb again. It will be published in a different package at a later time. (bsc#1166510) ----------------------------------------- Patch: SUSE-2020-690 Released: Fri Mar 13 17:09:28 2020 Summary: Recommended update for suse-build-key Severity: moderate References: 1166334 Description: This update for suse-build-key fixes the following issues: - created a new security@suse.de communication key (bsc#1166334) ----------------------------------------- Patch: SUSE-2020-697 Released: Mon Mar 16 13:17:10 2020 Summary: Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman Severity: moderate References: 1155217,1160460,1164390,CVE-2019-18466 Description: This update for cni, cni-plugins, conmon, fuse-overlayfs, podman fixes the following issues: podman was updated to 1.8.0: - CVE-2019-18466: Fixed a bug where podman cp would improperly copy files on the host when copying a symlink in the container that included a glob operator (#3829 bsc#1155217) - The name of the cni-bridge in the default config changed from 'cni0' to 'podman-cni0' with podman-1.6.0. Add a %trigger to rename the bridge in the system to the new default if it exists. The trigger is only excuted when updating podman-cni-config from something older than 1.6.0. This is mainly needed for SLE where we're updating from 1.4.4 to 1.8.0 (bsc#1160460). Update podman to v1.8.0 (bsc#1160460): * Features - The podman system service command has been added, providing a preview of Podman's new Docker-compatible API. This API is still very new, and not yet ready for production use, but is available for early testing - Rootless Podman now uses Rootlesskit for port forwarding, which should greatly improve performance and capabilities - The podman untag command has been added to remove tags from images without deleting them - The podman inspect command on images now displays previous names they used - The podman generate systemd command now supports a --new option to generate service files that create and run new containers instead of managing existing containers - Support for --log-opt tag= to set logging tags has been added to the journald log driver - Added support for using Seccomp profiles embedded in images for podman run and podman create via the new --seccomp-policy CLI flag - The podman play kube command now honors pull policy * Bugfixes - Fixed a bug where the podman cp command would not copy the contents of directories when paths ending in /. were given - Fixed a bug where the podman play kube command did not properly locate Seccomp profiles specified relative to localhost - Fixed a bug where the podman info command for remote Podman did not show registry information - Fixed a bug where the podman exec command did not support having input piped into it - Fixed a bug where the podman cp command with rootless Podman on CGroups v2 systems did not properly determine if the container could be paused while copying - Fixed a bug where the podman container prune --force command could possible remove running containers if they were started while the command was running - Fixed a bug where Podman, when run as root, would not properly configure slirp4netns networking when requested - Fixed a bug where podman run --userns=keep-id did not work when the user had a UID over 65535 - Fixed a bug where rootless podman run and podman create with the --userns=keep-id option could change permissions on /run/user/$UID and break KDE - Fixed a bug where rootless Podman could not be run in a systemd service on systems using CGroups v2 - Fixed a bug where podman inspect would show CPUShares as 0, instead of the default (1024), when it was not explicitly set - Fixed a bug where podman-remote push would segfault - Fixed a bug where image healthchecks were not shown in the output of podman inspect - Fixed a bug where named volumes created with containers from pre-1.6.3 releases of Podman would be autoremoved with their containers if the --rm flag was given, even if they were given names - Fixed a bug where podman history was not computing image sizes correctly - Fixed a bug where Podman would not error on invalid values to the --sort flag to podman images - Fixed a bug where providing a name for the image made by podman commit was mandatory, not optional as it should be - Fixed a bug where the remote Podman client would append an extra ' to %PATH - Fixed a bug where the podman build command would sometimes ignore the -f option and build the wrong Containerfile - Fixed a bug where the podman ps --filter command would only filter running containers, instead of all containers, if --all was not passed - Fixed a bug where the podman load command on compressed images would leave an extra copy on disk - Fixed a bug where the podman restart command would not properly clean up the network, causing it to function differently from podman stop; podman start - Fixed a bug where setting the --memory-swap flag to podman create and podman run to -1 (to indicate unlimited) was not supported * Misc - Initial work on version 2 of the Podman remote API has been merged, but is still in an alpha state and not ready for use. Read more here - Many formatting corrections have been made to the manpages - The changes to address (#5009) may cause anonymous volumes created by Podman versions 1.6.3 to 1.7.0 to not be removed when their container is removed - Updated vendored Buildah to v1.13.1 - Updated vendored containers/storage to v1.15.8 - Updated vendored containers/image to v5.2.0 - Add apparmor-abstractions as required runtime dependency to have `tunables/global` available. - fixed the --force flag for the 'container prune' command. (https://github.com/containers/libpod/issues/4844) Update podman to v1.7.0 * Features - Added support for setting a static MAC address for containers - Added support for creating macvlan networks with podman network create, allowing Podman containers to be attached directly to networks the host is connected to - The podman image prune and podman container prune commands now support the --filter flag to filter what will be pruned, and now prompts for confirmation when run without --force (#4410 and #4411) - Podman now creates CGroup namespaces by default on systems using CGroups v2 (#4363) - Added the podman system reset command to remove all Podman files and perform a factory reset of the Podman installation - Added the --history flag to podman images to display previous names used by images (#4566) - Added the --ignore flag to podman rm and podman stop to not error when requested containers no longer exist - Added the --cidfile flag to podman rm and podman stop to read the IDs of containers to be removed or stopped from a file - The podman play kube command now honors Seccomp annotations (#3111) - The podman play kube command now honors RunAsUser, RunAsGroup, and selinuxOptions - The output format of the podman version command has been changed to better match docker version when using the --format flag - Rootless Podman will no longer initialize containers/storage twice, removing a potential deadlock preventing Podman commands from running while an image was being pulled (#4591) - Added tmpcopyup and notmpcopyup options to the --tmpfs and --mount type=tmpfs flags to podman create and podman run to control whether the content of directories are copied into tmpfs filesystems mounted over them - Added support for disabling detaching from containers by setting empty detach keys via --detach-keys='' - The podman build command now supports the --pull and --pull-never flags to control when images are pulled during a build - The podman ps -p command now shows the name of the pod as well as its ID (#4703) - The podman inspect command on containers will now display the command used to create the container - The podman info command now displays information on registry mirrors (#4553) * Bugfixes - Fixed a bug where Podman would use an incorrect runtime directory as root, causing state to be deleted after root logged out and making Podman in systemd services not function properly - Fixed a bug where the --change flag to podman import and podman commit was not being parsed properly in many cases - Fixed a bug where detach keys specified in libpod.conf were not used by the podman attach and podman exec commands, which always used the global default ctrl-p,ctrl-q key combination (#4556) - Fixed a bug where rootless Podman was not able to run podman pod stats even on CGroups v2 enabled systems (#4634) - Fixed a bug where rootless Podman would fail on kernels without the renameat2 syscall (#4570) - Fixed a bug where containers with chained network namespace dependencies (IE, container A using --net container=B and container B using --net container=C) would not properly mount /etc/hosts and /etc/resolv.conf into the container (#4626) - Fixed a bug where podman run with the --rm flag and without -d could, when run in the background, throw a 'container does not exist' error when attempting to remove the container after it exited - Fixed a bug where named volume locks were not properly reacquired after a reboot, potentially leading to deadlocks when trying to start containers using the volume (#4605 and #4621) - Fixed a bug where Podman could not completely remove containers if sent SIGKILL during removal, leaving the container name unusable without the podman rm --storage command to complete removal (#3906) - Fixed a bug where checkpointing containers started with --rm was allowed when --export was not specified (the container, and checkpoint, would be removed after checkpointing was complete by --rm) (#3774) - Fixed a bug where the podman pod prune command would fail if containers were present in the pods and the --force flag was not passed (#4346) - Fixed a bug where containers could not set a static IP or static MAC address if they joined a non-default CNI network (#4500) - Fixed a bug where podman system renumber would always throw an error if a container was mounted when it was run - Fixed a bug where podman container restore would fail with containers using a user namespace - Fixed a bug where rootless Podman would attempt to use the journald events backend even on systems without systemd installed - Fixed a bug where podman history would sometimes not properly identify the IDs of layers in an image (#3359) - Fixed a bug where containers could not be restarted when Conmon v2.0.3 or later was used - Fixed a bug where Podman did not check image OS and Architecture against the host when starting a container - Fixed a bug where containers in pods did not function properly with the Kata OCI runtime (#4353) - Fixed a bug where `podman info --format '{{ json . }}' would not produce JSON output (#4391) - Fixed a bug where Podman would not verify if files passed to --authfile existed (#4328) - Fixed a bug where podman images --digest would not always print digests when they were available - Fixed a bug where rootless podman run could hang due to a race with reading and writing events - Fixed a bug where rootless Podman would print warning-level logs despite not be instructed to do so (#4456) - Fixed a bug where podman pull would attempt to fetch from remote registries when pulling an unqualified image using the docker-daemon transport (#4434) - Fixed a bug where podman cp would not work if STDIN was a pipe - Fixed a bug where podman exec could stop accepting input if anything was typed between the command being run and the exec session starting (#4397) - Fixed a bug where podman logs --tail 0 would print all lines of a container's logs, instead of no lines (#4396) - Fixed a bug where the timeout for slirp4netns was incorrectly set, resulting in an extremely long timeout (#4344) - Fixed a bug where the podman stats command would print CPU utilizations figures incorrectly (#4409) - Fixed a bug where the podman inspect --size command would not print the size of the container's read/write layer if the size was 0 (#4744) - Fixed a bug where the podman kill command was not properly validating signals before use (#4746) - Fixed a bug where the --quiet and --format flags to podman ps could not be used at the same time - Fixed a bug where the podman stop command was not stopping exec sessions when a container was created without a PID namespace (--pid=host) - Fixed a bug where the podman pod rm --force command was not removing anonymous volumes for containers that were removed - Fixed a bug where the podman checkpoint command would not export all changes to the root filesystem of the container if performed more than once on the same container (#4606) - Fixed a bug where containers started with --rm would not be automatically removed on being stopped if an exec session was running inside the container (#4666) * Misc - The fixes to runtime directory path as root can cause strange behavior if an upgrade is performed while containers are running - Updated vendored Buildah to v1.12.0 - Updated vendored containers/storage library to v1.15.4 - Updated vendored containers/image library to v5.1.0 - Kata Containers runtimes (kata-runtime, kata-qemu, and kata-fc) are now present in the default libpod.conf, but will not be available unless Kata containers is installed on the system - Podman previously did not allow the creation of containers with a memory limit lower than 4MB. This restriction has been removed, as the crun runtime can create containers with significantly less memory Update podman to v1.6.4 - Remove winsz FIFO on container restart to allow use with Conmon 2.03 and higher - Ensure volumes reacquire locks on system restart, preventing deadlocks when starting containers - Suppress spurious log messages when running rootless Podman - Update vendored containers/storage to v1.13.6 - Fix a deadlock related to writing events - Do not use the journald event logger when it is not available Update podman to v1.6.2 * Features - Added a --runtime flag to podman system migrate to allow the OCI runtime for all containers to be reset, to ease transition to the crun runtime on CGroups V2 systems until runc gains full support - The podman rm command can now remove containers in broken states which previously could not be removed - The podman info command, when run without root, now shows information on UID and GID mappings in the rootless user namespace - Added podman build --squash-all flag, which squashes all layers (including those of the base image) into one layer - The --systemd flag to podman run and podman create now accepts a string argument and allows a new value, always, which forces systemd support without checking if the the container entrypoint is systemd * Bugfixes - Fixed a bug where the podman top command did not work on systems using CGroups V2 (#4192) - Fixed a bug where rootless Podman could double-close a file, leading to a panic - Fixed a bug where rootless Podman could fail to retrieve some containers while refreshing the state - Fixed a bug where podman start --attach --sig-proxy=false would still proxy signals into the container - Fixed a bug where Podman would unconditionally use a non-default path for authentication credentials (auth.json), breaking podman login integration with skopeo and other tools using the containers/image library - Fixed a bug where podman ps --format=json and podman images --format=json would display null when no results were returned, instead of valid JSON - Fixed a bug where podman build --squash was incorrectly squashing all layers into one, instead of only new layers - Fixed a bug where rootless Podman would allow volumes with options to be mounted (mounting volumes requires root), creating an inconsistent state where volumes reported as mounted but were not (#4248) - Fixed a bug where volumes which failed to unmount could not be removed (#4247) - Fixed a bug where Podman incorrectly handled some errors relating to unmounted or missing containers in containers/storage - Fixed a bug where podman stats was broken on systems running CGroups V2 when run rootless (#4268) - Fixed a bug where the podman start command would print the short container ID, instead of the full ID - Fixed a bug where containers created with an OCI runtime that is no longer available (uninstalled or removed from the config file) would not appear in podman ps and could not be removed via podman rm - Fixed a bug where containers restored via podman container restore --import would retain the CGroup path of the original container, even if their container ID changed; thus, multiple containers created from the same checkpoint would all share the same CGroup * Misc - The default PID limit for containers is now set to 4096. It can be adjusted back to the old default (unlimited) by passing --pids-limit 0 to podman create and podman run - The podman start --attach command now automatically attaches STDIN if the container was created with -i - The podman network create command now validates network names using the same regular expression as container and pod names - The --systemd flag to podman run and podman create will now only enable systemd mode when the binary being run inside the container is /sbin/init, /usr/sbin/init, or ends in systemd (previously detected any path ending in init or systemd) - Updated vendored Buildah to 1.11.3 - Updated vendored containers/storage to 1.13.5 - Updated vendored containers/image to 4.0.1 Update podman to v1.6.1 * Features - The podman network create, podman network rm, podman network inspect, and podman network ls commands have been added to manage CNI networks used by Podman - The podman volume create command can now create and mount volumes with options, allowing volumes backed by NFS, tmpfs, and many other filesystems - Podman can now run containers without CGroups for better integration with systemd by using the --cgroups=disabled flag with podman create and podman run. This is presently only supported with the crun OCI runtime - The podman volume rm and podman volume inspect commands can now refer to volumes by an unambiguous partial name, in addition to full name (e.g. podman volume rm myvol to remove a volume named myvolume) (#3891) - The podman run and podman create commands now support the --pull flag to allow forced re-pulling of images (#3734) - Mounting volumes into a container using --volume, --mount, and --tmpfs now allows the suid, dev, and exec mount options (the inverse of nosuid, nodev, noexec) (#3819) - Mounting volumes into a container using --mount now allows the relabel=Z and relabel=z options to relabel mounts. - The podman push command now supports the --digestfile option to save a file containing the pushed digest - Pods can now have their hostname set via podman pod create --hostname or providing Pod YAML with a hostname set to podman play kube (#3732) - The podman image sign command now supports the --cert-dir flag - The podman run and podman create commands now support the --security-opt label=filetype:$LABEL flag to set the SELinux label for container files - The remote Podman client now supports healthchecks * Bugfixes - Fixed a bug where remote podman pull would panic if a Varlink connection was not available (#4013) - Fixed a bug where podman exec would not properly set terminal size when creating a new exec session (#3903) - Fixed a bug where podman exec would not clean up socket symlinks on the host (#3962) - Fixed a bug where Podman could not run systemd in containers that created a CGroup namespace - Fixed a bug where podman prune -a would attempt to prune images used by Buildah and CRI-O, causing errors (#3983) - Fixed a bug where improper permissions on the ~/.config directory could cause rootless Podman to use an incorrect directory for storing some files - Fixed a bug where the bash completions for podman import threw errors - Fixed a bug where Podman volumes created with podman volume create would not copy the contents of their mountpoint the first time they were mounted into a container (#3945) - Fixed a bug where rootless Podman could not run podman exec when the container was not run inside a CGroup owned by the user (#3937) - Fixed a bug where podman play kube would panic when given Pod YAML without a securityContext (#3956) - Fixed a bug where Podman would place files incorrectly when storage.conf configuration items were set to the empty string (#3952) - Fixed a bug where podman build did not correctly inherit Podman's CGroup configuration, causing crashed on CGroups V2 systems (#3938) - Fixed a bug where remote podman run --rm would exit before the container was completely removed, allowing race conditions when removing container resources (#3870) - Fixed a bug where rootless Podman would not properly handle changes to /etc/subuid and /etc/subgid after a container was launched - Fixed a bug where rootless Podman could not include some devices in a container using the --device flag (#3905) - Fixed a bug where the commit Varlink API would segfault if provided incorrect arguments (#3897) - Fixed a bug where temporary files were not properly cleaned up after a build using remote Podman (#3869) - Fixed a bug where podman remote cp crashed instead of reporting it was not yet supported (#3861) - Fixed a bug where podman exec would run as the wrong user when execing into a container was started from an image with Dockerfile USER (or a user specified via podman run --user) (#3838) - Fixed a bug where images pulled using the oci: transport would be improperly named - Fixed a bug where podman varlink would hang when managed by systemd due to SD_NOTIFY support conflicting with Varlink (#3572) - Fixed a bug where mounts to the same destination would sometimes not trigger a conflict, causing a race as to which was actually mounted - Fixed a bug where podman exec --preserve-fds caused Podman to hang (#4020) - Fixed a bug where removing an unmounted container that was unmounted might sometimes not properly clean up the container (#4033) - Fixed a bug where the Varlink server would freeze when run in a systemd unit file (#4005) - Fixed a bug where Podman would not properly set the $HOME environment variable when the OCI runtime did not set it - Fixed a bug where rootless Podman would incorrectly print warning messages when an OCI runtime was not found (#4012) - Fixed a bug where named volumes would conflict with, instead of overriding, tmpfs filesystems added by the --read-only-tmpfs flag to podman create and podman run - Fixed a bug where podman cp would incorrectly make the target directory when copying to a symlink which pointed to a nonexistent directory (#3894) - Fixed a bug where remote Podman would incorrectly read STDIN when the -i flag was not set (#4095) - Fixed a bug where podman play kube would create an empty pod when given an unsupported YAML type (#4093) - Fixed a bug where podman import --change improperly parsed CMD (#4000) - Fixed a bug where rootless Podman on systems using CGroups V2 would not function with the cgroupfs CGroups manager - Fixed a bug where rootless Podman could not correctly identify the DBus session address, causing containers to fail to start (#4162) - Fixed a bug where rootless Podman with slirp4netns networking would fail to start containers due to mount leaks * Misc - Significant changes were made to Podman volumes in this release. If you have pre-existing volumes, it is strongly recommended to run podman system renumber after upgrading. - Version 0.8.1 or greater of the CNI Plugins is now required for Podman - Version 2.0.1 or greater of Conmon is strongly recommended - Updated vendored Buildah to v1.11.2 - Updated vendored containers/storage library to v1.13.4 - Improved error messages when trying to create a pod with no name via podman play kube - Improved error messages when trying to run podman pause or podman stats on a rootless container on a system without CGroups V2 enabled - TMPDIR has been set to /var/tmp by default to better handle large temporary files - podman wait has been optimized to detect stopped containers more rapidly - Podman containers now include a ContainerManager annotation indicating they were created by libpod - The podman info command now includes information about slirp4netns and fuse-overlayfs if they are available - Podman no longer sets a default size of 65kb for tmpfs filesystems - The default Podman CNI network has been renamed in an attempt to prevent conflicts with CRI-O when both are run on the same system. This should only take effect on system restart - The output of podman volume inspect has been more closely matched to docker volume inspect - Add katacontainers as a recommended package, and include it as an additional OCI runtime in the configuration. Update podman to v1.5.1 * Features - The hostname of pods is now set to the pod's name * Bugfixes - Fixed a bug where podman run and podman create did not honor the --authfile option (#3730) - Fixed a bug where containers restored with podman container restore --import would incorrectly duplicate the Conmon PID file of the original container - Fixed a bug where podman build ignored the default OCI runtime configured in libpod.conf - Fixed a bug where podman run --rm (or force-removing any running container with podman rm --force) were not retrieving the correct exit code (#3795) - Fixed a bug where Podman would exit with an error if any configured hooks directory was not present - Fixed a bug where podman inspect and podman commit would not use the correct CMD for containers run with podman play kube - Fixed a bug created pods when using rootless Podman and CGroups V2 (#3801) - Fixed a bug where the podman events command with the --since or --until options could take a very long time to complete * Misc - Rootless Podman will now inherit OCI runtime configuration from the root configuration (#3781) - Podman now properly sets a user agent while contacting registries (#3788) - Add zsh completion for podman commands Update podman to v1.5.0 * Features - Podman containers can now join the user namespaces of other containers with --userns=container:$ID, or a user namespace at an arbitary path with --userns=ns:$PATH - Rootless Podman can experimentally squash all UIDs and GIDs in an image to a single UID and GID (which does not require use of the newuidmap and newgidmap executables) by passing --storage-opt ignore_chown_errors - The podman generate kube command now produces YAML for any bind mounts the container has created (#2303) - The podman container restore command now features a new flag, --ignore-static-ip, that can be used with --import to import a single container with a static IP multiple times on the same host - Added the ability for podman events to output JSON by specifying --format=json - If the OCI runtime or conmon binary cannot be found at the paths specified in libpod.conf, Podman will now also search for them in the calling user's path - Added the ability to use podman import with URLs (#3609) - The podman ps command now supports filtering names using regular expressions (#3394) - Rootless Podman containers with --privileged set will now mount in all host devices that the user can access - The podman create and podman run commands now support the --env-host flag to forward all environment variables from the host into the container - Rootless Podman now supports healthchecks (#3523) - The format of the HostConfig portion of the output of podman inspect on containers has been improved and synced with Docker - Podman containers now support CGroup namespaces, and can create them by passing --cgroupns=private to podman run or podman create - The podman create and podman run commands now support the --ulimit=host flag, which uses any ulimits currently set on the host for the container - The podman rm and podman rmi commands now use different exit codes to indicate 'no such container' and 'container is running' errors - Support for CGroups V2 through the crun OCI runtime has been greatly improved, allowing resource limits to be set for rootless containers when the CGroups V2 hierarchy is in use * Bugfixes - Fixed a bug where a race condition could cause podman restart to fail to start containers with ports - Fixed a bug where containers restored from a checkpoint would not properly report the time they were started at - Fixed a bug where podman search would return at most 25 results, even when the maximum number of results was set higher - Fixed a bug where podman play kube would not honor capabilities set in imported YAML (#3689) - Fixed a bug where podman run --env, when passed a single key (to use the value from the host), would set the environment variable in the container even if it was not set on the host (#3648) - Fixed a bug where podman commit --changes would not properly set environment variables - Fixed a bug where Podman could segfault while working with images with no history - Fixed a bug where podman volume rm could remove arbitrary volumes if given an ambiguous name (#3635) - Fixed a bug where podman exec invocations leaked memory by not cleaning up files in tmpfs - Fixed a bug where the --dns and --net=container flags to podman run and podman create were not mutually exclusive (#3553) - Fixed a bug where rootless Podman would be unable to run containers when less than 5 UIDs were available - Fixed a bug where containers in pods could not be removed without removing the entire pod (#3556) - Fixed a bug where Podman would not properly clean up all CGroup controllers for created cgroups when using the cgroupfs CGroup driver - Fixed a bug where Podman containers did not properly clean up files in tmpfs, resulting in a memory leak as containers stopped - Fixed a bug where healthchecks from images would not use default settings for interval, retries, timeout, and start period when they were not provided by the image (#3525) - Fixed a bug where healthchecks using the HEALTHCHECK CMD format where not properly supported (#3507) - Fixed a bug where volume mounts using relative source paths would not be properly resolved (#3504) - Fixed a bug where podman run did not use authorization credentials when a custom path was specified (#3524) - Fixed a bug where containers checkpointed with podman container checkpoint did not properly set their finished time - Fixed a bug where running podman inspect on any container not created with podman run or podman create (for example, pod infra containers) would result in a segfault (#3500) - Fixed a bug where healthcheck flags for podman create and podman run were incorrectly named (#3455) - Fixed a bug where Podman commands would fail to find targets if a partial ID was specified that was ambiguous between a container and pod (#3487) - Fixed a bug where restored containers would not have the correct SELinux label - Fixed a bug where Varlink endpoints were not working properly if more was not correctly specified - Fixed a bug where the Varlink PullImage endpoint would crash if an error occurred (#3715) - Fixed a bug where the --mount flag to podman create and podman run did not allow boolean arguments for its ro and rw options (#2980) - Fixed a bug where pods did not properly share the UTS namespace, resulting in incorrect behavior from some utilities which rely on hostname (#3547) - Fixed a bug where Podman would unconditionally append ENTRYPOINT to CMD during podman commit (and when reporting CMD in podman inspect) (#3708) - Fixed a bug where podman events with the journald events backend would incorrectly print 6 previous events when only new events were requested (#3616) - Fixed a bug where podman port would exit prematurely when a port number was specified (#3747) - Fixed a bug where passing . as an argument to the --dns-search flag to podman create and podman run was not properly clearing DNS search domains in the container * Misc - Updated vendored Buildah to v1.10.1 - Updated vendored containers/image to v3.0.2 - Updated vendored containers/storage to v1.13.1 - Podman now requires conmon v2.0.0 or higher - The podman info command now displays the events logger being in use - The podman inspect command on containers now includes the ID of the pod a container has joined and the PID of the container's conmon process - The -v short flag for podman --version has been re-added - Error messages from podman pull should be significantly clearer - The podman exec command is now available in the remote client - The podman-v1.5.0.tar.gz file attached is podman packaged for MacOS. It can be installed using Homebrew. - Update libpod.conf to support latest path discovery feature for `runc` and `conmon` binaries. conmon was included in version 2.0.10. (bsc#1160460, bsc#1164390, jsc#ECO-1048, jsc#SLE-11485, jsc#SLE-11331): fuse-overlayfs was updated to v0.7.6 (bsc#1160460) - do not look in lower layers for the ino if there is no origin xattr set - attempt to use the file path if the operation on the fd fails with ENXIO - do not expose internal xattrs through listxattr and getxattr - fix fallocate for deleted files. - ignore O_DIRECT. It causes issues with libfuse not using an aligned buffer, causing write(2) to fail with EINVAL. - on copyup, do not copy the opaque xattr. - fix a wrong lookup for whiteout files, that could happen on a double unlink. - fix possible segmentation fault in direct_fsync() - use the data store to create missing whiteouts - after a rename, force a directory reload - introduce inodes cache - correctly read inode for unix sockets - avoid hash map lookup when possible - use st_dev for the ino key - check whether writeback is supported - set_attrs: don't require write to S_IFREG - ioctl: do not reuse fi->fh for directories - fix skip whiteout deletion optimization - store the new mode after chmod - support fuse writeback cache and enable it by default - add option to disable fsync - add option to disable xattrs - add option to skip ino number check in lower layers - fix fd validity check - fix memory leak - fix read after free - fix type for flistxattr return - fix warnings reported by lgtm.com - enable parallel dirops cni was updated to 0.7.1: - Set correct CNI version for 99-loopback.conf Update to version 0.7.1 (bsc#1160460): * Library changes: + invoke : ensure custom envs of CNIArgs are prepended to process envs + add GetNetworkListCachedResult to CNI interface + delegate : allow delegation funcs override CNI_COMMAND env automatically in heritance * Documentation & Convention changes: + Update cnitool documentation for spec v0.4.0 + Add cni-route-override to CNI plugin list Update to version 0.7.0: * Spec changes: + Use more RFC2119 style language in specification (must, should...) + add notes about ADD/DEL ordering + Make the container ID required and unique. + remove the version parameter from ADD and DEL commands. + Network interface name matters + be explicit about optional and required structure members + add CHECK method + Add a well-known error for 'try again' + SPEC.md: clarify meaning of 'routes' * Library changes: + pkg/types: Makes IPAM concrete type + libcni: return error if Type is empty + skel: VERSION shouldn't block on stdin + non-pointer instances of types.Route now correctly marshal to JSON + libcni: add ValidateNetwork and ValidateNetworkList functions + pkg/skel: return error if JSON config has no network name + skel: add support for plugin version string + libcni: make exec handling an interface for better downstream testing + libcni: api now takes a Context to allow operations to be timed out or cancelled + types/version: add helper to parse PrevResult + skel: only print about message, not errors + skel,invoke,libcni: implementation of CHECK method + cnitool: Honor interface name supplied via CNI_IFNAME environment variable. + cnitool: validate correct number of args + Don't copy gw from IP4.Gateway to Route.GW When converting from 0.2.0 + add PrintTo method to Result interface + Return a better error when the plugin returns none - Install sleep binary into CNI plugin directory cni-plugins was updated to 0.8.4: Update to version 0.8.4 (bsc#1160460): * add support for mips64le * Add missing cniVersion in README example * bump go-iptables module to v0.4.5 * iptables: add idempotent functions * portmap doesn't fail if chain doesn't exist * fix portmap port forward flakiness * Add Bruce Ma and Piotr Skarmuk as owners Update to version 0.8.3: * Enhancements: * static: prioritize the input sources for IPs (#400). * tuning: send gratuitous ARP in case of MAC address update (#403). * bandwidth: use uint64 for Bandwidth value (#389). * ptp: only override DNS conf if DNS settings provided (#388). * loopback: When prevResults are not supplied to loopback plugin, create results to return (#383). * loopback support CNI CHECK and result cache (#374). * Better input validation: * vlan: add MTU validation to loadNetConf (#405). * macvlan: add MTU validation to loadNetConf (#404). * bridge: check vlan id when loading net conf (#394). * Bugfixes: * bugfix: defer after err check, or it may panic (#391). * portmap: Fix dual-stack support (#379). * firewall: don't return error in DEL if prevResult is not found (#390). * bump up libcni back to v0.7.1 (#377). * Docs: * contributing doc: revise test script name to run (#396). * contributing doc: describe cnitool installation (#397). Update plugins to v0.8.2 + New features: * Support 'args' in static and tuning * Add Loopback DSR support, allow l2tunnel networks to be used with the l2bridge plugin * host-local: return error if same ADD request is seen twice * bandwidth: fix collisions * Support ips capability in static and mac capability in tuning * pkg/veth: Make host-side veth name configurable + Bug fixes: * Fix: failed to set bridge addr: could not add IP address to 'cni0': file exists * host-device: revert name setting to make retries idempotent (#357). * Vendor update go-iptables. Vendor update go-iptables to obtain commit f1d0510cabcb710d5c5dd284096f81444b9d8d10 * Update go.mod & go.sub * Remove link Down/Up in MAC address change to prevent route flush (#364). * pkg/ip unit test: be agnostic of Linux version, on Linux 4.4 the syscall error message is 'invalid argument' not 'file exists' * bump containernetworking/cni to v0.7.1 Updated plugins to v0.8.1: + Bugs: * bridge: fix ipMasq setup to use correct source address * fix compilation error on 386 * bandwidth: get bandwidth interface in host ns through container interface + Improvements: * host-device: add pciBusID property Updated plugins to v0.8.0: + New plugins: * bandwidth - limit incoming and outgoing bandwidth * firewall - add containers to firewall rules * sbr - convert container routes to source-based routes * static - assign a fixed IP address * win-bridge, win-overlay: Windows plugins + Plugin features / changelog: * CHECK Support * macvlan: - Allow to configure empty ipam for macvlan - Make master config optional * bridge: - Add vlan tag to the bridge cni plugin - Allow the user to assign VLAN tag - L2 bridge Implementation. * dhcp: - Include Subnet Mask option parameter in DHCPREQUEST - Add systemd unit file to activate socket with systemd - Add container ifName to the dhcp clientID, making the clientID value * flannel: - Pass through runtimeConfig to delegate * host-local: - host-local: add ifname to file tracking IP address used * host-device: - Support the IPAM in the host-device - Handle empty netns in DEL for loopback and host-device * tuning: - adds 'ip link' command related feature into tuning + Bug fixes & minor changes * Correctly DEL on ipam failure for all plugins * Fix bug on ip revert if cmdAdd fails on macvlan and host-device * host-device: Ensure device is down before rename * Fix -hostprefix option * some DHCP servers expect to request for explicit router options * bridge: release IP in case of error * change source of ipmasq rule from ipn to ip from version v0.7.5: + This release takes a minor change to the portmap plugin: * Portmap: append, rather than prepend, entry rules + This fixes a potential issue where firewall rules may be bypassed by port mapping ----------------------------------------- Patch: SUSE-2020-705 Released: Tue Mar 17 15:04:10 2020 Summary: Security update for apache2-mod_auth_openidc Severity: moderate References: 1164459,CVE-2019-20479 Description: This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2019-20479: Fixed an open redirect issue in URLs with slash and backslash (bsc#1164459). ----------------------------------------- Patch: SUSE-2020-712 Released: Wed Mar 18 10:26:53 2020 Summary: Security update for skopeo Severity: moderate References: 1159530,1165715,CVE-2019-10214 Description: This update for skopeo fixes the following issues: Update to skopeo v0.1.41 (bsc#1165715): - Bump github.com/containers/image/v5 from 5.2.0 to 5.2.1 - Bump gopkg.in/yaml.v2 from 2.2.7 to 2.2.8 - Bump github.com/containers/common from 0.0.7 to 0.1.4 - Remove the reference to openshift/api - vendor github.com/containers/image/v5@v5.2.0 - Manually update buildah to v1.13.1 - add specific authfile options to copy (and sync) command. - Bump github.com/containers/buildah from 1.11.6 to 1.12.0 - Add context to --encryption-key / --decryption-key processing failures - Bump github.com/containers/storage from 1.15.2 to 1.15.3 - Bump github.com/containers/buildah from 1.11.5 to 1.11.6 - remove direct reference on c/image/storage - Makefile: set GOBIN - Bump gopkg.in/yaml.v2 from 2.2.2 to 2.2.7 - Bump github.com/containers/storage from 1.15.1 to 1.15.2 - Introduce the sync command - openshift cluster: remove .docker directory on teardown - Bump github.com/containers/storage from 1.14.0 to 1.15.1 - document installation via apk on alpine - Fix typos in doc for image encryption - Image encryption/decryption support in skopeo - make vendor-in-container - Bump github.com/containers/buildah from 1.11.4 to 1.11.5 - Travis: use go v1.13 - Use a Windows Nano Server image instead of Server Core for multi-arch testing - Increase test timeout to 15 minutes - Run the test-system container without --net=host - Mount /run/systemd/journal/socket into test-system containers - Don't unnecessarily filter out vendor from (go list ./...) output - Use -mod=vendor in (go {list,test,vet}) - Bump github.com/containers/buildah from 1.8.4 to 1.11.4 - Bump github.com/urfave/cli from 1.20.0 to 1.22.1 - skopeo: drop support for ostree - Don't critically fail on a 403 when listing tags - Revert 'Temporarily work around auth.json location confusion' - Remove references to atomic - Remove references to storage.conf - Dockerfile: use golang-github-cpuguy83-go-md2man - bump version to v0.1.41-dev - systemtest: inspect container image different from current platform arch Changes in v0.1.40: - vendor containers/image v5.0.0 - copy: add a --all/-a flag - System tests: various fixes - Temporarily work around auth.json location confusion - systemtest: copy: docker->storage->oci-archive - systemtest/010-inspect.bats: require only PATH - systemtest: add simple env test in inspect.bats - bash completion: add comments to keep scattered options in sync - bash completion: use read -r instead of disabling SC2207 - bash completion: support --opt arg completion - bash-completion: use replacement instead of sed - bash completion: disable shellcheck SC2207 - bash completion: double-quote to avoid re-splitting - bash completions: use bash replacement instead of sed - bash completion: remove unused variable - bash-completions: split decl and assignment to avoid masking retvals - bash completion: double-quote fixes - bash completion: hard-set PROG=skopeo - bash completion: remove unused variable - bash completion: use `||` instead of `-o` - bash completion: rm eval on assigned variable - copy: add --dest-compress-format and --dest-compress-level - flag: add optionalIntValue - Makefile: use go proxy - inspect --raw: skip the NewImage() step - update OCI image-spec to 775207bd45b6cb8153ce218cc59351799217451f - inspect.go: inspect env variables - ostree: use both image and & storage buildtags Update to skopeo v0.1.39 (bsc#1159530): - inspect: add a --config flag - Add --no-creds flag to skopeo inspect - Add --quiet option to skopeo copy - New progress bars - Parallel Pulls and Pushes for major speed improvements - containers/image moved to a new progress-bar library to fix various issues related to overlapping bars and redundant entries. - enforce blocking of registries - Allow storage-multiple-manifests - When copying images and the output is not a tty (e.g., when piping to a file) print single lines instead of using progress bars. This avoids long and hard to parse output - man pages: add --dest-oci-accept-uncompressed-layers - completions: - Introduce transports completions - Fix bash completions when a option requires a argument - Use only spaces in indent - Fix completions with a global option - add --dest-oci-accept-uncompressed-layers ----------------------------------------- Patch: SUSE-2020-475 Released: Thu Mar 19 11:00:46 2020 Summary: Recommended update for systemd Severity: moderate References: 1160595 Description: This update for systemd fixes the following issues: - Remove TasksMax limit for both user and system slices (jsc#SLE-10123) - Backport IP filtering feature (jsc#SLE-7743 bsc#1160595) ----------------------------------------- Patch: SUSE-2020-737 Released: Fri Mar 20 13:47:16 2020 Summary: Recommended update for ruby2.5 Severity: important References: 1140844,1152990,1152992,1152994,1152995,1162396,1164804,CVE-2012-6708,CVE-2015-9251,CVE-2019-15845,CVE-2019-16201,CVE-2019-16254,CVE-2019-16255,CVE-2020-8130 Description: This update for ruby2.5 toversion 2.5.7 fixes the following issues: ruby 2.5 was updated to version 2.5.7 - CVE-2020-8130: Fixed a command injection in intree copy of rake (bsc#1164804). - CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and Shell#test (bsc#1152990). - CVE-2019-16254: Fixed am HTTP response splitting in WEBrick (bsc#1152992). - CVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch and File.fnmatch? (bsc#1152994). - CVE-2019-16201: Fixed a regular expression denial of service of WEBrick Digest access authentication (bsc#1152995). - CVE-2012-6708: Fixed an XSS in JQuery - CVE-2015-9251: Fixed an XSS in JQuery - Fixed unit tests (bsc#1140844) - Removed some unneeded test files (bsc#1162396). ----------------------------------------- Patch: SUSE-2020-751 Released: Mon Mar 23 16:32:44 2020 Summary: Security update for cloud-init Severity: moderate References: 1162936,1162937,1163178,CVE-2020-8631,CVE-2020-8632 Description: This update for cloud-init fixes the following security issues: - CVE-2020-8631: Replaced the theoretically predictable deterministic RNG with the system RNG (bsc#1162937). - CVE-2020-8632: Increased the default random password length from 9 to 20 (bsc#1162936). ----------------------------------------- Patch: SUSE-2020-752 Released: Mon Mar 23 16:33:03 2020 Summary: Security update for postgresql10 Severity: moderate References: 1163985,CVE-2020-1720 Description: This update for postgresql10 fixes the following issues: PostgreSQL was updated to version 10.12. Security issue fixed: - CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). ----------------------------------------- Patch: SUSE-2020-753 Released: Mon Mar 23 18:31:11 2020 Summary: Recommended update for metis Severity: moderate References: Description: This update for metis fixes the following issues: - Add support for gcc8/9 building (jsc#SLE-8604). - Build HPC master package for 'examples'. ----------------------------------------- Patch: SUSE-2020-755 Released: Tue Mar 24 09:20:53 2020 Summary: Recommended update for taglib Severity: moderate References: 1166467 Description: This update for taglib fixes the following issue: - Disable rpath explicitly to solve a build issue on Leap 15.2 (bsc#1166467) ----------------------------------------- Patch: SUSE-2020-758 Released: Tue Mar 24 11:36:02 2020 Summary: Recommended update for saptune Severity: moderate References: 1160564,1161791 Description: This update for saptune fixes the following issues: - Fix for the issue when the display manager does not start after upgrade. (bsc#1161791) - Implement commands for listing enabled Notes/Solutions to saptune. (bsc#1160564) ----------------------------------------- Patch: SUSE-2020-774 Released: Tue Mar 24 17:37:55 2020 Summary: Recommended update for libcgroup Severity: moderate References: 1166968 Description: This update for libcgroup fixes the following issue: libcgroup is provided to SUSE Linux Enterprise 15 SP1 in the Legacy Module. (jsc#SLE-10792 jsc#ECO-1225 bsc#1166968) Usage of cgroups via libcgroup conflicts with cgroups used by systemd, so please make sure their usages do not conflict. ----------------------------------------- Patch: SUSE-2020-776 Released: Tue Mar 24 17:43:16 2020 Summary: Recommended update for podman Severity: moderate References: 1165738 Description: This update for podman fixes the following issues: - Added README.SUSE about current support status (jsc#SLE-9112, jsc#CAASP-60) - Configure br_netfilter for podman automatically (bsc#1165738) ----------------------------------------- Patch: SUSE-2020-777 Released: Tue Mar 24 18:07:52 2020 Summary: Recommended update for python3 Severity: moderate References: 1165894 Description: This update for python3 fixes the following issue: - Rename idle icons to idle3 in order to not conflict with python2 variant of the package (bsc#1165894) ----------------------------------------- Patch: SUSE-2020-779 Released: Tue Mar 24 21:12:03 2020 Summary: Security update for keepalived Severity: important References: 1015141,1069468,1158280,949238,CVE-2018-19044,CVE-2018-19045,CVE-2018-19046 Description: This update for keepalived fixes the following issues: Initial release of keepalived v2.0.19 as supported package. (bsc#1158280, jsc#ECO-223) ----------------------------------------- Patch: SUSE-2020-787 Released: Wed Mar 25 10:16:38 2020 Summary: Recommended update for lifecycle-data-sle-module-live-patching Severity: moderate References: 1020320 Description: This update for lifecycle-data-sle-module-live-patching fixes the following issue: - Live kernel patching update data for for 4_12_14-197_34. (bsc#1020320) ----------------------------------------- Patch: SUSE-2020-793 Released: Wed Mar 25 15:16:00 2020 Summary: Recommended update for systemd Severity: moderate References: 1139459,1161262,1162108,1164717,1165579,CVE-2020-1712 Description: This update for systemd fixes the following issues: - manager: fix job mode when signalled to shutdown etc (bsc#1161262) - remove fallback for user/exit.target - dbus method Manager.Exit() does not start exit.target - do not install rescue.target for alt-↑ - %j/%J unit specifiers Added support for I/O scheduler selection with blk-mq (bsc#1165579, bsc#1164717). Added the udev 60-ssd-scheduler.rules: - This rules file which select the default IO scheduler for SSDs is being moved out from the git repo since this is not related to systemd or udev at all and is maintained by the kernel team. - core: coldplug possible nop_job (bsc#1139459) - Revert 'udev: use 'deadline' IO scheduler for SSD disks' - Fix typo in function name - polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it (bsc#1162108 CVE-2020-1712) - sd-bus: introduce API for re-enqueuing incoming messages - polkit: on async pk requests, re-validate action/details ----------------------------------------- Patch: SUSE-2020-801 Released: Thu Mar 26 17:29:16 2020 Summary: Security update for ldns Severity: moderate References: 1068709,1068711,CVE-2017-1000231,CVE-2017-1000232 Description: This update for ldns fixes the following issues: - CVE-2017-1000231: Fixed a buffer overflow during token parsing (bsc#1068711). - CVE-2017-1000232: Fixed a double-free vulnerability in str2host.c (bsc#1068709). ----------------------------------------- Patch: SUSE-2020-811 Released: Mon Mar 30 10:33:19 2020 Summary: Security update for spamassassin Severity: important References: 1118987,1162197,1162200,862963,CVE-2018-11805,CVE-2020-1930,CVE-2020-1931 Description: This update for spamassassin fixes the following issues: Security issues fixed: - CVE-2018-11805: Fixed an issue with delimiter handling in rule files related to is_regexp_valid() (bsc#1118987). - CVE-2020-1930: Fixed an issue with rule configuration (.cf) files which can be configured to run system commands (bsc#1162197). - CVE-2020-1931: Fixed an issue with rule configuration (.cf) files which can be configured to run system commands with warnings (bsc#1162200). Non-security issue fixed: - Altering hash requires restarting loop (bsc#862963). ----------------------------------------- Patch: SUSE-2020-814 Released: Mon Mar 30 16:23:40 2020 Summary: Recommended update for QR-Code-generator, boost, libreoffice, myspell-dictionaries, xmlsec1 Severity: moderate References: 1161816,1162152,1167223 Description: This update for QR-Code-generator, boost, libreoffice, myspell-dictionaries, xmlsec1 fixes the following issues: libreoffice was updated to 6.4.2.2 (jsc#SLE-11174 jsc#SLE-11175 jsc#SLE-11176 bsc#1167223): Full Release Notes can be found on: https://wiki.documentfoundation.org/ReleaseNotes/6.4 - Fixed broken handling of non-ASCII characters in the KDE filedialog (bsc#1161816) - Move the animation library to core package bsc#1162152 xmlsec1 was updated to 1.2.28: * Added BoringSSL support (chenbd). * Added gnutls-3.6.x support (alonbl). * Added DSA and ECDSA key size getter for MSCNG (vmiklos). * Added --enable-mans configuration option (alonbl). * Added coninuous build integration for MacOSX (vmiklos). * Several other small fixes (more details). - Make sure to recommend at least one backend when you install just xmlsec1 - Drop the gnutls backend as based on the tests it is quite borked: * We still have nss and openssl backend for people to use Version update to 1.2.27: * Added AES-GCM support for OpenSSL and MSCNG (snargit). * Added DSA-SHA256 and ECDSA-SHA384 support for NSS (vmiklos). * Added RSA-OAEP support for MSCNG (vmiklos). * Continuous build integration in Travis and Appveyor. * Several other small fixes (more details). myspell-dictionaries was updated to 20191219: * Updated the English dictionaries: GB+US+CA+AU * Bring shipped Spanish dictionary up to version 2.5 boost was updated to fix: - add a backport of Boost.Optional::has_value() for LibreOffice The QR-Code-generator is shipped: - Initial commit, needed by libreoffice 6.4 ----------------------------------------- Patch: SUSE-2020-817 Released: Tue Mar 31 08:37:53 2020 Summary: Recommended update for python3-ec2imgutils Severity: important References: 1167148 Description: This update for python3-ec2imgutils fixes the following issues: - Fix for image upload to support instance types that are based on NVMe. (bsc#1167148) ----------------------------------------- Patch: SUSE-2020-819 Released: Tue Mar 31 13:01:34 2020 Summary: Security update for icu Severity: important References: 1166844,CVE-2020-10531 Description: This update for icu fixes the following issues: - CVE-2020-10531: Fixed a potential integer overflow in UnicodeString:doAppend (bsc#1166844). ----------------------------------------- Patch: SUSE-2020-821 Released: Tue Mar 31 13:05:59 2020 Summary: Recommended update for podman, slirp4netns Severity: moderate References: 1167850 Description: This update for podman, slirp4netns fixes the following issues: slirp4netns was updated to 0.4.4 (bsc#1167850): * libslirp: Update to v4.2.0: * New API function slirp_add_unix: add a forward rule to a Unix socket. * New API function slirp_remove_guestfwd: remove a forward rule previously added by slirp_add_exec, slirp_add_unix or slirp_add_guestfwd * New SlirpConfig.outbound_addr{,6} fields to bind output socket to a specific address * socket: do not fallback on host loopback if get_dns_addr() failed or the address is in slirp network * ncsi: fix checksum OOB memory access * tcp_emu(): fix OOB accesses * tftp: restrict relative path access * state: fix loading of guestfwd state Update to 0.4.3: * api: raise an error if the socket path is too long * libslirp: update to v4.1.0: Including the fix for libslirp sends RST to app in response to arriving FIN when containerized socket is shutdown() with SHUT_WR * Fix create_sandbox error Update to 0.4.2: * Do not propagate mounts to the parent ns in sandbox Update to 0.4.1: * Support specifying netns path (slirp4netns --netns-type=path PATH TAPNAME) * Support specifying --userns-path * Vendor https://gitlab.freedesktop.org/slirp/libslirp (QEMU v4.1+) * Bring up loopback device when --configure is specified * Support sandboxing by creating a mount namespace (--enable-sandbox) * Support seccomp (--enable-seccomp) - Add new build dependencies libcap-devel and libseccomp-devel Update to 0.3.3: * Fix use-after-free in libslirp Update to 0.3.2: * Fix heap overflow in `ip_reass` on big packet input Update to 0.3.1: * Fix use-after-free Changes in podman: - Fixed dependency on slirp4netns. We need at least 0.4.0 now (bsc#1167850) ----------------------------------------- Patch: SUSE-2020-824 Released: Tue Mar 31 13:28:28 2020 Summary: Recommended update for python-paramiko Severity: moderate References: 1166758 Description: This update for python-paramiko fixes the following issues: - Added support for the new OpenSSH >= 7.8p1 private key format (bsc#1166758) ----------------------------------------- Patch: SUSE-2020-825 Released: Tue Mar 31 13:30:37 2020 Summary: Recommended update for openslp Severity: moderate References: 1165050,1165121 Description: This update for openslp fixes the following issues: - Add missing group prerequisites to the openslp-server package. (bsc#1165050) - Add missing openslp prerequisites to the openslp-server package. (bsc#1165121) ----------------------------------------- Patch: SUSE-2020-827 Released: Tue Mar 31 13:33:09 2020 Summary: Recommended update for susemanager-cloud-setup Severity: moderate References: 1158691 Description: This update for susemanager-cloud-setup fixes the following issues: - Improve handling of storage volumes. (bsc#1158691) ----------------------------------------- Patch: SUSE-2020-829 Released: Tue Mar 31 13:46:43 2020 Summary: Recommended update for geolite2legacy Severity: moderate References: 1156194 Description: This update for geolite2legacy fixes the following issues: - Create the initial package of GeoIP 2 Legacy, as the GeoIP is discontinued. (bsc#1156194) ----------------------------------------- Patch: SUSE-2020-839 Released: Wed Apr 1 10:50:31 2020 Summary: Recommended update for rust Severity: moderate References: 1164454 Description: This update for rust fixes the following issues: - Add patches from upstream to fix build with llvm9 (bsc#1164454). ----------------------------------------- Patch: SUSE-2020-840 Released: Wed Apr 1 11:25:34 2020 Summary: Recommended update for python-kiwi Severity: moderate References: 1143454,1163978,1164310,1165578,1167746 Description: This update for python-kiwi fixes the following issues: - Upgrade from version 9.19.8 to 9.20.5 * Fixed result map for OEM pxe install. (bsc#1165578) * Add SECURE_BOOT parameter for grub2 in efi mode. (bsc#1167746) This commit adds the SECURE_BOOT parameter on bootloader sysconfig for grub2. * Fix order in fstab. (bsc#1164310) Any mount point directly under / should be just right after the root mountpoint and before the custom mountpoints based on user's subvolume configuration. * Fixed handling of fillup templates. (bsc#1163978) Systems using a template tool to generate config files might not be effective when they see the intermediate config files we need from the host to let certain package managers work correctly. Therefore the cleanup code in kiwi takes care to restore from an optionally existing template file if no other custom variant is present. * Start using tftp system user package (bsc#1143454) This update starts requiring the tftp system user package. This user was created and managed by multiple packages before, with the risk of having inconsistent criteria on its defaults. With the system user package every package that requires this user should just require this package and do not create or modify the tftp user. ----------------------------------------- Patch: SUSE-2020-846 Released: Thu Apr 2 07:24:07 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1164950,1166748,1167674 Description: This update for libgcrypt fixes the following issues: - FIPS: Remove an unneeded check in _gcry_global_constructor (bsc#1164950) - FIPS: Fix drbg to be threadsafe (bsc#1167674) - FIPS: Run self-tests from constructor during power-on [bsc#1166748] * Set up global_init as the constructor function: * Relax the entropy requirements on selftest. This is especially important for virtual machines to boot properly before the RNG is available: ----------------------------------------- Patch: SUSE-2020-848 Released: Thu Apr 2 11:24:38 2020 Summary: Recommended update for GeoIP Severity: moderate References: 1156194 Description: This update for GeoIP fixes the following issues: - Update README.SUSE with a description how to get the latest Geo IP data after the distribution changes. (jsc#SLE-11184, bsc#1156194, jsc#ECO-1405) ----------------------------------------- Patch: SUSE-2020-850 Released: Thu Apr 2 14:37:31 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1155350,1155357,1155360,1166880 Description: This update for mozilla-nss fixes the following issues: Added various fixes related to FIPS certification: * Use getrandom() to obtain entropy where possible. * Make DSA KAT FIPS compliant. * Use FIPS compliant hash when validating keypair. * Enforce FIPS requirements on RSA key generation. * Miscellaneous fixes to CAVS tests. * Enforce FIPS limits on how much data can be processed without rekeying. * Run self tests on library initialization in FIPS mode. * Disable non-compliant algorithms in FIPS mode (hashes and the SEED cipher). * Clear various temporary variables after use. * Allow MD5 to be used in TLS PRF. * Preferentially gather entropy from /dev/random over /dev/urandom. * Allow enabling FIPS mode consistently with NSS_FIPS environment variable. * Fix argument parsing bug in lowhashtest. ----------------------------------------- Patch: SUSE-2020-913 Released: Fri Apr 3 12:03:35 2020 Summary: Recommended update for wpa_supplicant Severity: moderate References: 1166933 Description: This update for wpa_supplicant fixes the following issue: - Change wpa_supplicant.service to ensure wpa_supplicant gets started before network. Fix WLAN config on boot with wicked. (bsc#1166933) ----------------------------------------- Patch: SUSE-2020-917 Released: Fri Apr 3 15:02:25 2020 Summary: Recommended update for pam Severity: moderate References: 1166510 Description: This update for pam fixes the following issues: - Moved pam_userdb into a separate package pam-extra. (bsc#1166510) ----------------------------------------- Patch: SUSE-2020-921 Released: Fri Apr 3 17:14:11 2020 Summary: Security update for exiv2 Severity: moderate References: 1040973,1068873,1088424,1097599,1097600,1109175,1109176,1109299,1115364,1117513,1142684,CVE-2017-1000126,CVE-2017-9239,CVE-2018-12264,CVE-2018-12265,CVE-2018-17229,CVE-2018-17230,CVE-2018-17282,CVE-2018-19108,CVE-2018-19607,CVE-2018-9305,CVE-2019-13114 Description: This update for exiv2 fixes the following issues: exiv2 was updated to latest 0.26 branch, fixing bugs and security issues: - CVE-2017-1000126: Fixed an out of bounds read in webp parser (bsc#1068873). - CVE-2017-9239: Fixed a segmentation fault in TiffImageEntry::doWriteImage function (bsc#1040973). - CVE-2018-12264: Fixed an integer overflow in LoaderTiff::getData() which might have led to an out-of-bounds read (bsc#1097600). - CVE-2018-12265: Fixed integer overflows in LoaderExifJpeg which could have led to memory corruption (bsc#1097599). - CVE-2018-17229: Fixed a heap based buffer overflow in Exiv2::d2Data via a crafted image (bsc#1109175). - CVE-2018-17230: Fixed a heap based buffer overflow in Exiv2::d2Data via a crafted image (bsc#1109176). - CVE-2018-17282: Fixed a null pointer dereference in Exiv2::DataValue::copy (bsc#1109299). - CVE-2018-19108: Fixed an integer overflow in Exiv2::PsdImage::readMetadata which could have led to infinite loop (bsc#1115364). - CVE-2018-19607: Fixed a null pointer dereference in Exiv2::isoSpeed which might have led to denial of service (bsc#1117513). - CVE-2018-9305: Fixed an out of bounds read in IptcData::printStructure which might have led to to information leak or denial of service (bsc#1088424). - CVE-2019-13114: Fixed a null pointer dereference which might have led to denial of service via a crafted response of an malicious http server (bsc#1142684). ----------------------------------------- Patch: SUSE-2020-925 Released: Mon Apr 6 10:08:27 2020 Summary: Recommended update for python3-azuremetadata, regionServiceClientConfigAzure, regionServiceClientConfigSAPAzure Severity: moderate References: 1158698,1158707,1164818,1164819 Description: This update for python3-azuremetadata, regionServiceClientConfigAzure, regionServiceClientConfigSAPAzure fixes the following issues: regionServiceClientConfigAzure was updated to version 0.0.5: + Don't specify root device name explicitly (bsc#1158698, bsc#1158707) regionServiceClientConfigSAPAzure was updated to version 1.0.2: + Don't specify root device name explicitly (bsc#1158698, bsc#1158707) Changes in python3-azuremetadata: - Version 5.0.0 - Support new Azure metadata API (bsc#1164818, bsc#1164819) - Automatically detect root device (bsc#1158698, bsc#1158707) ----------------------------------------- Patch: SUSE-2020-927 Released: Mon Apr 6 12:24:26 2020 Summary: Recommended update for libcontainers-common Severity: moderate References: 1165917 Description: This update for libcontainers-common fixes the following issues: - Add registries warning to registries.conf. (bsc#1165917) - Add `rootless_storage_path` directive to storage.conf. (bsc#1165917) - Clean up various imports primarily so that imports of packages that aren't in the standard library are all in one section. (bsc#1165917) - copy.Image(): select the CopySystemImage image using the source context. (bsc#1165917) - docker: handle http 429 status codes. (bsc#1165917) - allow for .dockercfg files to reside in non-home directories. (bsc#1165917) - Handling of the libpod.conf configuration file has seen major changes. Most significantly, rootless users will no longer automatically receive a complete configuration file when they first use Podman, and will instead only receive differences from the global configuration. (bsc#1165917) - Initial support for the CNI DNS plugin, which allows containers to resolve the IPs of other containers via DNS name, has been added. (bsc#1165917) - Podman now supports anonymous named volumes, created by specifying only a destination to the -v flag to the podman create and podman run commands. (bsc#1165917) - Named volumes now support uid and gid options in --opt o=... to set UID and GID of the created volume. (bsc#1165917) - overlay: allow storing images with more than 127 layers. (bsc#1165917) - Lazy initialize the layer store. (bsc#1165917) - Add a default registries.d configuration file, used to specify images. (bsc#1165917) ----------------------------------------- Patch: SUSE-2020-934 Released: Tue Apr 7 03:46:20 2020 Summary: Recommended update for wget Severity: moderate References: 1167919 Description: This update for wget fixes the following issues: wget was updated to 1.20.3, fixing various bugs, including: - Fix for wget ignoring domains with leading '.' in environment variable 'no_proxy'. (bsc#1167919) ----------------------------------------- Patch: SUSE-2020-935 Released: Tue Apr 7 03:46:39 2020 Summary: Recommended update for xfsprogs Severity: moderate References: 1158630,1167205,1167206 Description: This update for xfsprogs fixes the following issues: - xfs_quota: reformat commands in the manpage. (bsc#1167206) Reformat commands in the manpage so that fstest can check that each command is actually documented. - xfs_db: document missing commands. (bsc#1167205) Document the commands 'attr_set', 'attr_remove', 'logformat' in the manpage. - xfs_io: allow size suffixes for the copy_range command. (bsc#1158630) Allow the usage of size suffixes k,m,g for kilobytes, megabytes or gigabytes respectively for the copy_range command ----------------------------------------- Patch: SUSE-2020-943 Released: Tue Apr 7 15:24:19 2020 Summary: Recommended update for nvmetcli Severity: moderate References: 1167644 Description: This update for nvmetcli fixes the following issues: - Update from version 0.6 to version 0.7: * nvmetcli: ANA configuration support * nvmetcli: simplify the enabled logic * nvmetcli: pep8 fixes * nvmetcli: support inline_data_size port parameter * Revert 'nvmetcli: expose nvmet port status and state' * Support python3 dictionary access. * nvmetcli: expose nvmet port status and state - 'clear' command doesn't handle ANA groups correctly. (bsc#1167644) The first ANA group is maintained by the kernel so it cannot be deleted. ----------------------------------------- Patch: SUSE-2020-944 Released: Tue Apr 7 15:49:33 2020 Summary: Security update for runc Severity: moderate References: 1149954,1160452,CVE-2019-19921 Description: This update for runc fixes the following issues: runc was updated to v1.0.0~rc10 - CVE-2019-19921: Fixed a mount race condition with shared mounts (bsc#1160452). - Fixed an issue where podman run hangs when spawned by salt-minion process (bsc#1149954). ----------------------------------------- Patch: SUSE-2020-948 Released: Wed Apr 8 07:44:21 2020 Summary: Security update for gmp, gnutls, libnettle Severity: moderate References: 1152692,1155327,1166881,1168345,CVE-2020-11501 Description: This update for gmp, gnutls, libnettle fixes the following issues: Security issue fixed: - CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345) FIPS related bugfixes: - FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) - FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881) - FIPS: Added Diffie Hellman public key verification test. (bsc#1155327) ----------------------------------------- Patch: SUSE-2020-949 Released: Wed Apr 8 07:45:48 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1168669 Description: This update for mozilla-nss fixes the following issues: - Use secure_getenv() to avoid PR_GetEnvSecure() being called when NSPR is unavailable, resulting in an abort (bsc#1168669). ----------------------------------------- Patch: SUSE-2020-957 Released: Wed Apr 8 12:28:03 2020 Summary: Security update for mgetty Severity: moderate References: 1142770,1168170,CVE-2019-1010190 Description: This update for mgetty fixes the following issues: - CVE-2019-1010190: Fixed a denial of service which could be caused by a local attacker in putwhitespan() (bsc#1142770). - Fixed a permission issue which have resulted in build failures (bsc#1168170). ----------------------------------------- Patch: SUSE-2020-958 Released: Wed Apr 8 12:38:15 2020 Summary: Recommended update for python3-ec2metadata Severity: moderate References: 1157901,1157902 Description: This update for python3-ec2metadata contains the following fixes: - Update to version 3.0.2: (bsc#1157901, bsc#1157902) + Add man page. + Support accessing IMDS with a token (API change) to support disabling unauthenticated access of IMDS; ----------------------------------------- Patch: SUSE-2020-961 Released: Wed Apr 8 13:34:06 2020 Summary: Recommended update for e2fsprogs Severity: moderate References: 1160979 Description: This update for e2fsprogs fixes the following issues: - e2fsck: clarify overflow link count error message (bsc#1160979) - ext2fs: update allocation info earlier in ext2fs_mkdir() (bsc#1160979) - ext2fs: implement dir entry creation in htree directories (bsc#1160979) - tests: add test to excercise indexed directories with metadata_csum (bsc#1160979) - tune2fs: update dir checksums when clearing dir_index feature (bsc#1160979) ----------------------------------------- Patch: SUSE-2020-693 Released: Wed Apr 8 14:11:14 2020 Summary: Security update for wireshark Severity: moderate References: 1093733,1094301,1101776,1101777,1101786,1101788,1101791,1101794,1101800,1101802,1101804,1101810,1106514,1111647,1117740,1121231,1121232,1121233,1121234,1121235,1127367,1127369,1127370,1131941,1131945,1136021,1141980,1150690,1156288,1158505,1161052,1165241,1165710,957624,CVE-2018-11354,CVE-2018-11355,CVE-2018-11356,CVE-2018-11357,CVE-2018-11358,CVE-2018-11359,CVE-2018-11360,CVE-2018-11361,CVE-2018-11362,CVE-2018-12086,CVE-2018-14339,CVE-2018-14340,CVE-2018-14341,CVE-2018-14342,CVE-2018-14343,CVE-2018-14344,CVE-2018-14367,CVE-2018-14368,CVE-2018-14369,CVE-2018-14370,CVE-2018-16056,CVE-2018-16057,CVE-2018-16058,CVE-2018-18225,CVE-2018-18226,CVE-2018-18227,CVE-2018-19622,CVE-2018-19623,CVE-2018-19624,CVE-2018-19625,CVE-2018-19626,CVE-2018-19627,CVE-2018-19628,CVE-2019-10894,CVE-2019-10895,CVE-2019-10896,CVE-2019-10897,CVE-2019-10898,CVE-2019-10899,CVE-2019-10900,CVE-2019-10901,CVE-2019-10902,CVE-2019-10903,CVE-2019-13619,CVE-2019-16319,CVE-2019-19553,CVE-2019-5716,CVE-2019-5717,CVE-2019-5718,CVE-2019-5719,CVE-2019-5721,CVE-2019-9208,CVE-2019-9209,CVE-2019-9214,CVE-2020-7044,CVE-2020-9428,CVE-2020-9429,CVE-2020-9430,CVE-2020-9431 Description: This update for wireshark and libmaxminddb fixes the following issues: Update wireshark to new major version 3.2.2 and introduce libmaxminddb for GeoIP support (bsc#1156288). New features include: - Added support for 111 new protocols, including WireGuard, LoRaWAN, TPM 2.0, 802.11ax and QUIC - Improved support for existing protocols, like HTTP/2 - Improved analytics and usability functionalities ----------------------------------------- Patch: SUSE-2020-966 Released: Thu Apr 9 09:44:18 2020 Summary: Recommended update for libcgroup Severity: moderate References: 1166968 Description: This update for libcgroup fixes the following issues: - rename sysconfig.libcgroup back to sysconfig.cgred to keep SUSE Linux Enterprise 12 compatibility (bsc#1166968) ----------------------------------------- Patch: SUSE-2020-967 Released: Thu Apr 9 11:41:53 2020 Summary: Security update for libssh Severity: moderate References: 1168699,CVE-2020-1730 Description: This update for libssh fixes the following issues: - CVE-2020-1730: Fixed a possible denial of service when using AES-CTR (bsc#1168699). ----------------------------------------- Patch: SUSE-2020-987 Released: Tue Apr 14 13:21:07 2020 Summary: Recommended update for python-azure-mgmt-compute Severity: moderate References: 1140565 Description: This update for python-azure-mgmt-compute fixes the following issues: New upstream release 4.6.2 (bsc#1140565, jsc#ECO-1257, jsc#PM-1598): + For detailed information about changes see the HISTORY.txt file provided with this package ----------------------------------------- Patch: SUSE-2020-991 Released: Tue Apr 14 20:07:08 2020 Summary: Security update for git Severity: important References: 1168930,CVE-2020-5260 Description: This update for git fixes the following issues: - CVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host (bsc#1168930). ----------------------------------------- Patch: SUSE-2020-994 Released: Wed Apr 15 07:57:24 2020 Summary: Recommended update for clamav Severity: moderate References: 1119353 Description: This update for clamav fixes the following issues: - Fix freshclam usage in FIPS mode (bsc#1119353). ----------------------------------------- Patch: SUSE-2020-995 Released: Wed Apr 15 08:30:39 2020 Summary: Security update for ruby2.5 Severity: moderate References: 1167244,1168938,CVE-2020-10663,CVE-2020-10933 Description: This update for ruby2.5 to version 2.5.8 fixes the following issues: - CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (bsc#1167244). - CVE-2020-10933: Heap exposure vulnerability in the socket library (bsc#1168938). ----------------------------------------- Patch: SUSE-2020-919 Released: Wed Apr 15 10:43:21 2020 Summary: Recommended update for python-pyroute2 Severity: moderate References: 1160933,1161898 Description: This update provides python-pyroute2 for use by the gcp-vpc-move-route agent in resource-agents. ----------------------------------------- Patch: SUSE-2020-998 Released: Wed Apr 15 13:00:05 2020 Summary: Recommended update for python-pycups Severity: moderate References: 735865 Description: This update for python-pycups fixes the following issues: - add BuildRequires: python-cups to printer driver packages. (bsc#735865) Package /usr/lib/rpm/postscriptdriver.prov again, in the new 'cups-rpm-helper' subpackage. The file hasn't been packaged any more after the switch from python-cups to python-pycups. ----------------------------------------- Patch: SUSE-2020-1000 Released: Wed Apr 15 14:18:56 2020 Summary: Recommended update for azure-cli tools, python-adal, python-applicationinsights, python-azure modules, python-msrest, python-msrestazure, python-pydocumentdb, python-uamqp, python-vsts-cd-manager Severity: moderate References: 1014478,1054413,1140565,982804,999200 Description: This update for azure-cli tools, python-adal, python-applicationinsights, python-azure modules, python-msrest, python-msrestazure, python-pydocumentdb, python-uamqp, python-vsts-cd-manager fixes the following issues: The Azure python modules and client tool stack was updated to the 2020 state. Various other python modules were added and updated. - python-PyYAML was updated to 5.1.2. - python-humanfriendly was updated 4.16.1. ----------------------------------------- Patch: SUSE-2020-1005 Released: Thu Apr 16 06:22:32 2020 Summary: Recommended update for ypbind Severity: moderate References: 1163252 Description: This update for ypbind fixes the following issues: - Fix for setting domain name by waiting that network becomes online, so it can be properly configured in sysconfig. (bsc#1163252) ----------------------------------------- Patch: SUSE-2020-1016 Released: Thu Apr 16 16:15:45 2020 Summary: Recommended update for python-cachetools, python-google-api-python-client, python-google-auth, python-google-auth-httplib2 Severity: moderate References: 1088358,1160933 Description: This update for python-cachetools, python-google-api-python-client, python-google-auth, python-google-auth-httplib2 fixes the following issues: python-cachetools was updated to version 2.0.1: * Officially support Python 3.6. * Move documentation to RTD. * Documentation: Update import paths for key functions (courtesy of slavkoja). update to 2.0.0: - Drop support for deprecated features (breaking change). - Move key functions to separate package (breaking change). - Accept non-integer ``maxsize`` in ``Cache.__repr__()``. update to 1.1.6: - Reimplement ``LRUCache`` and ``TTLCache`` using ``collections.OrderedDict``. Note that this will break pickle compatibility with previous versions. - Fix ``TTLCache`` not calling ``__missing__()`` of derived classes. - Handle ``ValueError`` in ``Cache.__missing__()`` for consistency with caching decorators. - Improve how ``TTLCache`` handles expired items. - Use ``Counter.most_common()`` for ``LFUCache.popitem()``. - Refactor ``Cache`` base class. Note that this will break pickle compatibility with previous versions. - Clean up ``LRUCache`` and ``TTLCache`` implementations. - Refactor ``LRUCache`` and ``TTLCache`` implementations. Note that this will break pickle compatibility with previous versions. - Document pending removal of deprecated features. - Minor documentation improvements. - Fix pickle tests. - Fix pickling of large ``LRUCache`` and ``TTLCache`` instances. - Improve key functions. - Improve documentation. - Improve unit test coverage. - Add ``@cached`` function decorator. - Add ``hashkey`` and ``typedkey`` fuctions. - Add `key` and `lock` arguments to ``@cachedmethod``. - Set ``__wrapped__`` attributes for Python versions < 3.2. - Move ``functools`` compatible decorators to ``cachetools.func``. - Deprecate ``@cachedmethod`` `typed` argument. - Deprecate `cache` attribute for ``@cachedmethod`` wrappers. - Deprecate `getsizeof` and `lock` arguments for `cachetools.func` decorator. python-google-api-python-client was updated to: - Upgrade to 1.7.4: just series of minor bugfixes Changes in python-google-auth was updated to 1.5.1: - Fix check for error text on Python 3.7. (#278) - Use new Auth URIs. (#281) - Add code-of-conduct document. (#270) - Fix some typos in test_urllib3.py (#268) - Warn when using user credentials from the Cloud SDK (#266) - Add compute engine-based IDTokenCredentials (#236) - Corrected some typos (#265) Update to 1.4.2: - Raise a helpful exception when trying to refresh credentials without a refresh token. (#262) - Fix links to README and CONTRIBUTING in docs/index.rst. (#260) - Fix a typo in credentials.py. (#256) - Use pytest instead of py.test per upstream recommendation, #dropthedot. (#255) - Fix typo on exemple of jwt usage (#245) New upstream release 1.4.1 (bsc#1088358) - Added a check for the cryptography version before attempting to use it. + From version 1.4.0 - Added `cryptography`-based RSA signer and verifier. - Added `google.oauth2.service_account.IDTokenCredentials`. - Improved documentation around ID Tokens + From version 1.3.0 - Added ``google.oauth2.credentials.Credentials.from_authorized_user_file``. - Dropped direct pyasn1 dependency in favor of letting ``pyasn1-modules`` specify the right version. - ``default()`` now checks for the project ID environment var before warning about missing project ID. - Fixed the docstrings for ``has_scopes()`` and ``with_scopes()``. - Fixed example in docstring for ``ReadOnlyScoped``. - Made ``transport.requests`` use timeouts and retries to improve reliability. python-google-auth-httplib2 initially shipped: python-pytest-localserver was updated to 0.4.1: Update to version 0.3.6: + Add trove classifiers to make sure that package shows up on PyPI's Python 3 list. + Remove test method which rely on thread to be finished first. + OpenSSL is no longer necessary with werkzeug 0.10. + Tests now work under Python 3.3 \o/ + Fix for Python 3.5 (fixes #13). + Add new Python version to classifiers. + Update repository url + Use @pytest.fixture to declare fixtures + Remove old-style test fixtures from tests and README, too. ----------------------------------------- Patch: SUSE-2020-1019 Released: Fri Apr 17 10:06:00 2020 Summary: Recommended update for go1.14 Severity: moderate References: 1164903 Description: This update for go1.14 fixes the following issues: go1.14.2 (released 2020-04-08) includes fixes to cgo, the go command, the runtime, os/exec, and testing packages. (bsc#1164903 ECO-1484) * go#38156 doc: BuildNameToCertificate deprecated in go 1.14 not mentioned in the release notes * go#38118 runtime/pprof: lostProfileEvent stack breaks gentraceback guarantee * go#38083 cmd/go/internal/test: data race in (*runCache).builderRunTest * go#38072 runtime: timer self-deadlock due to preemption point * go#38051 runtime: loops forever on sched_yield sometimes(timer related) * go#38005 runtime: 'pipe failed with -89' at program startup(mipsle only), timer related netpoll init. * go#37970 runtime/pprof: panic: runtime error: index out of range [-1] * go#37968 runtime: fatal error: found bad pointer in Go heap (incorrect use of unsafe or cgo?) * go#37959 testing: data race between parallel panicking and normal subtest * go#37931 cmd/go: explain automatic vendoring in 'go help modules' * go#37928 runtime: GC pacing exhibits strange behavior with a low GOGC * go#37800 cmd/go: 'Access is denied' when renaming module cache directory * go#37699 PowerRegisterSuspendResumeNotification error on Azure App Services with go 1.13.7 * go#37622 cmd/cgo: fails to generate certain types with Go 1.14 * go#37480 runtime: 'fatal error: unexpected signal' 0xC0000005 on Windows for a small program with a large allocation * go#37471 os/exec: environForSysProcAttr is never called as sysattr.Env is never nil go1.14.1 (released 2020-03-19) includes fixes to the go command, tools, and the runtime. * go#37905 cmd/compile: -d=checkptr should not reject unaligned pointers to non-pointer data * go#37833 runtime: sometimes 100% CPU spin during init phase in Go 1.14 with preemptive scheduler * go#37822 cmd/go: module's 'go' version should be included in cache key * go#37807 runtime: mlock of signal stack failed: 12 * go#37782 runtime: crash on 1.14 with unexpected return pc, fatal error: unknown caller pc * go#37721 reflect: MakeMap() and not native map type wrong behavior * go#37671 cmd/go: tests that panic or exit are marked as passing when -json flag is used * go#37667 runtime: asyncPreempt should not try to save floating-point context for softfloat MIPS targets * go#37630 doc: missing documentation of quoting the URL of url.Errors in go1.14 release notes * go#37613 runtime: Go 1.14.rc1 3-5% performance regression from 1.13 during protobuf marshalling * go#37494 time: racy Timer access should either work or throw, not panic * go#37478 SIGILL: illegal instruction on any go tool under macOS * go#37447 runtime/pprof: inline frames may not use combined location * go#37343 cmd/trace: requires HTML imports, which doesn't work on any major browser anymore ----------------------------------------- Patch: SUSE-2020-1033 Released: Mon Apr 20 09:12:45 2020 Summary: Recommended update for perl-CGI Severity: moderate References: 1162868 Description: This update for perl-CGI fixes the following issues: Update from version 4.38 to 4.46 (bsc#1162868) * Add support for SameSite=None cookies and update the documentation * Replace only use of 'base' with 'parent' given that CGI already depends on 'parent' * Support unquoted multipart/form-data name values * Update the package license from 'Artistic-1.0 or GPL-1.0+' to 'Artistic-2.0' * Support perls < 5.10.1 and specify CONFIGURE_REQUIRES in Makefile.PL for being more dynamic ----------------------------------------- Patch: SUSE-2020-1034 Released: Mon Apr 20 09:15:18 2020 Summary: Recommended update for psqlODBC Severity: moderate References: 1166821 Description: This update for psqlODBC fixes the following issue: - Fix build with PostgreSQL 11 and newer. (bsc#1166821) ----------------------------------------- Patch: SUSE-2020-1037 Released: Mon Apr 20 10:49:39 2020 Summary: Recommended update for python-pytest Severity: low References: 1002895,1107105,1138666,1167732 Description: This update fixes the following issues: New python-pytest versions are provided. In Basesystem: - python3-pexpect: updated to 4.8.0 - python3-py: updated to 1.8.1 - python3-zipp: shipped as dependency in version 0.6.0 In Python2: - python2-pexpect: updated to 4.8.0 - python2-py: updated to 1.8.1 ----------------------------------------- Patch: SUSE-2020-1038 Released: Mon Apr 20 10:50:20 2020 Summary: Recommended update for seccheck Severity: moderate References: 1132919,985802 Description: This update for seccheck fixes the following issues: - adapt WantedBy so the timers are actually started at boot time when enabled (#1132919) - correct indentation of SECCHK_FROM (#985802) for the weekly and monthly mails so that the mail header lines are recognised by the receiving mail client ----------------------------------------- Patch: SUSE-2020-1039 Released: Mon Apr 20 11:33:39 2020 Summary: Recommended update for python-kiwi Severity: important References: 1165960,1168480 Description: This update for python-kiwi fixes the following issues: - Fix for systems that use efi with grub2 version less than 2.04 there is no support for dynamic EFI environment checking. (bsc#1165960, bsc#1168480) ----------------------------------------- Patch: SUSE-2020-1048 Released: Tue Apr 21 10:33:46 2020 Summary: Recommended update for python-kiwi Severity: moderate References: 1165823 Description: This update for python-kiwi fixes the following issues: - Fixed _get_grub2_mkconfig_tool Last patch on this method breaks the search for alternative mkconfig names. It returns always on the first lookup which could be none. This breaks on systems that uses a different name than grub2-mkconfig, like on Ubuntu. - Increase spare space on disk repart (bsc#1165823) The sizing of the virtual cylinders in parted seems to be unfavorable, as with some disks and SD cards here the device size is not a multiple of the cylinder size, so the last incomplete cylinder is wasted. If this wasted space is more than 5MiB, kiwi tries to resize indefinitely. Therefore min_additional_mbytes gets increased to prevent running into this situation. ----------------------------------------- Patch: SUSE-2020-1055 Released: Tue Apr 21 15:53:44 2020 Summary: Recommended update for patterns-server-enterprise Severity: moderate References: 1168416,1169042 Description: This update for patterns-server-enterprise fixes the following issues: - added libgnutls30-hmac to the FIPS pattern. (bsc#1169042 bsc#1168416) - remove strongswan-hmac-32bit (not used currently) ----------------------------------------- Patch: SUSE-2020-1056 Released: Tue Apr 21 16:26:22 2020 Summary: Recommended update for cloud-init Severity: important References: 1099358,1144881,1145622,1148645,1163178,1165296 Description: This update for cloud-init contains the following fixes: - Update previous patches with the following additions: + In cases where the config contains 2 or more default gateway specifications for an interface only write the first default route, log warning message about skipped routes + Avoid writing invalid route specification if neither the network nor destination is specified in the route configuration + Still need to consider the 'network' configuration uption for the v1 config implementation. Fixes regression introduced with update from Wed Feb 12 19:30:42. + Add the default gateway to the ifroute config file when specified as part of the subnet configuration. (bsc#1165296) + Fix typo to properly extrakt provided netmask data (bsc#1163178, bsc#1165296) + Fix for default gateway and IPv6. (bsc#1144881) + Routes will be written if there is only a default gateway. (bsc#1148645) - BuildRequire pkgconfig(udev) instead of udev, which allow OS to shortcut through the -mini flavor. - Update to cloud-init 19.2. (bsc#1099358, bsc#1145622) ----------------------------------------- Patch: SUSE-2020-1060 Released: Wed Apr 22 09:55:41 2020 Summary: Recommended update for sapconf Severity: moderate References: 1124453,1139176,1148163,1150868,1150870 Description: This update for sapconf fixes the following issues: - Removing SAP configuration from logind during the package update, as it is not needed any longer. (bsc#1148163, jsc#SLE-10123) - Fix for sapconf detecting an improper tuned profile during start, it will write an information to the log file and the start of the sapconf service will fail to guide the administrator to the problem. (bsc#1139176) - Use absolute path to 'script.sh' in 'tuned.conf' file. (bsc#1124453) - Fix for rpm macros in postinstall script replacing invalid commands. (bsc#1150868, bsc#1150870) ----------------------------------------- Patch: SUSE-2020-1061 Released: Wed Apr 22 10:45:41 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1169872 Description: This update for mozilla-nss fixes the following issues: - This implements API mechanisms for performing DSA and ECDSA hash-and-sign in a single call, which will be required in future FIPS cycles (bsc#1169872). - Always perform nssdbm checksumming on softoken load, even if nssdbm itself is not loaded. ----------------------------------------- Patch: SUSE-2020-1063 Released: Wed Apr 22 10:46:50 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1165539,1169569 Description: This update for libgcrypt fixes the following issues: This update for libgcrypt fixes the following issues: - FIPS: Switch the PCT to use the new signature operation (bsc#1165539) - FIPS: Verify that the generated signature and the original input differ in test_keys function for RSA, DSA and ECC (bsc#1165539) - Add zero-padding when qx and qy have different lengths when assembling the Q point from affine coordinates. - Ship the FIPS checksum file in the shared library package and create a separate trigger file for the FIPS selftests (bsc#1169569) ----------------------------------------- Patch: SUSE-2020-1083 Released: Thu Apr 23 11:31:23 2020 Summary: Security update for cups Severity: important References: 1168422,CVE-2020-3898 Description: This update for cups fixes the following issues: - CVE-2020-3898: Fixed a heap buffer overflow in ppdFindOption() (bsc#1168422). ----------------------------------------- Patch: SUSE-2020-1087 Released: Thu Apr 23 15:18:56 2020 Summary: Security update for the Linux Kernel Severity: important References: 1044231,1051510,1051858,1056686,1060463,1065600,1065729,1071995,1083647,1085030,1103990,1103992,1104353,1104745,1109837,1109911,1111666,1111974,1112178,1112374,1113956,1114279,1114685,1118338,1119680,1120386,1127611,1133021,1134090,1136157,1136333,1137325,1141895,1142685,1144333,1145051,1145929,1146539,1148868,1156510,1157424,1158187,1158983,1159037,1159198,1159199,1159285,1160659,1161561,1161951,1162171,1162929,1162931,1163403,1163897,1163971,1164078,1164284,1164507,1164705,1164712,1164727,1164728,1164729,1164730,1164731,1164732,1164733,1164734,1164735,1164777,1164780,1164893,1165019,1165111,1165182,1165185,1165211,1165404,1165488,1165527,1165741,1165813,1165823,1165873,1165929,1165949,1165950,1165980,1165984,1165985,1166003,1166101,1166102,1166103,1166104,1166632,1166658,1166730,1166731,1166732,1166733,1166734,1166735,1166780,1166860,1166861,1166862,1166864,1166866,1166867,1166868,1166870,1166940,1166982,1167005,1167216,1167288,1167290,1167316,1167421,1167423,1167627,1167629,1168075,1168202,1168273,1168276,1168295,1168367,1168424,1168443,1168486,1168552,1168760,1168762,1168763,1168764,1168765,1168829,1168854,1168881,1168884,1168952,1169013,1169057,1169307,1169308,1169390,1169514,1169625,CVE-2019-19768,CVE-2019-19770,CVE-2019-3701,CVE-2019-9458,CVE-2020-10942,CVE-2020-11494,CVE-2020-11669,CVE-2020-2732,CVE-2020-8647,CVE-2020-8649,CVE-2020-8834,CVE-2020-9383 Description: The SUSE Linux Enterprise 15 SP1 azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-8834: KVM on Power8 processors had a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability to run code in kernel space of a guest VM can cause the host kernel to panic (bnc#1168276). - CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/slcan.c, which allowed attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL (bnc#1168424). - CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bnc#1167629). - CVE-2019-9458: In the video driver there was a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed (bnc#1168295). - CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bnc#1120386). - CVE-2019-19770: Fixed a use-after-free in the debugfs_remove function (bsc#1159198). - CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390). - CVE-2020-8647: There was a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929). - CVE-2020-8649: There was a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162931). - CVE-2020-9383: An issue was discovered set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it (bnc#1165111). - CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285). - CVE-2020-2732: Fixed a flaw in the KVM hypervisor instruction emulation for L2 guests. Under some circumstances, an L2 guest may have tricked the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest (bnc#1163971). The following non-security bugs were fixed: - ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro (bsc#1051510). - ACPI: watchdog: Fix gas->access_width usage (bsc#1051510). - ahci: Add support for Amazon's Annapurna Labs SATA controller (bsc#1169013). - ALSA: ali5451: remove redundant variable capture_flag (bsc#1051510). - ALSA: core: Add snd_device_get_state() helper (bsc#1051510). - ALSA: core: Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: emu10k1: Fix endianness annotations (bsc#1051510). - ALSA: hda/ca0132 - Add Recon3Di quirk to handle integrated sound on EVGA X99 Classified motherboard (bsc#1051510). - ALSA: hda/ca0132 - Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: hda_codec: Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: hda: default enable CA0132 DSP support (bsc#1051510). - ALSA: hda: Fix potential access overflow in beep helper (bsc#1051510). - ALSA: hda/realtek - Add Headset Button supported for ThinkPad X1 (bsc#1111666). - ALSA: hda/realtek - Add Headset Mic supported (bsc#1111666). - ALSA: hda/realtek - Add more codec supported Headset Button (bsc#1111666). - ALSA: hda/realtek - a fake key event is triggered by running shutup (bsc#1051510). - ALSA: hda/realtek - Apply quirk for MSI GP63, too (bsc#1111666). - ALSA: hda/realtek - Apply quirk for yet another MSI laptop (bsc#1111666). - ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662 (git-fixes). - ALSA: hda/realtek: Enable mute LED on an HP system (bsc#1051510). - ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662 (git-fixes). - ALSA: hda/realtek - Enable the headset of ASUS B9450FA with ALC294 (bsc#1111666). - ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1 (bsc#1111666). - ALSA: hda/realtek: Fix pop noise on ALC225 (git-fixes). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master (bsc#1111666). - ALSA: hda/realtek - Remove now-unnecessary XPS 13 headphone noise fixups (bsc#1051510). - ALSA: hda/realtek - Set principled PC Beep configuration for ALC256 (bsc#1051510). - ALSA: hda: remove redundant assignment to variable timeout (bsc#1051510). - ALSA: hda: Use scnprintf() for string truncation (bsc#1051510). - ALSA: hdsp: remove redundant assignment to variable err (bsc#1051510). - ALSA: ice1724: Fix invalid access for enumerated ctl items (bsc#1051510). - ALSA: info: remove redundant assignment to variable c (bsc#1051510). - ALSA: korg1212: fix if-statement empty body warnings (bsc#1051510). - ALSA: line6: Fix endless MIDI read loop (git-fixes). - ALSA: pcm: Fix superfluous snprintf() usage (bsc#1051510). - ALSA: pcm.h: add for_each_pcm_streams() (bsc#1051510). - ALSA: pcm: oss: Avoid plugin buffer overflow (git-fixes). - ALSA: pcm: oss: Fix regression by buffer overflow fix (bsc#1051510). - ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks (git-fixes). - ALSA: pcm: oss: Unlock mutex temporarily for sleeping at read/write (bsc#1051510). - ALSA: pcm: Use a macro for parameter masks to reduce the needed cast (bsc#1051510). - ALSA: seq: oss: Fix running status after receiving sysex (git-fixes). - ALSA: seq: virmidi: Fix running status after receiving sysex (git-fixes). - ALSA: usb-audio: Add boot quirk for MOTU M Series (bsc#1111666). - ALSA: usb-audio: Add clock validity quirk for Denon MC7000/MCX8000 (bsc#1111666). - ALSA: usb-audio: Add delayed_register option (bsc#1051510). - ALSA: usb-audio: add implicit fb quirk for MOTU M Series (bsc#1111666). - ALSA: usb-audio: add quirks for Line6 Helix devices fw>=2.82 (bsc#1111666). - ALSA: usb-audio: Add support for MOTU MicroBook IIc (bsc#1051510). - ALSA: usb-audio: Apply 48kHz fixed rate playback for Jabra Evolve 65 headset (bsc#1111666). - ALSA: usb-audio: Create a registration quirk for Kingston HyperX Amp (0951:16d8) (bsc#1051510). - ALSA: usb-audio: Do not create a mixer element with bogus volume range (bsc#1051510). - ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor (bsc#1051510). - ALSA: usb-audio: fix Corsair Virtuoso mixer label collision (bsc#1111666). - ALSA: usb-audio: Fix mixer controls' USB interface for Kingston HyperX Amp (0951:16d8) (bsc#1051510). - ALSA: usb-audio: Fix UAC2/3 effect unit parsing (bsc#1111666). - ALSA: usb-audio: Inform devices that need delayed registration (bsc#1051510). - ALSA: usb-audio: Parse source ID of UAC2 effect unit (bsc#1051510). - ALSA: usb-audio: Rewrite registration quirk handling (bsc#1051510). - ALSA: usb-audio: unlock on error in probe (bsc#1111666). - ALSA: usb-audio: Use lower hex numbers for IDs (bsc#1111666). - ALSA: usb-midi: Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status (bsc#1051510). - ALSA: usx2y: use for_each_pcm_streams() macro (bsc#1051510). - ALSA: via82xx: Fix endianness annotations (bsc#1051510). - amdgpu/gmc_v9: save/restore sdpif regs during S3 (bsc#1113956) - apei/ghes: Do not delay GHES polling (bsc#1166982). - ASoC: dapm: Correct DAPM handling of active widgets during shutdown (bsc#1051510). - ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() (bsc#1051510). - ASoC: Intel: mrfld: fix incorrect check on p->sink (bsc#1051510). - ASoC: Intel: mrfld: return error codes when an error occurs (bsc#1051510). - ASoC: jz4740-i2s: Fix divider written at incorrect offset in register (bsc#1051510). - ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path (bsc#1051510). - ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output (bsc#1051510). - ASoC: pcm: update FE/BE trigger order based on the command (bsc#1051510). - ASoC: sun8i-codec: Remove unused dev from codec struct (bsc#1051510). - ASoC: topology: Fix memleak in soc_tplg_link_elems_load() (bsc#1051510). - ath9k: Handle txpower changes even when TPC is disabled (bsc#1051510). - atm: zatm: Fix empty body Clang warnings (bsc#1051510). - b43legacy: Fix -Wcast-function-type (bsc#1051510). - batman-adv: Avoid spurious warnings from bat_v neigh_cmp implementation (bsc#1051510). - batman-adv: Do not schedule OGM for disabled interface (bsc#1051510). - batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs (bsc#1051510). - binfmt_elf: Do not move brk for INTERP-less ET_EXEC (bsc#1169013). - binfmt_elf: move brk out of mmap when doing direct loader exec (bsc#1169013). - blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285). - blk-mq: Allow blocking queue tag iter callbacks (bsc#1167316). - blktrace: fix dereference after null check (bsc#1159285). - blktrace: fix trace mutex deadlock (bsc#1159285). - block, bfq: fix use-after-free in bfq_idle_slice_timer_body (bsc#1168760). - block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices (bsc#1168762). - Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl (bsc#1051510). - bnxt_en: Fix NTUPLE firmware command failures (bsc#1104745 ). - bnxt_en: Fix TC queue mapping (networking-stable-20_02_05). - bnxt_en: Improve device shutdown method (bsc#1104745 ). - bnxt_en: Issue PCIe FLR in kdump kernel to cleanup pending DMAs (bsc#1134090 jsc#SLE-5954). - bnxt_en: Support all variants of the 5750X chip family (bsc#1167216). - bonding/alb: properly access headers in bond_alb_xmit() (networking-stable-20_02_09). - bpf: Explicitly memset some bpf info structures declared on the stack (bsc#1083647). - bpf: Explicitly memset the bpf_attr structure (bsc#1083647). - bpf, offload: Replace bitwise AND by logical AND in bpf_prog_offload_info_fill (bsc#1109837). - brcmfmac: abort and release host after error (bsc#1111666). - btrfs: Account for trans_block_rsv in may_commit_transaction (bsc#1165949). - btrfs: add a flush step for delayed iputs (bsc#1165949). - btrfs: add assertions for releasing trans handle reservations (bsc#1165949). - btrfs: add btrfs_delete_ref_head helper (bsc#1165949). - btrfs: add enospc debug messages for ticket failure (bsc#1165949). - btrfs: Add enospc_debug printing in metadata_reserve_bytes (bsc#1165949). - btrfs: add new flushing states for the delayed refs rsv (bsc#1165949). - btrfs: add space reservation tracepoint for reserved bytes (bsc#1165949). - btrfs: adjust dirty_metadata_bytes after writeback failure of extent buffer (bsc#1168273). - btrfs: allow us to use up to 90% of the global rsv for unlink (bsc#1165949). - btrfs: always reserve our entire size for the global reserve (bsc#1165949). - btrfs: assert on non-empty delayed iputs (bsc##1165949). - btrfs: be more explicit about allowed flush states (bsc#1165949). - btrfs: call btrfs_create_pending_block_groups unconditionally (bsc#1165949). - btrfs: catch cow on deleting snapshots (bsc#1165949). - btrfs: change the minimum global reserve size (bsc#1165949). - btrfs: check if there are free block groups for commit (bsc#1165949). - btrfs: clean up error handling in btrfs_truncate() (bsc#1165949). - btrfs: cleanup extent_op handling (bsc#1165949). - btrfs: cleanup root usage by btrfs_get_alloc_profile (bsc#1165949). - btrfs: cleanup the target logic in __btrfs_block_rsv_release (bsc#1165949). - btrfs: clear space cache inode generation always (bsc#1165949). - btrfs: delayed-ref: pass delayed_refs directly to btrfs_delayed_ref_lock (bsc#1165949). - btrfs: Do mandatory tree block check before submitting bio (bsc#1168273). - btrfs: do not account global reserve in can_overcommit (bsc#1165949). - btrfs: do not allow reservations if we have pending tickets (bsc#1165949). - btrfs: do not call btrfs_start_delalloc_roots in flushoncommit (bsc#1165949). - btrfs: do not end the transaction for delayed refs in throttle (bsc#1165949). - btrfs: do not enospc all tickets on flush failure (bsc#1165949). - btrfs: do not reset bio->bi_ops while writing bio (bsc#1168273). - btrfs: do not run delayed_iputs in commit (bsc##1165949). - btrfs: do not run delayed refs in the end transaction logic (bsc#1165949). - btrfs: do not use ctl->free_space for max_extent_size (bsc##1165949). - btrfs: do not use global reserve for chunk allocation (bsc#1165949). - btrfs: drop get_extent from extent_page_data (bsc#1168273). - btrfs: drop min_size from evict_refill_and_join (bsc##1165949). - btrfs: drop unused space_info parameter from create_space_info (bsc#1165949). - btrfs: dump block_rsv details when dumping space info (bsc#1165949). - btrfs: export block group accounting helpers (bsc#1165949). - btrfs: export block_rsv_use_bytes (bsc#1165949). - btrfs: export btrfs_block_rsv_add_bytes (bsc#1165949). - btrfs: export __btrfs_block_rsv_release (bsc#1165949). - btrfs: export space_info_add_*_bytes (bsc#1165949). - btrfs: export the block group caching helpers (bsc#1165949). - btrfs: export the caching control helpers (bsc#1165949). - btrfs: export the excluded extents helpers (bsc#1165949). - btrfs: extent_io: add proper error handling to lock_extent_buffer_for_io() (bsc#1168273). - btrfs: extent_io: Handle errors better in btree_write_cache_pages() (bsc#1168273). - btrfs: extent_io: Handle errors better in extent_write_full_page() (bsc#1168273). - btrfs: extent_io: Handle errors better in extent_write_locked_range() (bsc#1168273). - btrfs: extent_io: Handle errors better in extent_writepages() (bsc#1168273). - btrfs: extent_io: Kill dead condition in extent_write_cache_pages() (bsc#1168273). - btrfs: extent_io: Kill the forward declaration of flush_write_bio (bsc#1168273). - btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up (bsc#1168273). - btrfs: extent-tree: Add lockdep assert when updating space info (bsc#1165949). - btrfs: extent-tree: Add trace events for space info numbers update (bsc#1165949). - btrfs: extent-tree: Detect bytes_may_use underflow earlier (bsc#1165949). - btrfs: extent-tree: Detect bytes_pinned underflow earlier (bsc#1165949). - btrfs: factor our read/write stage off csum_tree_block into its callers (bsc#1168273). - btrfs: factor out the ticket flush handling (bsc#1165949). - btrfs: fix insert_reserved error handling (bsc##1165949). - btrfs: fix may_commit_transaction to deal with no partial filling (bsc#1165949). - btrfs: fix missing delayed iputs on unmount (bsc#1165949). - btrfs: fix qgroup double free after failure to reserve metadata for delalloc (bsc#1165949). - btrfs: fix race leading to metadata space leak after task received signal (bsc#1165949). - btrfs: fix truncate throttling (bsc#1165949). - btrfs: fix unwritten extent buffers and hangs on future writeback attempts (bsc#1168273). - btrfs: force chunk allocation if our global rsv is larger than metadata (bsc#1165949). - btrfs: Improve global reserve stealing logic (bsc#1165949). - btrfs: introduce an evict flushing state (bsc#1165949). - btrfs: introduce delayed_refs_rsv (bsc#1165949). - btrfs: loop in inode_rsv_refill (bsc#1165949). - btrfs: make btrfs_destroy_delayed_refs use btrfs_delayed_ref_lock (bsc#1165949). - btrfs: make btrfs_destroy_delayed_refs use btrfs_delete_ref_head (bsc#1165949). - btrfs: make caching_thread use btrfs_find_next_key (bsc#1165949). - btrfs: make plug in writing meta blocks really work (bsc#1168273). - btrfs: merge two flush_write_bio helpers (bsc#1168273). - btrfs: migrate btrfs_trans_release_chunk_metadata (bsc#1165949). - btrfs: migrate inc/dec_block_group_ro code (bsc#1165949). - btrfs: migrate nocow and reservation helpers (bsc#1165949). - btrfs: migrate the alloc_profile helpers (bsc#1165949). - btrfs: migrate the block group caching code (bsc#1165949). - btrfs: migrate the block group cleanup code (bsc#1165949). - btrfs: migrate the block group lookup code (bsc#1165949). - btrfs: migrate the block group read/creation code (bsc#1165949). - btrfs: migrate the block group ref counting stuff (bsc#1165949). - btrfs: migrate the block group removal code (bsc#1165949). - btrfs: migrate the block group space accounting helpers (bsc#1165949). - btrfs: migrate the block-rsv code to block-rsv.c (bsc#1165949). - btrfs: migrate the chunk allocation code (bsc#1165949). - btrfs: migrate the delalloc space stuff to it's own home (bsc#1165949). - btrfs: migrate the delayed refs rsv code (bsc#1165949). - btrfs: migrate the dirty bg writeout code (bsc#1165949). - btrfs: migrate the global_block_rsv helpers to block-rsv.c (bsc#1165949). - btrfs: move and export can_overcommit (bsc#1165949). - btrfs: move basic block_group definitions to their own header (bsc#1165949). - btrfs: move btrfs_add_free_space out of a header file (bsc#1165949). - btrfs: move btrfs_block_rsv definitions into it's own header (bsc#1165949). - btrfs: move btrfs_raid_group values to btrfs_raid_attr table (bsc#1165949). - btrfs: move btrfs_space_info_add_*_bytes to space-info.c (bsc#1165949). - btrfs: move dump_space_info to space-info.c (bsc#1165949). - btrfs: move reserve_metadata_bytes and supporting code to space-info.c (bsc#1165949). - btrfs: move space_info to space-info.h (bsc#1165949). - btrfs: move the space_info handling code to space-info.c (bsc#1165949). - btrfs: move the space info update macro to space-info.h (bsc#1165949). - btrfs: move the subvolume reservation stuff out of extent-tree.c (bsc#1165949). - btrfs: only check delayed ref usage in should_end_transaction (bsc#1165949). - btrfs: only check priority tickets for priority flushing (bsc#1165949). - btrfs: only free reserved extent if we didn't insert it (bsc##1165949). - btrfs: only reserve metadata_size for inodes (bsc#1165949). - btrfs: only track ref_heads in delayed_ref_updates (bsc#1165949). - btrfs: Output ENOSPC debug info in inc_block_group_ro (bsc#1165949). - btrfs: pass root to various extent ref mod functions (bsc#1165949). - btrfs: qgroup: Do not hold qgroup_ioctl_lock in btrfs_qgroup_inherit() (bsc#1165823). - btrfs: qgroup: Mark qgroup inconsistent if we're inherting snapshot to a new qgroup (bsc#1165823). - btrfs: refactor block group replication factor calculation to a helper (bsc#1165949). - btrfs: refactor priority_reclaim_metadata_space (bsc#1165949). - btrfs: refactor the ticket wakeup code (bsc#1165949). - btrfs: release metadata before running delayed refs (bsc##1165949). - btrfs: remove bio_flags which indicates a meta block of log-tree (bsc#1168273). - btrfs: Remove btrfs_inode::delayed_iput_count (bsc#1165949). - btrfs: Remove fs_info from do_chunk_alloc (bsc#1165949). - btrfs: remove orig_bytes from reserve_ticket (bsc#1165949). - btrfs: Remove redundant argument of flush_space (bsc#1165949). - btrfs: Remove redundant mirror_num arg (bsc#1168273). - btrfs: Rename bin_search -> btrfs_bin_search (bsc#1168273). - btrfs: rename btrfs_space_info_add_old_bytes (bsc#1165949). - btrfs: rename do_chunk_alloc to btrfs_chunk_alloc (bsc#1165949). - btrfs: rename the btrfs_calc_*_metadata_size helpers (bsc#1165949). - btrfs: replace cleaner_delayed_iput_mutex with a waitqueue (bsc#1165949). - btrfs: reserve delalloc metadata differently (bsc#1165949). - btrfs: reserve extra space during evict (bsc#1165949). - btrfs: reset max_extent_size on clear in a bitmap (bsc##1165949). - btrfs: reset max_extent_size properly (bsc##1165949). - btrfs: rework btrfs_check_space_for_delayed_refs (bsc#1165949). - btrfs: rework wake_all_tickets (bsc#1165949). - btrfs: roll tracepoint into btrfs_space_info_update helper (bsc#1165949). - btrfs: run btrfs_try_granting_tickets if a priority ticket fails (bsc#1165949). - btrfs: run delayed iput at unlink time (bsc#1165949). - btrfs: run delayed iputs before committing (bsc#1165949). - btrfs: set max_extent_size properly (bsc##1165949). - btrfs: sink extent_write_full_page tree argument (bsc#1168273). - btrfs: sink extent_write_locked_range tree parameter (bsc#1168273). - btrfs: sink flush_fn to extent_write_cache_pages (bsc#1168273). - btrfs: sink get_extent parameter to extent_fiemap (bsc#1168273). - btrfs: sink get_extent parameter to extent_readpages (bsc#1168273). - btrfs: sink get_extent parameter to extent_write_full_page (bsc#1168273). - btrfs: sink get_extent parameter to extent_write_locked_range (bsc#1168273). - btrfs: sink get_extent parameter to extent_writepages (bsc#1168273). - btrfs: sink get_extent parameter to get_extent_skip_holes (bsc#1168273). - btrfs: sink writepage parameter to extent_write_cache_pages (bsc#1168273). - btrfs: stop partially refilling tickets when releasing space (bsc#1165949). - btrfs: stop using block_rsv_release_bytes everywhere (bsc#1165949). - btrfs: switch to on-stack csum buffer in csum_tree_block (bsc#1168273). - btrfs: temporarily export btrfs_get_restripe_target (bsc#1165949). - btrfs: temporarily export fragment_free_space (bsc#1165949). - btrfs: temporarily export inc_block_group_ro (bsc#1165949). - btrfs: track DIO bytes in flight (bsc#1165949). - btrfs: tree-checker: Remove comprehensive root owner check (bsc#1168273). - btrfs: unexport can_overcommit (bsc#1165949). - btrfs: unexport the temporary exported functions (bsc#1165949). - btrfs: unify error handling for ticket flushing (bsc#1165949). - btrfs: unify extent_page_data type passed as void (bsc#1168273). - btrfs: update may_commit_transaction to use the delayed refs rsv (bsc#1165949). - btrfs: use btrfs_try_granting_tickets in update_global_rsv (bsc#1165949). - btrfs: wait on caching when putting the bg cache (bsc#1165949). - btrfs: wait on ordered extents on abort cleanup (bsc#1165949). - btrfs: wakeup cleaner thread when adding delayed iput (bsc#1165949). - ceph: canonicalize server path in place (bsc#1168443). - ceph: check POOL_FLAG_FULL/NEARFULL in addition to OSDMAP_FULL/NEARFULL (bsc#1169307). - ceph: remove the extra slashes in the server path (bsc#1168443). - cfg80211: check reg_rule for NULL in handle_channel_custom() (bsc#1051510). - cfg80211: check wiphy driver existence for drvinfo report (bsc#1051510). - cgroup: memcg: net: do not associate sock with unrelated cgroup (bsc#1167290). - cifs: add a debug macro that prints \\server\share for errors (bsc#1144333). - cifs: add missing mount option to /proc/mounts (bsc#1144333). - cifs: add new debugging macro cifs_server_dbg (bsc#1144333). - cifs: add passthrough for smb2 setinfo (bsc#1144333). - cifs: add SMB2_open() arg to return POSIX data (bsc#1144333). - cifs: add smb2 POSIX info level (bsc#1144333). - cifs: add SMB3 change notification support (bsc#1144333). - cifs: add support for fallocate mode 0 for non-sparse files (bsc#1144333). - cifs: Add support for setting owner info, dos attributes, and create time (bsc#1144333). - cifs: Add tracepoints for errors on flush or fsync (bsc#1144333). - cifs: Adjust indentation in smb2_open_file (bsc#1144333). - cifs: allow chmod to set mode bits using special sid (bsc#1144333). - cifs: Avoid doing network I/O while holding cache lock (bsc#1144333). - cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1144333). - cifs: Clean up DFS referral cache (bsc#1144333). - cifs: create a helper function to parse the query-directory response buffer (bsc#1144333). - cifs: do d_move in rename (bsc#1144333). - cifs: Do not display RDMA transport on reconnect (bsc#1144333). - cifs: do not ignore the SYNC flags in getattr (bsc#1144333). - cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1144333). - cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1144333). - cifs: enable change notification for SMB2.1 dialect (bsc#1144333). - cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1144333). - cifs: fix a comment for the timeouts when sending echos (bsc#1144333). - cifs: fix a white space issue in cifs_get_inode_info() (bsc#1144333). - cifs: fix dereference on ses before it is null checked (bsc#1144333). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333). - cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1144333). - cifs: Fix mode output in debugging statements (bsc#1144333). - cifs: Fix mount options set in automount (bsc#1144333). - cifs: fix NULL dereference in match_prepath (bsc#1144333). - cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1144333). - cifs: fix potential mismatch of UNC paths (bsc#1144333). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1144333). - cifs: Fix return value in __update_cache_entry (bsc#1144333). - cifs: fix soft mounts hanging in the reconnect code (bsc#1144333). - cifs: fix soft mounts hanging in the reconnect code (bsc#1144333). - cifs: Fix task struct use-after-free on reconnect (bsc#1144333). - cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1144333). - cifs: get mode bits from special sid on stat (bsc#1144333). - cifs: Get rid of kstrdup_const()'d paths (bsc#1144333). - cifs: handle prefix paths in reconnect (bsc#1144333). - cifs: ignore cached share root handle closing errors (bsc#1166780). - cifs: Introduce helpers for finding TCP connection (bsc#1144333). - cifs: log warning message (once) if out of disk space (bsc#1144333). - cifs: make sure we do not overflow the max EA buffer size (bsc#1144333). - cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1144333). - cifs: Merge is_path_valid() into get_normalized_path() (bsc#1144333). - cifs: modefromsid: make room for 4 ACE (bsc#1144333). - cifs: modefromsid: write mode ACE first (bsc#1144333). - cifs: Optimize readdir on reparse points (bsc#1144333). - cifs: plumb smb2 POSIX dir enumeration (bsc#1144333). - cifs: potential unintitliazed error code in cifs_getattr() (bsc#1144333). - cifs: prepare SMB2_query_directory to be used with compounding (bsc#1144333). - cifs: print warning once if mounting with vers=1.0 (bsc#1144333). - cifs: refactor cifs_get_inode_info() (bsc#1144333). - cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1144333). - cifs: remove redundant assignment to variable rc (bsc#1144333). - cifs: remove set but not used variables (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove unused variable (bsc#1144333). - cifs: remove unused variable 'sid_user' (bsc#1144333). - cifs: rename a variable in SendReceive() (bsc#1144333). - cifs: rename posix create rsp (bsc#1144333). - cifs: replace various strncpy with strscpy and similar (bsc#1144333). - cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1144333). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1144333). - cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1144333). - cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1144333). - cifs: smbd: Only queue work for error recovery on memory registration (bsc#1144333). - cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1144333). - cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1144333). - cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1144333). - cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1144333). - cifs: use compounding for open and first query-dir for readdir() (bsc#1144333). - cifs: Use #define in cifs_dbg (bsc#1144333). - cifs: Use memdup_user() rather than duplicating its implementation (bsc#1144333). - cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1144333). - cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1144333). - clk: imx: Align imx sc clock msg structs to 4 (bsc#1111666). - clk: imx: Align imx sc clock msg structs to 4 (git-fixes). - clk: qcom: rcg: Return failure for RCG update (bsc#1051510). - cls_rsvp: fix rsvp_policy (networking-stable-20_02_05). - configfs: Fix bool initialization/comparison (bsc#1051510). - core: Do not skip generic XDP program execution for cloned SKBs (bsc#1109837). - cpufreq: powernv: Fix unsafe notifiers (bsc#1065729). - cpufreq: powernv: Fix use-after-free (bsc#1065729). - cpufreq: Register drivers only after CPU devices have been registered (bsc#1051510). - cpuidle: Do not unset the driver if it is there already (bsc#1051510). - crypto: arm64/sha-ce - implement export/import (bsc#1051510). - Crypto: chelsio - Fixes a deadlock between rtnl_lock and uld_mutex (bsc#1111666). - Crypto: chelsio - Fixes a hang issue during driver registration (bsc#1111666). - crypto: mxs-dcp - fix scatterlist linearization for hash (bsc#1051510). - crypto: pcrypt - Fix user-after-free on module unload (git-fixes). - crypto: tcrypt - fix printed skcipher [a]sync mode (bsc#1051510). - debugfs: add support for more elaborate ->d_fsdata (bsc#1159198 bsc#1109911). - debugfs: call debugfs_real_fops() only after debugfs_file_get() (bsc#1159198 bsc#1109911). - debugfs: call debugfs_real_fops() only after debugfs_file_get() (bsc#1159198). - debugfs: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911). - debugfs: debugfs_real_fops(): drop __must_hold sparse annotation (bsc#1159198 bsc#1109911). - debugfs: debugfs_use_start/finish do not exist anymore (bsc#1159198). - debugfs: defer debugfs_fsdata allocation to first usage (bsc#1159198 bsc#1109911). - debugfs: defer debugfs_fsdata allocation to first usage (bsc#1159198). - debugfs: fix debugfs_real_fops() build error (bsc#1159198 bsc#1109911). - debugfs: implement per-file removal protection (bsc#1159198 bsc#1109911). - debugfs: purge obsolete SRCU based removal protection (bsc#1159198 bsc#1109911). - debugfs: simplify __debugfs_remove_file() (bsc#1159198). - Delete patches which cause regression (bsc#1165527 ltc#184149). - Deprecate NR_UNSTABLE_NFS, use NR_WRITEBACK (bsc#1163403). - devlink: report 0 after hitting end in region read (bsc#1109837). - dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() (bsc#1051510). - dmaengine: ste_dma40: fix unneeded variable warning (bsc#1051510). - driver core: platform: fix u32 greater or equal to zero comparison (bsc#1051510). - driver core: platform: Prevent resouce overflow from causing infinite loops (bsc#1051510). - driver core: Print device when resources present in really_probe() (bsc#1051510). - drivers/md/raid5.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003). - drivers/md/raid5-ppl.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003). - drm/amd/amdgpu: Fix GPR read from debugfs (v2) (bsc#1113956) - drm/amd/display: Add link_rate quirk for Apple 15' MBP 2017 (bsc#1111666). - drm/amd/display: Fix wrongly passed static prefix (bsc#1111666). - drm/amd/display: remove duplicated assignment to grph_obj_type (bsc#1051510). - drm/amd/dm/mst: Ignore payload update failures (bsc#1112178) - drm/amdgpu: fix typo for vcn1 idle check (bsc#1111666). - drm/amdkfd: fix a use after free race with mmu_notifer unregister (bsc#1114279) - drm: atmel-hlcdc: enable clock before configuring timing engine (bsc#1114279) - drm/bochs: downgrade pci_request_region failure from error to warning (bsc#1051510). - drm/bridge: dw-hdmi: fix AVI frame colorimetry (bsc#1051510). - drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read() (bsc#1051510). - drm/drm_dp_mst:remove set but not used variable 'origlen' (bsc#1051510). - drm/etnaviv: fix dumping of iommuv2 (bsc#1114279) - drm/exynos: dsi: fix workaround for the legacy clock name (bsc#1111666). - drm/exynos: dsi: propagate error value and silence meaningless warning (bsc#1111666). - drm/gma500: Fixup fbdev stolen size usage evaluation (bsc#1051510). - drm/i915/gvt: Fix orphan vgpu dmabuf_objs' lifetime (git-fixes). - drm/i915/gvt: Fix unnecessary schedule timer when no vGPU exits (git-fixes). - drm/i915/gvt: Separate display reset from ALL_ENGINES reset (bsc#1114279) - drm/i915: Program MBUS with rmw during initialization (git-fixes). - drm/i915/selftests: Fix return in assert_mmap_offset() (bsc#1114279) - drm/i915/userptr: fix size calculation (bsc#1114279) - drm/i915/userptr: Try to acquire the page lock around (bsc#1114279) - drm/i915: Wean off drm_pci_alloc/drm_pci_free (bsc#1114279) - drm/lease: fix WARNING in idr_destroy (bsc#1113956) - drm/mediatek: Add gamma property according to hardware capability (bsc#1114279) - drm/mediatek: disable all the planes in atomic_disable (bsc#1114279) - drm/mediatek: handle events when enabling/disabling crtc (bsc#1051510). - drm/mipi_dbi: Fix off-by-one bugs in mipi_dbi_blank() (bsc#1114279) - drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable (bsc#1114279) - drm/msm: Set dma maximum segment size for mdss (bsc#1051510). - drm/msm: stop abusing dma_map/unmap for cache (bsc#1051510). - drm/msm: Use the correct dma_sync calls harder (bsc#1051510). - drm/msm: Use the correct dma_sync calls in msm_gem (bsc#1051510). - drm/nouveau/disp/nv50-: prevent oops when no channel method map provided (bsc#1051510). - drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw (bsc#1051510). - drm/nouveau/kms/gv100-: Re-set LUT after clearing for modesets (git-fixes). - drm: rcar-du: Recognize 'renesas,vsps' in addition to 'vsps' (bsc#1114279) - drm: remove the newline for CRC source name (bsc#1051510). - drm/sun4i: de2/de3: Remove unsupported VI layer formats (git-fixes). - drm/sun4i: dsi: Use NULL to signify 'no panel' (bsc#1111666). - drm/sun4i: Fix DE2 VI layer format support (git-fixes). - drm/v3d: Replace wait_for macros to remove use of msleep (bsc#1111666). - drm/vc4: Fix HDMI mode validation (git-fixes). - dt-bindings: allow up to four clocks for orion-mdio (bsc#1051510). - EDAC, ghes: Make platform-based whitelisting x86-only (bsc#1158187). - EDAC/mc: Fix use-after-free and memleaks during device removal (bsc#1114279). - efi: Do not attempt to map RCI2 config table if it does not exist (jsc#ECO-366, bsc#1168367). - efi: Export Runtime Configuration Interface table to sysfs (jsc#ECO-366, bsc#1168367). - efi: Fix a race and a buffer overflow while reading efivars via sysfs (bsc#1164893). - efi: x86: move efi_is_table_address() into arch/x86 (jsc#ECO-366, bsc#1168367). - ethtool: Factored out similar ethtool link settings for virtual devices to core (bsc#1136157 ltc#177197). - ext4: add cond_resched() to __ext4_find_entry() (bsc#1166862). - ext4: Avoid ENOSPC when avoiding to reuse recently deleted inodes (bsc#1165019). - ext4: Check for non-zero journal inum in ext4_calculate_overhead (bsc#1167288). - ext4: do not assume that mmp_nodename/bdevname have NUL (bsc#1166860). - ext4: fix a data race in EXT4_I(inode)->i_disksize (bsc#1166861). - ext4: fix incorrect group count in ext4_fill_super error message (bsc#1168765). - ext4: fix incorrect inodes per group in error message (bsc#1168764). - ext4: fix potential race between online resizing and write operations (bsc#1166864). - ext4: fix potential race between s_flex_groups online resizing and access (bsc#1166867). - ext4: fix potential race between s_group_info online resizing and access (bsc#1166866). - ext4: fix race between writepages and enabling EXT4_EXTENTS_FL (bsc#1166870). - ext4: fix support for inode sizes > 1024 bytes (bsc#1164284). - ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() (bsc#1166940). - ext4: rename s_journal_flag_rwsem to s_writepages_rwsem (bsc#1166868). - ext4: validate the debug_want_extra_isize mount option at parse time (bsc#1163897). - fat: fix uninit-memory access for partial initialized inode (bsc#1051510). - fat: work around race with userspace's read via blockdev while mounting (bsc#1051510). - fbdev/g364fb: Fix build failure (bsc#1051510). - fbdev: potential information leak in do_fb_ioctl() (bsc#1114279) - fbmem: Adjust indentation in fb_prepare_logo and fb_blank (bsc#1114279) - fcntl: fix typo in RWH_WRITE_LIFE_NOT_SET r/w hint name (bsc#1166003). - firmware: arm_sdei: fix double-lock on hibernate with shared events (bsc#1111666). - firmware: arm_sdei: fix possible double-lock on hibernate error path (bsc#1111666). - firmware: imx: misc: Align imx sc msg structs to 4 (git-fixes). - firmware: imx: scu: Ensure sequential TX (git-fixes). - firmware: imx: scu-pd: Align imx sc msg structs to 4 (git-fixes). - fix memory leak in large read decrypt offload (bsc#1144333). - fs/cifs/cifssmb.c: use true,false for bool variable (bsc#1144333). - fs: cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1144333). - fs: cifs: Initialize filesystem timestamp ranges (bsc#1144333). - fs: cifs: mute -Wunused-const-variable message (bsc#1144333). - fs/cifs/sess.c: Remove set but not used variable 'capabilities' (bsc#1144333). - fs/cifs/smb2ops.c: use true,false for bool variable (bsc#1144333). - fs/cifs/smb2pdu.c: Make SMB2_notify_init static (bsc#1144333). - fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#1165985). - ftrace/kprobe: Show the maxactive number on kprobe_events (git-fixes). - gtp: make sure only SOCK_DGRAM UDP sockets are accepted (networking-stable-20_01_27). - gtp: use __GFP_NOWARN to avoid memalloc warning (networking-stable-20_02_05). - HID: apple: Add support for recent firmware on Magic Keyboards (bsc#1051510). - HID: core: fix off-by-one memset in hid_report_raw_event() (bsc#1051510). - HID: hiddev: Fix race in in hiddev_disconnect() (git-fixes). - hv_netvsc: Fix memory leak when removing rndis device (networking-stable-20_01_20). - hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() (bsc#1051510). - i2c: hix5hd2: add missed clk_disable_unprepare in remove (bsc#1051510). - i2c: jz4780: silence log flood on txabrt (bsc#1051510). - IB/hfi1: Close window for pq and request coliding (bsc#1060463 ). - IB/hfi1: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911). - ibmvfc: do not send implicit logouts prior to NPIV login (bsc#1169625 ltc#184611). - ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551). - ibmvnic: Do not process device remove during device reset (bsc#1065729). - ibmvnic: Warn unknown speed message only when carrier is present (bsc#1065729). - iio: gyro: adis16136: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: imu: adis16400: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: imu: adis16480: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: imu: adis: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: magnetometer: ak8974: Fix negative raw values in sysfs (bsc#1051510). - iio: potentiostat: lmp9100: fix iio_triggered_buffer_{predisable,postenable} positions (bsc#1051510). - Input: add safety guards to input_set_keycode() (bsc#1168075). - Input: avoid BIT() macro usage in the serio.h UAPI header (bsc#1051510). - Input: edt-ft5x06 - work around first register access error (bsc#1051510). - Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger() (bsc#1051510). - Input: synaptics - enable RMI on HP Envy 13-ad105ng (bsc#1051510). - Input: synaptics - enable SMBus on ThinkPad L470 (bsc#1051510). - Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list (bsc#1051510). - Input: synaptics - switch T470s to RMI4 by default (bsc#1051510). - intel_th: Fix user-visible error codes (bsc#1051510). - intel_th: pci: Add Elkhart Lake CPU support (bsc#1051510). - iommu/amd: Check feature support bit before accessing MSI capability registers (bsc#1166101). - iommu/amd: Fix the configuration of GCR3 table root pointer (bsc#1169057). - iommu/amd: Only support x2APIC with IVHD type 11h/40h (bsc#1166102). - iommu/amd: Remap the IOMMU device table with the memory encryption mask for kdump (bsc#1141895). - iommu/dma: Fix MSI reservation allocation (bsc#1166730). - iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint (bsc#1166731). - iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page (bsc#1166732). - iommu/vt-d: Fix compile warning from intel-svm.h (bsc#1166103). - iommu/vt-d: Fix the wrong printing in RHSA parsing (bsc#1166733). - iommu/vt-d: Ignore devices with out-of-spec domain number (bsc#1166734). - iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint (bsc#1166735). - ipmi: fix hung processes in __get_guid() (bsc#1111666). - ipmi: fix hung processes in __get_guid() (git-fixes). - ipmi:ssif: Handle a possible NULL pointer reference (bsc#1051510). - ipv4: ensure rcu_read_lock() in cipso_v4_error() (git-fixes). - ipv6: Fix nlmsg_flags when splitting a multipath route (networking-stable-20_03_01). - ipv6: Fix route replacement with dev-only route (networking-stable-20_03_01). - ipv6: restrict IPV6_ADDRFORM operation (bsc#1109837). - ipvlan: do not add hardware address of master to its unicast filter list (bsc#1137325). - irqchip/bcm2835: Quiesce IRQs left enabled by bootloader (bsc#1051510). - irqdomain: Fix a memory leak in irq_domain_push_irq() (bsc#1051510). - iwlegacy: Fix -Wcast-function-type (bsc#1051510). - iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices (bsc#1166632). - iwlwifi: mvm: Fix thermal zone registration (bsc#1051510). - kABI: fixes for debugfs per-file removal protection backports (bsc#1159198 bsc#1109911). - kabi fix for (bsc#1168202). - kABI: restore debugfs_remove_recursive() (bsc#1159198). - kABI workaround for pcie_port_bus_type change (bsc#1161561). - kdump, proc/vmcore: Enable kdumping encrypted memory with SME enabled (bsc#1141895). - kernel/module.c: Only return -EEXIST for modules that have finished loading (bsc#1165488). - kernel/module.c: wakeup processes in module_wq on module unload (bsc#1165488). - kexec: Allocate decrypted control pages for kdump if SME is enabled (bsc#1141895). - KVM: arm64: Store vcpu on the stack during __guest_enter() (bsc#1133021). - KVM: fix spectrev1 gadgets (bsc#1164705). - KVM: s390: do not clobber registers during guest reset/store status (bsc#1133021). - KVM: s390: ENOTSUPP -> EOPNOTSUPP fixups (bsc#1133021). - KVM: s390: vsie: Fix possible race when shadowing region 3 tables (git-fixes). - KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks (git-fixes). - KVM: VMX: check descriptor table exits on instruction emulation (bsc#1166104). - KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks (bsc#1164734). - KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks (bsc#1164728). - KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks (bsc#1164729). - KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks (bsc#1164712). - KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks (bsc#1164730). - KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c (bsc#1164733). - KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks (bsc#1164731). - KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks (bsc#1164732). - KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks (bsc#1164735). - KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks (bsc#1164705). - KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks (bsc#1164727). - l2tp: Allow duplicate session creation with UDP (networking-stable-20_02_05). - libceph: fix alloc_msg_with_page_vector() memory leaks (bsc#1169308). - libfs: fix infoleak in simple_attr_read() (bsc#1168881). - libnvdimm/pfn_dev: Do not clear device memmap area during generic namespace probe (bsc#1165929 bsc#1165950). - libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields (bsc#1165929). - libnvdimm: remove redundant __func__ in dev_dbg (bsc#1165929). - lib/raid6: add missing include for raid6test (bsc#1166003). - lib/raid6: add option to skip algo benchmarking (bsc#1166003). - lib/raid6: avoid __attribute_const__ redefinition (bsc#1166003). - lpfc: add support for translating an RSCN rcv into a discovery rescan (bsc#1164777 bsc#1164780 bsc#1165211). - lpfc: add support to generate RSCN events for nport (bsc#1164777 bsc#1164780 bsc#1165211). - mac80211: consider more elements in parsing CRC (bsc#1051510). - mac80211: Do not send mesh HWMP PREQ if HWMP is disabled (bsc#1051510). - mac80211: free peer keys before vif down in mesh (bsc#1051510). - mac80211: mesh: fix RCU warning (bsc#1051510). - mac80211: only warn once on chanctx_conf being NULL (bsc#1051510). - mac80211: rx: avoid RCU list traversal under mutex (bsc#1051510). - macsec: add missing attribute validation for port (bsc#1051510). - macsec: fix refcnt leak in module exit routine (bsc#1051510). - md: add __acquires/__releases annotations to handle_active_stripes (bsc#1166003). - md: add __acquires/__releases annotations to (un)lock_two_stripes (bsc#1166003). - md: add a missing endianness conversion in check_sb_changes (bsc#1166003). - md: add bitmap_abort label in md_run (bsc#1166003). - md: add feature flag MD_FEATURE_RAID0_LAYOUT (bsc#1166003). - md: allow last device to be forcibly removed from RAID1/RAID10 (bsc#1166003). - md: avoid invalid memory access for array sb->dev_roles (bsc#1166003). - md/bitmap: avoid race window between md_bitmap_resize and bitmap_file_clear_bit (bsc#1166003). - md-bitmap: create and destroy wb_info_pool with the change of backlog (bsc#1166003). - md-bitmap: create and destroy wb_info_pool with the change of bitmap (bsc#1166003). - md-bitmap: small cleanups (bsc#1166003). - md/bitmap: use mddev_suspend/resume instead of ->quiesce() (bsc#1166003). - md-cluster/bitmap: do not call md_bitmap_sync_with_cluster during reshaping stage (bsc#1166003). - md-cluster: introduce resync_info_get interface for sanity check (bsc#1166003). - md-cluster/raid10: call update_size in md_reap_sync_thread (bsc#1166003). - md-cluster/raid10: do not call remove_and_add_spares during reshaping stage (bsc#1166003). - md-cluster/raid10: resize all the bitmaps before start reshape (bsc#1166003). - md-cluster/raid10: support add disk under grow mode (bsc#1166003). - md-cluster: remove suspend_info (bsc#1166003). - md-cluster: send BITMAP_NEEDS_SYNC message if reshaping is interrupted (bsc#1166003). - md: convert to kvmalloc (bsc#1166003). - md: do not call spare_active in md_reap_sync_thread if all member devices can't work (bsc#1166003). - md: do not set In_sync if array is frozen (bsc#1166003). - md: fix a typo s/creat/create (bsc#1166003). - md: fix for divide error in status_resync (bsc#1166003). - md: fix spelling typo and add necessary space (bsc#1166003). - md: introduce mddev_create/destroy_wb_pool for the change of member device (bsc#1166003). - md-linear: use struct_size() in kzalloc() (bsc#1166003). - md: Make bio_alloc_mddev use bio_alloc_bioset (bsc#1166003). - md: make sure desc_nr less than MD_SB_DISKS (bsc#1166003). - md: md.c: Return -ENODEV when mddev is NULL in rdev_attr_show (bsc#1166003). - md: no longer compare spare disk superblock events in super_load (bsc#1166003). - md/raid0: Fix an error message in raid0_make_request() (bsc#1166003). - md raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone (bsc#1166003). - md/raid10: end bio when the device faulty (bsc#1166003). - md/raid10: Fix raid10 replace hang when new added disk faulty (bsc#1166003). - md/raid10: prevent access of uninitialized resync_pages offset (bsc#1166003). - md/raid10: read balance chooses idlest disk for SSD (bsc#1166003). - md: raid10: Use struct_size() in kmalloc() (bsc#1166003). - md/raid1: avoid soft lockup under high load (bsc#1166003). - md: raid1: check rdev before reference in raid1_sync_request func (bsc#1166003). - md/raid1: end bio when the device faulty (bsc#1166003). - md/raid1: fail run raid1 array when active disk less than one (bsc#1166003). - md/raid1: Fix a warning message in remove_wb() (bsc#1166003). - md/raid1: fix potential data inconsistency issue with write behind device (bsc#1166003). - md/raid1: get rid of extra blank line and space (bsc#1166003). - md/raid5: use bio_end_sector to calculate last_sector (bsc#1166003). - md/raid6: fix algorithm choice under larger PAGE_SIZE (bsc#1166003). - md: remove set but not used variable 'bi_rdev' (bsc#1166003). - md: return -ENODEV if rdev has no mddev assigned (bsc#1166003). - md: use correct type in super_1_load (bsc#1166003). - md: use correct type in super_1_sync (bsc#1166003). - md: use correct types in md_bitmap_print_sb (bsc#1166003). - media: dib0700: fix rc endpoint lookup (bsc#1051510). - media: flexcop-usb: fix endpoint sanity check (git-fixes). - media: go7007: Fix URB type for interrupt handling (bsc#1051510). - media: ov519: add missing endpoint sanity checks (bsc#1168829). - media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support (bsc#1051510). - media: ov6650: Fix some format attributes not under control (bsc#1051510). - media: ov6650: Fix stored crop rectangle not in sync with hardware (bsc#1051510). - media: ov6650: Fix stored frame format not in sync with hardware (bsc#1051510). - media: stv06xx: add missing descriptor sanity checks (bsc#1168854). - media: tda10071: fix unsigned sign extension overflow (bsc#1051510). - media: usbtv: fix control-message timeouts (bsc#1051510). - media: uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507). - media: v4l2-core: fix entity initialization in device_register_subdev (bsc#1051510). - media: vsp1: tidyup VI6_HGT_LBn_H() macro (bsc#1051510). - media: xirlink_cit: add missing descriptor sanity checks (bsc#1051510). - mfd: dln2: Fix sanity checking for endpoints (bsc#1051510). - misc: pci_endpoint_test: Fix to support > 10 pci-endpoint-test devices (bsc#1051510). - mlxsw: spectrum_qdisc: Include MC TCs in Qdisc counters (bsc#1112374). - mlxsw: spectrum: Wipe xstats.backlog of down ports (bsc#1112374). - mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2 (bsc#1051510). - mm/filemap.c: do not initiate writeback if mapping has no dirty pages (bsc#1168884). - mm/memory_hotplug.c: only respect mem= parameter during boot stage (bsc#1065600). - mm: replace PF_LESS_THROTTLE with PF_LOCAL_THROTTLE (bsc#1163403). - mwifiex: set needed_headroom, not hard_header_len (bsc#1051510). - net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM (networking-stable-20_01_27). - net: dsa: bcm_sf2: Fix overflow checks (git-fixes). - net: dsa: mv88e6xxx: Preserve priority when setting CPU port (networking-stable-20_01_11). - net: dsa: tag_qca: fix doubled Tx statistics (networking-stable-20_01_20). - net: dsa: tag_qca: Make sure there is headroom for tag (networking-stable-20_02_19). - net: ena: Add PCI shutdown handler to allow safe kexec (bsc#1167421, bsc#1167423). - net/ethtool: Introduce link_ksettings API for virtual network devices (bsc#1136157 ltc#177197). - net: fib_rules: Correctly set table field when table number exceeds 8 bits (networking-stable-20_03_01). - netfilter: conntrack: sctp: use distinct states for new SCTP connections (bsc#1159199). - net: Fix Tx hash bound checking (bsc#1109837). - net: hns3: fix a copying IPv6 address error in hclge_fd_get_flow_tuples() (bsc#1104353). - net: hns: fix soft lockup when there is not enough memory (networking-stable-20_01_20). - net: hsr: fix possible NULL deref in hsr_handle_frame() (networking-stable-20_02_05). - net: ip6_gre: fix moving ip6gre between namespaces (networking-stable-20_01_27). - net, ip6_tunnel: fix namespaces move (networking-stable-20_01_27). - net, ip_tunnel: fix namespaces move (networking-stable-20_01_27). - net: macb: Limit maximum GEM TX length in TSO (networking-stable-20_02_09). - net: macb: Remove unnecessary alignment check for TSO (networking-stable-20_02_09). - net/mlx5: Fix lowest FDB pool size (bsc#1103990). - net/mlx5: IPsec, Fix esp modify function attribute (bsc#1103990 ). - net/mlx5: IPsec, fix memory leak at mlx5_fpga_ipsec_delete_sa_ctx (bsc#1103990). - net/mlx5: Update the list of the PCI supported devices (bsc#1127611). - net/mlxfw: Verify FSM error code translation does not exceed array size (bsc#1051858). - net: mvneta: move rx_dropped and rx_errors in per-cpu stats (networking-stable-20_02_09). - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL (bsc#1051510). - net: nfc: fix bounds checking bugs on 'pipe' (bsc#1051510). - net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers (bsc#1051510). - net: phy: restore mdio regs in the iproc mdio driver (networking-stable-20_03_01). - net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link() (networking-stable-20_01_27). - net: sched: correct flower port blocking (git-fixes). - net_sched: ematch: reject invalid TCF_EM_SIMPLE (networking-stable-20_01_30). - net_sched: fix an OOB access in cls_tcindex (networking-stable-20_02_05). - net_sched: fix a resource leak in tcindex_set_parms() (networking-stable-20_02_09). - net_sched: fix datalen for ematch (networking-stable-20_01_27). - net/sched: flower: add missing validation of TCA_FLOWER_FLAGS (networking-stable-20_02_19). - net_sched: keep alloc_hash updated after hash allocation (git-fixes). - net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS (networking-stable-20_02_19). - net: sch_prio: When ungrafting, replace with FIFO (networking-stable-20_01_11). - net/smc: add fallback check to connect() (git-fixes). - net/smc: fix cleanup for linkgroup setup failures (git-fixes). - net/smc: fix leak of kernel memory to user space (networking-stable-20_02_19). - net/smc: no peer ID in CLC decline for SMCD (git-fixes). - net/smc: transfer fasync_list in case of fallback (git-fixes). - net: stmmac: Delete txtimer in suspend() (networking-stable-20_02_05). - net: stmmac: dwmac-sunxi: Allow all RGMII modes (networking-stable-20_01_11). - net-sysfs: Fix reference count leak (networking-stable-20_01_27). - net: systemport: Avoid RBUF stuck in Wake-on-LAN mode (networking-stable-20_02_09). - net/tls: fix async operation (bsc#1109837). - net/tls: free the record on encryption error (bsc#1109837). - net/tls: take into account that bpf_exec_tx_verdict() may free the record (bsc#1109837). - net: usb: lan78xx: Add .ndo_features_check (networking-stable-20_01_27). - net: usb: lan78xx: fix possible skb leak (networking-stable-20_01_11). - net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info (networking-stable-20_01_20). - NFC: fdp: Fix a signedness bug in fdp_nci_send_patch() (bsc#1051510). - NFC: pn544: Fix a typo in a debug message (bsc#1051510). - nfc: pn544: Fix occasional HW initialization failure (networking-stable-20_03_01). - NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu() (bsc#1051510). - NFS: send state management on a single connection (bsc#1167005). - nvme: fix a possible deadlock when passthru commands sent to a multipath device (bsc#1158983). - nvme: fix controller removal race with scan work (bsc#1158983). - nvme: Fix parsing of ANA log page (bsc#1166658). - nvme-multipath: also check for a disabled path if there is a single sibling (bsc#1158983). - nvme-multipath: do not select namespaces which are about to be removed (bsc#1158983). - nvme-multipath: factor out a nvme_path_is_disabled helper (bsc#1158983). - nvme-multipath: fix crash in nvme_mpath_clear_ctrl_paths (bsc#1158983). - nvme-multipath: fix possible io hang after ctrl reconnect (bsc#1158983). - nvme-multipath: fix possible I/O hang when paths are updated (bsc#1158983). - nvme-multipath: remove unused groups_only mode in ana log (bsc#1158983). - nvme-multipath: round-robin I/O policy (bsc#1158983). - nvme: resync include/linux/nvme.h with nvmecli (bsc#1156510). - nvme: Translate more status codes to blk_status_t (bsc#1156510). - objtool: Add is_static_jump() helper (bsc#1169514). - objtool: Add relocation check for alternative sections (bsc#1169514). - OMAP: DSS2: remove non-zero check on variable r (bsc#1114279) - orinoco: avoid assertion in case of NULL pointer (bsc#1051510). - padata: always acquire cpu_hotplug_lock before pinst->lock (git-fixes). - partitions/efi: Fix partition name parsing in GUID partition entry (bsc#1168763). - PCI/AER: Clear device status bits during ERR_COR handling (bsc#1161561). - PCI/AER: Clear device status bits during ERR_FATAL and ERR_NONFATAL (bsc#1161561). - PCI/AER: Clear only ERR_FATAL status bits during fatal recovery (bsc#1161561). - PCI/AER: Clear only ERR_NONFATAL bits during non-fatal recovery (bsc#1161561). - PCI/AER: Do not clear AER bits if error handling is Firmware-First (bsc#1161561). - PCI/AER: Do not read upstream ports below fatal errors (bsc#1161561). - PCI/AER: Factor message prefixes with dev_fmt() (bsc#1161561). - PCI/AER: Factor out ERR_NONFATAL status bit clearing (bsc#1161561). - PCI/AER: Log which device prevents error recovery (bsc#1161561). - PCI/AER: Remove ERR_FATAL code from ERR_NONFATAL path (bsc#1161561). - PCI/AER: Take reference on error devices (bsc#1161561). - PCI/ASPM: Clear the correct bits when enabling L1 substates (bsc#1051510). - PCI: endpoint: Fix clearing start entry in configfs (bsc#1051510). - PCI/ERR: Always report current recovery status for udev (bsc#1161561). - PCI/ERR: Handle fatal error recovery (bsc#1161561). - PCI/ERR: Remove duplicated include from err.c (bsc#1161561). - PCI/ERR: Run error recovery callbacks for all affected devices (bsc#1161561). - PCI/ERR: Simplify broadcast callouts (bsc#1161561). - PCI/ERR: Use slot reset if available (bsc#1161561). - PCI/IOV: Fix memory leak in pci_iov_add_virtfn() (git-fixes). - PCI: pciehp: Fix MSI interrupt race (bsc#1159037). - PCI: portdrv: Initialize service drivers directly (bsc#1161561). - PCI/portdrv: Remove pcie_port_bus_type link order dependency (bsc#1161561). - PCI: Simplify disconnected marking (bsc#1161561). - PCI/switchtec: Fix init_completion race condition with poll_wait() (bsc#1051510). - PCI: Unify device inaccessible (bsc#1161561). - perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag (bsc#1114279). - perf: qcom_l2: fix column exclusion check (git-fixes). - pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins (bsc#1051510). - pinctrl: core: Remove extra kref_get which blocks hogs being freed (bsc#1051510). - pinctrl: imx: scu: Align imx sc msg structs to 4 (git-fixes). - pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs (bsc#1051510). - pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs (bsc#1051510). - pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM (networking-stable-20_01_11). - platform/mellanox: fix potential deadlock in the tmfifo driver (bsc#1136333 jsc#SLE-4994). - platform/x86: pmc_atom: Add Lex 2I385SW to critclk_systems DMI table (bsc#1051510). - PM: core: Fix handling of devices deleted during system-wide resume (git-fixes). - powerpc/64: mark start_here_multiplatform as __ref (bsc#1148868). - powerpc/64s: Fix section mismatch warnings from boot code (bsc#1148868). - powerpc/64/tm: Do not let userspace set regs->trap via sigreturn (bsc#1118338 ltc#173734). - powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems (bsc#1056686). - powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE entries (bsc#1065729). - powerpc/kprobes: Ignore traps that happened in real mode (bsc#1065729). - powerpc/mm: Fix section mismatch warning in stop_machine_change_mapping() (bsc#1148868). - powerpc/pseries: Avoid NULL pointer dereference when drmem is unavailable (bsc#1160659). - powerpc/pseries/ddw: Extend upper limit for huge DMA window for persistent memory (bsc#1142685 ltc#179509). - powerpc/pseries: fix of_read_drc_info_cell() to point at next record (bsc#1165980 ltc#183834). - powerpc/pseries: group lmb operation and memblock's (bsc#1165404 ltc#183498). - powerpc/pseries/iommu: Fix set but not used values (bsc#1142685 ltc#179509). - powerpc/pseries/iommu: Use memory@ nodes in max RAM address calculation (bsc#1142685 ltc#179509). - powerpc/pseries/memory-hotplug: Only update DT once per memory DLPAR request (bsc#1165404 ltc#183498). - powerpc/pseries: update device tree before ejecting hotplug uevents (bsc#1165404 ltc#183498). - powerpc/smp: Use nid as fallback for package_id (bsc#1165813 ltc#184091). - powerpc/vmlinux.lds: Explicitly retain .gnu.hash (bsc#1148868). - powerpc/xive: Replace msleep(x) with msleep(OPAL_BUSY_DELAY_MS) (bsc#1085030). - powerpc/xive: Use XIVE_BAD_IRQ instead of zero to catch non configured IPIs (bsc#1085030). - ptr_ring: add include of linux/mm.h (bsc#1109837). - pwm: bcm2835: Dynamically allocate base (bsc#1051510). - pwm: meson: Fix confusing indentation (bsc#1051510). - pwm: pca9685: Fix PWM/GPIO inter-operation (bsc#1051510). - pwm: rcar: Fix late Runtime PM enablement (bsc#1051510). - pwm: renesas-tpu: Fix late Runtime PM enablement (bsc#1051510). - pxa168fb: fix release function mismatch in probe failure (bsc#1051510). - qede: Fix race between rdma destroy workqueue and link change event (networking-stable-20_03_01). - qmi_wwan: re-add DW5821e pre-production variant (bsc#1051510). - qmi_wwan: unconditionally reject 2 ep interfaces (bsc#1051510). - raid10: refactor common wait code from regular read/write request (bsc#1166003). - raid1: factor out a common routine to handle the completion of sync write (bsc#1166003). - raid1: simplify raid1_error function (bsc#1166003). - raid1: use an int as the return value of raise_barrier() (bsc#1166003). - raid5: block failing device if raid will be failed (bsc#1166003). - raid5: do not increment read_errors on EILSEQ return (bsc#1166003). - raid5: do not set STRIPE_HANDLE to stripe which is in batch list (bsc#1166003). - raid5 improve too many read errors msg by adding limits (bsc#1166003). - raid5: need to set STRIPE_HANDLE for batch head (bsc#1166003). - raid5: remove STRIPE_OPS_REQ_PENDING (bsc#1166003). - raid5: set write hint for PPL (bsc#1166003). - raid5: use bio_end_sector in r5_next_bio (bsc#1166003). - raid6/test: fix a compilation error (bsc#1166003). - raid6/test: fix a compilation warning (bsc#1166003). - RDMA/cma: Fix unbalanced cm_id reference count during address resolve (bsc#1103992). - RDMA/hfi1: Fix memory leak in _dev_comp_vect_mappings_create (bsc#1114685). - RDMA/uverbs: Verify MR access flags (bsc#1103992). - remoteproc: Initialize rproc_class before use (bsc#1051510). - rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer (git-fixes). - rtlwifi: rtl_pci: Fix -Wcast-function-type (bsc#1051510). - rxrpc: Fix insufficient receive notification generation (networking-stable-20_02_05). - s390/cio: avoid duplicated 'ADD' uevents (git-fixes). - s390/cio: generate delayed uevent for vfio-ccw subchannels (git-fixes). - s390/cpuinfo: fix wrong output when CPU0 is offline (git-fixes). - s390/diag: fix display of diagnose call statistics (git-fixes). - s390/gmap: return proper error code on ksm unsharing (git-fixes). - s390/mm: fix dynamic pagetable upgrade for hugetlbfs (bsc#1165182 LTC#184102). - s390/pci: Fix unexpected write combine on resource (git-fixes). - s390/qeth: cancel RX reclaim work earlier (git-fixes). - s390/qeth: do not return -ENOTSUPP to userspace (git-fixes). - s390/qeth: do not warn for napi with 0 budget (git-fixes). - s390/qeth: fix off-by-one in RX copybreak check (git-fixes). - s390/qeth: fix potential deadlock on workqueue flush (bsc#1165185 LTC#184108). - s390/qeth: fix promiscuous mode after reset (git-fixes). - s390/qeth: fix qdio teardown after early init error (git-fixes). - s390/qeth: handle error due to unsupported transport mode (git-fixes). - s390/qeth: handle error when backing RX buffer (git-fixes). - s390/qeth: lock the card while changing its hsuid (git-fixes). - s390/qeth: support net namespaces for L3 devices (git-fixes). - s390/time: Fix clk type in get_tod_clock (git-fixes). - s390/uv: Fix handling of length extensions (git-fixes). - scsi: core: avoid repetitive logging of device offline messages (bsc#1145929). - scsi: core: kABI fix offline_already (bsc#1145929). - scsi: fc: Update Descriptor definition and add RDF and Link Integrity FPINs (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: fnic: do not queue commands during fwreset (bsc#1146539). - scsi: ibmvfc: Add failed PRLI to cmd_status lookup array (bsc#1161951 ltc#183551). - scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (bsc#1161951 ltc#183551). - scsi: ibmvfc: Byte swap status and error codes when logging (bsc#1161951 ltc#183551). - scsi: ibmvfc: Clean up transport events (bsc#1161951 ltc#183551). - scsi: ibmvfc: constify dev_pm_ops structures (bsc#1161951 ltc#183551). - scsi: ibmvfc: Do not call fc_block_scsi_eh() on host reset (bsc#1161951 ltc#183551). - scsi: ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551). - scsi: ibmvfc: ibmvscsi: ibmvscsi_tgt: constify vio_device_id (bsc#1161951 ltc#183551). - scsi: ibmvfc: Mark expected switch fall-throughs (bsc#1161951 ltc#183551). - scsi: ibmvfc: Remove 'failed' from logged errors (bsc#1161951 ltc#183551). - scsi: ibmvfc: Remove unneeded semicolons (bsc#1161951 ltc#183551). - scsi: ibmvscsi: change strncpy+truncation to strlcpy (bsc#1161951 ltc#183551). - scsi: ibmvscsi: constify dev_pm_ops structures (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Do not use rc uninitialized in ibmvscsi_do_work (bsc#1161951 ltc#183551). - scsi: ibmvscsi: fix tripping of blk_mq_run_hw_queue WARN_ON (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Improve strings handling (bsc#1161951 ltc#183551). - scsi: ibmvscsi: redo driver work thread to use enum action states (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Wire up host_reset() in the driver's scsi_host_template (bsc#1161951 ltc#183551). - scsi: lpfc: add RDF registration and Link Integrity FPIN logging (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Change default SCSI LUN QD to 64 (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Clean up hba max_lun_queue_depth checks (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Copyright updates for 12.6.0.4 patches (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix broken Credit Recovery after driver load (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix compiler warning on frame size (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix coverity errors in fmdi attribute handling (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix crash after handling a pci error (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix disablement of FC-AL on lpe35000 models (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix driver nvme rescan logging (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix erroneous cpu limit of 128 on I/O statistics (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix Fabric hostname registration if system hostname changes (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix improper flag check for IO type (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix incomplete NVME discovery when target (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix lockdep error - register non-static key (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix lpfc_io_buf resource leak in lpfc_get_scsi_buf_s4 error path (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix lpfc overwrite of sg_cnt field in nvmefc_tgt_fcp_req (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix MDS Latency Diagnostics Err-drop rates (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix missing check for CSF in Write Object Mbox Rsp (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix ras_log via debugfs (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix registration of ELS type support in fdmi (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix release of hwq to clear the eq relationship (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix: Rework setting of fdmi symbolic node name registration (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix RQ buffer leakage when no IOCBs available (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix scsi host template for SLI3 vports (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: fix spelling mistake 'Notication' -> 'Notification' (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: fix spelling mistakes of asynchronous (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix unmap of dpp bars affecting next driver load (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix update of wq consumer index in lpfc_sli4_wq_release (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Make debugfs ktime stats generic for NVME and SCSI (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Make lpfc_defer_acc_rsp static (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Remove handler for obsolete ELS - Read Port Status (RPS) (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Remove prototype FIPS/DSS options from SLI-3 (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Update lpfc version to 12.6.0.3 (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Update lpfc version to 12.6.0.4 (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Update lpfc version to 12.8.0.0 (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: qla2xxx: Add 16.0GT for PCI String (bsc#1157424). - scsi: qla2xxx: Add beacon LED config sysfs interface (bsc#1157424). - scsi: qla2xxx: Add changes in preparation for vendor extended FDMI/RDP (bsc#1157424). - scsi: qla2xxx: Add deferred queue for processing ABTS and RDP (bsc#1157424). - scsi: qla2xxx: Add endianizer macro calls to fc host stats (bsc#1157424). - scsi: qla2xxx: Add fixes for mailbox command (bsc#1157424). - scsi: qla2xxx: add more FW debug information (bsc#1157424). - scsi: qla2xxx: Add ql2xrdpenable module parameter for RDP (bsc#1157424). - scsi: qla2xxx: Add sysfs node for D-Port Diagnostics AEN data (bsc#1157424). - scsi: qla2xxx: Add vendor extended FDMI commands (bsc#1157424). - scsi: qla2xxx: Add vendor extended RDP additions and amendments (bsc#1157424). - scsi: qla2xxx: Avoid setting firmware options twice in 24xx_update_fw_options (bsc#1157424). - scsi: qla2xxx: Check locking assumptions at runtime in qla2x00_abort_srb() (bsc#1157424). - scsi: qla2xxx: Cleanup ELS/PUREX iocb fields (bsc#1157424). - scsi: qla2xxx: Convert MAKE_HANDLE() from a define into an inline function (bsc#1157424). - scsi: qla2xxx: Correction to selection of loopback/echo test (bsc#1157424). - scsi: qla2xxx: Display message for FCE enabled (bsc#1157424). - scsi: qla2xxx: Fix control flags for login/logout IOCB (bsc#1157424). - scsi: qla2xxx: Fix FCP-SCSI FC4 flag passing error (bsc#1157424). - scsi: qla2xxx: fix FW resource count values (bsc#1157424). - scsi: qla2xxx: Fix I/Os being passed down when FC device is being deleted (bsc#1157424). - scsi: qla2xxx: Fix NPIV instantiation after FW dump (bsc#1157424). - scsi: qla2xxx: Fix qla2x00_echo_test() based on ISP type (bsc#1157424). - scsi: qla2xxx: Fix RDP respond data format (bsc#1157424). - scsi: qla2xxx: Fix RDP response size (bsc#1157424). - scsi: qla2xxx: Fix sparse warning reported by kbuild bot (bsc#1157424). - scsi: qla2xxx: Fix sparse warnings triggered by the PCI state checking code (bsc#1157424). - scsi: qla2xxx: Force semaphore on flash validation failure (bsc#1157424). - scsi: qla2xxx: Handle cases for limiting RDP response payload length (bsc#1157424). - scsi: qla2xxx: Handle NVME status iocb correctly (bsc#1157424). - scsi: qla2xxx: Improved secure flash support messages (bsc#1157424). - scsi: qla2xxx: Move free of fcport out of interrupt context (bsc#1157424). - scsi: qla2xxx: Print portname for logging in qla24xx_logio_entry() (bsc#1157424). - scsi: qla2xxx: Remove restriction of FC T10-PI and FC-NVMe (bsc#1157424). - scsi: qla2xxx: Return appropriate failure through BSG Interface (bsc#1157424). - scsi: qla2xxx: Save rscn_gen for new fcport (bsc#1157424). - scsi: qla2xxx: Serialize fc_port alloc in N2N (bsc#1157424). - scsi: qla2xxx: Set Nport ID for N2N (bsc#1157424). - scsi: qla2xxx: Show correct port speed capabilities for RDP command (bsc#1157424). - scsi: qla2xxx: Simplify the code for aborting SCSI commands (bsc#1157424). - scsi: qla2xxx: Suppress endianness complaints in qla2x00_configure_local_loop() (bsc#1157424). - scsi: qla2xxx: Update BPM enablement semantics (bsc#1157424). - scsi: qla2xxx: Update driver version to 10.01.00.24-k (bsc#1157424). - scsi: qla2xxx: Update driver version to 10.01.00.25-k (bsc#1157424). - scsi: qla2xxx: Use a dedicated interrupt handler for 'handshake-required' ISPs (bsc#1157424). - scsi: qla2xxx: Use correct ISP28xx active FW region (bsc#1157424). - scsi: qla2xxx: Use endian macros to assign static fields in fwdump header (bsc#1157424). - scsi: qla2xxx: Use FC generic update firmware options routine for ISP27xx (bsc#1157424). - scsi: qla2xxx: Use QLA_FW_STOPPED macro to propagate flag (bsc#1157424). - scsi: tcm_qla2xxx: Make qlt_alloc_qfull_cmd() set cmd->se_cmd.map_tag (bsc#1157424). - scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point (git-fixes). - sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY (networking-stable-20_01_11). - sctp: move the format error check out of __sctp_sf_do_9_1_abort (networking-stable-20_03_01). - serdev: ttyport: restore client ops on deregistration (bsc#1051510). - smb3: add debug messages for closing unmatched open (bsc#1144333). - smb3: Add defines for new information level, FileIdInformation (bsc#1144333). - smb3: add dynamic tracepoints for flush and close (bsc#1144333). - smb3: add missing flag definitions (bsc#1144333). - smb3: Add missing reparse tags (bsc#1144333). - smb3: add missing worker function for SMB3 change notify (bsc#1144333). - smb3: add mount option to allow forced caching of read only share (bsc#1144333). - smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1144333). - smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1144333). - smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1144333). - smb3: allow decryption keys to be dumped by admin for debugging (bsc#1144333). - smb3: allow disabling requesting leases (bsc#1144333). - smb3: allow parallelizing decryption of reads (bsc#1144333). - smb3: allow skipping signature verification for perf sensitive configurations (bsc#1144333). - SMB3: Backup intent flag missing from some more ops (bsc#1144333). - smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1144333). - smb3: display max smb3 requests in flight at any one time (bsc#1144333). - smb3: dump in_send and num_waiters stats counters by default (bsc#1144333). - smb3: enable offload of decryption of large reads via mount option (bsc#1144333). - smb3: fix default permissions on new files when mounting with modefromsid (bsc#1144333). - smb3: fix mode passed in on create for modetosid mount option (bsc#1144333). - smb3: fix performance regression with setting mtime (bsc#1144333). - smb3: fix potential null dereference in decrypt offload (bsc#1144333). - smb3: fix problem with null cifs super block with previous patch (bsc#1144333). - smb3: Fix regression in time handling (bsc#1144333). - smb3: improve check for when we send the security descriptor context on create (bsc#1144333). - smb3: log warning if CSC policy conflicts with cache mount option (bsc#1144333). - smb3: missing ACL related flags (bsc#1144333). - smb3: only offload decryption of read responses if multiple requests (bsc#1144333). - smb3: pass mode bits into create calls (bsc#1144333). - smb3: print warning once if posix context returned on open (bsc#1144333). - smb3: query attributes on file close (bsc#1144333). - smb3: remove noisy debug message and minor cleanup (bsc#1144333). - smb3: remove unused flag passed into close functions (bsc#1144333). - staging: ccree: use signal safe completion wait (git-fixes). - staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table (bsc#1051510). - staging: rtl8188eu: Fix potential overuse of kernel memory (bsc#1051510). - staging: rtl8188eu: Fix potential security hole (bsc#1051510). - staging: rtl8723bs: Fix potential overuse of kernel memory (bsc#1051510). - staging: rtl8723bs: Fix potential security hole (bsc#1051510). - staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi (bsc#1051510). - staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb (bsc#1051510). - staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback (bsc#1051510). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202). - SUNRPC: Fix svcauth_gss_proxy_init() (bsc#1103992). - swiotlb: do not panic on mapping failures (bsc#1162171). - swiotlb: remove the overflow buffer (bsc#1162171). - tcp_bbr: improve arithmetic division in bbr_update_bw() (networking-stable-20_01_27). - tcp: clear tp->data_segs{in|out} in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->delivered in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->segs_{in|out} in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->total_retrans in tcp_disconnect() (networking-stable-20_02_05). - tcp: fix marked lost packets not being retransmitted (networking-stable-20_01_20). - tcp: fix 'old stuff' D-SACK causing SACK to be treated as D-SACK (networking-stable-20_01_11). - thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n (bsc#1051510). - thunderbolt: Prevent crash if non-active NVMem file is read (git-fixes). - tick: broadcast-hrtimer: Fix a race in bc_set_next (bsc#1044231). - tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure (git-fixes). - tools: Update include/uapi/linux/fcntl.h copy from the kernel (bsc#1166003). - tpm: ibmvtpm: Wait for buffer to be set before proceeding (bsc#1065729). - tty: evh_bytechan: Fix out of bounds accesses (bsc#1051510). - ttyprintk: fix a potential deadlock in interrupt context issue (git-fixes). - tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode (bsc#1051510). - tty: serial: imx: setup the correct sg entry for tx dma (bsc#1051510). - tun: add mutex_unlock() call and napi.skb clearing in tun_get_user() (bsc#1109837). - USB: audio-v2: Add uac2_effect_unit_descriptor definition (bsc#1051510). - USB: cdc-acm: fix rounding error in TIOCSSERIAL (git-fixes). - USB: core: add endpoint-blacklist quirk (git-fixes). - USB: core: hub: do error out if usb_autopm_get_interface() fails (git-fixes). - USB: core: port: do error out if usb_autopm_get_interface() fails (git-fixes). - USB: Disable LPM on WD19's Realtek Hub (git-fixes). - USB: dwc2: Fix in ISOC request length checking (git-fixes). - USB: Fix novation SourceControl XL after suspend (git-fixes). - USB: gadget: composite: Fix bMaxPower for SuperSpeedPlus (git-fixes). - USB: gadget: f_fs: Fix use after free issue as part of queue failure (bsc#1051510). - USB: host: xhci-plat: add a shutdown (git-fixes). - USB: host: xhci: update event ring dequeue pointer on purpose (git-fixes). - USB: hub: Do not record a connect-change event during reset-resume (git-fixes). - usbip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit() (git-fixes). - USB: misc: iowarrior: add support for 2 OEMed devices (git-fixes). - USB: misc: iowarrior: add support for the 100 device (git-fixes). - USB: misc: iowarrior: add support for the 28 and 28L devices (git-fixes). - USB: musb: Disable pullup at init (git-fixes). - USB: musb: fix crash with highmen PIO and usbmon (bsc#1051510). - USB: quirks: add NO_LPM quirk for Logitech Screen Share (git-fixes). - USB: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters (git-fixes). - USB: quirks: blacklist duplicate ep on Sound Devices USBPre2 (git-fixes). - USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback (bsc#1051510). - USB: serial: option: add ME910G1 ECM composition 0x110b (git-fixes). - USB: serial: pl2303: add device-id for HP LD381 (git-fixes). - USB: storage: Add quirk for Samsung Fit flash (git-fixes). - USB: uas: fix a plug & unplug racing (git-fixes). - USB: xhci: apply XHCI_SUSPEND_DELAY to AMD XHCI controller 1022:145c (git-fixes). - uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507) - vgacon: Fix a UAF in vgacon_invert_region (bsc#1114279) - virtio-blk: fix hw_queue stopped on arbitrary error (git-fixes). - virtio-blk: improve virtqueue error to BLK_STS (bsc#1167627). - virtio_ring: fix unmap of indirect descriptors (bsc#1162171). - vlan: fix memory leak in vlan_dev_set_egress_priority (networking-stable-20_01_11). - vlan: vlan_changelink() should propagate errors (networking-stable-20_01_11). - vxlan: fix tos value before xmit (networking-stable-20_01_11). - x86/cpu/amd: Enable the fixed Instructions Retired counter IRPERF (bsc#1114279). - x86/ioremap: Add an ioremap_encrypted() helper (bsc#1141895). - x86/kdump: Export the SME mask to vmcoreinfo (bsc#1141895). - x86/mce/amd: Fix kobject lifetime (bsc#1114279). - x86/mce/amd: Publish the bank pointer only after setup has succeeded (bsc#1114279). - x86/mce: Fix logic and comments around MSR_PPIN_CTL (bsc#1114279). - x86/mm: Split vmalloc_sync_all() (bsc#1165741). - x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes (bsc#1114279). - x86/xen: fix booting 32-bit pv guest (bsc#1071995). - x86/xen: Make the boot CPU idle task reliable (bsc#1071995). - x86/xen: Make the secondary CPU idle tasks reliable (bsc#1071995). - xen/blkfront: fix memory allocation flags in blkfront_setup_indirect() (bsc#1168486). - xfs: also remove cached ACLs when removing the underlying attr (bsc#1165873). - xfs: bulkstat should copy lastip whenever userspace supplies one (bsc#1165984). - xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms (git-fixes). - xhci: Do not open code __print_symbolic() in xhci trace events (git-fixes). - xhci: fix runtime pm enabling for quirky Intel hosts (bsc#1051510). - xhci: Force Maximum Packet size for Full-speed bulk devices to valid range (bsc#1051510). ----------------------------------------- Patch: SUSE-2020-1094 Released: Thu Apr 23 16:34:21 2020 Summary: Recommended update for python-google-api-python-client Severity: moderate References: 1088358,1160933 Description: This update for python-google-api-python-client fixes the following issues: - Fix dependencies to use google-auth instead of deprecated oauth2client (bsc#1160933, jsc#ECO-1148) python-cachetools 2.0.1 is shipped to the Public Cloud Module. python-google-auth 1.5.1 is shipped to the Public Cloud Module. python-google-api-python-client was updated to: - Upgrade to 1.7.4: just series of minor bugfixes - Fix check for error text on Python 3.7. (#278) - Use new Auth URIs. (#281) - Add code-of-conduct document. (#270) - Fix some typos in test_urllib3.py (#268) - Warn when using user credentials from the Cloud SDK (#266) - Add compute engine-based IDTokenCredentials (#236) - Corrected some typos (#265) Update to 1.4.2: - Raise a helpful exception when trying to refresh credentials without a refresh token. (#262) - Fix links to README and CONTRIBUTING in docs/index.rst. (#260) - Fix a typo in credentials.py. (#256) - Use pytest instead of py.test per upstream recommendation, #dropthedot. (#255) - Fix typo on exemple of jwt usage (#245) New upstream release 1.4.1 (bsc#1088358) - Added a check for the cryptography version before attempting to use it. + From version 1.4.0 - Added `cryptography`-based RSA signer and verifier. - Added `google.oauth2.service_account.IDTokenCredentials`. - Improved documentation around ID Tokens + From version 1.3.0 - Added ``google.oauth2.credentials.Credentials.from_authorized_user_file``. - Dropped direct pyasn1 dependency in favor of letting ``pyasn1-modules`` specify the right version. - ``default()`` now checks for the project ID environment var before warning about missing project ID. - Fixed the docstrings for ``has_scopes()`` and ``with_scopes()``. - Fixed example in docstring for ``ReadOnlyScoped``. - Made ``transport.requests`` use timeouts and retries to improve reliability. ----------------------------------------- Patch: SUSE-2020-1096 Released: Thu Apr 23 16:35:05 2020 Summary: Recommended update for google-compute-engine Severity: moderate References: 1167810 Description: This update for google-compute-engine fixes the following issues: - Rename the sysctl file that applies the GCE network settings, so it is run after the default config and adjusts net.ipv4.conf.all.rp_filter correctly. (bsc#1167810) ----------------------------------------- Patch: SUSE-2020-1097 Released: Thu Apr 23 21:12:03 2020 Summary: Recommended update for python3-azuremetadata Severity: moderate References: 1169921 Description: This update for python3-azuremetadata fixes the following issues: - Use lsblk for root device detection (bsc#1169921) ----------------------------------------- Patch: SUSE-2020-1112 Released: Fri Apr 24 16:44:20 2020 Summary: Recommended update for suse-build-key Severity: moderate References: 1170347 Description: This update for suse-build-key fixes the following issues: - add a /usr/share/container-keys/ directory for GPG based Container verification. - Add the SUSE build key as 'suse-container-key.asc'. (PM-1845 bsc#1170347) ----------------------------------------- Patch: SUSE-2020-1121 Released: Tue Apr 28 07:15:43 2020 Summary: Security update for git Severity: moderate References: 1063412,1095218,1095219,1110949,1112230,1114225,1132350,1149792,1156651,1158785,1158787,1158788,1158789,1158790,1158791,1158792,1158793,1158795,1167890,1168930,1169605,1169786,1169936,CVE-2017-15298,CVE-2018-11233,CVE-2018-11235,CVE-2018-17456,CVE-2019-1348,CVE-2019-1349,CVE-2019-1350,CVE-2019-1351,CVE-2019-1352,CVE-2019-1353,CVE-2019-1354,CVE-2019-1387,CVE-2019-19604,CVE-2020-11008,CVE-2020-5260 Description: This update for git fixes the following issues: Security issues fixed: * CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted (bsc#1169936) git was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792) - Fix git-daemon not starting after conversion from sysvinit to systemd service (bsc#1169605). * CVE-2020-5260: Specially crafted URLs with newline characters could have been used to make the Git client to send credential information for a wrong host to the attacker's site bsc#1168930 git 2.26.0 (bsc#1167890, jsc#SLE-11608): * 'git rebase' now uses a different backend that is based on the 'merge' machinery by default. The 'rebase.backend' configuration variable reverts to old behaviour when set to 'apply' * Improved handling of sparse checkouts * Improvements to many commands and internal features git 2.25.2: * bug fixes to various subcommands in specific operations git 2.25.1: * 'git commit' now honors advise.statusHints * various updates, bug fixes and documentation updates git 2.25.0 * The branch description ('git branch --edit-description') has been used to fill the body of the cover letters by the format-patch command; this has been enhanced so that the subject can also be filled. * A few commands learned to take the pathspec from the standard input or a named file, instead of taking it as the command line arguments, with the '--pathspec-from-file' option. * Test updates to prepare for SHA-2 transition continues. * Redo 'git name-rev' to avoid recursive calls. * When all files from some subdirectory were renamed to the root directory, the directory rename heuristics would fail to detect that as a rename/merge of the subdirectory to the root directory, which has been corrected. * HTTP transport had possible allocator/deallocator mismatch, which has been corrected. git 2.24.1: * CVE-2019-1348: The --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785) * CVE-2019-1349: on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787) * CVE-2019-1350: Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788) * CVE-2019-1351: on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789) * CVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790) * CVE-2019-1353: when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791) * CVE-2019-1354: on Windows refuses to write tracked files with filenames that contain backslashes (bsc#1158792) * CVE-2019-1387: Recursive clones vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793) * CVE-2019-19604: a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795) git 2.24.0 * The command line parser learned '--end-of-options' notation. * A mechanism to affect the default setting for a (related) group of configuration variables is introduced. * 'git fetch' learned '--set-upstream' option to help those who first clone from their private fork they intend to push to, add the true upstream via 'git remote add' and then 'git fetch' from it. * fixes and improvements to UI, workflow and features, bash completion fixes git 2.23.0: * The '--base' option of 'format-patch' computed the patch-ids for prerequisite patches in an unstable way, which has been updated to compute in a way that is compatible with 'git patch-id --stable'. * The 'git log' command by default behaves as if the --mailmap option was given. * fixes and improvements to UI, workflow and features git 2.22.1 * A relative pathname given to 'git init --template= ' ought to be relative to the directory 'git init' gets invoked in, but it instead was made relative to the repository, which has been corrected. * 'git worktree add' used to fail when another worktree connected to the same repository was corrupt, which has been corrected. * 'git am -i --resolved' segfaulted after trying to see a commit as if it were a tree, which has been corrected. * 'git merge --squash' is designed to update the working tree and the index without creating the commit, and this cannot be countermanded by adding the '--commit' option; the command now refuses to work when both options are given. * Update to Unicode 12.1 width table. * 'git request-pull' learned to warn when the ref we ask them to pull from in the local repository and in the published repository are different. * 'git fetch' into a lazy clone forgot to fetch base objects that are necessary to complete delta in a thin packfile, which has been corrected. * The URL decoding code has been updated to avoid going past the end of the string while parsing %-- sequence. * 'git clean' silently skipped a path when it cannot lstat() it; now it gives a warning. * 'git rm' to resolve a conflicted path leaked an internal message 'needs merge' before actually removing the path, which was confusing. This has been corrected. * Many more bugfixes and code cleanups. - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld. - partial fix for git instaweb giving 500 error (bsc#1112230) git 2.22.0 * The filter specification '--filter=sparse:path=' used to create a lazy/partial clone has been removed. Using a blob that is part of the project as sparse specification is still supported with the '--filter=sparse:oid=' option * 'git checkout --no-overlay' can be used to trigger a new mode of checking out paths out of the tree-ish, that allows paths that match the pathspec that are in the current index and working tree and are not in the tree-ish. * Four new configuration variables {author,committer}.{name,email} have been introduced to override user.{name,email} in more specific cases. * 'git branch' learned a new subcommand '--show-current'. * The command line completion (in contrib/) has been taught to complete more subcommand parameters. * The completion helper code now pays attention to repository-local configuration (when available), which allows --list-cmds to honour a repository specific setting of completion.commands, for example. * The list of conflicted paths shown in the editor while concluding a conflicted merge was shown above the scissors line when the clean-up mode is set to 'scissors', even though it was commented out just like the list of updated paths and other information to help the user explain the merge better. * 'git rebase' that was reimplemented in C did not set ORIG_HEAD correctly, which has been corrected. * 'git worktree add' used to do a 'find an available name with stat and then mkdir', which is race-prone. This has been fixed by using mkdir and reacting to EEXIST in a loop. - Move to DocBook 5.x. Asciidoctor 2.x no longer supports the legacy DocBook 4.5 format. - update git-web AppArmor profile for bash and tar usrMerge (bsc#1132350) git 2.21.0 * Historically, the '-m' (mainline) option can only be used for 'git cherry-pick' and 'git revert' when working with a merge commit. This version of Git no longer warns or errors out when working with a single-parent commit, as long as the argument to the '-m' option is 1 (i.e. it has only one parent, and the request is to pick or revert relative to that first parent). Scripts that relied on the behaviour may get broken with this change. * Small fixes and features for fast-export and fast-import. * The 'http.version' configuration variable can be used with recent enough versions of cURL library to force the version of HTTP used to talk when fetching and pushing. * 'git push $there $src:$dst' rejects when $dst is not a fully qualified refname and it is not clear what the end user meant. * Update 'git multimail' from the upstream. * A new date format '--date=human' that morphs its output depending on how far the time is from the current time has been introduced. '--date=auto:human' can be used to use this new format (or any existing format) when the output is going to the pager or to the terminal, and otherwise the default format. - Fix worktree creation race (bsc#1114225). - add shadow build dependency to the -daemon subpackage. git 2.20.1: * portability fixes * 'git help -a' did not work well when an overly long alias was defined * no longer squelched an error message when the run_command API failed to run a missing command git 2.20.0 * 'git help -a' now gives verbose output (same as 'git help -av'). Those who want the old output may say 'git help --no-verbose -a'.. * 'git send-email' learned to grab address-looking string on any trailer whose name ends with '-by'. * 'git format-patch' learned new '--interdiff' and '--range-diff' options to explain the difference between this version and the previous attempt in the cover letter (or after the three-dashes as a comment). * Developer builds now use -Wunused-function compilation option. * Fix a bug in which the same path could be registered under multiple worktree entries if the path was missing (for instance, was removed manually). Also, as a convenience, expand the number of cases in which --force is applicable. * The overly large Documentation/config.txt file have been split into million little pieces. This potentially allows each individual piece to be included into the manual page of the command it affects more easily. * Malformed or crafted data in packstream can make our code attempt to read or write past the allocated buffer and abort, instead of reporting an error, which has been fixed. * Fix for a long-standing bug that leaves the index file corrupt when it shrinks during a partial commit. * 'git merge' and 'git pull' that merges into an unborn branch used to completely ignore '--verify-signatures', which has been corrected. * ...and much more features and fixes git 2.19.2: * various bug fixes for multiple subcommands and operations git 2.19.1: * CVE-2018-17456: Specially crafted .gitmodules files may have allowed arbitrary code execution when the repository is cloned with --recurse-submodules (bsc#1110949) git 2.19.0: * 'git diff' compares the index and the working tree. For paths added with intent-to-add bit, the command shows the full contents of them as added, but the paths themselves were not marked as new files. They are now shown as new by default. * 'git apply' learned the '--intent-to-add' option so that an otherwise working-tree-only application of a patch will add new paths to the index marked with the 'intent-to-add' bit. * 'git grep' learned the '--column' option that gives not just the line number but the column number of the hit. * The '-l' option in 'git branch -l' is an unfortunate short-hand for '--create-reflog', but many users, both old and new, somehow expect it to be something else, perhaps '--list'. This step warns when '-l' is used as a short-hand for '--create-reflog' and warns about the future repurposing of the it when it is used. * The userdiff pattern for .php has been updated. * The content-transfer-encoding of the message 'git send-email' sends out by default was 8bit, which can cause trouble when there is an overlong line to bust RFC 5322/2822 limit. A new option 'auto' to automatically switch to quoted-printable when there is such a line in the payload has been introduced and is made the default. * 'git checkout' and 'git worktree add' learned to honor checkout.defaultRemote when auto-vivifying a local branch out of a remote tracking branch in a repository with multiple remotes that have tracking branches that share the same names. (merge 8d7b558bae ab/checkout-default-remote later to maint). * 'git grep' learned the '--only-matching' option. * 'git rebase --rebase-merges' mode now handles octopus merges as well. * Add a server-side knob to skip commits in exponential/fibbonacci stride in an attempt to cover wider swath of history with a smaller number of iterations, potentially accepting a larger packfile transfer, instead of going back one commit a time during common ancestor discovery during the 'git fetch' transaction. (merge 42cc7485a2 jt/fetch-negotiator-skipping later to maint). * A new configuration variable core.usereplacerefs has been added, primarily to help server installations that want to ignore the replace mechanism altogether. * Teach 'git tag -s' etc. a few configuration variables (gpg.format that can be set to 'openpgp' or 'x509', and gpg..program that is used to specify what program to use to deal with the format) to allow x.509 certs with CMS via 'gpgsm' to be used instead of openpgp via 'gnupg'. * Many more strings are prepared for l10n. * 'git p4 submit' learns to ask its own pre-submit hook if it should continue with submitting. * The test performed at the receiving end of 'git push' to prevent bad objects from entering repository can be customized via receive.fsck.* configuration variables; we now have gained a counterpart to do the same on the 'git fetch' side, with fetch.fsck.* configuration variables. * 'git pull --rebase=interactive' learned 'i' as a short-hand for 'interactive'. * 'git instaweb' has been adjusted to run better with newer Apache on RedHat based distros. * 'git range-diff' is a reimplementation of 'git tbdiff' that lets us compare individual patches in two iterations of a topic. * The sideband code learned to optionally paint selected keywords at the beginning of incoming lines on the receiving end. * 'git branch --list' learned to take the default sort order from the 'branch.sort' configuration variable, just like 'git tag --list' pays attention to 'tag.sort'. * 'git worktree' command learned '--quiet' option to make it less verbose. git 2.18.0: * improvements to rename detection logic * When built with more recent cURL, GIT_SSL_VERSION can now specify 'tlsv1.3' as its value. * 'git mergetools' learned talking to guiffy. * various other workflow improvements and fixes * performance improvements and other developer visible fixes git 2.17.1 * Submodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235, bsc#1095219) * It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233, bsc#1095218) * Support on the server side to reject pushes to repositories that attempt to create such problematic .gitmodules file etc. as tracked contents, to help hosting sites protect their customers by preventing malicious contents from spreading. git 2.17.0: * 'diff' family of commands learned '--find-object=' option to limit the findings to changes that involve the named object. * 'git format-patch' learned to give 72-cols to diffstat, which is consistent with other line length limits the subcommand uses for its output meant for e-mails. * The log from 'git daemon' can be redirected with a new option; one relevant use case is to send the log to standard error (instead of syslog) when running it from inetd. * 'git rebase' learned to take '--allow-empty-message' option. * 'git am' has learned the '--quit' option, in addition to the existing '--abort' option; having the pair mirrors a few other commands like 'rebase' and 'cherry-pick'. * 'git worktree add' learned to run the post-checkout hook, just like 'git clone' runs it upon the initial checkout. * 'git tag' learned an explicit '--edit' option that allows the message given via '-m' and '-F' to be further edited. * 'git fetch --prune-tags' may be used as a handy short-hand for getting rid of stale tags that are locally held. * The new '--show-current-patch' option gives an end-user facing way to get the diff being applied when 'git rebase' (and 'git am') stops with a conflict. * 'git add -p' used to offer '/' (look for a matching hunk) as a choice, even there was only one hunk, which has been corrected. Also the single-key help is now given only for keys that are enabled (e.g. help for '/' won't be shown when there is only one hunk). * Since Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when the side branch being merged is a descendant of the current commit, create a merge commit instead of fast-forwarding) when merging a tag object. This was appropriate default for integrators who pull signed tags from their downstream contributors, but caused an unnecessary merges when used by downstream contributors who habitually 'catch up' their topic branches with tagged releases from the upstream. Update 'git merge' to default to --no-ff only when merging a tag object that does *not* sit at its usual place in refs/tags/ hierarchy, and allow fast-forwarding otherwise, to mitigate the problem. * 'git status' can spend a lot of cycles to compute the relation between the current branch and its upstream, which can now be disabled with '--no-ahead-behind' option. * 'git diff' and friends learned funcname patterns for Go language source files. * 'git send-email' learned '--reply-to=

' option. * Funcname pattern used for C# now recognizes 'async' keyword. * In a way similar to how 'git tag' learned to honor the pager setting only in the list mode, 'git config' learned to ignore the pager setting when it is used for setting values (i.e. when the purpose of the operation is not to 'show'). ----------------------------------------- Patch: SUSE-2020-1131 Released: Tue Apr 28 11:59:17 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1170571,1170572 Description: This update for mozilla-nss fixes the following issues: - FIPS: Add Softoken POSTs for new DSA and ECDSA hash-and-sign update functions. (bsc#1170571) - FIPS: Add pairwise consistency check for CKM_SHA224_RSA_PKCS. Remove ditto checks for CKM_RSA_PKCS, CKM_DSA and CKM_ECDSA, since these are served by the new CKM_SHA224_RSA_PKCS, CKM_DSA_SHA224, CKM_ECDSA_SHA224 checks. - FIPS: Replace bad attempt at unconditional nssdbm checksumming with a dlopen(), so it can be located consistently and perform its own self-tests. - FIPS: This fixes an instance of inverted logic due to a boolean being mistaken for a SECStatus, which caused key derivation to fail when the caller provided a valid subprime. ----------------------------------------- Patch: SUSE-2020-1156 Released: Thu Apr 30 10:10:28 2020 Summary: Security update for squid Severity: important References: 1162689,1162691,1167373,1169659,1170313,CVE-2019-12519,CVE-2019-12521,CVE-2019-12528,CVE-2019-18860,CVE-2020-11945,CVE-2020-8517 Description: This update for squid to version 4.11 fixes the following issues: - CVE-2020-11945: Fixed a potential remote code execution vulnerability when using HTTP Digest Authentication (bsc#1170313). - CVE-2019-12519, CVE-2019-12521: Fixed incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses (bsc#1169659). - CVE-2020-8517: Fixed a possible denial of service caused by incorrect buffer management ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). - CVE-2019-12528: Fixed possible information disclosure when translating FTP server listings into HTTP responses (bsc#1162689). - CVE-2019-18860: Fixed handling of invalid domain names in cachemgr.cgi (bsc#1167373). ----------------------------------------- Patch: SUSE-2020-1160 Released: Thu Apr 30 17:40:19 2020 Summary: Recommended update for cloud-regionsrv-client Severity: moderate References: 1169599 Description: This update for cloud-regionsrv-client contains the following fix: - Update to version 9.0.9: (bsc#1169599) + Handle the /etc/hosts file with Python 3.4 if there are non ascii characters in the file. ----------------------------------------- Patch: SUSE-2020-1164 Released: Mon May 4 11:28:31 2020 Summary: Security update for LibVNCServer Severity: important References: 1155419,1160471,1170441,CVE-2019-15681,CVE-2019-15690,CVE-2019-20788 Description: This update for LibVNCServer fixes the following issues: - CVE-2019-15690: Fixed a heap buffer overflow (bsc#1160471). - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). - CVE-2019-20788: Fixed a integer overflow and heap-based buffer overflow via a large height or width value (bsc#1170441). ----------------------------------------- Patch: SUSE-2020-1170 Released: Mon May 4 15:17:47 2020 Summary: Recommended update for aws-cli, python-boto, python-boto3, python-botocore, python-s3transfer Severity: moderate References: 1116204,1117074,1122668,1129696,1166924,1168943 Description: This update for aws-cli, python-boto, python-boto3, python-botocore, python-s3transfer fixes the following issues: aws-cli was updated to version 1.18.38 (bsc#1166924, bsc#1168943): + For detailed changes see https://github.com/aws/aws-cli/blob/1.18.38/CHANGELOG.rst + Forward port hide_py_pckgmgmt.patch + Update Requires in spec file from setup.py Update to version 1.18.35 + For detailed changes see https://github.com/aws/aws-cli/blob/1.18.35/CHANGELOG.rst + Forward port hide_py_pckgmgmt.patch + Update Requires in spec file from setup.py Update to version 1.18.27 + For detailed changes see https://github.com/aws/aws-cli/blob/1.18.27/CHANGELOG.rst + Forward port hide_py_pckgmgmt.patch + Update Requires in spec file from setup.py Update to version 1.18.0 + For detailed changes see https://github.com/aws/aws-cli/blob/1.18.0/CHANGELOG.rst + Forward port hide_py_pckgmgmt.patch + Install aws bash completetion script into system path + Install aws zsh completion script into /etc/zsh_completion.d + Update Requires in spec file from setup.py - make it possible to find the package under the name 'awscli' - Add bash command completion capability (bsc#1117074) Update to version 1.17.9 + For detailed changes see https://github.com/aws/aws-cli/blob/1.17.9/CHANGELOG.rst + Forward port hide_py_pckgmgmt.patch + Update Requires in spec file from setup.py Update to version 1.16.297 + For detailed changes see https://github.com/aws/aws-cli/blob/1.16.297/CHANGELOG.rst + Forward port hide_py_pckgmgmt.patch + Update Requires in spec file from setup.py Update to version 1.16.281 + For detailed changes see https://github.com/aws/aws-cli/blob/1.16.281/CHANGELOG.rst + Forward port hide_py_pckgmgmt.patch + Update Requires in spec file from setup.py Update to version 1.16.258 + For detailed changes see https://github.com/aws/aws-cli/blob/1.16.258/CHANGELOG.rst python-boto3 was updated to 1.12.38 (bsc#1166924, bsc#1168943) * api-change:``apigateway``: [``botocore``] Update apigateway client to latest version * api-change:``codeguru-reviewer``: [``botocore``] Update codeguru-reviewer client to latest version * api-change:``mediaconnect``: [``botocore``] Update mediaconnect client to latest version - from version 1.12.37 * api-change:``transcribe``: [``botocore``] Update transcribe client to latest version * api-change:``chime``: [``botocore``] Update chime client to latest version * api-change:``iam``: [``botocore``] Update iam client to latest version * api-change:``elasticbeanstalk``: [``botocore``] Update elasticbeanstalk client to latest version - from version 1.12.36 * api-change:``personalize-runtime``: [``botocore``] Update personalize-runtime client to latest version * api-change:``robomaker``: [``botocore``] Update robomaker client to latest version - Version update 1.12.35 * api-change:``medialive``: [``botocore``] Update medialive client to latest version * api-change:``redshift``: [``botocore``] Update redshift client to latest version * api-change:``gamelift``: [``botocore``] Update gamelift client to latest version * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version - from version 1.12.34 * api-change:``iot``: [``botocore``] Update iot client to latest version * api-change:``mediaconnect``: [``botocore``] Update mediaconnect client to latest version - from version 1.12.33 * api-change:``opsworkscm``: [``botocore``] Update opsworkscm client to latest version * api-change:``wafv2``: [``botocore``] Update wafv2 client to latest version * api-change:``glue``: [``botocore``] Update glue client to latest version * api-change:``elastic-inference``: [``botocore``] Update elastic-inference client to latest version * api-change:``lambda``: [``botocore``] Update lambda client to latest version * api-change:``mediastore``: [``botocore``] Update mediastore client to latest version * api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version * api-change:``storagegateway``: [``botocore``] Update storagegateway client to latest version * api-change:``rekognition``: [``botocore``] Update rekognition client to latest version * api-change:``fms``: [``botocore``] Update fms client to latest version * api-change:``organizations``: [``botocore``] Update organizations client to latest version * api-change:``detective``: [``botocore``] Update detective client to latest version * api-change:``appconfig``: [``botocore``] Update appconfig client to latest version - from version 1.12.32 * api-change:``accessanalyzer``: [``botocore``] Update accessanalyzer client to latest version - from version 1.12.31 * api-change:``globalaccelerator``: [``botocore``] Update globalaccelerator client to latest version * api-change:``kendra``: [``botocore``] Update kendra client to latest version * api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version - from version 1.12.30 * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version * api-change:``fsx``: [``botocore``] Update fsx client to latest version * api-change:``securityhub``: [``botocore``] Update securityhub client to latest version - from version 1.12.29 * api-change:``managedblockchain``: [``botocore``] Update managedblockchain client to latest version * api-change:``ce``: [``botocore``] Update ce client to latest version * api-change:``application-insights``: [``botocore``] Update application-insights client to latest version * api-change:``detective``: [``botocore``] Update detective client to latest version * api-change:``es``: [``botocore``] Update es client to latest version * api-change:``xray``: [``botocore``] Update xray client to latest version - from version 1.12.28 * api-change:``athena``: [``botocore``] Update athena client to latest version * api-change:``rds-data``: [``botocore``] Update rds-data client to latest version * api-change:``eks``: [``botocore``] Update eks client to latest version * api-change:``organizations``: [``botocore``] Update organizations client to latest version - Update BuildRequires and Requires from setup.py - Version update to 1.12.27 * api-change:``apigatewayv2``: [``botocore``] Update apigatewayv2 client to latest version * api-change:``eks``: [``botocore``] Update eks client to latest version * api-change:``route53``: [``botocore``] Update route53 client to latest version - from version 1.12.26 * api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version - from version 1.12.25 * api-change:``outposts``: [``botocore``] Update outposts client to latest version * api-change:``acm``: [``botocore``] Update acm client to latest version - from version 1.12.24 * api-change:``rds``: [``botocore``] Update rds client to latest version * api-change:``mediaconnect``: [``botocore``] Update mediaconnect client to latest version * api-change:``personalize``: [``botocore``] Update personalize client to latest version - from version 1.12.23 * api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version - from version 1.12.22 * api-change:``s3control``: [``botocore``] Update s3control client to latest version * bugfix:Stubber: [``botocore``] fixes `#1884 `__ * api-change:``cognito-idp``: [``botocore``] Update cognito-idp client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``ecs``: [``botocore``] Update ecs client to latest version * api-change:``elasticache``: [``botocore``] Update elasticache client to latest version - from version 1.12.21 * api-change:``appconfig``: [``botocore``] Update appconfig client to latest version - from version 1.12.20 * api-change:``lex-models``: [``botocore``] Update lex-models client to latest version * api-change:``securityhub``: [``botocore``] Update securityhub client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``apigatewayv2``: [``botocore``] Update apigatewayv2 client to latest version * api-change:``iot``: [``botocore``] Update iot client to latest version - from version 1.12.19 * api-change:``efs``: [``botocore``] Update efs client to latest version * api-change:``redshift``: [``botocore``] Update redshift client to latest version - from version 1.12.18 * api-change:``serverlessrepo``: [``botocore``] Update serverlessrepo client to latest version * api-change:``iotevents``: [``botocore``] Update iotevents client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * enhancement:timezones: [``botocore``] Improved timezone parsing for Windows with new fallback method (#1939) * api-change:``marketplacecommerceanalytics``: [``botocore``] Update marketplacecommerceanalytics client to latest version - from version 1.12.17 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``medialive``: [``botocore``] Update medialive client to latest version * api-change:``dms``: [``botocore``] Update dms client to latest version - from version 1.12.16 * api-change:``signer``: [``botocore``] Update signer client to latest version * api-change:``guardduty``: [``botocore``] Update guardduty client to latest version * api-change:``appmesh``: [``botocore``] Update appmesh client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``robomaker``: [``botocore``] Update robomaker client to latest version - from version 1.12.15 * api-change:``eks``: [``botocore``] Update eks client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``opsworkscm``: [``botocore``] Update opsworkscm client to latest version * api-change:``guardduty``: [``botocore``] Update guardduty client to latest version - from version 1.12.14 * api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version - from version 1.12.13 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version - from version 1.12.12 * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version * api-change:``comprehendmedical``: [``botocore``] Update comprehendmedical client to latest version - from version 1.12.11 * api-change:``config``: [``botocore``] Update config client to latest version - from version 1.12.10 * api-change:``config``: [``botocore``] Update config client to latest version * api-change:``glue``: [``botocore``] Update glue client to latest version * api-change:``sagemaker-a2i-runtime``: [``botocore``] Update sagemaker-a2i-runtime client to latest version * api-change:``appmesh``: [``botocore``] Update appmesh client to latest version * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version * api-change:``workdocs``: [``botocore``] Update workdocs client to latest version * api-change:``quicksight``: [``botocore``] Update quicksight client to latest version * api-change:``accessanalyzer``: [``botocore``] Update accessanalyzer client to latest version * api-change:``codeguruprofiler``: [``botocore``] Update codeguruprofiler client to latest version - from version 1.12.9 * api-change:``lightsail``: [``botocore``] Update lightsail client to latest version * api-change:``globalaccelerator``: [``botocore``] Update globalaccelerator client to latest version - from version 1.12.8 * api-change:``transcribe``: [``botocore``] Update transcribe client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version * api-change:``securityhub``: [``botocore``] Update securityhub client to latest version - from version 1.12.7 * api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version * api-change:``kafka``: [``botocore``] Update kafka client to latest version * api-change:``secretsmanager``: [``botocore``] Update secretsmanager client to latest version * api-change:``outposts``: [``botocore``] Update outposts client to latest version - from version 1.12.6 * api-change:``iotevents``: [``botocore``] Update iotevents client to latest version * api-change:``docdb``: [``botocore``] Update docdb client to latest version * api-change:``snowball``: [``botocore``] Update snowball client to latest version * api-change:``fsx``: [``botocore``] Update fsx client to latest version * api-change:``events``: [``botocore``] Update events client to latest version - from version 1.12.5 * api-change:``imagebuilder``: [``botocore``] Update imagebuilder client to latest version * api-change:``wafv2``: [``botocore``] Update wafv2 client to latest version * api-change:``redshift``: [``botocore``] Update redshift client to latest version - from version 1.12.4 * api-change:``savingsplans``: [``botocore``] Update savingsplans client to latest version * api-change:``appconfig``: [``botocore``] Update appconfig client to latest version * api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version - from version 1.12.3 * api-change:``autoscaling``: [``botocore``] Update autoscaling client to latest version * api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version * api-change:``lambda``: [``botocore``] Update lambda client to latest version - from version 1.12.2 * api-change:``autoscaling``: [``botocore``] Update autoscaling client to latest version * api-change:``chime``: [``botocore``] Update chime client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version - from version 1.12.1 * api-change:``cloud9``: [``botocore``] Update cloud9 client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``dynamodb``: [``botocore``] Update dynamodb client to latest version * api-change:``rekognition``: [``botocore``] Update rekognition client to latest version - Version update to 1.12.0 * feature:retries: [``botocore``] Add support for retry modes, including ``standard`` and ``adaptive`` modes (`#1972 `__) * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``mediatailor``: [``botocore``] Update mediatailor client to latest version * api-change:``securityhub``: [``botocore``] Update securityhub client to latest version * api-change:``shield``: [``botocore``] Update shield client to latest version - from version 1.11.17 * api-change:``mediapackage-vod``: [``botocore``] Update mediapackage-vod client to latest version - from version 1.11.16 * api-change:``glue``: [``botocore``] Update glue client to latest version * api-change:``chime``: [``botocore``] Update chime client to latest version * api-change:``workmail``: [``botocore``] Update workmail client to latest version * api-change:``ds``: [``botocore``] Update ds client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``es``: [``botocore``] Update es client to latest version * api-change:``neptune``: [``botocore``] Update neptune client to latest version - from version 1.11.15 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``cognito-idp``: [``botocore``] Update cognito-idp client to latest version * api-change:``cloudformation``: [``botocore``] Update cloudformation client to latest version - from version 1.11.14 * api-change:``docdb``: [``botocore``] Update docdb client to latest version * api-change:``kms``: [``botocore``] Update kms client to latest version - from version 1.11.13 * api-change:``robomaker``: [``botocore``] Update robomaker client to latest version * api-change:``imagebuilder``: [``botocore``] Update imagebuilder client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version - from version 1.11.12 * api-change:``ebs``: [``botocore``] Update ebs client to latest version * api-change:``appsync``: [``botocore``] Update appsync client to latest version * api-change:``lex-models``: [``botocore``] Update lex-models client to latest version * api-change:``ecr``: [``botocore``] Update ecr client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``codebuild``: [``botocore``] Update codebuild client to latest version - from version 1.11.11 * api-change:``groundstation``: [``botocore``] Update groundstation client to latest version * api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version * api-change:``dlm``: [``botocore``] Update dlm client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``forecastquery``: [``botocore``] Update forecastquery client to latest version * api-change:``securityhub``: [``botocore``] Update securityhub client to latest version * api-change:``resourcegroupstaggingapi``: [``botocore``] Update resourcegroupstaggingapi client to latest version - from version 1.11.10 * api-change:``workmail``: [``botocore``] Update workmail client to latest version * api-change:``iot``: [``botocore``] Update iot client to latest version * api-change:``cloudfront``: [``botocore``] Update cloudfront client to latest version * api-change:``storagegateway``: [``botocore``] Update storagegateway client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``kafka``: [``botocore``] Update kafka client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version - Version update to 1.11.9 * api-change:``ecs``: [``botocore``] Update ecs client to latest version * api-change:``opsworkscm``: [``botocore``] Update opsworkscm client to latest version * api-change:``workspaces``: [``botocore``] Update workspaces client to latest version * api-change:``datasync``: [``botocore``] Update datasync client to latest version * api-change:``eks``: [``botocore``] Update eks client to latest version - from version 1.11.8 * api-change:``rds``: [``botocore``] Update rds client to latest version * api-change:``iam``: [``botocore``] Update iam client to latest version - from version 1.11.7 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``codepipeline``: [``botocore``] Update codepipeline client to latest version * api-change:``discovery``: [``botocore``] Update discovery client to latest version * api-change:``iotevents``: [``botocore``] Update iotevents client to latest version * api-change:``marketplacecommerceanalytics``: [``botocore``] Update marketplacecommerceanalytics client to latest version - from version 1.11.6 * api-change:``lambda``: [``botocore``] Update lambda client to latest version * api-change:``application-insights``: [``botocore``] Update application-insights client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version * api-change:``kms``: [``botocore``] Update kms client to latest version * api-change:``alexaforbusiness``: [``botocore``] Update alexaforbusiness client to latest version - from version 1.11.5 * api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version * api-change:``neptune``: [``botocore``] Update neptune client to latest version * api-change:``cloudhsmv2``: [``botocore``] Update cloudhsmv2 client to latest version * api-change:``redshift``: [``botocore``] Update redshift client to latest version * api-change:``batch``: [``botocore``] Update batch client to latest version * api-change:``ecs``: [``botocore``] Update ecs client to latest version - from version 1.11.4 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version * api-change:``ds``: [``botocore``] Update ds client to latest version - from version 1.11.3 * api-change:``securityhub``: [``botocore``] Update securityhub client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``organizations``: [``botocore``] Update organizations client to latest version - from version 1.11.2 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version - from version 1.11.1 * api-change:``efs``: [``botocore``] Update efs client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``backup``: [``botocore``] Update backup client to latest version - from version 1.11.0 * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version * feature:Python: Dropped support for Python 2.6 and 3.3. * api-change:``chime``: [``botocore``] Update chime client to latest version * api-change:``transfer``: [``botocore``] Update transfer client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * feature:Python: [``botocore``] Dropped support for Python 2.6 and 3.3. * api-change:``workspaces``: [``botocore``] Update workspaces client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version - from version 1.10.50 * api-change:``logs``: [``botocore``] Update logs client to latest version - from version 1.10.49 * api-change:``fms``: [``botocore``] Update fms client to latest version * api-change:``translate``: [``botocore``] Update translate client to latest version * api-change:``ce``: [``botocore``] Update ce client to latest version - from version 1.10.48 * api-change:``codebuild``: [``botocore``] Update codebuild client to latest version * api-change:``mgh``: [``botocore``] Update mgh client to latest version * api-change:``xray``: [``botocore``] Update xray client to latest version - from version 1.10.47 * api-change:``comprehend``: [``botocore``] Update comprehend client to latest version * api-change:``mediapackage``: [``botocore``] Update mediapackage client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version - from version 1.10.46 * api-change:``lex-models``: [``botocore``] Update lex-models client to latest version * api-change:``ecr``: [``botocore``] Update ecr client to latest version * api-change:``lightsail``: [``botocore``] Update lightsail client to latest version * api-change:``ce``: [``botocore``] Update ce client to latest version - from version 1.10.45 * api-change:``fsx``: [``botocore``] Update fsx client to latest version * api-change:``health``: [``botocore``] Update health client to latest version * api-change:``detective``: [``botocore``] Update detective client to latest version - from version 1.10.44 * api-change:``transcribe``: [``botocore``] Update transcribe client to latest version * api-change:``eks``: [``botocore``] Update eks client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``redshift``: [``botocore``] Update redshift client to latest version * api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version * api-change:``securityhub``: [``botocore``] Update securityhub client to latest version * api-change:``devicefarm``: [``botocore``] Update devicefarm client to latest version - from version 1.10.43 * api-change:``transcribe``: [``botocore``] Update transcribe client to latest version * api-change:``dlm``: [``botocore``] Update dlm client to latest version * api-change:``lex-models``: [``botocore``] Update lex-models client to latest version * api-change:``personalize-runtime``: [``botocore``] Update personalize-runtime client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``codestar-connections``: [``botocore``] Update codestar-connections client to latest version * api-change:``gamelift``: [``botocore``] Update gamelift client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version - from version 1.10.42 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``s3``: [``botocore``] Update s3 client to latest version * api-change:``resourcegroupstaggingapi``: [``botocore``] Update resourcegroupstaggingapi client to latest version * api-change:``cloudfront``: [``botocore``] Update cloudfront client to latest version * api-change:``opsworkscm``: [``botocore``] Update opsworkscm client to latest version - from version 1.10.41 * api-change:``kinesisanalyticsv2``: [``botocore``] Update kinesisanalyticsv2 client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``medialive``: [``botocore``] Update medialive client to latest version * api-change:``iot``: [``botocore``] Update iot client to latest version * api-change:``ecs``: [``botocore``] Update ecs client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version - from version 1.10.40 * api-change:``mq``: [``botocore``] Update mq client to latest version * api-change:``comprehendmedical``: [``botocore``] Update comprehendmedical client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version - from version 1.10.39 * api-change:``codebuild``: [``botocore``] Update codebuild client to latest version * api-change:``detective``: [``botocore``] Update detective client to latest version * api-change:``sesv2``: [``botocore``] Update sesv2 client to latest version - from version 1.10.38 * api-change:``accessanalyzer``: [``botocore``] Update accessanalyzer client to latest version - from version 1.10.37 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version - from version 1.10.36 * api-change:``kendra``: [``botocore``] Update kendra client to latest version - from version 1.10.35 * bugfix:s3: [``botocore``] Add stricter validation to s3 control account id parameter. * api-change:``quicksight``: [``botocore``] Update quicksight client to latest version * api-change:``kms``: [``botocore``] Update kms client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``kafka``: [``botocore``] Update kafka client to latest version - from version 1.10.34 * bugfix:s3: [``botocore``] Fixed an issue where the request path was set incorrectly if access point name was present in key path. - Version update to 1.10.33 * api-change:``kinesisvideo``: [``botocore``] Update kinesisvideo client to latest version * api-change:``kinesis-video-signaling``: [``botocore``] Update kinesis-video-signaling client to latest version * api-change:``apigatewayv2``: [``botocore``] Update apigatewayv2 client to latest version - from version 1.10.32 * api-change:``ebs``: [``botocore``] Update ebs client to latest version * api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version * api-change:``application-autoscaling``: [``botocore``] Update application-autoscaling client to latest version * api-change:``lambda``: [``botocore``] Update lambda client to latest version * api-change:``rekognition``: [``botocore``] Update rekognition client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version - from version 1.10.31 * api-change:``textract``: [``botocore``] Update textract client to latest version * api-change:``s3control``: [``botocore``] Update s3control client to latest version * api-change:``ecs``: [``botocore``] Update ecs client to latest version * api-change:``s3``: [``botocore``] Update s3 client to latest version * api-change:``outposts``: [``botocore``] Update outposts client to latest version * api-change:``kendra``: [``botocore``] Update kendra client to latest version * api-change:``eks``: [``botocore``] Update eks client to latest version * api-change:``networkmanager``: [``botocore``] Update networkmanager client to latest version * api-change:``compute-optimizer``: [``botocore``] Update compute-optimizer client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``frauddetector``: [``botocore``] Update frauddetector client to latest version * api-change:``sagemaker-a2i-runtime``: [``botocore``] Update sagemaker-a2i-runtime client to latest version * api-change:``codeguru-reviewer``: [``botocore``] Update codeguru-reviewer client to latest version * api-change:``codeguruprofiler``: [``botocore``] Update codeguruprofiler client to latest version * api-change:``es``: [``botocore``] Update es client to latest version - from version 1.10.30 * api-change:``accessanalyzer``: [``botocore``] Update accessanalyzer client to latest version - from version 1.10.29 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``license-manager``: [``botocore``] Update license-manager client to latest version * api-change:``imagebuilder``: [``botocore``] Update imagebuilder client to latest version * api-change:``schemas``: [``botocore``] Update schemas client to latest version - from version 1.10.28 * api-change:``rds-data``: [``botocore``] Update rds-data client to latest version * api-change:``ds``: [``botocore``] Update ds client to latest version * api-change:``workspaces``: [``botocore``] Update workspaces client to latest version * api-change:``resourcegroupstaggingapi``: [``botocore``] Update resourcegroupstaggingapi client to latest version * api-change:``cognito-idp``: [``botocore``] Update cognito-idp client to latest version * api-change:``dynamodb``: [``botocore``] Update dynamodb client to latest version * api-change:``elastic-inference``: [``botocore``] Update elastic-inference client to latest version * api-change:``organizations``: [``botocore``] Update organizations client to latest version * api-change:``mediatailor``: [``botocore``] Update mediatailor client to latest version * api-change:``quicksight``: [``botocore``] Update quicksight client to latest version * api-change:``serverlessrepo``: [``botocore``] Update serverlessrepo client to latest version - from version 1.10.27 * api-change:``cognito-idp``: [``botocore``] Update cognito-idp client to latest version * api-change:``redshift``: [``botocore``] Update redshift client to latest version * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version * api-change:``wafv2``: [``botocore``] Update wafv2 client to latest version * api-change:``dlm``: [``botocore``] Update dlm client to latest version * api-change:``iot``: [``botocore``] Update iot client to latest version * api-change:``lex-runtime``: [``botocore``] Update lex-runtime client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``athena``: [``botocore``] Update athena client to latest version * api-change:``iotsecuretunneling``: [``botocore``] Update iotsecuretunneling client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``application-insights``: [``botocore``] Update application-insights client to latest version * api-change:``mediapackage-vod``: [``botocore``] Update mediapackage-vod client to latest version * api-change:``appconfig``: [``botocore``] Update appconfig client to latest version * api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version * api-change:``kinesisanalyticsv2``: [``botocore``] Update kinesisanalyticsv2 client to latest version * api-change:``medialive``: [``botocore``] Update medialive client to latest version * api-change:``lambda``: [``botocore``] Update lambda client to latest version * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version * api-change:``sesv2``: [``botocore``] Update sesv2 client to latest version * api-change:``application-autoscaling``: [``botocore``] Update application-autoscaling client to latest version * api-change:``greengrass``: [``botocore``] Update greengrass client to latest version * api-change:``alexaforbusiness``: [``botocore``] Update alexaforbusiness client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version * api-change:``ce``: [``botocore``] Update ce client to latest version * api-change:``ram``: [``botocore``] Update ram client to latest version * api-change:``codebuild``: [``botocore``] Update codebuild client to latest version * api-change:``comprehend``: [``botocore``] Update comprehend client to latest version * api-change:``kms``: [``botocore``] Update kms client to latest version - from version 1.10.26 * api-change:``acm``: [``botocore``] Update acm client to latest version * api-change:``autoscaling-plans``: [``botocore``] Update autoscaling-plans client to latest version * api-change:``codebuild``: [``botocore``] Update codebuild client to latest version * api-change:``mediapackage-vod``: [``botocore``] Update mediapackage-vod client to latest version * api-change:``emr``: [``botocore``] Update emr client to latest version * api-change:``sns``: [``botocore``] Update sns client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``application-autoscaling``: [``botocore``] Update application-autoscaling client to latest version * api-change:``sts``: [``botocore``] Update sts client to latest version * api-change:``forecast``: [``botocore``] Update forecast client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``rekognition``: [``botocore``] Update rekognition client to latest version - from version 1.10.25 * bugfix:IMDS metadata: [``botocore``] Add 405 case to metadata fetching logic. - from version 1.10.24 * api-change:``glue``: [``botocore``] Update glue client to latest version * api-change:``transcribe``: [``botocore``] Update transcribe client to latest version * api-change:``connectparticipant``: [``botocore``] Update connectparticipant client to latest version * api-change:``dynamodb``: [``botocore``] Update dynamodb client to latest version * api-change:``lex-runtime``: [``botocore``] Update lex-runtime client to latest version * api-change:``connect``: [``botocore``] Update connect client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``meteringmarketplace``: [``botocore``] Update meteringmarketplace client to latest version * api-change:``config``: [``botocore``] Update config client to latest version * api-change:``lex-models``: [``botocore``] Update lex-models client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``amplify``: [``botocore``] Update amplify client to latest version * api-change:``appsync``: [``botocore``] Update appsync client to latest version - from version 1.10.23 * api-change:``datasync``: [``botocore``] Update datasync client to latest version * api-change:``dlm``: [``botocore``] Update dlm client to latest version * api-change:``mediastore``: [``botocore``] Update mediastore client to latest version * api-change:``cloudtrail``: [``botocore``] Update cloudtrail client to latest version * api-change:``mgh``: [``botocore``] Update mgh client to latest version * api-change:``storagegateway``: [``botocore``] Update storagegateway client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``codecommit``: [``botocore``] Update codecommit client to latest version * api-change:``s3``: [``botocore``] Update s3 client to latest version * api-change:``fsx``: [``botocore``] Update fsx client to latest version * api-change:``migrationhub-config``: [``botocore``] Update migrationhub-config client to latest version * api-change:``firehose``: [``botocore``] Update firehose client to latest version * api-change:``transcribe``: [``botocore``] Update transcribe client to latest version * api-change:``ecs``: [``botocore``] Update ecs client to latest version * api-change:``discovery``: [``botocore``] Update discovery client to latest version * api-change:``chime``: [``botocore``] Update chime client to latest version * api-change:``quicksight``: [``botocore``] Update quicksight client to latest version - from version 1.10.22 * bugfix:IMDS: [``botocore``] Fix regression in IMDS credential resolution. Fixes `#1892 `__. - from version 1.10.21 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``cloudformation``: [``botocore``] Update cloudformation client to latest version * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version * api-change:``lambda``: [``botocore``] Update lambda client to latest version * api-change:``config``: [``botocore``] Update config client to latest version * api-change:``iam``: [``botocore``] Update iam client to latest version * api-change:``codebuild``: [``botocore``] Update codebuild client to latest version * api-change:``iot``: [``botocore``] Update iot client to latest version * api-change:``autoscaling``: [``botocore``] Update autoscaling client to latest version - from version 1.10.20 * api-change:``cloudformation``: [``botocore``] Update cloudformation client to latest version * api-change:``s3``: [``botocore``] Update s3 client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version * api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version * api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-runtime client to latest version * api-change:``ce``: [``botocore``] Update ce client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version - from version 1.10.19 * api-change:``cognito-idp``: [``botocore``] Update cognito-idp client to latest version * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version * api-change:``workspaces``: [``botocore``] Update workspaces client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``logs``: [``botocore``] Update logs client to latest version * api-change:``guardduty``: [``botocore``] Update guardduty client to latest version * api-change:``emr``: [``botocore``] Update emr client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version * api-change:``eks``: [``botocore``] Update eks client to latest version * api-change:``chime``: [``botocore``] Update chime client to latest version - from version 1.10.18 * api-change:``meteringmarketplace``: [``botocore``] Update meteringmarketplace client to latest version * api-change:``cognito-idp``: [``botocore``] Update cognito-idp client to latest version * api-change:``connect``: [``botocore``] Update connect client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``personalize``: [``botocore``] Update personalize client to latest version - Update BuildRequires and Requires in spec file from setup.py - Version update to 1.10.17 * api-change:``sesv2``: [``botocore``] Update sesv2 client to latest version * api-change:``dataexchange``: [``botocore``] Update dataexchange client to latest version * api-change:``iot``: [``botocore``] Update iot client to latest version * api-change:``cloudsearch``: [``botocore``] Update cloudsearch client to latest version * api-change:``dlm``: [``botocore``] Update dlm client to latest version - from version 1.10.16 * api-change:``transcribe``: [``botocore``] Update transcribe client to latest version * api-change:``marketplace-catalog``: [``botocore``] Update marketplace-catalog client to latest version * api-change:``dynamodb``: [``botocore``] Update dynamodb client to latest version * api-change:``codepipeline``: [``botocore``] Update codepipeline client to latest version * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version - from version 1.10.15 * api-change:``ce``: [``botocore``] Update ce client to latest version * api-change:``cloudformation``: [``botocore``] Update cloudformation client to latest version - from version 1.10.14 * api-change:``cognito-identity``: [``botocore``] Update cognito-identity client to latest version * api-change:``ecr``: [``botocore``] Update ecr client to latest version - from version 1.10.13 * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``sso``: [``botocore``] Update sso client to latest version * api-change:``sso-oidc``: [``botocore``] Update sso-oidc client to latest version * api-change:``comprehend``: [``botocore``] Update comprehend client to latest version - from version 1.10.12 * api-change:``savingsplans``: [``botocore``] Update savingsplans client to latest version - from version 1.10.11 * api-change:``codebuild``: [``botocore``] Update codebuild client to latest version * api-change:``budgets``: [``botocore``] Update budgets client to latest version * api-change:``efs``: [``botocore``] Update efs client to latest version * api-change:``ce``: [``botocore``] Update ce client to latest version * api-change:``savingsplans``: [``botocore``] Update savingsplans client to latest version * api-change:``signer``: [``botocore``] Update signer client to latest version - from version 1.10.10 * api-change:``rds``: [``botocore``] Update rds client to latest version * api-change:``codestar-notifications``: [``botocore``] Update codestar-notifications client to latest version - from version 1.10.9 * api-change:``dax``: [``botocore``] Update dax client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``robomaker``: [``botocore``] Update robomaker client to latest version - from version 1.10.8 * api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version * api-change:``cloudtrail``: [``botocore``] Update cloudtrail client to latest version * api-change:``dms``: [``botocore``] Update dms client to latest version - from version 1.10.7 * api-change:``support``: [``botocore``] Update support client to latest version * api-change:``amplify``: [``botocore``] Update amplify client to latest version * api-change:``s3``: [``botocore``] Update s3 client to latest version - from version 1.10.6 * api-change:``elasticache``: [``botocore``] Update elasticache client to latest version - from version 1.10.5 * api-change:``cloud9``: [``botocore``] Update cloud9 client to latest version * api-change:``appstream``: [``botocore``] Update appstream client to latest version - from version 1.10.4 * api-change:``s3``: [``botocore``] Update s3 client to latest version - from version 1.10.3 * api-change:``elasticache``: [``botocore``] Update elasticache client to latest version * api-change:``transfer``: [``botocore``] Update transfer client to latest version * api-change:``ecr``: [``botocore``] Update ecr client to latest version - from version 1.10.2 * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version * api-change:``gamelift``: [``botocore``] Update gamelift client to latest version * enhancement:``sts``: [``botocore``] Add support for configuring the use of regional STS endpoints. * api-change:``chime``: [``botocore``] Update chime client to latest version * api-change:``appmesh``: [``botocore``] Update appmesh client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version - from version 1.10.1 * api-change:``polly``: [``botocore``] Update polly client to latest version * api-change:``connect``: [``botocore``] Update connect client to latest version - from version 1.10.0 * api-change:``opsworkscm``: [``botocore``] Update opsworkscm client to latest version * api-change:``iotevents``: [``botocore``] Update iotevents client to latest version * feature:``botocore.vendored.requests``: [``botocore``] Removed vendored version of ``requests`` (`#1829 `__) - from version 1.9.253 * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version - from version 1.9.252 * api-change:``batch``: [``botocore``] Update batch client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version - from version 1.9.251 * api-change:``kafka``: [``botocore``] Update kafka client to latest version * api-change:``marketplacecommerceanalytics``: [``botocore``] Update marketplacecommerceanalytics client to latest version * api-change:``robomaker``: [``botocore``] Update robomaker client to latest version - from version 1.9.250 * api-change:``kinesis-video-archived-media``: [``botocore``] Update kinesis-video-archived-media client to latest version - from version 1.9.249 * api-change:``personalize``: [``botocore``] Update personalize client to latest version * api-change:``workspaces``: [``botocore``] Update workspaces client to latest version - Update BuildRequires and Requires in spec file from setup.py - Version update to 1.9.248 * api-change:``greengrass``: [``botocore``] Update greengrass client to latest version - from version 1.9.247 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``lex-runtime``: [``botocore``] Update lex-runtime client to latest version * api-change:``fms``: [``botocore``] Update fms client to latest version * api-change:``iotanalytics``: [``botocore``] Update iotanalytics client to latest version - from version 1.9.246 * api-change:``kafka``: [``botocore``] Update kafka client to latest version * api-change:``elasticache``: [``botocore``] Update elasticache client to latest version * api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version - from version 1.9.245 * api-change:``organizations``: [``botocore``] Update organizations client to latest version * api-change:``events``: [``botocore``] Update events client to latest version * api-change:``firehose``: [``botocore``] Update firehose client to latest version * api-change:``datasync``: [``botocore``] Update datasync client to latest version - from version 1.9.244 * api-change:``snowball``: [``botocore``] Update snowball client to latest version * api-change:``directconnect``: [``botocore``] Update directconnect client to latest version * api-change:``firehose``: [``botocore``] Update firehose client to latest version * api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version * api-change:``glue``: [``botocore``] Update glue client to latest version * api-change:``pinpoint-email``: [``botocore``] Update pinpoint-email client to latest version - from version 1.9.243 * api-change:``cognito-idp``: [``botocore``] Update cognito-idp client to latest version * api-change:``mediapackage``: [``botocore``] Update mediapackage client to latest version * api-change:``ssm``: [``botocore``] Update ssm client to latest version - from version 1.9.242 * api-change:``es``: [``botocore``] Update es client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``application-autoscaling``: [``botocore``] Update application-autoscaling client to latest version * api-change:``devicefarm``: [``botocore``] Update devicefarm client to latest version - from version 1.9.241 * api-change:``lightsail``: [``botocore``] Update lightsail client to latest version - from version 1.9.240 * api-change:``docdb``: [``botocore``] Update docdb client to latest version - from version 1.9.239 * api-change:``waf``: [``botocore``] Update waf client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version * api-change:``mq``: [``botocore``] Update mq client to latest version - from version 1.9.238 * api-change:``amplify``: [``botocore``] Update amplify client to latest version * api-change:``ecs``: [``botocore``] Update ecs client to latest version - from version 1.9.237 * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``codepipeline``: [``botocore``] Update codepipeline client to latest version - from version 1.9.236 * api-change:``globalaccelerator``: [``botocore``] Update globalaccelerator client to latest version * api-change:``dms``: [``botocore``] Update dms client to latest version * api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version - from version 1.9.235 * api-change:``transcribe``: [``botocore``] Update transcribe client to latest version * api-change:``comprehendmedical``: [``botocore``] Update comprehendmedical client to latest version * api-change:``datasync``: [``botocore``] Update datasync client to latest version - from version 1.9.234 * api-change:``rds-data``: [``botocore``] Update rds-data client to latest version * api-change:``redshift``: [``botocore``] Update redshift client to latest version - from version 1.9.233 * api-change:``workspaces``: [``botocore``] Update workspaces client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``greengrass``: [``botocore``] Update greengrass client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version - from version 1.9.232 * api-change:``mediaconnect``: [``botocore``] Update mediaconnect client to latest version * api-change:``glue``: [``botocore``] Update glue client to latest version * api-change:``ecs``: [``botocore``] Update ecs client to latest version - from version 1.9.231 * api-change:``ram``: [``botocore``] Update ram client to latest version * api-change:``waf-regional``: [``botocore``] Update waf-regional client to latest version * api-change:``apigateway``: [``botocore``] Update apigateway client to latest version - from version 1.9.230 * api-change:``iam``: [``botocore``] Update iam client to latest version * api-change:``athena``: [``botocore``] Update athena client to latest version * api-change:``personalize``: [``botocore``] Update personalize client to latest version - from version 1.9.229 * api-change:``eks``: [``botocore``] Update eks client to latest version * api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version - from version 1.9.228 * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``workmailmessageflow``: [``botocore``] Update workmailmessageflow client to latest version * api-change:``medialive``: [``botocore``] Update medialive client to latest version - from version 1.9.227 * api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``mediaconnect``: [``botocore``] Update mediaconnect client to latest version * api-change:``ses``: [``botocore``] Update ses client to latest version * api-change:``config``: [``botocore``] Update config client to latest version - from version 1.9.226 * api-change:``storagegateway``: [``botocore``] Update storagegateway client to latest version - from version 1.9.225 * api-change:``qldb``: [``botocore``] Update qldb client to latest version * api-change:``marketplacecommerceanalytics``: [``botocore``] Update marketplacecommerceanalytics client to latest version * api-change:``appstream``: [``botocore``] Update appstream client to latest version * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``robomaker``: [``botocore``] Update robomaker client to latest version * api-change:``appmesh``: [``botocore``] Update appmesh client to latest version * api-change:``qldb-session``: [``botocore``] Update qldb-session client to latest version - from version 1.9.224 * api-change:``kinesisanalytics``: [``botocore``] Update kinesisanalytics client to latest version - from version 1.9.223 * api-change:``config``: [``botocore``] Update config client to latest version - from version 1.9.222 * api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version * api-change:``transcribe``: [``botocore``] Update transcribe client to latest version * api-change:``eks``: [``botocore``] Update eks client to latest version - from version 1.9.221 * api-change:``ecs``: [``botocore``] Update ecs client to latest version * api-change:``resourcegroupstaggingapi``: [``botocore``] Update resourcegroupstaggingapi client to latest version * api-change:``gamelift``: [``botocore``] Update gamelift client to latest version - from version 1.9.220 * api-change:``mq``: [``botocore``] Update mq client to latest version * api-change:``apigatewaymanagementapi``: [``botocore``] Update apigatewaymanagementapi client to latest version * api-change:``ecs``: [``botocore``] Update ecs client to latest version - from version 1.9.219 * api-change:``codepipeline``: [``botocore``] Update codepipeline client to latest version * api-change:``application-autoscaling``: [``botocore``] Update application-autoscaling client to latest version * api-change:``elasticache``: [``botocore``] Update elasticache client to latest version * api-change:``lambda``: [``botocore``] Update lambda client to latest version * api-change:``ecs``: [``botocore``] Update ecs client to latest version - from version 1.9.218 * api-change:``sqs``: [``botocore``] Update sqs client to latest version * api-change:``globalaccelerator``: [``botocore``] Update globalaccelerator client to latest version * api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version - from version 1.9.217 * api-change:``organizations``: [``botocore``] Update organizations client to latest version - from version 1.9.216 * api-change:``ssm``: [``botocore``] Update ssm client to latest version * api-change:``securityhub``: [``botocore``] Update securityhub client to latest version - from version 1.9.215 * api-change:``ec2``: [``botocore``] Update ec2 client to latest version * api-change:``mediapackage-vod``: [``botocore``] Update mediapackage-vod client to latest version * api-change:``transcribe``: [``botocore``] Update transcribe client to latest version - from version 1.9.214 * api-change:``datasync``: [``botocore``] Update datasync client to latest version * api-change:``rds``: [``botocore``] Update rds client to latest version python-botocore was updated to 1.15.38 (bsc#1166924, bsc#1168943) * api-change:``apigateway``: Update apigateway client to latest version * api-change:``codeguru-reviewer``: Update codeguru-reviewer client to latest version * api-change:``mediaconnect``: Update mediaconnect client to latest version - from version 1.15.37 * api-change:``transcribe``: Update transcribe client to latest version * api-change:``chime``: Update chime client to latest version * api-change:``iam``: Update iam client to latest version * api-change:``elasticbeanstalk``: Update elasticbeanstalk client to latest version - from version 1.15.36 * api-change:``personalize-runtime``: Update personalize-runtime client to latest version * api-change:``robomaker``: Update robomaker client to latest version - Version update to 1.15.35 * api-change:``medialive``: Update medialive client to latest version * api-change:``redshift``: Update redshift client to latest version * api-change:``gamelift``: Update gamelift client to latest version * api-change:``cloudwatch``: Update cloudwatch client to latest version * api-change:``rds``: Update rds client to latest version - from version 1.15.34 * api-change:``iot``: Update iot client to latest version * api-change:``mediaconnect``: Update mediaconnect client to latest version - from version 1.15.33 * api-change:``opsworkscm``: Update opsworkscm client to latest version * api-change:``wafv2``: Update wafv2 client to latest version * api-change:``glue``: Update glue client to latest version * api-change:``elastic-inference``: Update elastic-inference client to latest version * api-change:``lambda``: Update lambda client to latest version * api-change:``mediastore``: Update mediastore client to latest version * api-change:``pinpoint``: Update pinpoint client to latest version * api-change:``storagegateway``: Update storagegateway client to latest version * api-change:``rekognition``: Update rekognition client to latest version * api-change:``fms``: Update fms client to latest version * api-change:``organizations``: Update organizations client to latest version * api-change:``detective``: Update detective client to latest version * api-change:``appconfig``: Update appconfig client to latest version - from version 1.15.32 * api-change:``accessanalyzer``: Update accessanalyzer client to latest version - from version 1.15.31 * api-change:``globalaccelerator``: Update globalaccelerator client to latest version * api-change:``kendra``: Update kendra client to latest version * api-change:``servicecatalog``: Update servicecatalog client to latest version - from version 1.15.30 * api-change:``sagemaker``: Update sagemaker client to latest version * api-change:``fsx``: Update fsx client to latest version * api-change:``securityhub``: Update securityhub client to latest version - from version 1.15.29 * api-change:``managedblockchain``: Update managedblockchain client to latest version * api-change:``ce``: Update ce client to latest version * api-change:``application-insights``: Update application-insights client to latest version * api-change:``detective``: Update detective client to latest version * api-change:``es``: Update es client to latest version * api-change:``xray``: Update xray client to latest version - from version 1.15.28 * api-change:``athena``: Update athena client to latest version * api-change:``rds-data``: Update rds-data client to latest version * api-change:``eks``: Update eks client to latest version * api-change:``organizations``: Update organizations client to latest version - Version update to 1.15.27 * api-change:``apigatewayv2``: Update apigatewayv2 client to latest version * api-change:``eks``: Update eks client to latest version * api-change:``route53``: Update route53 client to latest version - from version 1.15.26 * api-change:``servicecatalog``: Update servicecatalog client to latest version - from version 1.15.25 * api-change:``outposts``: Update outposts client to latest version * api-change:``acm``: Update acm client to latest version - from version 1.15.24 * api-change:``rds``: Update rds client to latest version * api-change:``mediaconnect``: Update mediaconnect client to latest version * api-change:``personalize``: Update personalize client to latest version - from version 1.15.23 * api-change:``mediaconvert``: Update mediaconvert client to latest version - from version 1.15.22 * api-change:``s3control``: Update s3control client to latest version * bugfix:Stubber: fixes `#1884 `__ * api-change:``cognito-idp``: Update cognito-idp client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``ecs``: Update ecs client to latest version * api-change:``elasticache``: Update elasticache client to latest version - from version 1.15.21 * api-change:``appconfig``: Update appconfig client to latest version - from version 1.15.20 * api-change:``lex-models``: Update lex-models client to latest version * api-change:``securityhub``: Update securityhub client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``apigatewayv2``: Update apigatewayv2 client to latest version * api-change:``iot``: Update iot client to latest version - from version 1.15.19 * api-change:``efs``: Update efs client to latest version * api-change:``redshift``: Update redshift client to latest version - from version 1.15.18 * api-change:``serverlessrepo``: Update serverlessrepo client to latest version * api-change:``iotevents``: Update iotevents client to latest version * api-change:``ec2``: Update ec2 client to latest version * enhancement:timezones: Improved timezone parsing for Windows with new fallback method (#1939) * api-change:``marketplacecommerceanalytics``: Update marketplacecommerceanalytics client to latest version - from version 1.15.17 * api-change:``ec2``: Update ec2 client to latest version * api-change:``medialive``: Update medialive client to latest version * api-change:``dms``: Update dms client to latest version - from version 1.15.16 * api-change:``signer``: Update signer client to latest version * api-change:``guardduty``: Update guardduty client to latest version * api-change:``appmesh``: Update appmesh client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``robomaker``: Update robomaker client to latest version - from version 1.15.15 * api-change:``eks``: Update eks client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``opsworkscm``: Update opsworkscm client to latest version * api-change:``guardduty``: Update guardduty client to latest version - from version 1.15.14 * api-change:``pinpoint``: Update pinpoint client to latest version - from version 1.15.13 * api-change:``ec2``: Update ec2 client to latest version - from version 1.15.12 * api-change:``cloudwatch``: Update cloudwatch client to latest version * api-change:``comprehendmedical``: Update comprehendmedical client to latest version - from version 1.15.11 * api-change:``config``: Update config client to latest version - from version 1.15.10 * api-change:``config``: Update config client to latest version * api-change:``glue``: Update glue client to latest version * api-change:``sagemaker-a2i-runtime``: Update sagemaker-a2i-runtime client to latest version * api-change:``appmesh``: Update appmesh client to latest version * api-change:``elbv2``: Update elbv2 client to latest version * api-change:``workdocs``: Update workdocs client to latest version * api-change:``quicksight``: Update quicksight client to latest version * api-change:``accessanalyzer``: Update accessanalyzer client to latest version * api-change:``codeguruprofiler``: Update codeguruprofiler client to latest version - from version 1.15.9 * api-change:``lightsail``: Update lightsail client to latest version * api-change:``globalaccelerator``: Update globalaccelerator client to latest version - from version 1.15.8 * api-change:``transcribe``: Update transcribe client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``sagemaker``: Update sagemaker client to latest version * api-change:``securityhub``: Update securityhub client to latest version - from version 1.15.7 * api-change:``stepfunctions``: Update stepfunctions client to latest version * api-change:``kafka``: Update kafka client to latest version * api-change:``secretsmanager``: Update secretsmanager client to latest version * api-change:``outposts``: Update outposts client to latest version - from version 1.15.6 * api-change:``iotevents``: Update iotevents client to latest version * api-change:``docdb``: Update docdb client to latest version * api-change:``snowball``: Update snowball client to latest version * api-change:``fsx``: Update fsx client to latest version * api-change:``events``: Update events client to latest version - from version 1.15.5 * api-change:``imagebuilder``: Update imagebuilder client to latest version * api-change:``wafv2``: Update wafv2 client to latest version * api-change:``redshift``: Update redshift client to latest version - from version 1.15.4 * api-change:``savingsplans``: Update savingsplans client to latest version * api-change:``appconfig``: Update appconfig client to latest version * api-change:``pinpoint``: Update pinpoint client to latest version - from version 1.15.3 * api-change:``autoscaling``: Update autoscaling client to latest version * api-change:``servicecatalog``: Update servicecatalog client to latest version * api-change:``lambda``: Update lambda client to latest version - from version 1.15.2 * api-change:``autoscaling``: Update autoscaling client to latest version * api-change:``chime``: Update chime client to latest version * api-change:``rds``: Update rds client to latest version - from version 1.15.1 * api-change:``cloud9``: Update cloud9 client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``dynamodb``: Update dynamodb client to latest version * api-change:``rekognition``: Update rekognition client to latest version - Version update to 1.15.0 * feature:retries: Add support for retry modes, including ``standard`` and ``adaptive`` modes (`#1972 `__) * api-change:``ec2``: Update ec2 client to latest version * api-change:``mediatailor``: Update mediatailor client to latest version * api-change:``securityhub``: Update securityhub client to latest version * api-change:``shield``: Update shield client to latest version - from version 1.14.17 * api-change:``mediapackage-vod``: Update mediapackage-vod client to latest version - from version 1.14.16 * api-change:``glue``: Update glue client to latest version * api-change:``chime``: Update chime client to latest version * api-change:``workmail``: Update workmail client to latest version * api-change:``ds``: Update ds client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``es``: Update es client to latest version * api-change:``neptune``: Update neptune client to latest version - from version 1.14.15 * api-change:``ec2``: Update ec2 client to latest version * api-change:``cognito-idp``: Update cognito-idp client to latest version * api-change:``cloudformation``: Update cloudformation client to latest version - from version 1.14.14 * api-change:``docdb``: Update docdb client to latest version * api-change:``kms``: Update kms client to latest version - from version 1.14.13 * api-change:``robomaker``: Update robomaker client to latest version * api-change:``imagebuilder``: Update imagebuilder client to latest version * api-change:``rds``: Update rds client to latest version - from version 1.14.12 * api-change:``ebs``: Update ebs client to latest version * api-change:``appsync``: Update appsync client to latest version * api-change:``lex-models``: Update lex-models client to latest version * api-change:``ecr``: Update ecr client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``codebuild``: Update codebuild client to latest version - from version 1.14.11 * api-change:``groundstation``: Update groundstation client to latest version * api-change:``mediaconvert``: Update mediaconvert client to latest version * api-change:``dlm``: Update dlm client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``forecastquery``: Update forecastquery client to latest version * api-change:``securityhub``: Update securityhub client to latest version * api-change:``resourcegroupstaggingapi``: Update resourcegroupstaggingapi client to latest version - from version 1.14.10 * api-change:``workmail``: Update workmail client to latest version * api-change:``iot``: Update iot client to latest version * api-change:``cloudfront``: Update cloudfront client to latest version * api-change:``storagegateway``: Update storagegateway client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``kafka``: Update kafka client to latest version * api-change:``ec2``: Update ec2 client to latest version - Refresh patches for new version + hide_py_pckgmgmt.patch - Version update to 1.14.9 * api-change:``ecs``: Update ecs client to latest version * api-change:``opsworkscm``: Update opsworkscm client to latest version * api-change:``workspaces``: Update workspaces client to latest version * api-change:``datasync``: Update datasync client to latest version * api-change:``eks``: Update eks client to latest version - from version 1.14.8 * api-change:``rds``: Update rds client to latest version * api-change:``iam``: Update iam client to latest version - from version 1.14.7 * api-change:``ec2``: Update ec2 client to latest version * api-change:``codepipeline``: Update codepipeline client to latest version * api-change:``discovery``: Update discovery client to latest version * api-change:``iotevents``: Update iotevents client to latest version * api-change:``marketplacecommerceanalytics``: Update marketplacecommerceanalytics client to latest version - from version 1.14.6 * api-change:``lambda``: Update lambda client to latest version * api-change:``application-insights``: Update application-insights client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``cloudwatch``: Update cloudwatch client to latest version * api-change:``kms``: Update kms client to latest version * api-change:``alexaforbusiness``: Update alexaforbusiness client to latest version - from version 1.14.5 * api-change:``mediaconvert``: Update mediaconvert client to latest version * api-change:``neptune``: Update neptune client to latest version * api-change:``cloudhsmv2``: Update cloudhsmv2 client to latest version * api-change:``redshift``: Update redshift client to latest version * api-change:``batch``: Update batch client to latest version * api-change:``ecs``: Update ecs client to latest version - from version 1.14.4 * api-change:``ec2``: Update ec2 client to latest version * api-change:``sagemaker``: Update sagemaker client to latest version * api-change:``ds``: Update ds client to latest version - from version 1.14.3 * api-change:``securityhub``: Update securityhub client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``organizations``: Update organizations client to latest version - from version 1.14.2 * api-change:``ec2``: Update ec2 client to latest version - from version 1.14.1 * api-change:``efs``: Update efs client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``backup``: Update backup client to latest version - from version 1.14.0 * api-change:``sagemaker``: Update sagemaker client to latest version * api-change:``chime``: Update chime client to latest version * api-change:``transfer``: Update transfer client to latest version * api-change:``ec2``: Update ec2 client to latest version * feature:Python: Dropped support for Python 2.6 and 3.3. * api-change:``workspaces``: Update workspaces client to latest version * api-change:``rds``: Update rds client to latest version - from version 1.13.50 * api-change:``logs``: Update logs client to latest version - from version 1.13.49 * api-change:``fms``: Update fms client to latest version * api-change:``translate``: Update translate client to latest version * api-change:``ce``: Update ce client to latest version - from version 1.13.48 * api-change:``codebuild``: Update codebuild client to latest version * api-change:``mgh``: Update mgh client to latest version * api-change:``xray``: Update xray client to latest version - from version 1.13.47 * api-change:``comprehend``: Update comprehend client to latest version * api-change:``mediapackage``: Update mediapackage client to latest version * api-change:``ec2``: Update ec2 client to latest version - from version 1.13.46 * api-change:``lex-models``: Update lex-models client to latest version * api-change:``ecr``: Update ecr client to latest version * api-change:``lightsail``: Update lightsail client to latest version * api-change:``ce``: Update ce client to latest version - from version 1.13.45 * api-change:``fsx``: Update fsx client to latest version * api-change:``health``: Update health client to latest version * api-change:``detective``: Update detective client to latest version - from version 1.13.44 * api-change:``transcribe``: Update transcribe client to latest version * api-change:``eks``: Update eks client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``rds``: Update rds client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``redshift``: Update redshift client to latest version * api-change:``pinpoint``: Update pinpoint client to latest version * api-change:``securityhub``: Update securityhub client to latest version * api-change:``devicefarm``: Update devicefarm client to latest version - from version 1.13.43 * api-change:``transcribe``: Update transcribe client to latest version * api-change:``dlm``: Update dlm client to latest version * api-change:``lex-models``: Update lex-models client to latest version * api-change:``personalize-runtime``: Update personalize-runtime client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``codestar-connections``: Update codestar-connections client to latest version * api-change:``gamelift``: Update gamelift client to latest version * api-change:``ec2``: Update ec2 client to latest version - from version 1.13.42 * api-change:``ec2``: Update ec2 client to latest version * api-change:``s3``: Update s3 client to latest version * api-change:``resourcegroupstaggingapi``: Update resourcegroupstaggingapi client to latest version * api-change:``cloudfront``: Update cloudfront client to latest version * enhancement:``s3``: Add support for opting into using the us-east-1 regional endpoint. * api-change:``opsworkscm``: Update opsworkscm client to latest version - from version 1.13.41 * api-change:``kinesisanalyticsv2``: Update kinesisanalyticsv2 client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``medialive``: Update medialive client to latest version * api-change:``iot``: Update iot client to latest version * api-change:``ecs``: Update ecs client to latest version * api-change:``ec2``: Update ec2 client to latest version - from version 1.13.40 * api-change:``mq``: Update mq client to latest version * api-change:``comprehendmedical``: Update comprehendmedical client to latest version * api-change:``ec2``: Update ec2 client to latest version - from version 1.13.39 * api-change:``codebuild``: Update codebuild client to latest version * api-change:``detective``: Update detective client to latest version * api-change:``sesv2``: Update sesv2 client to latest version - from version 1.13.38 * api-change:``accessanalyzer``: Update accessanalyzer client to latest version - from version 1.13.37 * api-change:``ec2``: Update ec2 client to latest version - from version 1.13.36 * api-change:``kendra``: Update kendra client to latest version - from version 1.13.35 * bugfix:s3: Add stricter validation to s3 control account id parameter. * api-change:``quicksight``: Update quicksight client to latest version * api-change:``kms``: Update kms client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``kafka``: Update kafka client to latest version - from version 1.13.34 * bugfix:s3: Fixed an issue where the request path was set incorrectly if access point name was present in key path. - Version update to 1.13.33 * api-change:``kinesisvideo``: Update kinesisvideo client to latest version * api-change:``kinesis-video-signaling``: Update kinesis-video-signaling client to latest version * api-change:``apigatewayv2``: Update apigatewayv2 client to latest version - from version 1.13.32 * api-change:``ebs``: Update ebs client to latest version * api-change:``stepfunctions``: Update stepfunctions client to latest version * api-change:``application-autoscaling``: Update application-autoscaling client to latest version * api-change:``lambda``: Update lambda client to latest version * api-change:``rekognition``: Update rekognition client to latest version * api-change:``rds``: Update rds client to latest version * api-change:``sagemaker``: Update sagemaker client to latest version - from version 1.13.31 * api-change:``textract``: Update textract client to latest version * api-change:``s3control``: Update s3control client to latest version * api-change:``ecs``: Update ecs client to latest version * api-change:``s3``: Update s3 client to latest version * api-change:``outposts``: Update outposts client to latest version * api-change:``kendra``: Update kendra client to latest version * api-change:``eks``: Update eks client to latest version * api-change:``networkmanager``: Update networkmanager client to latest version * api-change:``compute-optimizer``: Update compute-optimizer client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``frauddetector``: Update frauddetector client to latest version * api-change:``sagemaker-a2i-runtime``: Update sagemaker-a2i-runtime client to latest version * api-change:``codeguru-reviewer``: Update codeguru-reviewer client to latest version * api-change:``codeguruprofiler``: Update codeguruprofiler client to latest version * api-change:``es``: Update es client to latest version - from version 1.13.30 * api-change:``accessanalyzer``: Update accessanalyzer client to latest version - from version 1.13.29 * api-change:``ec2``: Update ec2 client to latest version * api-change:``license-manager``: Update license-manager client to latest version * api-change:``imagebuilder``: Update imagebuilder client to latest version * api-change:``schemas``: Update schemas client to latest version - from version 1.13.28 * api-change:``rds-data``: Update rds-data client to latest version * api-change:``ds``: Update ds client to latest version * api-change:``workspaces``: Update workspaces client to latest version * api-change:``resourcegroupstaggingapi``: Update resourcegroupstaggingapi client to latest version * api-change:``cognito-idp``: Update cognito-idp client to latest version * api-change:``dynamodb``: Update dynamodb client to latest version * api-change:``elastic-inference``: Update elastic-inference client to latest version * api-change:``organizations``: Update organizations client to latest version * api-change:``mediatailor``: Update mediatailor client to latest version * api-change:``quicksight``: Update quicksight client to latest version * api-change:``serverlessrepo``: Update serverlessrepo client to latest version - from version 1.13.27 * api-change:``cognito-idp``: Update cognito-idp client to latest version * api-change:``redshift``: Update redshift client to latest version * api-change:``elbv2``: Update elbv2 client to latest version * api-change:``wafv2``: Update wafv2 client to latest version * api-change:``dlm``: Update dlm client to latest version * api-change:``iot``: Update iot client to latest version * api-change:``lex-runtime``: Update lex-runtime client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``athena``: Update athena client to latest version * api-change:``iotsecuretunneling``: Update iotsecuretunneling client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``application-insights``: Update application-insights client to latest version * api-change:``mediapackage-vod``: Update mediapackage-vod client to latest version * api-change:``appconfig``: Update appconfig client to latest version * api-change:``mediaconvert``: Update mediaconvert client to latest version * api-change:``kinesisanalyticsv2``: Update kinesisanalyticsv2 client to latest version * api-change:``medialive``: Update medialive client to latest version * api-change:``lambda``: Update lambda client to latest version * api-change:``cloudwatch``: Update cloudwatch client to latest version * api-change:``sesv2``: Update sesv2 client to latest version * api-change:``application-autoscaling``: Update application-autoscaling client to latest version * api-change:``greengrass``: Update greengrass client to latest version * api-change:``alexaforbusiness``: Update alexaforbusiness client to latest version * api-change:``rds``: Update rds client to latest version * api-change:``ce``: Update ce client to latest version * api-change:``ram``: Update ram client to latest version * api-change:``codebuild``: Update codebuild client to latest version * api-change:``comprehend``: Update comprehend client to latest version * api-change:``kms``: Update kms client to latest version - from version 1.13.26 * api-change:``acm``: Update acm client to latest version * api-change:``autoscaling-plans``: Update autoscaling-plans client to latest version * api-change:``codebuild``: Update codebuild client to latest version * api-change:``mediapackage-vod``: Update mediapackage-vod client to latest version * api-change:``emr``: Update emr client to latest version * api-change:``sns``: Update sns client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``application-autoscaling``: Update application-autoscaling client to latest version * api-change:``sts``: Update sts client to latest version * api-change:``forecast``: Update forecast client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``rekognition``: Update rekognition client to latest version - from version 1.13.25 * bugfix:IMDS metadata: Add 405 case to metadata fetching logic. - from version 1.13.24 * api-change:``glue``: Update glue client to latest version * api-change:``transcribe``: Update transcribe client to latest version * api-change:``connectparticipant``: Update connectparticipant client to latest version * api-change:``dynamodb``: Update dynamodb client to latest version * api-change:``lex-runtime``: Update lex-runtime client to latest version * api-change:``connect``: Update connect client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``meteringmarketplace``: Update meteringmarketplace client to latest version * api-change:``config``: Update config client to latest version * api-change:``lex-models``: Update lex-models client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``amplify``: Update amplify client to latest version * api-change:``appsync``: Update appsync client to latest version - from version 1.13.23 * api-change:``datasync``: Update datasync client to latest version * api-change:``dlm``: Update dlm client to latest version * api-change:``mediastore``: Update mediastore client to latest version * api-change:``cloudtrail``: Update cloudtrail client to latest version * api-change:``mgh``: Update mgh client to latest version * api-change:``storagegateway``: Update storagegateway client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``codecommit``: Update codecommit client to latest version * api-change:``s3``: Update s3 client to latest version * api-change:``fsx``: Update fsx client to latest version * api-change:``migrationhub-config``: Update migrationhub-config client to latest version * api-change:``firehose``: Update firehose client to latest version * api-change:``transcribe``: Update transcribe client to latest version * api-change:``ecs``: Update ecs client to latest version * api-change:``discovery``: Update discovery client to latest version * api-change:``chime``: Update chime client to latest version * api-change:``quicksight``: Update quicksight client to latest version - from version 1.13.22 * bugfix:IMDS: Fix regression in IMDS credential resolution. Fixes `#1892 `__. - from version 1.13.21 * api-change:``ec2``: Update ec2 client to latest version * api-change:``cloudformation``: Update cloudformation client to latest version * api-change:``elbv2``: Update elbv2 client to latest version * api-change:``lambda``: Update lambda client to latest version * api-change:``config``: Update config client to latest version * api-change:``iam``: Update iam client to latest version * api-change:``codebuild``: Update codebuild client to latest version * api-change:``iot``: Update iot client to latest version * api-change:``autoscaling``: Update autoscaling client to latest version - from version 1.13.20 * api-change:``cloudformation``: Update cloudformation client to latest version * api-change:``s3``: Update s3 client to latest version * api-change:``rds``: Update rds client to latest version * api-change:``pinpoint``: Update pinpoint client to latest version * api-change:``sagemaker``: Update sagemaker client to latest version * api-change:``sagemaker-runtime``: Update sagemaker-runtime client to latest version * api-change:``ce``: Update ce client to latest version * api-change:``ssm``: Update ssm client to latest version - from version 1.13.19 * api-change:``cognito-idp``: Update cognito-idp client to latest version * api-change:``elbv2``: Update elbv2 client to latest version * api-change:``workspaces``: Update workspaces client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``logs``: Update logs client to latest version * api-change:``guardduty``: Update guardduty client to latest version * api-change:``emr``: Update emr client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``mediaconvert``: Update mediaconvert client to latest version * api-change:``eks``: Update eks client to latest version * api-change:``chime``: Update chime client to latest version - from version 1.13.18 * api-change:``meteringmarketplace``: Update meteringmarketplace client to latest version * api-change:``cognito-idp``: Update cognito-idp client to latest version * api-change:``connect``: Update connect client to latest version * api-change:``ssm``: Update ssm client to latest version * api-change:``personalize``: Update personalize client to latest version - Version update to 1.13.17 (bsc#1129696) * api-change:``sesv2``: Update sesv2 client to latest version * api-change:``dataexchange``: Update dataexchange client to latest version * api-change:``iot``: Update iot client to latest version * api-change:``cloudsearch``: Update cloudsearch client to latest version * api-change:``dlm``: Update dlm client to latest version - from version 1.13.16 * api-change:``transcribe``: Update transcribe client to latest version * api-change:``marketplace-catalog``: Update marketplace-catalog client to latest version * api-change:``dynamodb``: Update dynamodb client to latest version * api-change:``codepipeline``: Update codepipeline client to latest version * api-change:``elbv2``: Update elbv2 client to latest version - from version 1.13.15 * api-change:``ce``: Update ce client to latest version * api-change:``cloudformation``: Update cloudformation client to latest version - from version 1.13.14 * api-change:``cognito-identity``: Update cognito-identity client to latest version * api-change:``ecr``: Update ecr client to latest version - from version 1.13.13 * api-change:``ssm``: Update ssm client to latest version * api-change:``sso``: Update sso client to latest version * api-change:``sso-oidc``: Update sso-oidc client to latest version * api-change:``comprehend``: Update comprehend client to latest version - from version 1.13.12 * api-change:``savingsplans``: Update savingsplans client to latest version - from version 1.13.11 * api-change:``codebuild``: Update codebuild client to latest version * api-change:``budgets``: Update budgets client to latest version * api-change:``efs``: Update efs client to latest version * api-change:``ce``: Update ce client to latest version * api-change:``savingsplans``: Update savingsplans client to latest version * api-change:``signer``: Update signer client to latest version - from version 1.13.10 * api-change:``rds``: Update rds client to latest version * api-change:``codestar-notifications``: Update codestar-notifications client to latest version - from version 1.13.9 * api-change:``dax``: Update dax client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``robomaker``: Update robomaker client to latest version - from version 1.13.8 * api-change:``pinpoint``: Update pinpoint client to latest version * api-change:``cloudtrail``: Update cloudtrail client to latest version * api-change:``dms``: Update dms client to latest version - from version 1.13.7 * api-change:``support``: Update support client to latest version * api-change:``amplify``: Update amplify client to latest version * api-change:``s3``: Update s3 client to latest version - from version 1.13.6 * api-change:``elasticache``: Update elasticache client to latest version - from version 1.13.5 * api-change:``cloud9``: Update cloud9 client to latest version * api-change:``appstream``: Update appstream client to latest version - from version 1.13.4 * api-change:``s3``: Update s3 client to latest version - from version 1.13.3 * api-change:``elasticache``: Update elasticache client to latest version * api-change:``transfer``: Update transfer client to latest version * api-change:``ecr``: Update ecr client to latest version - from version 1.13.2 * api-change:``sagemaker``: Update sagemaker client to latest version * api-change:``gamelift``: Update gamelift client to latest version * enhancement:``sts``: Add support for configuring the use of regional STS endpoints. * api-change:``chime``: Update chime client to latest version * api-change:``appmesh``: Update appmesh client to latest version * api-change:``ec2``: Update ec2 client to latest version - from version 1.13.1 * api-change:``polly``: Update polly client to latest version * api-change:``connect``: Update connect client to latest version - from version 1.13.0 * api-change:``opsworkscm``: Update opsworkscm client to latest version * api-change:``iotevents``: Update iotevents client to latest version * feature:``botocore.vendored.requests``: Removed vendored version of ``requests`` (`#1829 `__) - from version 1.12.253 * api-change:``cloudwatch``: Update cloudwatch client to latest version - from version 1.12.252 * api-change:``batch``: Update batch client to latest version * api-change:``rds``: Update rds client to latest version - from version 1.12.251 * api-change:``kafka``: Update kafka client to latest version * api-change:``marketplacecommerceanalytics``: Update marketplacecommerceanalytics client to latest version * api-change:``robomaker``: Update robomaker client to latest version - from version 1.12.250 * api-change:``kinesis-video-archived-media``: Update kinesis-video-archived-media client to latest version - from version 1.12.249 * api-change:``personalize``: Update personalize client to latest version * api-change:``workspaces``: Update workspaces client to latest version - Refresh patches for new version + hide_py_pckgmgmt.patch - Version update to 1.12.248 * api-change:``greengrass``: Update greengrass client to latest version - from version 1.12.247 * api-change:``ec2``: Update ec2 client to latest version * api-change:``lex-runtime``: Update lex-runtime client to latest version * api-change:``fms``: Update fms client to latest version * api-change:``iotanalytics``: Update iotanalytics client to latest version - from version 1.12.246 * api-change:``kafka``: Update kafka client to latest version * api-change:``elasticache``: Update elasticache client to latest version * api-change:``mediaconvert``: Update mediaconvert client to latest version - from version 1.12.245 * api-change:``organizations``: Update organizations client to latest version * api-change:``events``: Update events client to latest version * api-change:``firehose``: Update firehose client to latest version * api-change:``datasync``: Update datasync client to latest version - from version 1.12.244 * api-change:``snowball``: Update snowball client to latest version * api-change:``directconnect``: Update directconnect client to latest version * api-change:``firehose``: Update firehose client to latest version * api-change:``pinpoint``: Update pinpoint client to latest version * api-change:``glue``: Update glue client to latest version * api-change:``pinpoint-email``: Update pinpoint-email client to latest version - from version 1.12.243 * api-change:``cognito-idp``: Update cognito-idp client to latest version * api-change:``mediapackage``: Update mediapackage client to latest version * api-change:``ssm``: Update ssm client to latest version - from version 1.12.242 * api-change:``es``: Update es client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``application-autoscaling``: Update application-autoscaling client to latest version * api-change:``devicefarm``: Update devicefarm client to latest version - from version 1.12.241 * api-change:``lightsail``: Update lightsail client to latest version - from version 1.12.240 * api-change:``docdb``: Update docdb client to latest version - from version 1.12.239 * api-change:``waf``: Update waf client to latest version * api-change:``rds``: Update rds client to latest version * api-change:``mq``: Update mq client to latest version - from version 1.12.238 * api-change:``amplify``: Update amplify client to latest version * api-change:``ecs``: Update ecs client to latest version - from version 1.12.237 * api-change:``ssm``: Update ssm client to latest version * api-change:``codepipeline``: Update codepipeline client to latest version - from version 1.12.236 * api-change:``globalaccelerator``: Update globalaccelerator client to latest version * api-change:``dms``: Update dms client to latest version * api-change:``sagemaker``: Update sagemaker client to latest version - from version 1.12.235 * api-change:``transcribe``: Update transcribe client to latest version * api-change:``comprehendmedical``: Update comprehendmedical client to latest version * api-change:``datasync``: Update datasync client to latest version - from version 1.12.234 * api-change:``rds-data``: Update rds-data client to latest version * api-change:``redshift``: Update redshift client to latest version - from version 1.12.233 * api-change:``workspaces``: Update workspaces client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``greengrass``: Update greengrass client to latest version * api-change:``rds``: Update rds client to latest version - from version 1.12.232 * api-change:``mediaconnect``: Update mediaconnect client to latest version * api-change:``glue``: Update glue client to latest version * api-change:``ecs``: Update ecs client to latest version - from version 1.12.231 * api-change:``ram``: Update ram client to latest version * api-change:``waf-regional``: Update waf-regional client to latest version * api-change:``apigateway``: Update apigateway client to latest version - from version 1.12.230 * api-change:``iam``: Update iam client to latest version * api-change:``athena``: Update athena client to latest version * api-change:``personalize``: Update personalize client to latest version - from version 1.12.229 * api-change:``eks``: Update eks client to latest version * api-change:``mediaconvert``: Update mediaconvert client to latest version - from version 1.12.228 * api-change:``elbv2``: Update elbv2 client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``workmailmessageflow``: Update workmailmessageflow client to latest version * api-change:``medialive``: Update medialive client to latest version - from version 1.12.227 * api-change:``stepfunctions``: Update stepfunctions client to latest version * api-change:``rds``: Update rds client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``mediaconnect``: Update mediaconnect client to latest version * api-change:``ses``: Update ses client to latest version * api-change:``config``: Update config client to latest version - from version 1.12.226 * api-change:``storagegateway``: Update storagegateway client to latest version - from version 1.12.225 * api-change:``qldb``: Update qldb client to latest version * api-change:``marketplacecommerceanalytics``: Update marketplacecommerceanalytics client to latest version * api-change:``appstream``: Update appstream client to latest version * api-change:``ec2``: Update ec2 client to latest version * api-change:``robomaker``: Update robomaker client to latest version * api-change:``appmesh``: Update appmesh client to latest version * api-change:``qldb-session``: Update qldb-session client to latest version - from version 1.12.224 * api-change:``kinesisanalytics``: Update kinesisanalytics client to latest version - from version 1.12.223 * api-change:``config``: Update config client to latest version - from version 1.12.222 * api-change:``stepfunctions``: Update stepfunctions client to latest version * api-change:``transcribe``: Update transcribe client to latest version * api-change:``eks``: Update eks client to latest version - from version 1.12.221 * api-change:``ecs``: Update ecs client to latest version * api-change:``resourcegroupstaggingapi``: Update resourcegroupstaggingapi client to latest version * api-change:``gamelift``: Update gamelift client to latest version - from version 1.12.220 * api-change:``mq``: Update mq client to latest version * api-change:``apigatewaymanagementapi``: Update apigatewaymanagementapi client to latest version * api-change:``ecs``: Update ecs client to latest version - from version 1.12.219 * api-change:``codepipeline``: Update codepipeline client to latest version * api-change:``application-autoscaling``: Update application-autoscaling client to latest version * api-change:``elasticache``: Update elasticache client to latest version * api-change:``lambda``: Update lambda client to latest version * api-change:``ecs``: Update ecs client to latest version - from version 1.12.218 * api-change:``sqs``: Update sqs client to latest version * api-change:``globalaccelerator``: Update globalaccelerator client to latest version * api-change:``mediaconvert``: Update mediaconvert client to latest version - from version 1.12.217 * api-change:``organizations``: Update organizations client to latest version - from version 1.12.216 * api-change:``ssm``: Update ssm client to latest version * api-change:``securityhub``: Update securityhub client to latest version - from version 1.12.215 * api-change:``ec2``: Update ec2 client to latest version * api-change:``mediapackage-vod``: Update mediapackage-vod client to latest version * api-change:``transcribe``: Update transcribe client to latest version - from version 1.12.214 * api-change:``datasync``: Update datasync client to latest version * api-change:``rds``: Update rds client to latest version python-s3transfer was updated to 0.3.3: * bugfix:dependency: Updated botocore version range Update to version 0.3.2 * bugfix:s3: Fixes boto/botocore`#1916 `__ from version 0.3.1 * enhancement:TransferManager: Expose client and config properties * enhancement:Tags: Add support for Tagging and TaggingDirective from version 0.3.0 * feature:Python: Dropped support for Python 2.6 and 3.3. python-boto was updated to fix: * Removed the upstream builtin root certificate data for trusted CAs, as SUSE ships them seperately. (bsc#1116204) ----------------------------------------- Patch: SUSE-2020-1172 Released: Mon May 4 18:15:17 2020 Summary: Recommended update for osc Severity: moderate References: 1160446,1166537,1168862 Description: This update for osc fixes the following issues: Update from version 0.167.2 to 0.168.2 (bsc#1168862) - Use helper method _html_escape to enable python3.8 and python2.* compatibility. (bsc#1166537) - Fix support for python3.8 - Spec: temporary disable tests as they explode under python 3.8 - Spec: fix destination of fish completion file to /usr/share/fish/vendor_completions.d - MR creation honors orev now (bsc#1160446) - Allow 'osc r --vertical' for projects - Cleanup old functions and remove python2.6 compatibility code - Support zstd arch linux files in local build - Fix deleterequest for repositories - Append --norootforbuild as default to build command - Fix decoding in interactive request mode - Use signdummy for product builds - Print release project when creating MR - Improve SSLError message for TLSv1 validation - osc maintained --version prints the version of each maintained package - Print web url links after creating requests (New general bool option 'print_web_links' must be set in oscrc) - Fix checkout_no_colon on project level - Handle empty release number of rpm packages in build.py - Handle bytes vs. str error when parsing meta - Custom exception if importing m2crypto fails - Fix missing oscerr import in util.helper - Several fixes for keyring handling - Fix arch zst magic in util.packagequery - Ship fish completion file. ----------------------------------------- Patch: SUSE-2020-1175 Released: Tue May 5 08:33:43 2020 Summary: Recommended update for systemd Severity: moderate References: 1165011,1168076 Description: This update for systemd fixes the following issues: - Fix check for address to keep interface names stable. (bsc#1168076) - Fix for checking non-normalized WHAT for network FS. (bsc#1165011) - Allow to specify an arbitrary string for when vfs is used. (bsc#1165011) ----------------------------------------- Patch: SUSE-2020-1177 Released: Tue May 5 09:50:10 2020 Summary: Security update for rpmlint Severity: moderate References: 1129452,1169365 Description: This update for rpmlint fixes the following issues: - whitelist certmonger (bsc#1169365, bsc#1129452) ----------------------------------------- Patch: SUSE-2020-1178 Released: Tue May 5 10:27:30 2020 Summary: Security update for rubygem-actionview-5_1 Severity: moderate References: 1167240,CVE-2020-5267 Description: This update for rubygem-actionview-5_1 fixes the following issues: - CVE-2020-5267: Fixed an XSS vulnerability in ActionView's JavaScript literal escape helpers (bsc#1167240). ----------------------------------------- Patch: SUSE-2020-1181 Released: Tue May 5 12:02:39 2020 Summary: Recommended update for pciutils-ids Severity: moderate References: 1170160 Description: This update for pciutils-ids fixes the following issues: - Update the PCI utilities database to 20200324. (bsc#1170160) ----------------------------------------- Patch: SUSE-2020-1182 Released: Tue May 5 12:06:55 2020 Summary: Recommended update for chrony Severity: moderate References: 1099272,1156884,1161119 Description: This update for chrony fixes the following issues: - Read runtime servers from /var/run/netconfig/chrony.servers (bsc#1099272, bsc#1161119) - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. - Add chrony-pool-suse and chrony-pool-openSUSE subpackages that preconfigure chrony to use NTP servers from the respective pools for SUSE and openSUSE. (bsc#1156884, SLE-11424) - Add chrony-pool-empty to still allow installing chrony without preconfigured servers. ----------------------------------------- Patch: SUSE-2020-1183 Released: Tue May 5 12:09:56 2020 Summary: Recommended update for geoipupdate Severity: moderate References: 1169766 Description: This update for geoipupdate fixes the following issue: - Fix license, it's actually Apache-2.0 or MIT. (bsc#1169766) ----------------------------------------- Patch: SUSE-2020-1187 Released: Tue May 5 12:51:09 2020 Summary: Recommended update for python-paramiko Severity: moderate References: 1169489 Description: This update for python-paramiko fixes the following issues: - Fixed a problem from the last fix that caused Vorta to fail (bsc#1169489) ----------------------------------------- Patch: SUSE-2020-1159 Released: Tue May 5 16:24:36 2020 Summary: Recommended update for python3-azuremetadata Severity: moderate References: 1170598,1170599,1170605,1170606 Description: This update for python3-azuremetadata fixes the following issues: python3-azuremetadata was updated to version 5.1.0: - Produce well-formed JSON and XML output when multiple filters are specified (bsc#1170598, bsc#1170599) regionServiceClientConfigSAPAzure was updated to 1.0.3 and regionServiceClientConfigAzure was updated to 0.0.6: - Report subscriptionId during registration (bsc#1170605, bsc#1170606) ----------------------------------------- Patch: SUSE-2020-1197 Released: Wed May 6 13:52:04 2020 Summary: Security update for slirp4netns Severity: important References: 1170940,CVE-2020-1983 Description: This update for slirp4netns fixes the following issues: Security issue fixed: - CVE-2020-1983: Fixed a use-after-free in ip_reass (bsc#1170940). ----------------------------------------- Patch: SUSE-2020-1199 Released: Wed May 6 13:53:40 2020 Summary: Security update for php7 Severity: moderate References: 1168326,1168352,CVE-2020-7064,CVE-2020-7066 Description: This update for php7 fixes the following issues: - CVE-2020-7064: Fixed a one byte read of uninitialized memory in exif_read_data() (bsc#1168326). - CVE-2020-7066: Fixed URL truncation get_headers() if the URL contains zero (\0) character (bsc#1168352). ----------------------------------------- Patch: SUSE-2020-1201 Released: Wed May 6 15:46:46 2020 Summary: Recommended update for cluster-glue Severity: moderate References: 1131545,1169784 Description: This update for cluster-glue fixes the following issues: - Fix for profile parameter handling EC2 stonith plugin to avoid possible cluster resource failures. (bsc#1169784) - Fix for handling in 'stonith' command by creating '/var/run/heartbeat/rsctmp' directory. (bsc#1131545) ----------------------------------------- Patch: SUSE-2020-1202 Released: Wed May 6 15:51:16 2020 Summary: Recommended update for supportutils-plugin-ha-sap Severity: moderate References: 1170085 Description: This update for supportutils-plugin-ha-sap fixes the following issues: - Implement SAP plugin for supportutils. (jsc#ECO-862, bsc#1170085) ----------------------------------------- Patch: SUSE-2020-1214 Released: Thu May 7 11:20:34 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1169944 Description: This update for libgcrypt fixes the following issues: - FIPS: libgcrypt: Fixed a double free in test_keys() on failed signature verification (bsc#1169944) ----------------------------------------- Patch: SUSE-2020-1219 Released: Thu May 7 17:10:42 2020 Summary: Security update for openldap2 Severity: important References: 1170771,CVE-2020-12243 Description: This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). ----------------------------------------- Patch: SUSE-2020-1220 Released: Thu May 7 17:11:57 2020 Summary: Security update for ghostscript Severity: important References: 1170603,CVE-2020-12268 Description: This update for ghostscript to version 9.52 fixes the following issues: - CVE-2020-12268: Fixed a heap-based buffer overflow in jbig2_image_compose (bsc#1170603). ----------------------------------------- Patch: SUSE-2020-1222 Released: Fri May 8 08:23:57 2020 Summary: Recommended update for python-azure-agent Severity: moderate References: 1167601,1167602 Description: This update for python-azure-agent fixes the following issues: - Set the hostname using hostnamectl to ensure setting is properly applied (bsc#1167601, bsc#1167602) ----------------------------------------- Patch: SUSE-2020-1226 Released: Fri May 8 10:51:05 2020 Summary: Recommended update for gcc9 Severity: moderate References: 1149995,1152590,1167898 Description: This update for gcc9 fixes the following issues: This update ships the GCC 9.3 release. - Includes a fix for Internal compiler error when building HepMC (bsc#1167898) - Includes fix for binutils version parsing - Add libstdc++6-pp provides and conflicts to avoid file conflicts with same minor version of libstdc++6-pp from gcc10. - Add gcc9 autodetect -g at lto link (bsc#1149995) - Install go tool buildid for bootstrapping go ----------------------------------------- Patch: SUSE-2020-1230 Released: Mon May 11 07:29:21 2020 Summary: Recommended update for md_monitor Severity: moderate References: 1081286,1091619,1095141,1096363,1104770,1116560,1123046,1125281,1136542,1139268,1149316,1157098,1157754 Description: This update for md_monitor fixes the following issues: - Fix for preventing too long I/O after maintenance of a 'Direct Access Storage Device'. (bsc#1116560) - Fix for a potential memory leak can be triggered by database I/O. (bsc#1157754) - Fix for an issue when 'md_monitor' thread remains in system shutdown and blocks 'Direct Access Storage Device' offline action by grabbing the device. (bsc#1125281, bsc#1157098) - Fix for 'ArrayResync' and 'MonitorStatus' by md_monitor not working properly. (bsc#1149316) - Fix 'md_monitor' to use correct blocksize and prevent disk failure. (bsc#1139268) - Add newly (re-)discovered devices to the device list. (bsc#1136542) - Fix for an issue when md_monitor is stopped with process fault during system start and the host has only RAID0 array. (bsc#1123046) - Fix for an issue when 'md_monitor' does not get 'MirrorStatus' and 'MonitorStatus' properly. (bsc#1104770, bsc#1095141) - Fix crash on 'MonitorStatus' calling update request for 'md_monitor'. (bsc#1096363, bsc#1081286) - Ignore NewArray message if does not exists yet (bsc#1091619) ----------------------------------------- Patch: SUSE-2020-1260 Released: Tue May 12 18:00:45 2020 Summary: Optional update for terraform-provider-susepubliccloud Severity: low References: 1166049 Description: This update for terraform-provider-susepubliccloud doesn't fix any issues and just adjusts some packaging meta information. ----------------------------------------- Patch: SUSE-2020-1261 Released: Tue May 12 18:40:18 2020 Summary: Recommended update for hwdata Severity: moderate References: 1168806 Description: This update for hwdata fixes the following issues: Update from version 0.320 to version 0.324 (bsc#1168806) - Updated pci, usb and vendor ids. - Replace pciutils-ids package providing compatibility symbolic link ----------------------------------------- Patch: SUSE-2020-1263 Released: Wed May 13 08:24:14 2020 Summary: Recommended update for hawk2 Severity: moderate References: 1054027,1068942,1069217,1069296,1071481,1074856,1076421,1080439,1085318,1085343,1085515,1089709,1089802,1090562,1090657,1090667,1092108,1092122,1093420,1098637,1137891,1158681,1162221,1165587 Description: This update for hawk2 fixes the following issues: WIP * Implement mechanism to switch binaries in case (bsc#1165587) * Work around the removal of Dir::Tmpname#make_tmpname (bsc#1162221) * Fix cib.xml parsing for acl_version (bsc#1158681) * Fix mime type issue in MS windows (bsc#1098637) * Fix nameless cluster display (bsc#1137891) * High: Set secure flag to enforce https (bsc#1090657) * Medium: Improve hawk-server side cookie handling (bsc#1090667) * Medium: Set Symmetrical to False when score is Serialize (bsc#1085515) * Medium: Make resource stop/start icon dependent on target-role (bsc#1076421) * Api: Add advance resource type(group|clone|master|bundle) in resource route(fate#323437) * Api: return nil if elem is nil(fate#323437) in some case, param in determine_online_status_fencing is nil, this will cause NoMethodError * Medium: Fix acl_version check (bsc#1089802) * High: Fetch correct meta data (bsc#1092122) * Medium: Fix history explorer views (bsc#1093420) * High: Update links to release notes and documentation (bsc#1089709) * High: Return after redirect in reports (bsc#1090562) * Medium: Comply routes' id with resources' ID (bsc#1092108) * Api: Add registration route (fate#323437) * High: Calculate guest node state correctly (bsc#1074856) * Use Promotable etc. (bsc#1085318) (bsc#1085343) * High: Fix remote nodes iteration (bsc#1080439) * High: Support guest nodes (bsc#1074856) * Ensure certificate/key is group readable (bsc#1071481) * Test: Add test suit for (bsc#1069296) * Dev: Fix acl_enabled? (bsc#1069296) * Dev: Dev: Handle redirection correctly after renaming resources (bsc#1068942) * Dev: Handle redirection correctly after renaming constraints (bsc#1068942) * Dev: Dev: split rename action for constraints to edit/update (bsc#1068942) * Dev: Refactor resouces.js (bsc#1068942) * Dev: Change the rename path for resources (#bsc#1068942) * Dev: split rename action to edit/update (bsc#1068942) * Fix node/resource event injection in simulator (bsc#1069217) * Show descriptions in cluster config (bsc#1054027) ----------------------------------------- Patch: SUSE-2020-1266 Released: Wed May 13 10:20:54 2020 Summary: Recommended update for jq Severity: moderate References: 1170838 Description: This update for jq fixes the following issues: jq was updated to version 1.6: * Destructuring Alternation * many new builtins (see docs) * Add support for ASAN and UBSAN * Make it easier to use jq with shebangs * Add $ENV builtin variable to access environment * Add JQ_COLORS env var for configuring the output colors * change: Calling jq without a program argument now always assumes '.' for the program, regardless of stdin/stdout * fix: Make sorting stable regardless of qsort. - Make jq depend on libjq1, so upgrading jq upgrades both ----------------------------------------- Patch: SUSE-2020-1252 Released: Wed May 13 13:51:29 2020 Summary: Recommended update for regionServiceClientConfigEC2 Severity: moderate References: 1171232,1171233 Description: This update for regionServiceClientConfigEC2 fixes the following issues: - Improved the way how regions are resolved by IP addresses. ----------------------------------------- Patch: SUSE-2020-1280 Released: Thu May 14 14:27:51 2020 Summary: Recommended update for postgresql, postgresql10, postgresql12 Severity: moderate References: 1138034,1151591,1153168,1163985,1167541,CVE-2019-10164,CVE-2020-1720 Description: This update for postgresql, postgresql10, postgresql12 fixes the following issues: Changes in the postgresql wrapper package: - Sync ownership of /run/postgresql in the file list with tmpfiles. - Use the correct content for .bash_profile (bsc#1153168). - Stop shipping SUSEfirewall2 config files (bsc#1151591). - Use /run/postgresql instead of /var/run/postgresql in %ghost and postgresql-tmpfiles.conf to avoid rpmlint warnings and errors. - add /var/run/postgresql to the filelist. as %ghost for systemd systems and directly for non systemd systems Changes in postgresql10: - packaging changed to no longer build the libraries, these now come from postgresql12. Changes in postgresql12: Initial package for the postgresql 12 branch https://www.postgresql.org/about/news/1976/ - Update to 12.2 (CVE-2020-1720) https://www.postgresql.org/about/news/2011/ https://www.postgresql.org/docs/12/release-12-2.html - Avoid the dependency from the devel package to the main package. devel packages are exclusive, thus ecpg does not require update-alternatives. - Remove unused build dependencies from the client libs package: LVM, icu, selinux, systemd. - Update to 12.1 https://www.postgresql.org/docs/12/release-12-1.html https://www.postgresql.org/about/news/1994/ - add requires to the server-devel package for the libs that are returned by pg_config --libs python-psycopg2 was updated to 2.8.4 to allow working with postgresql12. ----------------------------------------- Patch: SUSE-2020-1282 Released: Thu May 14 15:52:22 2020 Summary: Recommended update for ocr Severity: moderate References: 1171636 Description: This update for ocr fixes the following issues: - Enable openmpi3 build for all SLE versions. (bsc#1171636) ----------------------------------------- Patch: SUSE-2020-1286 Released: Fri May 15 11:05:14 2020 Summary: Recommended update for cdrtools Severity: moderate References: 1169420 Description: This update for cdrtools fixes the following issues: - Fix for an issue when 'mediacheck' fails if ISO sizes are larger than 4GB. (bsc#1169420) ----------------------------------------- Patch: SUSE-2020-1288 Released: Fri May 15 11:27:01 2020 Summary: Recommended update for regionServiceClientConfigAzure Severity: critical References: 1171465 Description: This update for regionServiceClientConfigAzure fixes the following issues: - Unify region server setup for SLES and SLES4SAP that provides configuring traffic routing through the datacenter. (bsc#1171465) ----------------------------------------- Patch: SUSE-2020-1291 Released: Fri May 15 16:40:53 2020 Summary: Recommended update for shared-python-startup Severity: moderate References: 1170411 Description: This update for shared-python-startup fixes the following issues: This package contains common python startup files. (bsc#1170411) ----------------------------------------- Patch: SUSE-2020-1293 Released: Mon May 18 07:38:06 2020 Summary: Security update for openexr Severity: moderate References: 1146648,1169549,1169573,1169574,1169575,1169576,1169578,1169580,CVE-2020-11758,CVE-2020-11760,CVE-2020-11761,CVE-2020-11762,CVE-2020-11763,CVE-2020-11764,CVE-2020-11765 Description: This update for openexr provides the following fix: Security issues fixed: - CVE-2020-11765: Fixed an off-by-one error in use of the ImfXdr.h read function by DwaCompressor:Classifier:Classifier (bsc#1169575). - CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574). - CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576). - CVE-2020-11762: Fixed an out-of-bounds read and write in DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case (bsc#1169549). - CVE-2020-11761: Fixed an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder:refill in ImfFastHuf.cpp (bsc#1169578). - CVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp (bsc#1169580). - CVE-2020-11758: Fixed an out-of-bounds read in ImfOptimizedPixelReading.h (bsc#1169573). Non-security issue fixed: - Enable tests when building the package on x86_64. (bsc#1146648) ----------------------------------------- Patch: SUSE-2020-1294 Released: Mon May 18 07:38:36 2020 Summary: Security update for file Severity: moderate References: 1154661,1169512,CVE-2019-18218 Description: This update for file fixes the following issues: Security issues fixed: - CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661). Non-security issue fixed: - Fixed broken '--help' output (bsc#1169512). ----------------------------------------- Patch: SUSE-2020-1297 Released: Mon May 18 07:42:18 2020 Summary: Security update for libvpx Severity: moderate References: 1166066,CVE-2020-0034 Description: This update for libvpx fixes the following issues: - CVE-2020-0034: Fixed an out-of-bounds read on truncated key frames (bsc#1166066). ----------------------------------------- Patch: SUSE-2020-1298 Released: Mon May 18 07:42:49 2020 Summary: Security update for libbsd Severity: moderate References: 1160551,CVE-2019-20367 Description: This update for libbsd fixes the following issues: - CVE-2019-20367: Fixed an out-of-bounds read during a comparison for a symbol names from the string table (bsc#1160551). ----------------------------------------- Patch: SUSE-2020-1299 Released: Mon May 18 07:43:21 2020 Summary: Security update for libxml2 Severity: moderate References: 1159928,1161517,1161521,CVE-2019-19956,CVE-2019-20388,CVE-2020-7595 Description: This update for libxml2 fixes the following issues: - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2019-19956: Fixed a memory leak (bsc#1159928). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). ----------------------------------------- Patch: SUSE-2020-1303 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Severity: moderate References: 1169582 Description: This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------- Patch: SUSE-2020-1308 Released: Mon May 18 10:05:46 2020 Summary: Recommended update for psmisc Severity: moderate References: 1170247 Description: This update for psmisc fixes the following issues: - Allow not unique mounts as well as not unique mountpoint. (bsc#1170247) ----------------------------------------- Patch: SUSE-2020-1309 Released: Mon May 18 10:08:16 2020 Summary: Recommended update for gnome-themes-standard Severity: moderate References: 1170757 Description: This update for gnome-themes-standard fixes the following issue: - Remove the is_opensuse tag to close the gap between Leap and SLE (bsc#1170757, jsc#SLE-11890). ----------------------------------------- Patch: SUSE-2020-1310 Released: Mon May 18 10:09:22 2020 Summary: Recommended update for icewm, icewm-theme-branding Severity: moderate References: 1170420 Description: This update for icewm, icewm-theme-branding fixes the following issues: Changes in icewm: - Explicitly require icewm-theme-branding on SLE and Leap. (jsc#SLE-11888, bsc#1170420). - Add Conflicts between icewm-config-upstream and icewm-theme-branding. - Improve build tag consistency between SLE and Leap. (jsc#SLE-11888, bsc#1170420). * Recommend polkit-gnome to both Leap and SLE. Changes in icewm-theme-branding: - Improve build tag consistency between SLE and Leap. (jsc#SLE-11888, bsc#1170420). * Build the branding package separately for openSUSE and SLE, like most of other branding packages did. ----------------------------------------- Patch: SUSE-2020-1315 Released: Mon May 18 10:38:42 2020 Summary: Recommended update for eiciel Severity: moderate References: 1170756 Description: This update for eiciel fixes the following issue: - Enable translation-update-upstream for both SLE and openSUSE. (bsc#1170756, jsc#SLE-11889) ----------------------------------------- Patch: SUSE-2020-1319 Released: Mon May 18 11:43:44 2020 Summary: Recommended update for tcsh Severity: moderate References: 1170527 Description: This update for tcsh fixes the following issues: - Fix for an issue when Midnight Commander freezes changing directory using tcsh shell. (bsc#1170527) ----------------------------------------- Patch: SUSE-2020-1321 Released: Mon May 18 11:45:10 2020 Summary: Recommended update for regionServiceClientConfigGCE Severity: important References: 1171467,1171469 Description: This update for regionServiceClientConfigGCE fixes the following issues: - Unify region server setup for SLES and SLES4SAP that provides configuring traffic routing through the datacenter. (bsc#1171467, bsc#1171469) ----------------------------------------- Patch: SUSE-2020-1323 Released: Mon May 18 11:49:02 2020 Summary: Recommended update for python3-gcemetadata Severity: important References: 1134510 Description: This update for python3-gcemetadata fixes the following issues: - Fix for the identity data of the instance may not be accessible from the metadata server in Google Cloud client. (bsc#1134510) ----------------------------------------- Patch: SUSE-2020-1327 Released: Mon May 18 17:15:48 2020 Summary: Recommended update for ntfs-3g_ntfsprogs Severity: moderate References: 1170609 Description: This update for ntfs-3g_ntfsprogs fixes the following issue: - the libntfs-3g-devel package is shipped into the Workstation Extension (bsc#1170609) ----------------------------------------- Patch: SUSE-2020-1328 Released: Mon May 18 17:16:04 2020 Summary: Recommended update for grep Severity: moderate References: 1155271 Description: This update for grep fixes the following issues: - Update testsuite expectations, no functional changes (bsc#1155271) ----------------------------------------- Patch: SUSE-2020-1337 Released: Tue May 19 13:20:44 2020 Summary: Security update for openconnect Severity: moderate References: 1170452,CVE-2020-12105 Description: This update for openconnect fixes the following issues: Security issue fixed: - CVE-2020-12105: Fixed the improper handling of negative return values from X509_check_ function calls that might have allowed MITM attacks (bsc#1170452). ----------------------------------------- Patch: SUSE-2020-1339 Released: Tue May 19 13:21:40 2020 Summary: Security update for python Severity: moderate References: 1155094,1162825,CVE-2019-18348,CVE-2019-9674 Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). ----------------------------------------- Patch: SUSE-2020-1340 Released: Tue May 19 13:26:34 2020 Summary: Recommended update for git Severity: moderate References: 1149792,1169786,1169936,1170302,1170741,1170939 Description: This update for git to version 2.26.2 fixes the following issues: - Fixed git-daemon not starting after conversion from sysvinit to systemd service (bsc#1169605). - Enabled access for git-daemon in firewall configuration (bsc#1170302). - Fixed problems with recent switch to protocol v2, which caused fetches transferring unreasonable amount of data (bsc#1170741). ----------------------------------------- Patch: SUSE-2020-1342 Released: Tue May 19 13:27:31 2020 Summary: Recommended update for python3 Severity: moderate References: 1149955,1165894,CVE-2019-16056 Description: This update for python3 fixes the following issues: - Changed the name of idle3 icons to idle3.png to avoid collision with Python 2 version (bsc#1165894). ----------------------------------------- Patch: SUSE-2020-1348 Released: Wed May 20 11:37:41 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1170908 Description: This update for mozilla-nss fixes the following issues: The following issues are fixed: - Add AES Keywrap POST. - Accept EACCES in lieu of ENOENT when trying to access /proc/sys/crypto/fips_enabled (bsc#1170908). ----------------------------------------- Patch: SUSE-2020-1353 Released: Wed May 20 13:02:32 2020 Summary: Security update for freetype2 Severity: moderate References: 1079603,1091109,CVE-2018-6942 Description: This update for freetype2 to version 2.10.1 fixes the following issues: Security issue fixed: - CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c (bsc#1079603). Non-security issues fixed: - Update to version 2.10.1 * The bytecode hinting of OpenType variation fonts was flawed, since the data in the `CVAR' table wasn't correctly applied. * Auto-hinter support for Mongolian. * The handling of the default character in PCF fonts as introduced in version 2.10.0 was partially broken, causing premature abortion of charmap iteration for many fonts. * If `FT_Set_Named_Instance' was called with the same arguments twice in a row, the function returned an incorrect error code the second time. * Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug introduced in version 2.10.0). * Increased precision while computing OpenType font variation instances. * The flattening algorithm of cubic Bezier curves was slightly changed to make it faster. This can cause very subtle rendering changes, which aren't noticeable by the eye, however. * The auto-hinter now disables hinting if there are blue zones defined for a `style' (i.e., a certain combination of a script and its related typographic features) but the font doesn't contain any characters needed to set up at least one blue zone. - Add tarball signatures and freetype2.keyring - Update to version 2.10.0 * A bunch of new functions has been added to access and process COLR/CPAL data of OpenType fonts with color-layered glyphs. * As a GSoC 2018 project, Nikhil Ramakrishnan completely overhauled and modernized the API reference. * The logic for computing the global ascender, descender, and height of OpenType fonts has been slightly adjusted for consistency. * `TT_Set_MM_Blend' could fail if called repeatedly with the same arguments. * The precision of handling deltas in Variation Fonts has been increased.The problem did only show up with multidimensional designspaces. * New function `FT_Library_SetLcdGeometry' to set up the geometry of LCD subpixels. * FreeType now uses the `defaultChar' property of PCF fonts to set the glyph for the undefined character at glyph index 0 (as FreeType already does for all other supported font formats). As a consequence, the order of glyphs of a PCF font if accessed with FreeType can be different now compared to previous versions. This change doesn't affect PCF font access with cmaps. * `FT_Select_Charmap' has been changed to allow parameter value `FT_ENCODING_NONE', which is valid for BDF, PCF, and Windows FNT formats to access built-in cmaps that don't have a predefined `FT_Encoding' value. * A previously reserved field in the `FT_GlyphSlotRec' structure now holds the glyph index. * The usual round of fuzzer bug fixes to better reject malformed fonts. * `FT_Outline_New_Internal' and `FT_Outline_Done_Internal' have been removed.These two functions were public by oversight only and were never documented. * A new function `FT_Error_String' returns descriptions of error codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is defined. * `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector' are new functions limited to Adobe MultiMaster fonts to directly set and get the weight vector. - Enable subpixel rendering with infinality config: - Re-enable freetype-config, there is just too many fallouts. - Update to version 2.9.1 * Type 1 fonts containing flex features were not rendered correctly (bug introduced in version 2.9). * CVE-2018-6942: Older FreeType versions can crash with certain malformed variation fonts. * Bug fix: Multiple calls to `FT_Get_MM_Var' returned garbage. * Emboldening of bitmaps didn't work correctly sometimes, showing various artifacts (bug introduced in version 2.8.1). * The auto-hinter script ranges have been updated for Unicode 11. No support for new scripts have been added, however, with the exception of Georgian Mtavruli. - freetype-config is now deprecated by upstream and not enabled by default. - Update to version 2.10.1 * The `ftmulti' demo program now supports multiple hidden axes with the same name tag. * `ftview', `ftstring', and `ftgrid' got a `-k' command line option to emulate a sequence of keystrokes at start-up. * `ftview', `ftstring', and `ftgrid' now support screen dumping to a PNG file. * The bytecode debugger, `ttdebug', now supports variation TrueType fonts; a variation font instance can be selected with the new `-d' command line option. - Add tarball signatures and freetype2.keyring - Update to version 2.10.0 * The `ftdump' demo program has new options `-c' and `-C' to display charmaps in compact and detailed format, respectively. Option `-V' has been removed. * The `ftview', `ftstring', and `ftgrid' demo programs use a new command line option `-d' to specify the program window's width, height, and color depth. * The `ftview' demo program now displays red boxes for zero-width glyphs. * `ftglyph' has limited support to display fonts with color-layered glyphs.This will be improved later on. * `ftgrid' can now display bitmap fonts also. * The `ttdebug' demo program has a new option `-f' to select a member of a TrueType collection (TTC). * Other various improvements to the demo programs. - Remove 'Supplements: fonts-config' to avoid accidentally pulling in Qt dependencies on some non-Qt based desktops.(bsc#1091109) fonts-config is fundamental but ft2demos seldom installs by end users. only fonts-config maintainers/debuggers may use ft2demos along to debug some issues. - Update to version 2.9.1 * No changelog upstream. ----------------------------------------- Patch: SUSE-2020-1361 Released: Thu May 21 09:31:18 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1171872 Description: This update for libgcrypt fixes the following issues: - FIPS: RSA/DSA/ECC test_keys() print out debug messages only in debug mode (bsc#1171872) ----------------------------------------- Patch: SUSE-2020-1370 Released: Thu May 21 19:06:00 2020 Summary: Recommended update for systemd-presets-branding-SLE Severity: moderate References: 1171656 Description: This update for systemd-presets-branding-SLE fixes the following issues: Cleanup of outdated autostart services (bsc#1171656): - Remove acpid.service. acpid is only available on SLE via openSUSE backports. In openSUSE acpid.service is *not* autostarted. I see no reason why it should be on SLE. - Remove spamassassin.timer. This timer never seems to have existed. Instead spamassassin ships a 'sa-update.timer'. But it is not default-enabled and nobody ever complained about this. - Remove snapd.apparmor.service: This service was proactively added a year ago, but snapd didn't even make it into openSUSE yet. There's no reason to keep this entry unless snapd actually enters SLE which is not foreseeable. ----------------------------------------- Patch: SUSE-2020-1378 Released: Thu May 21 19:08:52 2020 Summary: Recommended update for google-compute-engine Severity: moderate References: 1170719,1170720 Description: This update for google-compute-engine contain the following fix: - Do not add the created user to the adm, docker, or lxd groups if they exist. (bsc#1170719, bsc#1170720) ----------------------------------------- Patch: SUSE-2020-1381 Released: Fri May 22 08:01:14 2020 Summary: Security update for memcached Severity: moderate References: 1133817,1149110,CVE-2019-11596,CVE-2019-15026 Description: This update for memcached fixes the following issues: Security issue fixed: - CVE-2019-11596: Fixed a NULL pointer dereference in process_lru_command (bsc#1133817). - CVE-2019-15026: Fixed a stack-based buffer over-read (bsc#1149110). ----------------------------------------- Patch: SUSE-2020-1388 Released: Fri May 22 10:58:17 2020 Summary: Recommended update for lifecycle-data-sle-module-live-patching Severity: moderate References: 1020320 Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: - Live kernel patching update data for 4_12_14-197_37, 4_12_14-197_40. (bsc#1020320) ----------------------------------------- Patch: SUSE-2020-1402 Released: Mon May 25 14:17:17 2020 Summary: Recommended update for mrsh Severity: moderate References: 1144051 Description: This update for mrsh fixes the following issues: - Use systemd_ordering instead of systemd_requires: systemd is never a strict requirement; but in case the system is scheduled for installation together with systemd, we want systemd to be installed prior to mrsh. - Add pam_keyinit.so to /etc/pam.d/mrsh|mrlogind. (bsc#1144051) To fully support the use of kernel keyrings by systemd the mrsh package must include the pam_keyinit.so module in its mrsh and mrlogin configuration files. - Add README.SUSE: Describe the steps required to set up and run mrshd/mrlogind. - Add missing services in pre/post/preun/postun scripts. ----------------------------------------- Patch: SUSE-2020-1404 Released: Mon May 25 15:32:34 2020 Summary: Recommended update for zlib Severity: moderate References: 1138793,1166260 Description: This update for zlib fixes the following issues: - Including the latest fixes from IBM (bsc#1166260) IBM Z mainframes starting from version z15 provide DFLTCC instruction, which implements deflate algorithm in hardware with estimated compression and decompression performance orders of magnitude faster than the current zlib and ratio comparable with that of level 1. - Add SUSE specific fix to solve bsc#1138793. The fix will avoid to test if the app was linked with exactly same version of zlib like the one that is present on the runtime. ----------------------------------------- Patch: SUSE-2020-1407 Released: Mon May 25 15:55:08 2020 Summary: Recommended update for amazon-ssm-agent Severity: moderate References: 1085670,1108265,1170935 Description: This update for amazon-ssm-agent fixes the following issues: - Update to 2.3.978.0 (2020-04-08) (bsc#1170935) + Stop pty on receiving TerminateSession request + Add support for Debian arm64 architecture + Refactoring session log generation logic - Update to 2.3.930.0 (2020-03-17) + Bug fix for CloudWatch agent version showing twice in Inventory console + Bug fix for retrieving minor version for CentOS7 + Add snap appData collection for inventory in ubuntu 18 + Add validation for contents of os release files + Add retry for fingerprint generation - Update to 2.3.871.0 (2020-02-20) + Various bug fix for SSM Agent - Update to 2.3.842.0 (2020-01-29) + Bug fix for updating document state file prior agent reboot + Add support to restart agent after SIGPIPE exit status - Update to 2.3.814.0 (2020-01-16) + Bug fix for metadata service V2 + Update Golang version 1.12 for travis + Optimize session manager retry logic - Update to 2.3.786.0 (2019-12-19) + Add support for Oracle Linux v7.5 and v7.7 + Bug fix for Inventory data provider to support special characters + Bug fix for SSM MDS service name - Update to 2.3.772.0 (2019-12-13) + Upgrade AWS SDK + Add logging for fingerprint generation - Update to 2.3.760.0 (2019-11-15) + Session manager supports handling of Task metadata - Update to 2.3.758.0 (2019-11-11) + Add support to update SSM Distributor packages in place - Update to 2.3.756.0 (2019-11-05) + Terminate port forwarding session on receiving TerminateSession flag + Bug fix to reload SSM client if region has not been initialize correctly + Bug fix for retrieval of user groups on Linux - Update to 2.3.722.0 (2019-10-11) + Bug fix for the delay when registering non-EC2 on-prem instances + Bug fix for missing ACL when uploading logs to S3 buckets + Upgrade GoLang version from 1.9 to 1.12 - Update to 2.3.714.0 (2019-09-26) + For port forwarding session, close server connection when client drops it's connection + Bug fix for missing condition of rules from inventory registry + Update service domain information fetch logic from EC2 Metadata - Update to 2.3.707.0 (2019-09-11) + Bug fix for characters dropping from session manager shell output + Bug fix for session manager freezing caused by non utf8 character + Switch the request protocol order for getting S3 Header + Keep port forwarding session open until session is terminated - Update to 2.3.701.0 (2019-08-21) + Send platform type information in controlChannel input - Update to 2.3.687.0 (2019-08-05) + Bug fix for runPowershellScript plugin on linux platform + Add support for document 2.x version to ssm-cli - Update to 2.3.680.0 (2019-07-24) + Added a new Inventory gatherer AWS:BillingInfo which will gather the billing product ids for LicenseIncluded and Marketplace instance - Update to 2.3.672.0 (2019-07-09) + Add Port plugin for SSH/SCP + Add support for Session Manager RunAs functionality on Linux platform - Update to 2.3.668.0 (2019-07-01) + Add Session Manager InteractiveCommands plugin + Bug fix for log formatting issue for session manager - Update to 2.3.662.0 (2019-06-19) + Bug fix for Session Manager when handling line endings on Windows platform + Bug fix for token validation for aws:downloadContent plugin + Check if log group exists before uploading Session Manager logs to CloudWatch + Bug fix for broken S3 urls when using custom documents - Update to 2.3.634.0 (2019-05-28) + Disable appconfig to load credential from specific profile path, add EC2 credentials as the default fallback + Remove sudoers file creation logic if ssm-user already exists + Enable supplementary groups for ssm-user on Linux - Update to 2.3.612.0 (2019-05-08) + Bug fix for UTF-8 encoded issue caused by locale activation on Ubuntu 16.04 instance + Refactor ssm-user creation logic + Bug fix for reporting IP address with wrong network interface + Update configure package document arn pattern - Update to 2.3.542.0 (2019-04-18) + Bug fix for on-premises instance registration in CN region - Update to 2.3.539.0 (2019-04-04) + Add support for further encryption of session data using AWS KMS + Bug fix for excessive instance-id fetching by document workers - Update to 2.3.479.0 (2019-03-06) + Bug fix for downloading content failure caused by wrong S3 endpoint + Bug fix for reboot failure caused by session manager panic + Bug fix for session manager shell output dropping character + Bug fix for mgs endpoint configuration consistency - Update to 2.3.444.0 (2019-02-10) + Updates to UpdateInstanceInformation call, Windows initialization - Update to 2.3.415.0 (2019-01-25) + Bug fix addressing issues in Distributor package upgrade - Update to 2.3.372.0 (2019-01-08) + Bug fix to allow installation of Distributor packages that do not have a version name. + Bug fix for agent crash with message 'WaitGroup is reused before previous Wait has returned'. - Update to 2.3.344.0 (2018-12-14) + Add frequent collector to detect changed inventory types and upload it to SSM service between two scheduled collections. + Change AWS Systems Manager Distributor to reduce calls to GetDocument by calling DescribeDocument. + Add exit code when ssm-cli execution fails. + Create ssm-user only after the control channel has been successfully created. - Update to 2.3.274.0 (2018-11-26) + Enabled AWS Systems Manager Distributor that lets you securely distribute and install software packages. + Add support for the arm64 architecture on Amazon Linux 2, Ubuntu 16.04/18.04, and RHEL 7.6 to support EC2 A1 instances. - Update to 2.3.235.0 (2018-10-23) + Bug fix for session manager logging on Windows + Bug fix for ConfigureCloudWatch plugin + Bug fix for update SSM agent occasionally failing due to SSM agent service stuck in starting state - Update to 2.3.193.0 (2018-10-23) + Bug fix for past sessions occasionally stuck in terminating state + Darwin masquerades as Linux to bypass OS validation on the backend until official support can be added - Update to 2.3.169.0 (2018-10-23) + Update managed instance role token more frequently - Update to 2.3.136.0 (2018-10-09) + Bug fix for issue that GatherInventory throw out error when there is no Windows Update in instance + Add more filters when getting the Windows event logs at startup to improve performance + Add random jitter before call PutInventory in inventory datauploader - Update to 2.3.117.0 (2018-10-02) + Bug fix for issues during process termination on instances where IAM policy does not grant ssmmessages permissions. - Update to 2.3.101.0 (2018-10-02) + Bug fix to prevent defunct processes when creating the local user ssm-user. + Bug fix for sudoersFile permission to avoid 'sudo' command warnings in Session Manager. + Disable hibernation on Windows platform if Cloudwatch configuration is present. - Update to 2.3.68.0 (2018-09-17) + Enables the Session Manager capability that lets you manage your Amazon EC2 instance through an interactive one-click browser-based shell or through the AWS CLI. + Beginning this agent version, SSM Agent will create a local user 'ssm-user' and either add it to /etc/sudoers (Linux) or to the Administrators group (Windows) every time the agent starts. The ssm-user is the default OS user when a Session Manager session is started, and the password for this user is reset on every session. You can change the permissions by moving the ssm-user to a less-privileged group or by changing the sudoers file. The ssm-user is not removed from the system when SSM Agent is uninstalled. - Add patch to remove unused import + remove-unused-import.patch - Build-Depend on pkgconfig(systemd) instead of systemd + Allows OBS to depend on the -mini flavors - Refresh patches for new version + fix-version.patch - Update to 2.3.50.0 2018-09-12 (bsc#1108265) + Enables the Session Manager capability that lets you manage your Amazon EC2 instance through an interactive one-click browser-based shell or through the AWS CLI. + Beginning this agent version, SSM Agent will create a local user 'ssm-user' and either add it to /etc/sudoers (Linux) or to the Administrators group (Windows) every time the agent starts. The ssm-user is the default OS user when a Session Manager session is started, and the password for this user is reset on every session. You can change the permissions by moving the ssm-user to a less-privileged group or by changing the sudoers file. The ssm-user is not removed from the system when SSM Agent is uninstalled. - Update to 2.3.13.0 2018-08-16 + Bug fix for the SSM Agent service remaining in 'Starting' state on Windows when unable to authenticate to the Systems Manager service. - Update to 2.2.916.0 2018-08-02 + NOTE: This build should not be installed for Windows since the SSM Agent service may remain in starting status if unable to authenticate to the Systems Manager service, which is fixed in the latest release. + Bug fix for missing cloudwatch.exe seen in SSM Agent version 2.2.902.0 - Update to 2.2.902.0 2018-07-31 + NOTE: This build should not be installed for Windows since you might see the error - 'Encountered error while starting the plugin: Unable to locate cloudwatch.exe' for Cloudwatch plugin. This bug has been fixed in SSM Agent version 2.2.916.0. Also SSM Agent service may remain in starting status if unable to authenticate to the Systems Manager service, which is fixed in the latest release. + Initial support for developer builds on macOS + Retry sending Run Command execution results for up to 2 hours + More detailed error messages are returned for inventory plugin failures during State Manager association executions - Update to 2.2.800.0 2018-06-26 + Bug fix to clean the orchestration directory + Streaming AWS Systems Manager Run Command output to CloudWatch Logs + Reducing number of retries for serial port opening + Add retry logic to installation verification - Update to 2.2.619.0 2018-05-29 + Various bug fixes - Update to 2.2.607.0 2018-05-23 + Various bug fixes - Update to 2.2.546.0 2018-05-07 + Bug fix to retry sending document results if they couldn't reach the service - Update to 2.2.493.0 2018-04-25 + NOTE: Downgrade to this version using AWS-UpdateSSMAgent is not permitted for agent installed using snap + Added support for Ubuntu Snap packaging + Bug fix so that aws:downloadContent does not change permissions of directories + Bug fix to Cloudwatch plugin where StartType has duplicated Enabled value - Update to 2.2.392.0 2018-03-27 + Added support for agent hibernation so that Agent backs off or enters hibernation mode if it does not have access to the service + Various bug fixes - Update to 2.2.355.0 2018-03-16 + Fix S3Download to download from cross regions. + Various bug fixes - Refresh patches for new version + fix-config.patch + fix-version.patch - Update to 2.2.325.0 2018-03-07 (bsc#1085670) + Bug fix to change sourceHashType to be default sha256 on psmodule. - Update to 2.2.257.0 2018-02-23 + Bug fix to address an issue that can prevent the agent from processing associations after a restart. - Update to 2.2.160.0 2018-01-15 + Execute 'pwsh' on linux when using runPowershellScript plugin. - Update to 2.2.93.0 2017-11-14 + Update to latest AWS SDK. - Update to 2.2.58.0 2017-10-23 + Switching to use Birdwatcher distribution service for AWS packages. ----------------------------------------- Patch: SUSE-2020-1409 Released: Mon May 25 17:01:33 2020 Summary: Security update for libxslt Severity: moderate References: 1140095,1140101,1154609,CVE-2019-13117,CVE-2019-13118,CVE-2019-18197 Description: This update for libxslt fixes the following issues: Security issues fixed: - CVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101). - CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters (bsc#1140095). - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609). ----------------------------------------- Patch: SUSE-2020-1413 Released: Tue May 26 09:45:41 2020 Summary: Recommended update for vncmanager Severity: moderate References: 1169732,1171344 Description: This update for vncmanager fixes the following issues: - Fix tight compression decoder on big-endian systems. (bsc#1171344) - Fix tight decoder with 888 pixel encodings. (bsc#1169732) - Fix PixelFormat::ntoh() and PixelFormat::hton(). (bsc#1169732) ----------------------------------------- Patch: SUSE-2020-1415 Released: Tue May 26 11:17:05 2020 Summary: Recommended update for gdb Severity: moderate References: 1168394,1169368,1169495 Description: This update for gdb fixes the following issues: - Fix .debug_types problems. (bsc#1168394) This will solve a range loop index in find_method and will fix toplevel types when a program is compiled with -fdebug-types-section - Fix python 3.8 warning. (bsc#1169495) Fix incorrect use of 'is' operator for comparison in python/lib/gdb/command/prompt.py The 'is' operator is not meant to be used for comparisons - Fix build with gcc 10 improving endianess detection. (bsc#1169368) - Fix hang after SIGKILL ----------------------------------------- Patch: SUSE-2020-1417 Released: Tue May 26 12:23:03 2020 Summary: Security update for freetds Severity: moderate References: 1141132,CVE-2019-13508 Description: This update for freetds to 1.1.36 fixes the following issues: Security issue fixed: - CVE-2019-13508: Fixed a heap overflow that could have been caused by malicious servers sending UDT types over protocol version 5.0 (bsc#1141132). Non-security issues fixed: - Enabled Kerberos support - Version update to 1.1.36: * Default TDS protocol version is now 'auto' * Improved UTF-8 performances * TDS Pool Server is enabled * MARS support is enabled * NTLMv2 is enabled * See NEWS and ChangeLog for a complete list of changes ----------------------------------------- Patch: SUSE-2020-1419 Released: Tue May 26 12:23:30 2020 Summary: Security update for sysstat Severity: low References: 1159104,CVE-2019-19725 Description: This update for sysstat fixes the following issues: - CVE-2019-19725: Fixed double free in check_file_actlst in sa_common.c (bsc#1159104). ----------------------------------------- Patch: SUSE-2020-1420 Released: Tue May 26 12:23:54 2020 Summary: Security update for jasper Severity: low References: 1092115,CVE-2018-9154 Description: This update for jasper fixes the following issues: - CVE-2018-9154: Fixed a potential denial of service in jpc_dec_process_sot() (bsc#1092115). ----------------------------------------- Patch: SUSE-2020-1423 Released: Tue May 26 14:33:06 2020 Summary: Security update for mariadb-connector-c Severity: important References: 1171550,CVE-2020-13249 Description: This update for mariadb-connector-c fixes the following issues: Security issue fixed: - CVE-2020-13249: Fixed an improper validation of OK packets received from clients (bsc#1171550). Non-security issues fixed: - Update to release 3.1.8 (bsc#1171550) * CONC-304: Rename the static library to libmariadb.a and other libmariadb files in a consistent manner * CONC-441: Default user name for C/C is wrong if login user is different from effective user * CONC-449: Check $MARIADB_HOME/my.cnf in addition to $MYSQL_HOME/my.cnf * CONC-457: mysql_list_processes crashes in unpack_fields * CONC-458: mysql_get_timeout_value crashes when used improper * CONC-464: Fix static build for auth_gssapi_client plugin ----------------------------------------- Patch: SUSE-2020-1426 Released: Tue May 26 14:54:32 2020 Summary: Recommended update for python-boto Severity: moderate References: 1171769 Description: This update for python-boto fixes the following issues: - Update in SLE-15: (bsc#1171769) - Fix build under python3.8 by skipping more tests that break with previous release. - Skip the tests for the flavors not being built - Remove old comment - Fix breakages caused by removing boto.cacerts module which is imported elsewhere in the package. The file boto/cacerts/cacerts.txt is removed instead, and boto-no-builtin-certs.patch is trimmed. - Activate the test suite, adding many build dependencies with versions. 11 failing Cloudfront signings tests are skipped only on Python 3. - Add versions to runtime dependencies. - python-rsa is added as a Recommends as it is needed for Cloudfront. - python-requests is added as a Recommends as it is needed for Cloudsearch. - python-requests is added as a Suggests as it is used for contrib ymlmessage. ----------------------------------------- Patch: SUSE-2020-1427 Released: Tue May 26 14:55:16 2020 Summary: Recommended update for docker-runc Severity: moderate References: 1168481 Description: This update for docker-runc contains the following fixes: - Backport upstream fix that enable access to /dev/null in containers. Resolves many issues with the implementation of the runc devices cgroup code. Removes some of the disruptive aspects of 'runc update'. (bsc#1168481) ----------------------------------------- Patch: SUSE-2020-1429 Released: Tue May 26 16:15:20 2020 Summary: Recommended update for tigervnc Severity: moderate References: 1171519 Description: This update for tigervnc fixes the following issue: - Fixes crash in free() when using '-f' option of vncpasswd command. (bsc#1171519) ----------------------------------------- Patch: SUSE-2020-1483 Released: Tue May 26 18:07:41 2020 Summary: Recommended update for trousers Severity: important References: 1164472 Description: This update for trousers fixes the following issues: Security issue fixed: - Fixed a potential tss user to root privilege escalation when running tcsd (bsc#1164472). ----------------------------------------- Patch: SUSE-2020-1487 Released: Wed May 27 15:24:08 2020 Summary: Recommended update for cloud-regionsrv-client Severity: important References: 1171704,1171705 Description: This update for cloud-regionsrv-client contains the following fixes: - Improve error message for failed update server access to determine product status. - Update to version 9.0.10. (bsc#1171704, bsc#1171705) + While the service starts After=network-online.target this is no guarantee that the cloud framework has configured the outgoing routing for the instance. This configuration on the framework side may take longer. Introduce a wait look that retries connections to the update infrastructure 3 times before giving up. ----------------------------------------- Patch: SUSE-2020-1492 Released: Wed May 27 18:32:41 2020 Summary: Recommended update for python-rpm-macros Severity: moderate References: 1171561 Description: This update for python-rpm-macros fixes the following issue: - Update to version 20200207.5feb6c1 (bsc#1171561) * Do not write .pyc files for tests ----------------------------------------- Patch: SUSE-2020-1493 Released: Wed May 27 18:55:51 2020 Summary: Security update for libmspack Severity: low References: 1130489,1141680,CVE-2019-1010305 Description: This update for libmspack fixes the following issues: Security issue fixed: - CVE-2019-1010305: Fixed a buffer overflow triggered by a crafted chm file which could have led to information disclosure (bsc#1141680). Other issue addressed: - Enable build-time tests (bsc#1130489) ----------------------------------------- Patch: SUSE-2020-1494 Released: Wed May 27 20:29:48 2020 Summary: Recommended update for python-psycopg2 Severity: moderate References: 1171213 Description: This update for python-psycopg2 fixes the following issues: - Sort out the syntax of the dependencies to fix possible build failures. (bsc#1171213) ----------------------------------------- Patch: SUSE-2020-1506 Released: Fri May 29 17:22:11 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1087982,1170527 Description: This update for aaa_base fixes the following issues: - Not all XTerm based emulators do have a terminfo entry. (bsc#1087982) - Better support of Midnight Commander. (bsc#1170527) ----------------------------------------- Patch: SUSE-2020-1507 Released: Fri May 29 17:23:52 2020 Summary: Recommended update for publicsuffix Severity: moderate References: 1171819 Description: This update for publicsuffix fixes the following issues: - Update from version 20180312 to version 20200506. (bsc#1171819). - New in version 20200506: * gTLD autopull: 2020-05-06 (#1030) * Update public_suffix_list.dat (#993) * Add shopware.store domain (#958) * Add clic2000.net to Private Section (#1010) * Add Fabrica apps domain: onfabrica.com (#999) * Add dyndns.dappnode.io (#912) * Added curv.dev to public_suffix_list.dat (#968) * Add panel.gg and daemon.panel.gg (#978) * adding sth.ac.at (#997) * Add netlify.app (#1012) * Added Wiki Link as info resource (#1011) * Add schulserver.de, update IServ GmbH contact information (#996) * Add conn.uk, copro.uk, couk.me and ukco.me domains (#963) * Remove flynnhub.com (#971) * Added graphox.us domain (#960) * Add domains for FASTVPS EESTI OU (#941) * Add platter.dev user app domains (#935) * Add playstation-cloud.com (#1006) * gTLD autopull: 2020-04-02 (#1005) * ACI prefix (#930) * Update public_suffix_list.dat (#923) * Add toolforge.org and wmcloud.org (#970) * gTLD autopull: 2020-03-29 (#1003) - New in version 20200326: * aero registry removal * Add Mineduc subregistry for public schools: aprendemas.cl * Update public_suffix_list.dat - Existing Section * gTLD autopull: 2020-03-15 * Add 'urown.cloud' and 'dnsupdate.info' * Remove site.builder.nu * Remove unnecessary trailing whitespace for name.fj * Update .eu IDNs to add Greek and URL for Cyrillic * Update fj entry - New in version 20200201: * gTLD autopull: 2020-02-01 (#952) * gTLD autopull: 2020-01-31 (#951) * Add WoltLab Cloud domains (#947) * Add qbuser.com domain (#943) * Added senseering domain (#946) * Add u.channelsdvr.net to PSL (#950) * Add discourse.team (#949) * gTLD autopull: 2020-01-06 (#942) * gTLD autopull: 2019-12-25 (#939) * Urgent removal of eq.edu.au (#924) * gTLD autopull: 2019-12-20 (#938) * gTLD autopull: 2019-12-11 (#932) * Added adobeaemcloud domains (#931) * Add Observable domain: observableusercontent.com. (#914) * Correct v.ua sorting * add v.ua (#919) * Add en-root.fr domain (#910) * add Datawire private domain (#925) * Add amsw.nl private domain to PSL (#929) * Add *.on-k3s.io (#922) * Add *.r.appspot.com to public suffix list (#920) * Added gentapps.com (#916) * Add oya.to (#908) * Add Group 53, LLC Domains (#900) * Add perspecta.cloud (#898) * Add 0e.vc to PSL (#896) * Add skygearapp.com (#892) * Update Hostbip Section (#871) * Add qcx.io and *.sys.qcx.io (#868) * Add builtwithdark.com to the public suffix list (#857) * Add_customer-oci.com (#811) * Move out old .ru reserved domains * gTLD autopull: 2019-12-02 (#928) * gTLD autopull: 2019-11-20 (#926) - New in version 20191115: * Add gov.scot for Scottish Government * update gTLD list to 2019-11-15 state * remove go-vip.co, go-vip.net, wpcomstaging.com - New in version 20191025: * gTLD list updated to 2019-10-24 state * Update .so suffix list * Add the new TLD .ss * Add xn--mgbah1a3hjkrd (موريتانيا) * Add lolipop.io * Add altervista.org * Remove zone.id from list * Add new domain to Synology dynamic dns service - New in version 20190808: * tools: update newgtlds.go to filter removed gTLDs (#860) * gTLD autopull: 2019-08-08 (#862) * Remove non-public nuernberg.museum nuremberg.museum domains (#859) * gTLD autopull: 2019-08-02 (#858) * Update public_suffix_list.dat (#825) * Update reference as per #855 * add nic.za * Update contact for SymfonyCloud (#854) * Add lelux.site (#849) * Add *.webhare.dev (#847) * Update Hostbip Section (#846) * Add Yandex Cloud domains (#850) * Add ASEINet domains (#844) * Update nymnom section (#771) * Add Handshake zones (#796) * Add iserv.dev for IServ GmbH (#826) * Add trycloudflare.com to Cloudflare's domains (#835) * Add shopitsite.com (#838) * Add pubtls.org (#839) * Add qualifio.com domains (#840) * Update newgtlds tooling & associated gTLD data. (#834) * Add web.app for Google (#830) * Add iobb.net (#828) * Add cloudera.site (#829) - New in version 20190529: * Add Balena domains (#814) * Add KingHost domains (#827) * Add dyn53.io (#820) * Add azimuth.network and arvo.network (#812) * Update .rw domains per ccTLD (#821) * Add b-data.io (#759) * Add co.bn (#789) * Add Zitcom domains (#817) * Add Carrd suffixes (#816) * Add Linode Suffixes (#810) * Add lab.ms (#807) * Add wafflecell.com (#805) * Add häkkinen.fi (#804) * Add prvcy.page (#803) * Add SRCF user domains: soc.srcf.net, user.srcf.net (#802) * Add KaasHosting (#801) * Adding cloud66.zone (#797) * Add gehirn.ne.jp and usercontent.jp for Gehirn Inc. (#795) * Add Clerk user domains (#791) * Add loginline (.app, .dev, .io, .services, .site) (#790) * Add wnext.app (#785) * Add Hostbip Registry Domains (#770) * Add glitch.me (#769) * added thingdustdata.com (#767) * Add dweb.link (#766) * Add onred.one (#764) * Add mo-siemens.io (#762) * Add Render domains (#761) * Add *.moonscale.io (#757) * Add Stackhero domain (#755) * Add voorloper.cloud (#750) * Add repl.co and repl.run (#748) * Add edugit.org (#736) * Add Hakaran domains (#733) * Add barsy.ca (#732) * Add Names.of.London Domains (#543) * Add nctu.me (#746) * Br 201904 update (#809) * Delete DOHA * Add app.banzaicloud.io (#730) * Update .TR (#741) * Add Nabu Casa (#781) * Added uk0.bigv.io under Bytemark Hosting (#745) * Add GOV.UK PaaS client domains (#765) * Add discourse.group for Civilized Discourse Construction Kit, Inc. (#768) * Add on-rancher.cloud and on-rio.io (#779) * Syncloud dynamic dns service (#727) * Add git-pages.rit.edu (#690) * Add workers.dev (#772) * Update .AM (#756) * Add go-vip.net. (#793) * Add site.builder.nu (#723) * Update .FR sectorial domains (#527) * Remove ACTIVE * Remove SPIEGEL * Remove EPOST * Remove ZIPPO * Remove BLANCO - New in version 20190205: * Add domains of Individual Network Berlin e.V. (#711) * Added bss.design to PSL (#685) * Add fastly-terrarium.com (#729) * Add Swisscom Application Cloud domains (#698) * Update public_suffix_list.dat with api.stdlib.com (#751) * Add regional domain for filegear.me (#713) * Remove bv.nl (#758) * Update public_suffix_list.dat - Link public_suffix_list.dat to effective_tld_names.dat for the purpose of httpcomponents-client - Do not pull in full python3, psl-make-dafsa already pulls in what it needs to generate the things - New in version 20181227: * Add run.app and a.run.app to the psl (#681) * Add telebit.io .app .xyz (#726) * Add Leadpages domains (#731) * Add public suffix entries for dapps.earth (#708) * Add Bytemark Hosting domains (#620) * Remove .STATOIL * linter: Expect rules to be in NFKC (#725) * Convert list data from NFKD to NFKC (#720) * Update LS (#718) - New in version 20181030: * Add readthedocs.io (#722) * Remove trailing whitespace from L11948 (#721) * Add krasnik.pl, leczna.pl, lubartow.pl, lublin.pl, poniatowa.pl and swidnik.pl domains to the Public Suffix List (#670) * Add instantcloud.cn by Redstar Consultants (#696) * Add Fermax and mydobiss.com domain (#706) * Add shop.th & online.th (#716) * Add siteleaf.net (#655) * Add wpcomstaging.com and go-vip.co to the PSL (#719) - Update to version 20181003: * Remove deleted TLDs (#710) * Added apigee.io (#712) * Add AWS ElasticBeanstalk Ningxia, CN region (#597) * Add Github PULL REQUEST TEMPLATE (#699) * Add ong.br 2nd level domain (#707) - Update to version 20180813: * Update .ID list (#703) * Updated .bn ccTLD. Removed wildcard. (#702) * Remove stackspace.space from PSL (#691) * Remove XPERIA (#697) - Update to version 20180719: * Remove .IWC * Update Kuwait's ccTLD (.kw) * Use https for www.transip.nl * Remove MEO and SAPO - New in version 20180523: * Remove 1password domains (#632) * Add cleverapps.io (Clever Cloud) (#634) * Remove .BOOTS * Add azurecontainer.io to Microsoft domains (#637) * Change the patchnewgtlds tool for the updated .zw domain * Add new gTLDs up to 2018-04-17 and new ccTLDs up to 2018-04-17 * cloud.muni.cz cloud subdomains (#622) * Add YunoHost DynDns domains: nohost.me & noho.st (#615) * Use a custom token for the newGTLD list (#645) * lug.org.uk (#514) * Adding xnbay.com,u2.xnbay.com,u2-local.xnbay.com to public_suffix_list.dat. (#506) * Adding customer.speedpartner.de (#585) * Adding ravendb.net subdomains (#535) * Adding own.pm (#544) * pcloud.host (#531) * Add additional Lukanet Ltd domains (#652) * Add zone.id (#575) * Add half.host (#571) * Update 香港 TLD (#568) * Add Now-DNS domains (#560) * Added blackbaudcdn.net private domain to PSL (#558) * Adding IServ GmbH domains (#552) * Add FASTVPS EESTI OU domains (#541) * nic.it - update regions and provinces (#524) * Update Futureweb OG Private Domains (#520) * add United Gameserver virtualuser domains (#600) * Add Lightmaker Property Manager, Inc domains (#604) * Update Uberspace domains (#616) * Add Datto, Inc domains * Add memset hosting domains (#625) * Add utwente.io (#626) * Add bci.dnstrace.pro (#630) * Add May First domains (#635) * Add Linki Tools domains (#636) * Update NymNom domains * Add Co & Co domains (#650) * Add new gTLDs up to 2018-05-08 (#653) * Correct linter issues (#654) * Add cnpy.gdn as private domain (#633) * Add freedesktop.org (#619) * Add Omnibond Systems (#656) * Add hasura.app to the list (#668) * Update gu ccTLD suffixes (#669) - New in version 20180328: * Add gwiddle.co.uk (#521) * Add ox.rs (#522) * Add myjino.ru (#512) * Add ras.ru domains (#511) * Add AWS ElasticBeanstalk Osaka, JP region (#628) * Remove trailing whitespace (#621) ----------------------------------------- Patch: SUSE-2020-1508 Released: Fri May 29 17:32:31 2020 Summary: Recommended update for apache2-mod_jk Severity: moderate References: 1167896 Description: This update for apache2-mod_jk fixes the following issues: - Update jk.conf. (bsc#1167896) * Specify the location of JkShmFile. * Update tomcat-webapps paths. - Fix Aliases to be compatible with the tomcat example URLs. (bsc#1167896) ----------------------------------------- Patch: SUSE-2020-1511 Released: Fri May 29 18:03:39 2020 Summary: Security update for java-11-openjdk Severity: important References: 1167462,1169511,CVE-2020-2754,CVE-2020-2755,CVE-2020-2756,CVE-2020-2757,CVE-2020-2767,CVE-2020-2773,CVE-2020-2778,CVE-2020-2781,CVE-2020-2800,CVE-2020-2803,CVE-2020-2805,CVE-2020-2816,CVE-2020-2830 Description: This update for java-11-openjdk fixes the following issues: Java was updated to jdk-11.0.7+10 (April 2020 CPU, bsc#1169511). Security issues fixed: - CVE-2020-2754: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2755: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2756: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2757: Fixed an object deserialization issue that could have resulted in denial of service via crafted serialized input (bsc#1169511). - CVE-2020-2767: Fixed an incorrect handling of certificate messages during TLS handshakes (bsc#1169511). - CVE-2020-2773: Fixed the incorrect handling of exceptions thrown by unmarshalKeyInfo() and unmarshalXMLSignature() (bsc#1169511). - CVE-2020-2778: Fixed the incorrect handling of SSLParameters in setAlgorithmConstraints(), which could have been abused to override the defined systems security policy and lead to the use of weak crypto algorithms (bsc#1169511). - CVE-2020-2781: Fixed the incorrect re-use of single null TLS sessions (bsc#1169511). - CVE-2020-2800: Fixed an HTTP header injection issue caused by mishandling of CR/LF in header values (bsc#1169511). - CVE-2020-2803: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511). - CVE-2020-2805: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511). - CVE-2020-2816: Fixed an incorrect handling of application data packets during TLS handshakes (bsc#1169511). - CVE-2020-2830: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). ----------------------------------------- Patch: SUSE-2020-1512 Released: Fri May 29 18:11:37 2020 Summary: Recommended update for unrar_wrapper Severity: important References: 1170792 Description: This update for unrar_wrapper fixes the following issues: - Add missing requirement 'python3-setuptools'. (bsc#1170792) ----------------------------------------- Patch: SUSE-2020-1520 Released: Tue Jun 2 19:53:03 2020 Summary: Recommended update for psqlODBC Severity: moderate References: 1166821 Description: This update for psqlODBC provides the following fixes: - Update to 12.01.0000: * Fix the bug that causes 'Error : A parameter cannot be found that matches parameter name'. + Enclose the command part * Find_VSDir $vc_ver * with parentheses so that the subsequent * -ne '' * isn't considered to be a parameter. * Cope with the removal of pg_class.relhasoids in PG12 correctly when retrieving updatable cursors. - Changes in 12.00.0000: * Fix the bug that SQLGetDescField() for Field SQL_DESC_COUNT returns SQLINTEGER value which should be of type SQLSMALLINT. * SQLGetTypeInfo() filters SQL_TYPE_DATE, SQL_TYPE_TIME and SQL_TYPE_TIMESTAMP for ODBC 2.x applications. * Added support for scalar functions TIMESTAMPADD(), TIMESTAMPDIFF() and EXTRACT(). * The macro IS_NOT_SPACE() is used for not pointers but integers. * Fix a crash bug when SQLProcedureColumns() handles satisfies_hash_partition(). The proargmodes column of satisfies_hash_partition()'s pg_proc entry is not null but the proallargtypes column is null. - Changes in 11.01.0000: * Correct the rgbInfoValue returned by SQLGetInfo(SQL_TIMEDATE_FUNCTIONS, ..). * Because the field 'relhasoids' was dropped in PG12, psqlodbc drivers would have some problems with PG12 servers. * Register drivers {PostgreSQL ANSI} and {PostgreSQL Unicode} during installation on 64bit Windows so that users could use the same connection strings in both x86 and x64 environments. * Correct the rgbInfoValue returned by SQLGetInfo(SQL_LIKE_ESCAPE_CLAUSE, ..). * Fix a typo in SQLForeignKeys-ResultSet-Column. 'deferrablity' should be 'DEFERRABILITY'. * Correct the rgbInfoValue returned by SQLGetInfo(.., SQL_NUMERIC_FUNCTIONS(SQL_SYSTEM_FUNCTIONS or SQL_STRING_FUNCTIONS, ..). * Bug fix: do not forget to set parameter numbers while handling escaped ODBC functions. * Fix test_connection() in setup.c so that settings of conn_settings and pqopt option are reflected properly. - Changes in 11.00.0000: * Remove obsolete maps pointed out. * Remove connSettings option and/or pqopt option from the OutConnectionString parameter of SQLDriverConnect() when each option doesn't exist in InConnectionString parameter. * The parameters should be cast because parameters of concat() function are variadic 'any'. * Add an alias DX of *Database* keyword for connection strings to aviod the use of 'database' keyword which has a special meaning in some apps or middlewares. * Numeric items without precision are unlimited and there's no natural map between SQL data types. Add an option *Numeric(without precision) as* * Fix a bug that SQLSpecialColumns() returns oid/xmin incorrectly when a table does not exist. - Fix build with PostgreSQL 11 that does not have pg_config in the regular devel package anymore. (bsc#1166821) - Changes in 10.03.0000: * Put back the handling of lock_CC_for_rb variable. The variable lock_CC_for_rb should be held per connection. * Fix SQLGetTypeInfo() so that it filters SQL_TYPE_DATE, SQL_TYPE_TIME or SQL_TYPE_TIMESTAMP for ODBC 2.x applications. * Revise ConfigDSN() so that it handles the 4th parameter(lpszAttribues) correctly. * Fix a crash bug when handling error messages. Also modified some error messages. * Let SQLTables() or SQLTablePrivileges() show partition tables. * Fix build on Solaris defined(__SUNPRO_C) using Solaris Studio. * Reduce DB access to pg_class or pg_index by caching relhasoids, relhassubclass etc. It would improve the performance of SQLSetPos() or SQLBulkOperations() very much in some cases. - Changes in 10.02.0000: * It's safer to call setlocale(LC_CTYPE, '') than calling setlocale(LC_ALL, '') * Avoid replacing effective notice messages. * Handle MALLOC/REALLOC errors while fetching tuples more effectively. * Make SQLSetPos(SQL_DELETE/SQL_REFRESH) more effective. Because queries calling currtid(2) like select .. from .. where ctid=currtid2(.., ..) cause Seq Scan, their execution may be very slow. It is better to execute queries using subqueries like select .. from .. where ctid=(select currtid2(.., ..)) because they cause Tid Scan. * Fix a crash bug in AddDeleted(). ----------------------------------------- Patch: SUSE-2020-1527 Released: Wed Jun 3 13:34:59 2020 Summary: Optional update for alsa-plugins Severity: low References: 1171586 Description: This update for alsa-plugins doesn't fix any user visible issues, but changes the way the package is being built. An installation is optional and not required. (bsc#1171586, jsc#SLE-11987) ----------------------------------------- Patch: SUSE-2020-1532 Released: Thu Jun 4 10:16:12 2020 Summary: Security update for libxml2 Severity: moderate References: 1172021,CVE-2019-19956 Description: This update for libxml2 fixes the following issues: - CVE-2019-19956: Reverted the upstream fix for this memory leak because it introduced other, more severe vulnerabilities (bsc#1172021). ----------------------------------------- Patch: SUSE-2020-1542 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Severity: moderate References: 1172055 Description: This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------- Patch: SUSE-2020-1547 Released: Mon Jun 8 08:02:02 2020 Summary: Recommended update for fontconfig Severity: moderate References: 1172301 Description: This update for fontconfig fixes the following issues: - fontconfig-devel-32bit needs to require fontconfig-32bit, needed for Wine development (bsc#1172301) ----------------------------------------- Patch: SUSE-2020-1551 Released: Mon Jun 8 09:31:41 2020 Summary: Security update for vim Severity: moderate References: 1172225,CVE-2019-20807 Description: This update for vim fixes the following issues: - CVE-2019-20807: Fixed an issue where escaping from the restrictive mode of vim was possible using interfaces (bsc#1172225). ----------------------------------------- Patch: SUSE-2020-1553 Released: Mon Jun 8 09:32:53 2020 Summary: Security update for libexif Severity: moderate References: 1055857,1059893,1120943,1160770,1171475,1171847,1172105,1172116,1172121,CVE-2016-6328,CVE-2017-7544,CVE-2018-20030,CVE-2019-9278,CVE-2020-0093,CVE-2020-12767,CVE-2020-13112,CVE-2020-13113,CVE-2020-13114 Description: This update for libexif to 0.6.22 fixes the following issues: Security issues fixed: - CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857). - CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847). - CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475). - CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121). - CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105). - CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116). Non-security issues fixed: - libexif was updated to version 0.6.22: * New translations: ms * Updated translations for most languages * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER ----------------------------------------- Patch: SUSE-2020-1558 Released: Mon Jun 8 10:36:32 2020 Summary: Recommended update for chrony Severity: moderate References: 1172113 Description: This update for chrony fixes the following issue: - Use iburst in the default pool statements to speed up initial synchronization. (bsc#1172113) ----------------------------------------- Patch: SUSE-2020-1560 Released: Mon Jun 8 12:08:28 2020 Summary: Recommended update for llvm7 Severity: low References: 1171512 Description: This update for llvm7 fixes the following issues: -Fix for build failures when using 'llvm7' on i586. (bsc#1171512) ----------------------------------------- Patch: SUSE-2020-1567 Released: Mon Jun 8 17:56:26 2020 Summary: Recommended update for python-typing Severity: moderate References: 1162547 Description: This update for python-typing fixes the following issues: - Update to 3.7.4 (jsc#SLE-12548, bsc#1162547) - Fix subclassing builtin protocols on older Python versions - Move Protocol, runtime_checkable, Final, final, Literal, and TypedDict to typing - Add support for Python 3.8 in typing_extensions - Unify the implementation of annotated in src_py2 and src_py3 - Add Annotated in python2 - Pep 593 py3 - Drop support of Python 3.3 - [typing-extensions] Simple implementation for IntVar - Add a python 3.7+ version of Annotated to typing_extensions - Add SupportsIndex - Add TypedDict to typing_extensions - Add Final to the README - Run the tests using the current Python executable - Fix GeneralMeta.__instancecheck__() for old style classes - Add Literal[...] types to typing_extensions - Fix instance/subclass checks of functions against runtime protocols. - Bump typing_extension version - Improve PyPI entry for typing_extensions - Add Final to typing_extensions - include license file for typing-extensions and in wheels - Fix IO.closed to be property - Backport Generic.__new__ fix - Bump typing_extensions version before release - Add missing 'NoReturn' to __all__ in typing.py - Add annotations to NamedTuple children __new__ constructors - Fix typing_extensions to support PEP 560 - Pass *args and **kwargs to superclass in Generic.__new__ - Fix interaction between generics and __init_subclass__ - Fix protocols in unions (runtime problem) - Fix interaction between typing_extensions and collections.abc - Override subclass check for the singledispatch library - Fix copying generic instances in Python 3 - Switch to setuptools in typing_extensions - Add class Protocol and @runtime to typing extensions - get_type_hints(): find the right globalns for classes and modules - Document the workflow for publishing wheels - Make sure copy and deepcopy are returning same class - Update pytest and pytest-xdist versions - Fix failing test test_protocol_instance_works ----------------------------------------- Patch: SUSE-2020-1569 Released: Tue Jun 9 11:13:16 2020 Summary: Security update for java-1_8_0-openjdk Severity: important References: 1160398,1169511,1171352,CVE-2020-2754,CVE-2020-2755,CVE-2020-2756,CVE-2020-2757,CVE-2020-2773,CVE-2020-2781,CVE-2020-2800,CVE-2020-2803,CVE-2020-2805,CVE-2020-2830 Description: This update for java-1_8_0-openjdk to version jdk8u252 fixes the following issues: - CVE-2020-2754: Forward references to Nashorn (bsc#1169511) - CVE-2020-2755: Improve Nashorn matching (bsc#1169511) - CVE-2020-2756: Better mapping of serial ENUMs (bsc#1169511) - CVE-2020-2757: Less Blocking Array Queues (bsc#1169511) - CVE-2020-2773: Better signatures in XML (bsc#1169511) - CVE-2020-2781: Improve TLS session handling (bsc#1169511) - CVE-2020-2800: Better Headings for HTTP Servers (bsc#1169511) - CVE-2020-2803: Enhance buffering of byte buffers (bsc#1169511) - CVE-2020-2805: Enhance typing of methods (bsc#1169511) - CVE-2020-2830: Better Scanner conversions (bsc#1169511) - Ignore whitespaces after the header or footer in PEM X.509 cert (bsc#1171352) ----------------------------------------- Patch: SUSE-2020-1580 Released: Tue Jun 9 18:18:57 2020 Summary: Security update for texlive-filesystem Severity: moderate References: 1158910,1159740,CVE-2020-8016,CVE-2020-8017 Description: This update for texlive-filesystem fixes the following issues: Security issues fixed: - CVE-2020-8016: Fixed a race condition in the spec file (bsc#1159740). - CVE-2020-8017: Fixed a race condition on a cron job (bsc#1158910). ----------------------------------------- Patch: SUSE-2020-1582 Released: Tue Jun 9 18:20:10 2020 Summary: Security update for rubygem-bundler Severity: moderate References: 1143436,CVE-2019-3881 Description: This update for rubygem-bundler fixes the following issue: - CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution (bsc#1143436). ----------------------------------------- Patch: SUSE-2020-1604 Released: Wed Jun 10 15:29:00 2020 Summary: Security update for the Linux Kernel Severity: important References: 1051510,1058115,1065729,1082555,1083647,1089895,1103990,1103991,1103992,1104745,1109837,1111666,1112178,1112374,1113956,1114279,1124278,1127354,1127355,1127371,1133021,1142685,1144333,1151794,1152489,1154824,1157169,1158265,1160388,1160947,1164780,1164871,1165183,1165478,1165741,1166969,1166978,1167574,1167851,1167867,1168332,1168670,1168789,1169020,1169514,1169525,1169762,1170056,1170125,1170145,1170284,1170345,1170457,1170522,1170592,1170617,1170618,1170620,1170621,1170770,1170778,1170791,1170901,1171078,1171098,1171118,1171189,1171191,1171195,1171202,1171205,1171214,1171217,1171218,1171219,1171220,1171244,1171293,1171417,1171527,1171599,1171600,1171601,1171602,1171604,1171605,1171606,1171607,1171608,1171609,1171610,1171611,1171612,1171613,1171614,1171615,1171616,1171617,1171618,1171619,1171620,1171621,1171622,1171623,1171624,1171625,1171626,1171662,1171679,1171691,1171692,1171694,1171695,1171736,1171817,1171948,1171949,1171951,1171952,1171979,1171982,1171983,1172017,1172096,1172097,1172098,1172099,1172101,1172102,1172103,1172104,1172127,1172130,1172185,1172188,1172199,1172201,1172202,1172221,1172249,1172251,1172317,1172342,1172343,1172344,1172366,1172378,1172391,1172397,1172453,CVE-2018-1000199,CVE-2019-19462,CVE-2019-20806,CVE-2019-20812,CVE-2019-9455,CVE-2020-0543,CVE-2020-10690,CVE-2020-10711,CVE-2020-10720,CVE-2020-10732,CVE-2020-10751,CVE-2020-10757,CVE-2020-12114,CVE-2020-12464,CVE-2020-12652,CVE-2020-12653,CVE-2020-12654,CVE-2020-12655,CVE-2020-12656,CVE-2020-12657,CVE-2020-12659,CVE-2020-12768,CVE-2020-12769,CVE-2020-13143 Description: The SUSE Linux Enterprise 15 SP1 azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982). - CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983). - CVE-2020-12768: Fixed a memory leak in svm_cpu_uninit in arch/x86/kvm/svm.c (bsc#1171736). - CVE-2020-12659: Fixed an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) due to improper headroom validation (bsc#1171214). - CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205). - CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219). - CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217). - CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202). - CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195). - CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218). - CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901). - CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098). - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317). - CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189). - CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220). - CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778). - CVE-2020-10711: Fixed a null pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191). - CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056). - CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345). - CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453). - CVE-2019-20806: Fixed a null pointer dereference which may had lead to denial of service (bsc#1172199). - CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895). The following non-security bugs were fixed: - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (bsc#1051510). - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (bsc#1051510). - acpi/x86: ignore unspecified bit positions in the ACPI global lock field (bsc#1051510). - Add br_netfilter to kernel-default-base (bsc#1169020) - Add commit for git-fix that's not a fix This commit cleans up debug code but does not fix anything, and it relies on a new kernel function that isn't yet in this version of SLE. - agp/intel: Reinforce the barrier after GTT updates (bsc#1051510). - ALSA: ctxfi: Remove unnecessary cast in kfree (bsc#1051510). - ALSA: doc: Document PC Beep Hidden Register on Realtek ALC256 (bsc#1051510). - ALSA: dummy: Fix PCM format loop in proc output (bsc#1111666). - ALSA: hda: Add driver blacklist (bsc#1051510). - ALSA: hda: Always use jackpoll helper for jack update after resume (bsc#1051510). - ALSA: hda: call runtime_allow() for all hda controllers (bsc#1051510). - ALSA: hda: Do not release card at firmware loading error (bsc#1051510). - ALSA: hda: Explicitly permit using autosuspend if runtime PM is supported (bsc#1051510). - ALSA: hda/hdmi: fix race in monitor detection during probe (bsc#1051510). - ALSA: hda/hdmi: fix without unlocked before return (bsc#1051510). - ALSA: hda: Honor PM disablement in PM freeze and thaw_noirq ops (bsc#1051510). - ALSA: hda: Keep the controller initialization even if no codecs found (bsc#1051510). - ALSA: hda: Match both PCI ID and SSID for driver blacklist (bsc#1111666). - ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround (bsc#1172017). - ALSA: hda/realtek - Add COEF workaround for ASUS ZenBook UX431DA (git-fixes). - ALSA: hda/realtek - Add HP new mute led supported for ALC236 (git-fixes). - ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC245 (bsc#1051510). - ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Notebook (git-fixes). - ALSA: hda/realtek - Add supported new mute Led for HP (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS GL503VM with ALC295 (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS UX550GE with ALC295 (git-fixes). - ALSA: hda/realtek: Enable headset mic of ASUS UX581LV with ALC295 (git-fixes). - ALSA: hda/realtek - Enable the headset mic on Asus FX505DT (bsc#1051510). - ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse (git-fixes). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme (bsc#1111666). - ALSA: hda/realtek - Fix unexpected init_amp override (bsc#1051510). - ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 (git-fixes bsc#1171293). - ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter (bsc#1051510). - ALSA: hda: Release resources at error in delayed probe (bsc#1051510). - ALSA: hda: Remove ASUS ROG Zenith from the blacklist (bsc#1051510). - ALSA: hda: Skip controller resume if not needed (bsc#1051510). - ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes). - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes). - ALSA: opti9xx: shut up gcc-10 range warning (bsc#1051510). - ALSA: pcm: fix incorrect hw_base increase (git-fixes). - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly (bsc#1170522). - ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (git-fixes). - ALSA: usb-audio: Add connector notifier delegation (bsc#1051510). - ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset (git-fixes). - ALSA: usb-audio: add mapping for ASRock TRX40 Creator (git-fixes). - ALSA: usb-audio: Add mixer workaround for TRX40 and co (bsc#1051510). - ALSA: usb-audio: Add quirk for Focusrite Scarlett 2i2 (bsc#1051510). - ALSA: usb-audio: Add static mapping table for ALC1220-VB-based mobos (bsc#1051510). - ALSA: usb-audio: Apply async workaround for Scarlett 2i4 2nd gen (bsc#1051510). - ALSA: usb-audio: Check mapping at creating connector controls, too (bsc#1051510). - ALSA: usb-audio: Correct a typo of NuPrime DAC-10 USB ID (bsc#1051510). - ALSA: usb-audio: Do not create jack controls for PCM terminals (bsc#1051510). - ALSA: usb-audio: Do not override ignore_ctl_error value from the map (bsc#1051510). - ALSA: usb-audio: Filter error from connector kctl ops, too (bsc#1051510). - ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif (bsc#1051510). - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes). - ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio (git-fixes). - ALSA: usx2y: Fix potential NULL dereference (bsc#1051510). - ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry (bsc#1051510). - ASoC: dapm: connect virtual mux with default value (bsc#1051510). - ASoC: dapm: fixup dapm kcontrol widget (bsc#1051510). - ASoC: dpcm: allow start or stop during pause for backend (bsc#1051510). - ASoC: fix regwmask (bsc#1051510). - ASoC: msm8916-wcd-digital: Reset RX interpolation path after use (bsc#1051510). - ASoC: samsung: Prevent clk_get_rate() calls in atomic context (bsc#1111666). - ASoC: topology: Check return value of pcm_new_ver (bsc#1051510). - ASoC: topology: use name_prefix for new kcontrol (bsc#1051510). - b43legacy: Fix case where channel status is corrupted (bsc#1051510). - batman-adv: fix batadv_nc_random_weight_tq (git-fixes). - batman-adv: Fix refcnt leak in batadv_show_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_store_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_v_ogm_process (git-fixes). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (git fixes (block drivers)). - bcache: fix incorrect data type usage in btree_flush_write() (git fixes (block drivers)). - bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (git fixes (block drivers)). - blk-mq: honor IO scheduler for multiqueue devices (bsc#1165478). - blk-mq: simplify blk_mq_make_request() (bsc#1165478). - block/drbd: delete invalid function drbd_md_mark_dirty_ (bsc#1171527). - block: drbd: remove a stray unlock in __drbd_send_protocol() (bsc#1171599). - block: fix busy device checking in blk_drop_partitions again (bsc#1171948). - block: fix busy device checking in blk_drop_partitions (bsc#1171948). - block: fix memleak of bio integrity data (git fixes (block drivers)). - block: remove the bd_openers checks in blk_drop_partitions (bsc#1171948). - bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets() (networking-stable-20_03_28). - bnxt_en: Reduce BNXT_MSIX_VEC_MAX value to supported CQs per PF (bsc#1104745). - bnxt_en: reinitialize IRQs when MTU is modified (networking-stable-20_03_14). - bnxt_en: Return error if bnxt_alloc_ctx_mem() fails (bsc#1104745 ). - bnxt_en: Return error when allocating zero size context memory (bsc#1104745). - bonding/alb: make sure arp header is pulled before accessing it (networking-stable-20_03_14). - bpf: Fix sk_psock refcnt leak when receiving message (bsc#1083647). - bpf: Forbid XADD on spilled pointers for unprivileged users (bsc#1083647). - brcmfmac: abort and release host after error (bsc#1051510). - btrfs: fix deadlock with memory reclaim during scrub (bsc#1172127). - btrfs: fix log context list corruption after rename whiteout error (bsc#1172342). - btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343). - btrfs: relocation: add error injection points for cancelling balance (bsc#1171417). - btrfs: relocation: Check cancel request after each data page read (bsc#1171417). - btrfs: relocation: Check cancel request after each extent found (bsc#1171417). - btrfs: relocation: Clear the DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417). - btrfs: relocation: Fix reloc root leakage and the NULL pointer reference caused by the leakage (bsc#1171417). - btrfs: relocation: Work around dead relocation stage loop (bsc#1171417). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: setup a nofs context for memory allocation at btrfs_create_tree() (bsc#1172127). - btrfs: setup a nofs context for memory allocation at __btrfs_set_acl (bsc#1172127). - btrfs: use nofs context when initializing security xattrs to avoid deadlock (bsc#1172127). - can: add missing attribute validation for termination (networking-stable-20_03_14). - cdc-acm: close race betrween suspend() and acm_softint (git-fixes). - cdc-acm: introduce a cool down (git-fixes). - ceph: check if file lock exists before sending unlock request (bsc#1168789). - ceph: demote quotarealm lookup warning to a debug message (bsc#1171692). - ceph: fix double unlock in handle_cap_export() (bsc#1171694). - ceph: fix endianness bug when handling MDS session feature bits (bsc#1171695). - cgroup, netclassid: periodically release file_lock on classid updating (networking-stable-20_03_14). - CIFS: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1144333). - CIFS: Allocate encryption header through kmalloc (bsc#1144333). - CIFS: allow unlock flock and OFD lock across fork (bsc#1144333). - CIFS: check new file size when extending file by fallocate (bsc#1144333). - CIFS: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1144333). - CIFS: do not share tcons with DFS (bsc#1144333). - CIFS: dump the session id and keys also for SMB2 sessions (bsc#1144333). - CIFS: ensure correct super block for DFS reconnect (bsc#1144333). - CIFS: Fix bug which the return value by asynchronous read is error (bsc#1144333). - CIFS: fix uninitialised lease_key in open_shroot() (bsc#1144333). - CIFS: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1144333). - CIFS: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1144333). - CIFS: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1144333). - CIFS: protect updating server->dstaddr with a spinlock (bsc#1144333). - CIFS: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1144333). - CIFS: smbd: Check and extend sender credits in interrupt context (bsc#1144333). - CIFS: smbd: Check send queue size before posting a send (bsc#1144333). - CIFS: smbd: Do not schedule work to send immediate packet on every receive (bsc#1144333). - CIFS: smbd: Merge code to track pending packets (bsc#1144333). - CIFS: smbd: Properly process errors on ib_post_send (bsc#1144333). - CIFS: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1144333). - CIFS: Warn less noisily on default mount (bsc#1144333). - clk: Add clk_hw_unregister_composite helper function definition (bsc#1051510). - clk: imx6ull: use OSC clock during AXI rate change (bsc#1051510). - clk: imx: make mux parent strings const (bsc#1051510). - clk: mediatek: correct the clocks for MT2701 HDMI PHY module (bsc#1051510). - clk: sunxi-ng: a64: Fix gate bit of DSI DPHY (bsc#1051510). - clocksource/drivers/hyper-v: Set TSC clocksource as default w/ InvariantTSC (bsc#1170620, bsc#1170621). - clocksource: dw_apb_timer_of: Fix missing clockevent timers (bsc#1051510). - component: Silence bind error on -EPROBE_DEFER (bsc#1051510). - coresight: do not use the BIT() macro in the UAPI header (git fixes (block drivers)). - cpufreq: s3c64xx: Remove pointless NULL check in s3c64xx_cpufreq_driver_init (bsc#1051510). - crypto: ccp - AES CFB mode is a stream cipher (git-fixes). - crypto: ccp - Clean up and exit correctly on allocation failure (git-fixes). - crypto: ccp - Cleanup misc_dev on sev_exit() (bsc#1114279). - crypto: ccp - Cleanup sp_dev_master in psp_dev_destroy() (bsc#1114279). - cxgb4: fix MPS index overwrite when setting MAC address (bsc#1127355). - cxgb4: fix Txq restart check during backpressure (bsc#1127354 bsc#1127371). - debugfs: Add debugfs_create_xul() for hexadecimal unsigned long (git-fixes). - debugfs_lookup(): switch to lookup_one_len_unlocked() (bsc#1171979). - devlink: fix return value after hitting end in region read (bsc#1109837). - devlink: validate length of param values (bsc#1109837). - devlink: validate length of region addr/len (bsc#1109837). - dmaengine: dmatest: Fix iteration non-stop logic (bsc#1051510). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574). - dm-raid1: fix invalid return value from dm_mirror (bsc#1172378). - dm writecache: fix data corruption when reloading the target (git fixes (block drivers)). - dm writecache: fix incorrect flush sequence when doing SSD mode commit (git fixes (block drivers)). - dm writecache: verify watermark during resume (git fixes (block drivers)). - dm zoned: fix invalid memory access (git fixes (block drivers)). - dm zoned: reduce overhead of backing device checks (git fixes (block drivers)). - dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone() (git fixes (block drivers)). - dm zoned: support zone sizes smaller than 128MiB (git fixes (block drivers)). - dp83640: reverse arguments to list_add_tail (git-fixes). - drivers: hv: Add a module description line to the hv_vmbus driver (bsc#1172249, bsc#1172251). - drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729). - drivers: w1: add hwmon support structures (jsc#SLE-11048). - drivers: w1: add hwmon temp support for w1_therm (jsc#SLE-11048). - drivers: w1: refactor w1_slave_show to make the temp reading functionality separate (jsc#SLE-11048). - drm: amd/acp: fix broken menu structure (bsc#1114279) * context changes - drm/amdgpu: Correctly initialize thermal controller for GPUs with Powerplay table v0 (e.g Hawaii) (bsc#1111666). - drm/amdgpu: Fix oops when pp_funcs is unset in ACPI event (bsc#1111666). - drm/amd/powerplay: force the trim of the mclk dpm_levels if OD is (bsc#1113956) - drm/atomic: Take the atomic toys away from X (bsc#1112178) * context changes - drm/crc: Actually allow to change the crc source (bsc#1114279) * offset changes - drm/dp_mst: Fix clearing payload state on topology disable (bsc#1051510). - drm/dp_mst: Reformat drm_dp_check_act_status() a bit (bsc#1051510). - drm/edid: Fix off-by-one in DispID DTD pixel clock (bsc#1114279) - drm/etnaviv: fix perfmon domain interation (bsc#1113956) - drm/etnaviv: rework perfmon query infrastructure (bsc#1112178) - drm/i915: Apply Wa_1406680159:icl,ehl as an engine workaround (bsc#1112178) * rename gt/intel_workarounds.c to intel_workarounds.c * context changes - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1114279) - drm/i915: HDCP: fix Ri prime check done during link check (bsc#1112178) * rename display/intel_hdmi.c to intel_hdmi.c * context changes - drm/i915: properly sanity check batch_start_offset (bsc#1114279) * renamed display/intel_fbc.c -> intel_fb.c * renamed gt/intel_rc6.c -> intel_pm.c * context changes - drm/meson: Delete an error message in meson_dw_hdmi_bind() (bsc#1051510). - drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem (bsc#1114279) - drm/qxl: qxl_release leak in qxl_draw_dirty_fb() (bsc#1051510). - drm/qxl: qxl_release leak in qxl_hw_surface_alloc() (bsc#1051510). - drm/qxl: qxl_release use after free (bsc#1051510). - drm: Remove PageReserved manipulation from drm_pci_alloc (bsc#1114279) * offset changes - drm/sun4i: dsi: Allow binding the host without a panel (bsc#1113956) - drm/sun4i: dsi: Avoid hotplug race with DRM driver bind (bsc#1113956) - drm/sun4i: dsi: Remove incorrect use of runtime PM (bsc#1113956) * context changes - drm/sun4i: dsi: Remove unused drv from driver context (bsc#1113956) * context changes * keep include of sun4i_drv.h - dump_stack: avoid the livelock of the dump_lock (git fixes (block drivers)). - EDAC, sb_edac: Add support for systems with segmented PCI buses (bsc#1169525). - ext4: do not zeroout extents beyond i_disksize (bsc#1167851). - ext4: fix extent_status fragmentation for plain files (bsc#1171949). - ext4: use non-movable memory for superblock readahead (bsc#1171952). - fanotify: fix merging marks masks with FAN_ONDIR (bsc#1171679). - fbcon: fix null-ptr-deref in fbcon_switch (bsc#1114279) * rename drivers/video/fbdev/core to drivers/video/console * context changes - fib: add missing attribute validation for tun_id (networking-stable-20_03_14). - firmware: qcom: scm: fix compilation error when disabled (bsc#1051510). - fs/cifs: fix gcc warning in sid_to_id (bsc#1144333). - fs/seq_file.c: simplify seq_file iteration code and interface (bsc#1170125). - gpio: tegra: mask GPIO IRQs during IRQ shutdown (bsc#1051510). - gre: fix uninit-value in __iptunnel_pull_header (networking-stable-20_03_14). - HID: hid-input: clear unmapped usages (git-fixes). - HID: hyperv: Add a module description line (bsc#1172249, bsc#1172251). - HID: i2c-hid: add Trekstor Primebook C11B to descriptor override (git-fixes). - HID: i2c-hid: override HID descriptors for certain devices (git-fixes). - HID: multitouch: add eGalaxTouch P80H84 support (bsc#1051510). - HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices (git-fixes). - hrtimer: Annotate lockless access to timer->state (git fixes (block drivers)). - hsr: add restart routine into hsr_get_node_list() (networking-stable-20_03_28). - hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17). - hsr: fix general protection fault in hsr_addr_is_self() (networking-stable-20_03_28). - hsr: set .netnsok flag (networking-stable-20_03_28). - hsr: use rcu_read_lock() in hsr_get_node_{list/status}() (networking-stable-20_03_28). - i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present (git-fixes). - i2c: acpi: put device when verifying client fails (git-fixes). - i2c: brcmstb: remove unused struct member (git-fixes). - i2c: core: Allow empty id_table in ACPI case as well (git-fixes). - i2c: core: decrease reference count of device node in i2c_unregister_device (git-fixes). - i2c: dev: Fix the race between the release of i2c_dev and cdev (bsc#1051510). - i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes). - i2c-hid: properly terminate i2c_hid_dmi_desc_override_table array (git-fixes). - i2c: i801: Do not add ICH_RES_IO_SMI for the iTCO_wdt device (git-fixes). - i2c: iproc: Stop advertising support of SMBUS quick cmd (git-fixes). - i2c: isch: Remove unnecessary acpi.h include (git-fixes). - i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (bsc#1051510). - i2c: st: fix missing struct parameter description (bsc#1051510). - IB/mlx5: Fix missing congestion control debugfs on rep rdma device (bsc#1103991). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - iio:ad7797: Use correct attribute_group (bsc#1051510). - iio: adc: stm32-adc: fix device used to request dma (bsc#1051510). - iio: adc: stm32-adc: fix sleep in atomic context (git-fixes). - iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1051510). - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (bsc#1051510). - iio: sca3000: Remove an erroneous 'get_device()' (bsc#1051510). - iio: xilinx-xadc: Fix ADC-B powerdown (bsc#1051510). - iio: xilinx-xadc: Fix clearing interrupt when enabling trigger (bsc#1051510). - iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode (bsc#1051510). - ima: Fix return value of ima_write_policy() (git-fixes). - Input: evdev - call input_flush_device() on release(), not flush() (bsc#1051510). - Input: hyperv-keyboard - add module description (bsc#1172249, bsc#1172251). - Input: i8042 - add Acer Aspire 5738z to nomux list (bsc#1051510). - Input: i8042 - add ThinkPad S230u to i8042 reset list (bsc#1051510). - Input: raydium_i2c_ts - use true and false for boolean values (bsc#1051510). - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (bsc#1051510). - Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes). - Input: usbtouchscreen - add support for BonXeon TP (bsc#1051510). - Input: xpad - add custom init packet for Xbox One S controllers (bsc#1051510). - iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172096). - iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172097). - iommu/amd: Do not loop forever when trying to increase address space (bsc#1172098). - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172099). - iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172101). - iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172102). - iommu/amd: Update Device Table in increase_address_space() (bsc#1172103). - iommu: Fix reference count leak in iommu_group_alloc (bsc#1172397). - ip6_tunnel: Allow rcv/xmit even if remote address is a local address (bsc#1166978). - ipv4: fix a RCU-list lock in fib_triestat_seq_show (networking-stable-20_04_02). - ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface (networking-stable-20_03_14). - ipv6: do not auto-add link-local address to lag ports (networking-stable-20_04_09). - ipv6: fix IPV6_ADDRFORM operation logic (bsc#1171662). - ipv6: fix restrict IPV6_ADDRFORM operation (bsc#1171662). - ipvlan: add cond_resched_rcu() while processing muticast backlog (networking-stable-20_03_14). - ipvlan: do not deref eth hdr before checking it's set (networking-stable-20_03_14). - ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() (networking-stable-20_03_14). - iwlwifi: pcie: actually release queue memory in TVQM (bsc#1051510). - ixgbe: do not check firmware errors (bsc#1170284). - kabi fix for early XHCI debug (git-fixes). - kabi for for md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - kabi/severities: Do not track KVM internal symbols. - kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party. - kabi workaround for snd_rawmidi buffer_ref field addition (git-fixes). - KEYS: reaching the keys quotas correctly (bsc#1051510). - KVM: arm64: Change hyp_panic()s dependency on tpidr_el2 (bsc#1133021). - KVM: arm64: Stop save/restoring host tpidr_el1 on VHE (bsc#1133021). - KVM: Check validity of resolved slot when searching memslots (bsc#1172104). - KVM: s390: vsie: Fix delivery of addressing exceptions (git-fixes). - KVM: SVM: Fix potential memory leak in svm_cpu_init() (bsc#1171736). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1152489). - l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17). - libata: Remove extra scsi_host_put() in ata_scsi_add_hosts() (bsc#1051510). - libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set (bsc#1051510). - lib: raid6: fix awk build warnings (git fixes (block drivers)). - lib/raid6/test: fix build on distros whose /bin/sh is not bash (git fixes (block drivers)). - lib/stackdepot.c: fix global out-of-bounds in stack_slabs (git fixes (block drivers)). - locks: print unsigned ino in /proc/locks (bsc#1171951). - mac80211: add ieee80211_is_any_nullfunc() (bsc#1051510). - mac80211_hwsim: Use kstrndup() in place of kasprintf() (bsc#1051510). - mac80211: mesh: fix discovery timer re-arming issue / crash (bsc#1051510). - macsec: avoid to set wrong mtu (bsc#1051510). - macsec: restrict to ethernet devices (networking-stable-20_03_28). - macvlan: add cond_resched() during multicast processing (networking-stable-20_03_14). - macvlan: fix null dereference in macvlan_device_event() (bsc#1051510). - md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - md/raid0: Fix an error message in raid0_make_request() (git fixes (block drivers)). - md/raid10: prevent access of uninitialized resync_pages offset (git-fixes). - media: dvb: return -EREMOTEIO on i2c transfer failure (bsc#1051510). - media: platform: fcp: Set appropriate DMA parameters (bsc#1051510). - media: ti-vpe: cal: fix disable_irqs to only the intended target (git-fixes). - mei: release me_cl object reference (bsc#1051510). - mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27). - mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE (networking-stable-20_04_09). - mlxsw: spectrum_mr: Fix list iteration in error path (bsc#1112374). - mmc: atmel-mci: Fix debugfs on 64-bit platforms (git-fixes). - mmc: core: Check request type before completing the request (git-fixes). - mmc: core: Fix recursive locking issue in CQE recovery path (git-fixes). - mmc: cqhci: Avoid false 'cqhci: CQE stuck on' by not open-coding timeout loop (git-fixes). - mmc: dw_mmc: Fix debugfs on 64-bit platforms (git-fixes). - mmc: meson-gx: make sure the descriptor is stopped on errors (git-fixes). - mmc: meson-gx: simplify interrupt handler (git-fixes). - mmc: renesas_sdhi: limit block count to 16 bit for old revisions (git-fixes). - mmc: sdhci-esdhc-imx: fix the mask for tuning start point (bsc#1051510). - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (bsc#1051510). - mmc: sdhci-of-at91: fix memleak on clk_get failure (git-fixes). - mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers (bsc#1051510). - mmc: sdhci-xenon: fix annoying 1.8V regulator warning (bsc#1051510). - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (bsc#1051510). - mmc: tmio: fix access width of Block Count Register (git-fixes). - mm: limit boost_watermark on small zones (git fixes (mm/pgalloc)). - mm: thp: handle page cache THP correctly in PageTransCompoundMap (git fixes (block drivers)). - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer (bsc#1051510). - mtd: spi-nor: cadence-quadspi: add a delay in write sequence (git-fixes). - mtd: spi-nor: enable 4B opcodes for mx66l51235l (git-fixes). - mtd: spi-nor: fsl-quadspi: Do not let -EINVAL on the bus (git-fixes). - mwifiex: avoid -Wstringop-overflow warning (bsc#1051510). - mwifiex: Fix memory corruption in dump_station (bsc#1051510). - net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27). - net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27). - net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27). - net: dsa: bcm_sf2: Do not register slave MDIO bus with OF (networking-stable-20_04_09). - net: dsa: bcm_sf2: Ensure correct sub-node is parsed (networking-stable-20_04_09). - net: dsa: Fix duplicate frames flooded by learning (networking-stable-20_03_28). - net: dsa: mv88e6xxx: fix lockup on warm boot (networking-stable-20_03_14). - net/ethernet: add Google GVE driver (jsc#SLE-10538) - net: fec: add phy_reset_after_clk_enable() support (git-fixes). - net: fec: validate the new settings in fec_enet_set_coalesce() (networking-stable-20_03_14). - net: fix race condition in __inet_lookup_established() (bsc#1151794). - net: fq: add missing attribute validation for orphan mask (networking-stable-20_03_14). - net: hns3: fix 'tc qdisc del' failed issue (bsc#1109837). - net, ip_tunnel: fix interface lookup with no key (networking-stable-20_04_02). - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17). - net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17). - netlink: Use netlink header as base to calculate bad attribute offset (networking-stable-20_03_14). - net: macsec: update SCI upon MAC address change (networking-stable-20_03_14). - net: memcg: fix lockdep splat in inet_csk_accept() (networking-stable-20_03_14). - net: memcg: late association of sock to memcg (networking-stable-20_03_14). - net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27). - net/mlx5: Add new fields to Port Type and Speed register (bsc#1171118). - net/mlx5: Expose link speed directly (bsc#1171118). - net/mlx5: Expose port speed when possible (bsc#1171118). - net/mlx5: Fix failing fw tracer allocation on s390 (bsc#1103990 ). - net: mvneta: Fix the case where the last poll did not process all rx (networking-stable-20_03_28). - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27). - net/packet: tpacket_rcv: do not increment ring index on drop (networking-stable-20_03_14). - net: qmi_wwan: add support for ASKEY WWHC050 (networking-stable-20_03_28). - net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - net_sched: sch_skbprio: add message validation to skbprio_change() (bsc#1109837). - net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27). - nfc: add missing attribute validation for SE API (networking-stable-20_03_14). - nfc: add missing attribute validation for vendor subcommand (networking-stable-20_03_14). - nfc: st21nfca: add missed kfree_skb() in an error path (bsc#1051510). - nfp: abm: fix a memory leak bug (bsc#1109837). - nfsd4: fix up replay_matches_cache() (git-fixes). - nfsd: Ensure CLONE persists data and metadata changes to the target file (git-fixes). - nfsd: fix delay timer on 32-bit architectures (git-fixes). - nfsd: fix jiffies/time_t mixup in LRU list (git-fixes). - NFS: Directory page cache pages need to be locked when read (git-fixes). - nfsd: memory corruption in nfsd4_lock() (git-fixes). - NFS: Do not call generic_error_remove_page() while holding locks (bsc#1170457). - NFS: Fix memory leaks and corruption in readdir (git-fixes). - NFS: Fix O_DIRECT accounting of number of bytes read/written (git-fixes). - NFS: Fix potential posix_acl refcnt leak in nfs3_set_acl (git-fixes). - NFS: fix racey wait in nfs_set_open_stateid_locked (bsc#1170592). - NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O (git-fixes). - NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes() (git-fixes). - NFS: Revalidate the file size on a fatal write error (git-fixes). - NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (git-fixes). - NFSv4: Do not allow a cached open with a revoked delegation (git-fixes). - NFSv4: Fix leak of clp->cl_acceptor string (git-fixes). - NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid() (git-fixes). - NFSv4: try lease recovery on NFS4ERR_EXPIRED (git-fixes). - NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn (git-fixes). - nl802154: add missing attribute validation for dev_type (networking-stable-20_03_14). - nl802154: add missing attribute validation (networking-stable-20_03_14). - nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391). - objtool: Fix stack offset tracking for indirect CFAs (bsc#1169514). - objtool: Fix switch table detection in .text.unlikely (bsc#1169514). - objtool: Make BP scratch register warning more robust (bsc#1169514). - padata: Remove broken queue flushing (git-fixes). - Partially revert 'kfifo: fix kfifo_alloc() and kfifo_init()' (git fixes (block drivers)). - PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2 (bsc#1172201, bsc#1172202). - PCI: hv: Decouple the func definition in hv_dr_state from VSP message (bsc#1172201, bsc#1172202). - pinctrl: baytrail: Enable pin configuration setting for GPIO chip (git-fixes). - pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler (git-fixes). - pinctrl: sunrisepoint: Fix PAD lock register offset for SPT-H (git-fixes). - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (bsc#1051510). - pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors (git-fixes). - powerpc: Add attributes for setjmp/longjmp (bsc#1065729). - powerpc/pci/of: Parse unassigned resources (bsc#1065729). - powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729). - powerpc/sstep: Fix DS operand in ld encoding to appropriate value (bsc#1065729). - r8152: check disconnect status after long sleep (networking-stable-20_03_14). - raid6/ppc: Fix build for clang (git fixes (block drivers)). - random: always use batched entropy for get_random_u{32,64} (bsc#1164871). - rcu: locking and unlocking need to always be at least barriers (git fixes (block drivers)). - Revert 'ALSA: hda/realtek: Fix pop noise on ALC225' (git-fixes). - Revert 'drm/panel: simple: Add support for Sharp LQ150X1LG11 panels' (bsc#1114279) * offset changes - Revert 'HID: i2c-hid: add Trekstor Primebook C11B to descriptor override' Depends on 9b5c747685982d22efffeafc5ec601bd28f6d78b, which was also reverted. - Revert 'HID: i2c-hid: override HID descriptors for certain devices' This broke i2c-hid.ko's build, there is no way around it without a big file rename or renaming the kernel module. - Revert 'i2c-hid: properly terminate i2c_hid_dmi_desc_override_table' Fixed 9b5c747685982d22efffeafc5ec601bd28f6d78b, which was also reverted. - Revert 'ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()' (bsc#1172221). - Revert 'RDMA/cma: Simplify rdma_resolve_addr() error flow' (bsc#1103992). - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (bsc#1051510). - s390/cpum_cf: Add new extended counters for IBM z15 (bsc#1169762 LTC#185291). - s390/ftrace: fix potential crashes when switching tracers (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/pci: do not set affinity for floating irqs (git-fixes). - s390/pci: Fix possible deadlock in recover_store() (bsc#1165183 LTC#184103). - s390/pci: Recover handle in clp_set_pci_fn() (bsc#1165183 LTC#184103). - scripts/decodecode: fix trapping instruction formatting (bsc#1065729). - scripts/dtc: Remove redundant YYLOC global declaration (bsc#1160388). - scsi: bnx2i: fix potential use after free (bsc#1171600). - scsi: core: Handle drivers which set sg_tablesize to zero (bsc#1171601) This commit also required: > scsi: core: avoid preallocating big SGL for data - scsi: core: save/restore command resid for error handling (bsc#1171602). - scsi: core: scsi_trace: Use get_unaligned_be*() (bsc#1171604). - scsi: core: try to get module before removing device (bsc#1171605). - scsi: csiostor: Adjust indentation in csio_device_reset (bsc#1171606). - scsi: csiostor: Do not enable IRQs too early (bsc#1171607). - scsi: esas2r: unlock on error in esas2r_nvram_read_direct() (bsc#1171608). - scsi: fnic: fix invalid stack access (bsc#1171609). - scsi: fnic: fix msix interrupt allocation (bsc#1171610). - scsi: ibmvscsi: Fix WARN_ON during event pool release (bsc#1170791 ltc#185128). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (bsc#1171611). - scsi: iscsi: Fix a potential deadlock in the timeout handler (bsc#1171612). - scsi: iscsi: qla4xxx: fix double free in probe (bsc#1171613). - scsi: lpfc: Change default queue allocation for reduced memory consumption (bsc#1164780). - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences (bsc#1171614). - scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG (bsc#1171615). - scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event (bsc#1164780). - scsi: lpfc: Fix MDS Diagnostic Enablement definition (bsc#1164780). - scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type (bsc#1164780). - scsi: lpfc: Fix noderef and address space warnings (bsc#1164780). - scsi: lpfc: Maintain atomic consistency of queue_claimed flag (bsc#1164780). - scsi: lpfc: remove duplicate unloading checks (bsc#1164780). - scsi: lpfc: Remove re-binding of nvme rport during registration (bsc#1164780). - scsi: lpfc: Remove redundant initialization to variable rc (bsc#1164780). - scsi: lpfc: Remove unnecessary lockdep_assert_held calls (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.1 (bsc#1164780). - scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state (bsc#1171616). - scsi: qla2xxx: add ring buffer for tracing debug logs (bsc#1157169). - scsi: qla2xxx: check UNLOADING before posting async work (bsc#1157169). - scsi: qla2xxx: Delete all sessions before unregister local nvme port (bsc#1157169). - scsi: qla2xxx: Do not log message when reading port speed via sysfs (bsc#1157169). - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (bsc#1157169). - scsi: qla2xxx: Fix regression warnings (bsc#1157169). - scsi: qla2xxx: Remove non functional code (bsc#1157169). - scsi: qla2xxx: set UNLOADING before waiting for session deletion (bsc#1157169). - scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free (bsc#1171617). - scsi: qla4xxx: fix double free bug (bsc#1171618). - scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI (bsc#1171619). - scsi: sg: add sg_remove_request in sg_common_write (bsc#1171620). - scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) (bsc#1171621). - scsi: ufs: change msleep to usleep_range (bsc#1171622). - scsi: ufs: Clean up ufshcd_scale_clks() and clock scaling error out path (bsc#1171623). - scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic (bsc#1171624). - scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails (bsc#1171625). - scsi: ufs: Recheck bkops level if bkops is disabled (bsc#1171626). - sctp: fix possibly using a bad saddr with a given dst (networking-stable-20_04_02). - sctp: fix refcount bug in sctp_wfree (networking-stable-20_04_02). - selftests/powerpc: Fix build errors in powerpc ptrace selftests (boo#1124278). - Separate one more kABI fixup from the functional change: - seq_file: fix problem when seeking mid-record (bsc#1170125). - serial: uartps: Move the spinlock after the read of the tx empty (git-fixes). - sfc: detach from cb_page in efx_copy_channel() (networking-stable-20_03_14). - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig (bsc#1172185). - slcan: not call free_netdev before rtnl_unlock in slcan_open (networking-stable-20_03_28). - slip: make slhc_compress() more robust against malicious packets (networking-stable-20_03_14). - smb3: Additional compression structures (bsc#1144333). - smb3: Add new compression flags (bsc#1144333). - smb3: change noisy error message to FYI (bsc#1144333). - smb3: enable swap on SMB3 mounts (bsc#1144333). - smb3: Minor cleanup of protocol definitions (bsc#1144333). - smb3: remove overly noisy debug line in signing errors (bsc#1144333). - smb3: smbdirect support can be configured by default (bsc#1144333). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1144333). - spi: bcm2835: Fix 3-wire mode if DMA is enabled (git-fixes). - spi: bcm63xx-hsspi: Really keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (bsc#1051510). - spi: dw: Add SPI Rx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: Add SPI Tx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: Zero DMA Tx and Rx configurations on stack (bsc#1051510). - spi: fsl: do not map irq during probe (git-fixes). - spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes). - spi: pxa2xx: Add CS control clock quirk (bsc#1051510). - spi: qup: call spi_qup_pm_resume_runtime before suspending (bsc#1051510). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes). - spi: spi-s3c64xx: Fix system resume support (git-fixes). - spi/zynqmp: remove entry that causes a cs glitch (bsc#1051510). - staging: comedi: dt2815: fix writing hi byte of analog output (bsc#1051510). - staging: comedi: Fix comedi_device refcnt leak in comedi_open (bsc#1051510). - staging: iio: ad2s1210: Fix SPI reading (bsc#1051510). - staging: vt6656: Do not set RCR_MULTICAST or RCR_BROADCAST by default (git-fixes). - staging: vt6656: Fix drivers TBTT timing counter (git-fixes). - staging: vt6656: Fix pairwise key entry save (git-fixes). - sunrpc: expiry_time should be seconds not timeval (git-fixes). - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' (git-fixes). - supported.conf: Add br_netfilter to base (bsc#1169020). - supported.conf: support w1 core and thermometer support - svcrdma: Fix double svc_rdma_send_ctxt_put() in an error path (bsc#1103992). - svcrdma: Fix leak of transport addresses (git-fixes). - svcrdma: Fix trace point use-after-free race (bsc#1103992 ). - taskstats: fix data-race (bsc#1172188). - tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27). - tcp: repair: fix TCP_QUEUE_SEQ implementation (networking-stable-20_03_28). - team: add missing attribute validation for array index (networking-stable-20_03_14). - team: add missing attribute validation for port ifindex (networking-stable-20_03_14). - team: fix hang in team_mode_get() (networking-stable-20_04_27). - tools lib traceevent: Remove unneeded qsort and uses memmove instead (git-fixes). - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729). - tpm/tpm_tis: Free IRQ if probing fails (bsc#1082555). - tpm/tpm_tis: Free IRQ if probing fails (git-fixes). - tracing: Add a vmalloc_sync_mappings() for safe measure (git-fixes). - tracing: Disable trace_printk() on post poned tests (git-fixes). - tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation (git-fixes). - tty: rocket, avoid OOB access (git-fixes). - tun: Do not put_page() for all negative return values from XDP program (bsc#1109837). - UAS: fix deadlock in error handling and PM flushing work (git-fixes). - UAS: no use logging any details in case of ENODEV (git-fixes). - Update config files: Build w1 bus on arm64 (jsc#SLE-11048) - USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE (git-fixes). - USB: cdc-acm: restore capability check order (git-fixes). - USB: core: Fix misleading driver bug report (bsc#1051510). - USB: dwc3: do not set gadget->is_otg flag (git-fixes). - USB: dwc3: gadget: Do link recovery for SS and SSP (git-fixes). - USB: early: Handle AMD's spec-compliant identifiers, too (git-fixes). - USB: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() (git-fixes). - USB: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes). - USB: gadget: composite: Inform controller driver of self-powered (git-fixes). - USB: gadget: legacy: fix error return code in cdc_bind() (git-fixes). - USB: gadget: legacy: fix error return code in gncm_bind() (git-fixes). - USB: gadget: legacy: fix redundant initialization warnings (bsc#1051510). - USB: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes). - USB: gadget: udc: atmel: Fix vbus disconnect handling (git-fixes). - USB: gadget: udc: atmel: Make some symbols static (git-fixes). - USB: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete (git-fixes). - USB: host: xhci-plat: keep runtime active when removing host (git-fixes). - USB: hub: Fix handling of connect changes during sleep (git-fixes). - usbnet: silence an unnecessary warning (bsc#1170770). - USB: serial: garmin_gps: add sanity checking for data length (git-fixes). - USB: serial: option: add BroadMobi BM806U (git-fixes). - USB: serial: option: add support for ASKEY WWHC050 (git-fixes). - USB: serial: option: add Wistron Neweb D19Q1 (git-fixes). - USB: serial: qcserial: Add DW5816e support (git-fixes). - USB: sisusbvga: Change port variable from signed to unsigned (git-fixes). - usb-storage: Add unusual_devs entry for JMicron JMS566 (git-fixes). - USB: uas: add quirk for LaCie 2Big Quadra (git-fixes). - USB: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list (git-fixes). - video: fbdev: sis: Remove unnecessary parentheses and commented code (bsc#1114279) - video: fbdev: w100fb: Fix a potential double free (bsc#1051510). - vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27). - vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - vt: vt_ioctl: fix race in VT_RESIZEX (git-fixes). - vt: vt_ioctl: fix use-after-free in vt_in_use() (git-fixes). - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes). - vxlan: check return value of gro_cells_init() (networking-stable-20_03_28). - w1: Add subsystem kernel public interface (jsc#SLE-11048). - w1: Fix slave count on 1-Wire bus (resend) (jsc#SLE-11048). - w1: keep balance of mutex locks and refcnts (jsc#SLE-11048). - w1: use put_device() if device_register() fail (jsc#SLE-11048). - watchdog: reset last_hw_keepalive time at start (git-fixes). - wcn36xx: Fix error handling path in 'wcn36xx_probe()' (bsc#1051510). - wil6210: remove reset file from debugfs (git-fixes). - wimax/i2400m: Fix potential urb refcnt leak (bsc#1051510). - workqueue: do not use wq_select_unbound_cpu() for bound works (bsc#1172130). - x86/entry/64: Fix unwind hints in kernel exit path (bsc#1058115). - x86/entry/64: Fix unwind hints in register clearing code (bsc#1058115). - x86/entry/64: Fix unwind hints in rewind_stack_do_exit() (bsc#1058115). - x86/entry/64: Fix unwind hints in __switch_to_asm() (bsc#1058115). - x86/hyperv: Allow guests to enable InvariantTSC (bsc#1170621, bsc#1170620). - x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump (bsc#1170617, bsc#1170618). - x86/Hyper-V: Report crash data in die() when panic_on_oops is set (bsc#1170617, bsc#1170618). - x86/Hyper-V: Report crash register data or kmsg before running crash kernel (bsc#1170617, bsc#1170618). - x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is not set (bsc#1170617, bsc#1170618). - x86/Hyper-V: report value of misc_features (git fixes). - x86/Hyper-V: Trigger crash enlightenment only once during system crash (bsc#1170617, bsc#1170618). - x86/Hyper-V: Unload vmbus channel in hv panic callback (bsc#1170617, bsc#1170618). - x86/kprobes: Avoid kretprobe recursion bug (bsc#1114279). - x86/resctrl: Fix invalid attempt at removing the default resource group (git-fixes). - x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1114279). - x86/unwind/orc: Do not skip the first frame for inactive tasks (bsc#1058115). - x86/unwind/orc: Fix error handling in __unwind_start() (bsc#1058115). - x86/unwind/orc: Fix error path for bad ORC entry type (bsc#1058115). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - x86/unwind/orc: Prevent unwinding before ORC initialization (bsc#1058115). - x86/unwind: Prevent false warnings for non-current tasks (bsc#1058115). - xen/pci: reserve MCFG areas earlier (bsc#1170145). - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27). - xfs: clear PF_MEMALLOC before exiting xfsaild thread (git-fixes). - xfs: Correctly invert xfs_buftarg LRU isolation logic (git-fixes). - xfs: do not ever return a stale pointer from __xfs_dir3_free_read (git-fixes). - xprtrdma: Fix completion wait during device removal (git-fixes). ----------------------------------------- Patch: SUSE-2020-1616 Released: Fri Jun 12 10:51:28 2020 Summary: Recommended update for SAPHanaSR-ScaleOut Severity: moderate References: 1156067,1156150,1157685 Description: This update for SAPHanaSR-ScaleOut fixes the following issues: - Restart 'sapstartsrv' service on master nameserver node. (bsc#1156150) - Use a fall-back scoring for the master nameserver nodes, if the current roles of the node(s) got lost. (bsc#1156067) - SAPHanaSR-ScaleOut-doc will no longer be installable when SAPHanaSR-doc is installed (bsc#1157685) ----------------------------------------- Patch: SUSE-2020-1621 Released: Fri Jun 12 16:59:18 2020 Summary: Security update for libEMF Severity: important References: 1171496,1171497,1171498,1171499,CVE-2020-11863,CVE-2020-11864,CVE-2020-11865,CVE-2020-11866 Description: This update for libEMF fixes the following issues: - CVE-2020-11863: Fixed an issue which could have led to denial of service (bsc#1171496). - CVE-2020-11864: Fixed an issue which could have led to denial of service (bsc#1171499). - CVE-2020-11865: Fixed an out of bounds memory access (bsc#1171497). - CVE-2020-11866: Fixed a use after free (bsc#1171498). ----------------------------------------- Patch: SUSE-2020-1631 Released: Wed Jun 17 09:53:58 2020 Summary: Recommended update for fonts-config Severity: important References: 1049056,1092737,1101985,1106850,1111791,1172022 Description: This update for fonts-config fixes the following issues: - Update version from 20160921 to version 20200609+git0.42e2b1b * Check if it's required to use some default settings in /etc/sysconfig/fonts-config. (bsc#1172022) * Add variable to allow fonts-config to update default settings * Fix en-US, en-GB font matching. * Allow non-ASCII letters in font names. (bsc#1049056, bsc#1101985). * Update subpixel rendering config * Fix misspelling in configuration file. (bsc#1111791) * Fix wrong visualization for special characters and numbers. (bsc#1092737) * Support color emoji * Modern fonts for symbol * Add configurations for Noto Sans/Serif CJK * No longer create encodings.dir in /usr/share/fonts/encodings/ (bsc#1106850) ----------------------------------------- Patch: SUSE-2020-1635 Released: Wed Jun 17 14:20:56 2020 Summary: Recommended update for susemanager-cloud-setup Severity: important References: 1172645 Description: This update for susemanager-cloud-setup contains the following fix: - Update to version 1.5: * adapt to new azuremetadata output (bsc#1172645) ----------------------------------------- Patch: SUSE-2020-1639 Released: Wed Jun 17 15:43:51 2020 Summary: Recommended update for python3-ec2imgutils Severity: moderate References: 1171933 Description: This update for python3-ec2imgutils contains the following fixes: - Update to version 8.0.0 (bsc#1171933) + Incompatible command line argument change for ec2publishimg. The --allow-copy option is no longer a boolean. It now supports the image and none keywords as well as a comma separated list of AWS account numbers. + Support having the snapshot copy permissions set differently than the image copy permissions. This supports published image aggregation into AWS MP. + ec2uploadimg tags the helper instance ----------------------------------------- Patch: SUSE-2020-1657 Released: Thu Jun 18 10:49:53 2020 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Severity: moderate References: 1172377,CVE-2020-13401 Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Docker was updated to 19.03.11-ce runc was updated to version 1.0.0-rc10 containerd was updated to version 1.2.13 - CVE-2020-13401: Fixed an issue where an attacker with CAP_NET_RAW capability, could have crafted IPv6 router advertisements, and spoof external IPv6 hosts, resulting in obtaining sensitive information or causing denial of service (bsc#1172377). ----------------------------------------- Patch: SUSE-2020-1677 Released: Thu Jun 18 18:16:39 2020 Summary: Security update for mozilla-nspr, mozilla-nss Severity: important References: 1159819,1169746,1171978,CVE-2019-17006,CVE-2020-12399 Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53 - CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978). - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes mozilla-nspr to version 4.25 ----------------------------------------- Patch: SUSE-2020-1684 Released: Fri Jun 19 09:48:36 2020 Summary: Security update for java-1_8_0-ibm Severity: important References: 1160968,1169511,1171352,1172277,CVE-2019-2949,CVE-2020-2654,CVE-2020-2754,CVE-2020-2755,CVE-2020-2756,CVE-2020-2757,CVE-2020-2781,CVE-2020-2800,CVE-2020-2803,CVE-2020-2805,CVE-2020-2830 Description: This update for java-1_8_0-ibm fixes the following issues: java-1_8_0-ibm was updated to Java 8.0 Service Refresh 6 Fix Pack 10 (bsc#1172277,bsc#1169511,bsc#1160968) - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2754: Forwarded references to Nashorn - CVE-2020-2755: Improved Nashorn matching - CVE-2020-2756: Improved mapping of serial ENUMs - CVE-2020-2757: Less Blocking Array Queues - CVE-2020-2781: Improved TLS session handling - CVE-2020-2800: Improved Headings for HTTP Servers - CVE-2020-2803: Enhanced buffering of byte buffers - CVE-2020-2805: Enhanced typing of methods - CVE-2020-2830: Improved Scanner conversions - CVE-2019-2949: Fixed an issue which could have resulted in unauthorized access to critical data - Added RSA PSS SUPPORT TO IBMPKCS11IMPL - The pack200 and unpack200 alternatives should be slaves of java (bsc#1171352). ----------------------------------------- Patch: SUSE-2020-1695 Released: Fri Jun 19 14:54:47 2020 Summary: Security update for osc Severity: moderate References: 1122675,CVE-2019-3681 Description: This update for osc to 0.169.1 fixes the following issues: Security issue fixed: - CVE-2019-3681: Fixed an insufficient validation of network-controlled filesystem paths (bsc#1122675). Non-security issues fixed: - Improved the speed and usability of osc bash completion. - improved some error messages. - osc add: support git@ (private github) or git:// URLs correctly. - Split dependson and whatdependson commands. - Added support for osc build --shell-cmd. - Added pkg-ccache support for osc build. - Added --ccache option to osc getbinaries ----------------------------------------- Patch: SUSE-2020-1704 Released: Mon Jun 22 11:21:12 2020 Summary: Recommended update for susefirewall2-to-firewalld Severity: moderate References: 1170461 Description: This update for susefirewall2-to-firewalld fixes the following issues: - Fixed 'INVALID_PORT' error message with certain SuSEfirewall2 configurations (bsc#1170461). ----------------------------------------- Patch: SUSE-2020-1706 Released: Mon Jun 22 14:34:34 2020 Summary: Recommended update for susemanager-cloud-setup Severity: important References: 1172838 Description: This update for susemanager-cloud-setup contains the following fix: - Update to version 1.6 * suma-storage: handle /var/spacewalk correctly. (bsc#1172838) ----------------------------------------- Patch: SUSE-2020-1707 Released: Tue Jun 23 10:02:48 2020 Summary: Recommended update for gnu-free-fonts Severity: moderate References: 1170856 Description: This update for gnu-free-fonts fixes the following issue: - Fix building with fontforge 20190801. (bsc#1170856) ----------------------------------------- Patch: SUSE-2020-1709 Released: Tue Jun 23 10:32:38 2020 Summary: Security update for mercurial Severity: low References: 1133035,CVE-2019-3902 Description: This update for mercurial fixes the following issues: Security issue fixed: - CVE-2019-3902: Fixed incorrect patch-checking with symlinks and subrepos (bsc#1133035). ----------------------------------------- Patch: SUSE-2020-1726 Released: Tue Jun 23 14:52:07 2020 Summary: Recommended update for python-M2Crypto Severity: moderate References: 1172226 Description: This update for python-M2Crypto fixes the following issues: - Release python3-M2crypto to LTSS channels, to allow using salt even when the Server Applications Module is not used. (bsc#1172226) ----------------------------------------- Patch: SUSE-2020-1727 Released: Tue Jun 23 15:33:07 2020 Summary: Recommended update for python3-gcemetadata Severity: moderate References: 1173136 Description: This update for python3-gcemetadata fixes the following issues: Update to version 1.0.4 (bsc#1173136) - Fixed typo, missing '=' for 'identity' option in processed command line options causes mis-identification of instance as missing identity data access ----------------------------------------- Patch: SUSE-2020-1730 Released: Wed Jun 24 09:41:15 2020 Summary: Security update for libssh2_org Severity: moderate References: 1154862,CVE-2019-17498 Description: This update for libssh2_org fixes the following issue: - CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862). ----------------------------------------- Patch: SUSE-2020-1733 Released: Wed Jun 24 09:43:36 2020 Summary: Security update for curl Severity: important References: 1173026,1173027,CVE-2020-8169,CVE-2020-8177 Description: This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). - CVE-2020-8169: Fixed an issue where could have led to partial password leak over DNS on HTTP redirect (bsc#1173026). ----------------------------------------- Patch: SUSE-2020-1759 Released: Thu Jun 25 18:44:37 2020 Summary: Recommended update for krb5 Severity: moderate References: 1169357 Description: This update for krb5 fixes the following issue: - Call systemd to reload the services instead of init-scripts. (bsc#1169357) ----------------------------------------- Patch: SUSE-2020-1760 Released: Thu Jun 25 18:46:13 2020 Summary: Recommended update for systemd Severity: moderate References: 1157315,1162698,1164538,1169488,1171145,1172072 Description: This update for systemd fixes the following issues: - Merge branch 'SUSE/v234' into SLE15 units: starting suspend.target should not fail when suspend is successful (bsc#1172072) core/mount: do not add Before=local-fs.target or remote-fs.target if nofail mount option is set mount: let mount_add_extras() take care of remote-fs.target deps (bsc#1169488) mount: set up local-fs.target/remote-fs.target deps in mount_add_default_dependencies() too udev: rename the persistent link for ATA devices (bsc#1164538) shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) tmpfiles: remove unnecessary assert (bsc#1171145) test-engine: manager_free() was called too early pid1: by default make user units inherit their umask from the user manager (bsc#1162698) ----------------------------------------- Patch: SUSE-2020-1769 Released: Fri Jun 26 08:03:09 2020 Summary: Security update for squid Severity: important References: 1173304,CVE-2020-14059 Description: This update for squid fixes the following issues: squid was updated to version 4.12 Security issue fixed: - CVE-2020-14059: Fixed an issue where a client could potentially deny the service of a server during TLS Handshake (bsc#1173304). Other issues addressed: - Reverted to slow search for new SMP shm pages due to a regression - Fixed an issue where negative responses were never cached - Fixed stall if transaction was overwriting a recently active cache entry ----------------------------------------- Patch: SUSE-2020-1771 Released: Fri Jun 26 08:04:23 2020 Summary: Security update for mutt Severity: important References: 1172906,1172935,1173197,CVE-2020-14093,CVE-2020-14154,CVE-2020-14954 Description: This update for mutt fixes the following issues: - CVE-2020-14954: Fixed a response injection due to a STARTTLS buffering issue which was affecting IMAP, SMTP, and POP3 (bsc#1173197). - CVE-2020-14093: Fixed a potential IMAP Man-in-the-Middle attack via a PREAUTH response (bsc#1172906, bsc#1172935). - CVE-2020-14154: Fixed an issue where Mutt was ignoring an expired certificate and was proceeding with a connection (bsc#1172906, bsc#1172935). ----------------------------------------- Patch: SUSE-2020-1772 Released: Fri Jun 26 08:05:06 2020 Summary: Security update for unbound Severity: important References: 1157268,1171889,CVE-2019-18934,CVE-2020-12662,CVE-2020-12663 Description: This update for unbound fixes the following issues: - CVE-2020-12662: Fixed an issue where unbound could have been tricked into amplifying an incoming query into a large number of queries directed to a target (bsc#1171889). - CVE-2020-12663: Fixed an issue where malformed answers from upstream name servers could have been used to make unbound unresponsive (bsc#1171889). - CVE-2019-18934: Fixed a vulnerability in the IPSec module which could have allowed code execution after receiving a special crafted answer (bsc#1157268). ----------------------------------------- Patch: SUSE-2020-1785 Released: Fri Jun 26 09:26:09 2020 Summary: Recommended update for perl-TimeDate Severity: moderate References: 1172834 Description: This update for perl-TimeDate fixes the following issue: - Parse out the century if specified (strptime). (bsc#1172834) ----------------------------------------- Patch: SUSE-2020-1787 Released: Fri Jun 26 09:28:58 2020 Summary: Recommended update for python-scipy Severity: low References: 1171510 Description: This update for python-scipy doesn't fix any user visible issues, but improves the package building process. ----------------------------------------- Patch: SUSE-2020-1795 Released: Mon Jun 29 11:22:45 2020 Summary: Recommended update for lvm2 Severity: important References: 1172566 Description: This update for lvm2 fixes the following issues: - Fix potential data loss problem with LVM cache (bsc#1172566) ----------------------------------------- Patch: SUSE-2020-1801 Released: Tue Jun 30 13:07:01 2020 Summary: Recommended update for zeromq Severity: low References: 1171566 Description: This update of zeromq fixes the following issue. - the libzmq5-32bit package is shipped on x86_64 platforms. (bsc#1171566) ----------------------------------------- Patch: SUSE-2020-1802 Released: Tue Jun 30 13:15:44 2020 Summary: Recommended update for ucode-intel Severity: moderate References: 1172466,1172856 Description: This update for ucode-intel fixes the following issues: Updated Intel CPU Microcode to 20200616 official release (bsc#1172856) - revert 06-4e-03 Skylake U/Y, U23e ucode back to 000000d6 release - revert 06-5e-03 Skylake H/S ucode back to 000000d6 release, as both cause stability issues. (bsc#1172856) Updated Intel CPU Microcode to 20200609 official release (bsc#1172466) - no changes to 20200602 prerelease ----------------------------------------- Patch: SUSE-2020-1808 Released: Tue Jun 30 18:00:38 2020 Summary: Recommended update for unixODBC Severity: low References: 1171566 Description: unixODBC was updated to fix the following issue: - ship unixODBC-32bit on x86_64 systems for compatibility (bsc#1171566) ----------------------------------------- Patch: SUSE-2020-1816 Released: Wed Jul 1 16:13:25 2020 Summary: Recommended update for postgresql10 Severity: moderate References: 1148643,1171924 Description: This update for postgresql10 fixes the following issues: postgresql was updated to 10.13 (bsc#1171924). For more details see: - https://www.postgresql.org/about/news/2038/ - https://www.postgresql.org/docs/10/release-10-13.html - Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean and complete cutover to the new packaging schema. ----------------------------------------- Patch: SUSE-2020-1821 Released: Thu Jul 2 08:39:34 2020 Summary: Recommended update for dracut Severity: moderate References: 1172807,1172816 Description: This update for dracut fixes the following issues: - 35network-legacy: Fix dual stack setups. (bsc#1172807) - 95iscsi: fix missing space when compiling cmdline args. (bsc#1172816) ----------------------------------------- Patch: SUSE-2020-1822 Released: Thu Jul 2 11:30:42 2020 Summary: Security update for python3 Severity: important References: 1173274,CVE-2020-14422 Description: This update for python3 fixes the following issues: - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service (bsc#1173274). ----------------------------------------- Patch: SUSE-2020-1823 Released: Thu Jul 2 11:32:22 2020 Summary: Security update for ntp Severity: moderate References: 1125401,1169740,1171355,1172651,1173334,992038,CVE-2018-8956,CVE-2020-11868,CVE-2020-13817,CVE-2020-15025 Description: This update for ntp fixes the following issues: ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334). - Removed an OpenSSL version warning (bsc#992038 and bsc#1125401). ----------------------------------------- Patch: SUSE-2020-1396 Released: Fri Jul 3 12:33:05 2020 Summary: Security update for zstd Severity: moderate References: 1082318,1133297 Description: This update for zstd fixes the following issues: - Fix for build error caused by wrong static libraries. (bsc#1133297) - Correction in spec file marking the license as documentation. (bsc#1082318) - Add new package for SLE-15. (jsc#ECO-1886) ----------------------------------------- Patch: SUSE-2020-1843 Released: Mon Jul 6 12:13:40 2020 Summary: Security update for nasm Severity: moderate References: 1084631,1086186,1086227,1086228,1090519,1090840,1106878,1107592,1107594,1108404,1115758,1115774,1115795,1173538,CVE-2018-1000667,CVE-2018-10016,CVE-2018-10254,CVE-2018-10316,CVE-2018-16382,CVE-2018-16517,CVE-2018-16999,CVE-2018-19214,CVE-2018-19215,CVE-2018-19216,CVE-2018-8881,CVE-2018-8882,CVE-2018-8883 Description: This update for nasm fixes the following issues: nasm was updated to version 2.14.02. This allows building of Mozilla Firefox 78ESR and also contains lots of bugfixes, security fixes and improvements. * Fix crash due to multiple errors or warnings during the code generation pass if a list file is specified. * Create all system-defined macros defore processing command-line given preprocessing directives (-p, -d, -u, --pragma, --before). * If debugging is enabled, define a __DEBUG_FORMAT__ predefined macro. See section 4.11.7. * Fix an assert for the case in the obj format when a SEG operator refers to an EXTERN symbol declared further down in the code. * Fix a corner case in the floating-point code where a binary, octal or hexadecimal floating-point having at least 32, 11, or 8 mantissa digits could produce slightly incorrect results under very specific conditions. * Support -MD without a filename, for gcc compatibility. -MF can be used to set the dependencies output filename. See section 2.1.7. * Fix -E in combination with -MD. See section 2.1.21. * Fix missing errors on redefined labels; would cause convergence failure instead which is very slow and not easy to debug. * Duplicate definitions of the same label with the same value is now explicitly permitted (2.14 would allow it in some circumstances.) * Add the option --no-line to ignore %line directives in the source. See section 2.1.33 and section 4.10.1. * Changed -I option semantics by adding a trailing path separator unconditionally. * Fixed null dereference in corrupted invalid single line macros. * Fixed division by zero which may happen if source code is malformed. * Fixed out of bound access in processing of malformed segment override. * Fixed out of bound access in certain EQU parsing. * Fixed buffer underflow in float parsing. * Added SGX (Intel Software Guard Extensions) instructions. * Added +n syntax for multiple contiguous registers. * Fixed subsections_via_symbols for macho object format. * Added the --gprefix, --gpostfix, --lprefix, and --lpostfix command line options, to allow command line base symbol renaming. See section 2.1.28. * Allow label renaming to be specified by %pragma in addition to from the command line. See section 6.9. * Supported generic %pragma namespaces, output and debug. See section 6.10. * Added the --pragma command line option to inject a %pragma directive. See section 2.1.29. * Added the --before command line option to accept preprocess statement before input. See section 2.1.30. * Added AVX512 VBMI2 (Additional Bit Manipulation), VNNI (Vector Neural Network), BITALG (Bit Algorithm), and GFNI (Galois Field New Instruction) instructions. * Added the STATIC directive for local symbols that should be renamed using global-symbol rules. See section 6.8. * Allow a symbol to be defined as EXTERN and then later overridden as GLOBAL or COMMON. Furthermore, a symbol declared EXTERN and then defined will be treated as GLOBAL. See section 6.5. * The GLOBAL directive no longer is required to precede the definition of the symbol. * Support private_extern as macho specific extension to the GLOBAL directive. See section 7.8.5. * Updated UD0 encoding to match with the specification * Added the --limit-X command line option to set execution limits. See section 2.1.31. * Updated the Codeview version number to be aligned with MASM. * Added the --keep-all command line option to preserve output files. See section 2.1.32. * Added the --include command line option, an alias to -P (section 2.1.18). * Added the --help command line option as an alias to -h (section 3.1). * Added -W, -D, and -Q suffix aliases for RET instructions so the operand sizes of these instructions can be encoded without using o16, o32 or o64. New upstream version 2.13.03: * Add flags: AES, VAES, VPCLMULQDQ * Add VPCLMULQDQ instruction * elf: Add missing dwarf loc section * documentation updates ----------------------------------------- Patch: SUSE-2020-1850 Released: Mon Jul 6 14:44:39 2020 Summary: Security update for mozilla-nss Severity: moderate References: 1168669,1173032,CVE-2020-12402 Description: This update for mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032) - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). ----------------------------------------- Patch: SUSE-2020-1852 Released: Mon Jul 6 16:50:23 2020 Summary: Recommended update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts Severity: moderate References: 1169444 Description: This update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts fixes the following issues: Changes in fontforge: - Support transforming bitmap glyphs from python. (bsc#1169444) - Allow python-Sphinx >= 3 Changes in ttf-converter: - Update from version 1.0 to version 1.0.6: * ftdump is now shipped additionally as new dependency for ttf-converter * Standardize output when converting vector and bitmap fonts * Add more subfamilies fixes (bsc#1169444) * Add --family and --subfamily arguments to force values on those fields * Add parameters to fix glyph unicode values --fix-glyph-unicode : Try to fix unicode points and glyph names based on glyph names containing hexadecimal codes (like '$0C00', 'char12345' or 'uni004F') --replace-unicode-values: When passed 2 comma separated numbers a,b the glyph with an unicode value of a is replaced with the unicode value b. Can be used more than once. --shift-unicode-values: When passed 3 comma separated numbers a,b,c this shifts the unicode values of glyphs between a and b (both included) by adding c. Can be used more than once. * Add --bitmapTransform parameter to transform bitmap glyphs. (bsc#1169444) When used, all glyphs are modified with the transformation function and values passed as parameters. The parameter has three values separated by commas: fliph|flipv|rotate90cw|rotate90ccw|rotate180|skew|transmove,xoff,yoff * Add support to convert bitmap fonts (bsc#1169444) * Rename MediumItalic subfamily to Medium Italic * Show some more information when removing duplicated glyphs * Add a --force-monospaced argument instead of hardcoding font names * Convert `BoldCond` subfamily to `Bold Condensed` * Fixes for Monospaced fonts and force the Nimbus Mono L font to be Monospaced. (bsc#1169444 #c41) * Add a --version argument * Fix subfamily names so the converted font's subfamily match the original ones. (bsc#1169444 #c41) Changes in xorg-x11-fonts: - Use ttf-converter 1.0.6 to build an Italic version of cu12.pcf.gz in the converted subpackage - Include the subfamily in the filename of converted fonts - Use ttf-converter's new bitmap font support to convert Schumacher Clean and Schumacher Clean Wide (bsc#1169444 #c41) - Replace some unicode values in cu-pua12.pcf.gz to fix them - Shift some unicode values in arabic24.pcf.gz and cuarabic12.pcf.gz so glyphs don't pretend to be latin characters when they're not. - Don't distribute converted fonts with wrong unicode values in their glyphs. (bsc#1169444) Bitstream-Charter-*.otb, Cursor.ttf,Sun-OPEN-LOOK-*.otb, MUTT-ClearlyU-Devangari-Extra-Regular, MUTT-ClearlyU-Ligature-Wide-Regular, and MUTT-ClearlyU-Devanagari-Regular Changes in ghostscript-fonts: - Force the converted Nimbus Mono font to be monospaced. (bsc#1169444 #c41) Use the --force-monospaced argument of ttf-converter 1.0.3 ----------------------------------------- Patch: SUSE-2020-1856 Released: Mon Jul 6 17:05:51 2020 Summary: Security update for openldap2 Severity: important References: 1172698,1172704,CVE-2020-8023 Description: This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). ----------------------------------------- Patch: SUSE-2020-1870 Released: Tue Jul 7 15:13:13 2020 Summary: Recommended update for llvm9 Severity: moderate References: 1173202 Description: This update for llvm9 fixes the following issues: - Fix miscompilations with rustc 1.43 that lead to LTO failures (bsc#1173202) ----------------------------------------- Patch: SUSE-2020-1871 Released: Tue Jul 7 15:14:11 2020 Summary: Recommended update for llvm7 Severity: moderate References: 1173202 Description: This update for llvm7 fixes the following issues: - Fix miscompilations with rustc 1.43 that lead to LTO failures (bsc#1173202) ----------------------------------------- Patch: SUSE-2020-1873 Released: Tue Jul 7 17:19:46 2020 Summary: Security update for LibVNCServer Severity: important References: 1173477,CVE-2017-18922 Description: This update for LibVNCServer fixes the following issues: - CVE-2017-18922: Fixed an issue which could have allowed to an attacker to pre-auth overwrite a function pointer which subsequently used leading to potential remote code execution (bsc#1173477). ----------------------------------------- Patch: SUSE-2020-1885 Released: Fri Jul 10 14:54:22 2020 Summary: Recommended update for cloud-init Severity: moderate References: 1170154,1171546,1171995 Description: This update for cloud-init contains the following fixes: - rsyslog warning, '~' is deprecated: (bsc#1170154) + replace deprecated syntax '& ~' by '& stop' for more information please see https://www.rsyslog.com/rsyslog-error-2307/. + Explicitly test for netconfig version 1 as well as 2. + Handle netconfig v2 device configurations (bsc#1171546, bsc#1171995) ----------------------------------------- Patch: SUSE-2020-1894 Released: Mon Jul 13 10:40:16 2020 Summary: Optional update for python-Cerberus Severity: moderate References: 1121858,1173465 Description: This update for python-Cerberus fixes the following issues: - Update to version 1.3.2 * includes various features and improvements - please refer to the changelog for a detailed technical list of changes ----------------------------------------- Patch: SUSE-2020-1903 Released: Tue Jul 14 15:46:28 2020 Summary: Recommended update for lifecycle-data-sle-module-desktop-productivity Severity: moderate References: 1173407 Description: This update for lifecycle-data-sle-module-desktop-productivity fixes the following issues: - Update lifecycle data, most of python2 is now in its own module. (bsc#1173407) - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) ----------------------------------------- Patch: SUSE-2020-1905 Released: Tue Jul 14 15:56:17 2020 Summary: Recommended update for lifecycle-data-sle-module-basesystem Severity: moderate References: 1173407 Description: This update for lifecycle-data-sle-module-basesystem fixes the following issues: - Update lifecycle data, most of python2 is now in its own module. (bsc#1173407) - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) ----------------------------------------- Patch: SUSE-2020-1906 Released: Tue Jul 14 15:58:16 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Severity: moderate References: 1173407 Description: This update for lifecycle-data-sle-module-development-tools fixes the following issue: - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) ----------------------------------------- Patch: SUSE-2020-1907 Released: Tue Jul 14 16:01:25 2020 Summary: Recommended update for lifecycle-data-sle-module-hpc Severity: moderate References: 1173407 Description: This update for lifecycle-data-sle-module-hpc fixes the following issues: - Update lifecycle data, most of python2 is now in its own module. (bsc#1173407) - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) ----------------------------------------- Patch: SUSE-2020-1908 Released: Tue Jul 14 16:03:22 2020 Summary: Recommended update for lifecycle-data-sle-module-server-applications Severity: moderate References: 1173407 Description: This update for lifecycle-data-sle-module-server-applications fixes the following issues: - Update lifecycle data, no python2 module are shipped in this module. (bsc#1173407) - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) ----------------------------------------- Patch: SUSE-2020-1909 Released: Tue Jul 14 16:05:26 2020 Summary: Recommended update for lifecycle-data-sle-module-desktop-applications Severity: moderate References: 1173407 Description: This update for lifecycle-data-sle-module-desktop-applications fixes the following issues: - Update lifecycle data, all python2 packages in desktop applications module are in python2 module. (bsc#1173407) - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) ----------------------------------------- Patch: SUSE-2020-1915 Released: Wed Jul 15 09:34:15 2020 Summary: Security update for slirp4netns Severity: important References: 1172380,CVE-2020-10756 Description: This update for slirp4netns fixes the following issues: - Update to 0.4.7 (bsc#1172380) * libslirp: update to v4.3.1 (Fix CVE-2020-10756) * Fix config_from_options() to correctly enable ipv6 ----------------------------------------- Patch: SUSE-2020-1919 Released: Wed Jul 15 10:56:06 2020 Summary: Security update for rubygem-puma Severity: moderate References: 1172175,1172176,CVE-2020-11076,CVE-2020-11077 Description: This update for rubygem-puma to version 4.3.5 fixes the following issues: - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage (bsc#1172175). - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid transfer-encoding header (bsc#1172176). - Disabled TLSv1.0 and TLSv1.1 (jsc#SLE-6965). ----------------------------------------- Patch: SUSE-2020-1920 Released: Wed Jul 15 10:56:29 2020 Summary: Security update for python-ipaddress Severity: important References: 1173274,CVE-2020-14422 Description: This update for python-ipaddress fixes the following issues: - Add CVE-2020-14422-ipaddress-hash-collision.patch fixing CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions in IPv4Interface and IPv6Interface could lead to DOS. ----------------------------------------- Patch: SUSE-2020-1922 Released: Wed Jul 15 11:30:49 2020 Summary: Security update for LibVNCServer Severity: important References: 1173477,1173691,1173694,1173700,1173701,1173743,1173874,1173875,1173876,1173880,CVE-2017-18922,CVE-2018-21247,CVE-2019-20839,CVE-2019-20840,CVE-2020-14397,CVE-2020-14398,CVE-2020-14399,CVE-2020-14400,CVE-2020-14401,CVE-2020-14402 Description: This update for LibVNCServer fixes the following issues: - security update - added patches fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak + LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock() + LibVNCServer-CVE-2019-20839.patch fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service + LibVNCServer-CVE-2019-20840.patch fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. + LibVNCServer-CVE-2020-14402,14403,14404.patch fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite ----------------------------------------- Patch: SUSE-2020-1929 Released: Wed Jul 15 14:59:50 2020 Summary: Recommended update for python-numpy Severity: low References: 1166678 Description: This update for python-numpy fixes the following issues: - Fixes a file conflict with /usr/bin/f2py (bsc#1166678) ----------------------------------------- Patch: SUSE-2020-1930 Released: Wed Jul 15 15:05:07 2020 Summary: Security update for openconnect Severity: moderate References: 1171862,CVE-2020-12823 Description: This update for openconnect fixes the following issues: - CVE-2020-12823: Fixed a buffer overflow via crafted certificate data which could have led to denial of service (bsc#1171862). ----------------------------------------- Patch: SUSE-2020-1931 Released: Wed Jul 15 15:05:43 2020 Summary: Security update for openexr Severity: moderate References: 1173466,1173467,1173469,CVE-2020-15304,CVE-2020-15305,CVE-2020-15306 Description: This update for openexr fixes the following issues: - CVE-2020-15304: Fixed a NULL pointer dereference in TiledInputFile:TiledInputFile() (bsc#1173466). - CVE-2020-15305: Fixed a use-after-free in DeepScanLineInputFile:DeepScanLineInputFile() (bsc#1173467). - CVE-2020-15306: Fixed a heap buffer overflow in getChunkOffsetTableSize() (bsc#1173469). ----------------------------------------- Patch: SUSE-2020-1934 Released: Wed Jul 15 15:07:30 2020 Summary: Security update for google-compute-engine Severity: important References: 1169978,1173258,CVE-2020-8903,CVE-2020-8907,CVE-2020-8933 Description: This update for google-compute-engine fixes the following issues: - Don't enable and start google-network-daemon.service when it's already installed (bsc#1169978) + Do not add the created user to the adm (CVE-2020-8903), docker (CVE-2020-8907), or lxd (CVE-2020-8933) groups if they exist (bsc#1173258) ----------------------------------------- Patch: SUSE-2020-1935 Released: Wed Jul 15 16:25:57 2020 Summary: Recommended update for azure-li-services Severity: moderate References: Description: This update for azure-li-services fixes the following issues: - Update the motd to reflect the new link for the SUSE forums. - Add prometheus monitoring modules. (jsc#SLE-10545, jsc#SLE-10902, jsc#SLE-10903, jsc#ECO-817, jsc#ECO-818. - Added devel package auto submission - Deployment of HANA Scale-up Performance Optimized Scenario from Salt. (jsc#SLE-11453) - Automate setup of DRBD NFS-Share in SALT and Terraform. (jsc#SLE-11454) ----------------------------------------- Patch: SUSE-2020-1938 Released: Thu Jul 16 14:43:32 2020 Summary: Recommended update for libsolv, libzypp, zypper Severity: moderate References: 1169947,1170801,1172925,1173106 Description: This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to: - Enable zstd compression support for sle15 zypper was updated to version 1.14.37: - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) libzypp was updated to 17.24.0 - Fix core dump with corrupted history file (bsc#1170801) - Enable zchunk metadata download if libsolv supports it. - Better handling of the purge-kernels algorithm. (bsc#1173106) ----------------------------------------- Patch: SUSE-2020-1941 Released: Fri Jul 17 13:41:23 2020 Summary: Recommended update for NetworkManager-branding Severity: moderate References: 1172773 Description: This update for NetworkManager-branding fixes the following issues: - Fix an issue when NetworkManager uses an enexpanded macro. (bsc#1172773) ----------------------------------------- Patch: SUSE-2020-1944 Released: Fri Jul 17 13:50:40 2020 Summary: Security update for ant Severity: moderate References: 1171696,CVE-2020-1945 Description: This update for ant fixes the following issues: - CVE-2020-1945: Fixed an inseure temorary file vulnerability which could have potentially leaked sensitive information (bsc#1171696). ----------------------------------------- Patch: SUSE-2020-1950 Released: Fri Jul 17 17:16:21 2020 Summary: Recommended update for dracut Severity: moderate References: 1161573,1165828,1169997,1172807,1173560 Description: This update for dracut fixes the following issues: - Update to version 049.1+suse.152.g8506e86f: * 01fips: modprobe failures during manual module loading is not fatal. (bsc#bsc#1169997) * 91zipl: parse-zipl.sh: honor SYSTEMD_READY. (bsc#1165828) * 95iscsi: fix ipv6 target discovery. (bsc#1172807) * 35network-legacy: correct conditional for creating did-setup file. (bsc#1172807) - Update to version 049.1+suse.148.gc4a6c2dd: * 95fcoe: load 'libfcoe' module as a fallback. (bsc#1173560) * 99base: enable the initqueue in both 'dracut --add-device' and 'dracut --mount' cases. (bsc#1161573) ----------------------------------------- Patch: SUSE-2020-1954 Released: Sat Jul 18 03:07:15 2020 Summary: Recommended update for cracklib Severity: moderate References: 1172396 Description: This update for cracklib fixes the following issues: - Fixed a buffer overflow when processing long words. ----------------------------------------- Patch: SUSE-2020-1957 Released: Mon Jul 20 13:47:31 2020 Summary: Security update for cni-plugins Severity: moderate References: 1172410,CVE-2020-10749 Description: This update for cni-plugins fixes the following issues: cni-plugins updated to version 0.8.6 - CVE-2020-10749: Fixed a potential Man-in-the-Middle attacks in IPv4 clusters by spoofing IPv6 router advertisements (bsc#1172410). Release notes: https://github.com/containernetworking/plugins/releases/tag/v0.8.6 ----------------------------------------- Patch: SUSE-2020-1961 Released: Mon Jul 20 16:29:07 2020 Summary: Recommended update for PackageKit Severity: moderate References: 1170562 Description: This update for PackageKit fixes the following issue: - pkcon: exit with return value 5 if no packages needed be installed. (bsc#1170562) In case a user asks to install an already installed package the new return value 5 message is 'Nothing useful was done' instead of return value 7 message 'The transaction failed, see the detailed error for more information.' ----------------------------------------- Patch: SUSE-2020-1979 Released: Tue Jul 21 02:41:47 2020 Summary: Recommended update for golang-github-prometheus-node_exporter Severity: moderate References: 1143913 Description: This update for golang-github-prometheus-node_exporter fixes the following issues: - Update from version 0.17.0 to version 0.18.1 (jsc#ECO-2110) 0.18.1 / 2019-06-04 * [BUGFIX] Fix incorrect sysctl call in BSD meminfo collector, resulting in broken swap metrics on FreeBSD * [BUGFIX] Fix rollover bug in mountstats collector 0.18.0 / 2019-05-09 * Renamed interface label to device in netclass collector for consistency with other network metrics * The cpufreq metrics now separate the cpufreq and scaling data based on what the driver provides. * The labels for the network_up metric have changed * Bonding collector now uses mii_status instead of operstatus * Several systemd metrics have been turned off by default to improve performance * These include unit_tasks_current, unit_tasks_max, service_restart_total, and unit_start_time_seconds * The systemd collector blacklist now includes automount, device, mount, and slice units by default. * [CHANGE] Bonding state uses mii_status * [CHANGE] Add a limit to the number of in-flight requests * [CHANGE] Renamed interface label to device in netclass collector * [CHANGE] Add separate cpufreq and scaling metrics * [CHANGE] Several systemd metrics have been turned off by default to improve performance * [CHANGE] Expand systemd collector blacklist * [CHANGE] Split cpufreq metrics into a separate collector * [FEATURE] Add a flag to disable exporter metrics * [FEATURE] Add kstat-based Solaris metrics for boottime, cpu and zfs collectors * [FEATURE] Add uname collector for FreeBSD * [FEATURE] Add diskstats collector for OpenBSD * [FEATURE] Add pressure collector exposing pressure stall information for Linux * [FEATURE] Add perf exporter for Linux * [ENHANCEMENT] Add Infiniband counters * [ENHANCEMENT] Add TCPSynRetrans to netstat default filter * [ENHANCEMENT] Move network_up labels into new metric network_info * [ENHANCEMENT] Use 64-bit counters for Darwin netstat * [BUGFIX] Add fallback for missing /proc/1/mounts * [BUGFIX] Fix node_textfile_mtime_seconds to work properly on symlinks - Add network-online (Wants and After) dependency to systemd unit. (bsc#1143913) ----------------------------------------- Patch: SUSE-2020-1983 Released: Tue Jul 21 08:31:44 2020 Summary: Security update for tomcat Severity: important References: 1173389,CVE-2020-11996 Description: This update for tomcat fixes the following issues: Tomcat was updated to 9.0.36 See changelog at - CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU usage for several seconds making potentially the server unresponsive (bsc#1173389). ----------------------------------------- Patch: SUSE-2020-1986 Released: Tue Jul 21 16:06:29 2020 Summary: Recommended update for openvswitch Severity: moderate References: 1172861,1172929 Description: This update for openvswitch fixes the following issues: - Preserve the old default OVS_USER_ID for users that removed the override at /etc/sysconfig/openvswitch. (bsc#1172861) - Fix possible changes of openvswitch configuration during upgrades. (bsc#1172929) ----------------------------------------- Patch: SUSE-2020-1987 Released: Tue Jul 21 17:02:15 2020 Summary: Recommended update for libsolv, libzypp, yast2-packager, yast2-pkg-bindings Severity: important References: 1172477,1173336,1174011 Description: This update for libsolv, libzypp, yast2-packager, yast2-pkg-bindings fixes the following issues: libsolv: - No source changes, just shipping it as an installer update (required by yast2-pkg-bindings). libzypp: - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) yast2-packager: - Handle variable expansion in repository name. (bsc#1172477) - Improve medium type detection, do not report Online medium when the /media.1/products file is missing in the repository, SMT does not mirror this file. (bsc#1173336) yast2-pkg-bindings: - Extensions to handle raw repository name. (bsc#1172477) ----------------------------------------- Patch: SUSE-2020-1992 Released: Tue Jul 21 23:37:09 2020 Summary: Security update for webkit2gtk3 Severity: important References: 1173998,CVE-2020-13753,CVE-2020-9802,CVE-2020-9803,CVE-2020-9805,CVE-2020-9806,CVE-2020-9807,CVE-2020-9843,CVE-2020-9850 Description: This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.3 (bsc#1173998): + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753. ----------------------------------------- Patch: SUSE-2020-1997 Released: Wed Jul 22 07:26:48 2020 Summary: Recommended update for crmsh Severity: important References: 1166644,1166962,1167220,1169581,1170037,1170999 Description: This update for crmsh fixes the following issues: - Fix for collecting of binary data to avoid CRC error in report. (bsc#1166962) - Implement ssh key configuration improvement to avoid security issues. (bsc#1169581, ECO-2035) - Fix for using class 'SBDManager' for sbd configuration and management. (bsc#1170037, bsc#1170999) - Fix for 'crm' resource refresh to complete. (bsc#1167220) - Update man page about completion example of 'crm' resource. (bsc#1166644) ----------------------------------------- Patch: SUSE-2020-1998 Released: Wed Jul 22 08:05:08 2020 Summary: Recommended update for libcryptopp Severity: moderate References: 1174308 Description: This update for libcryptopp fixes the following issues: The libcryptopp cryptographic package is added to SLES 15-SP1 [jsc#SLE-12744]. ----------------------------------------- Patch: SUSE-2020-2000 Released: Wed Jul 22 09:04:41 2020 Summary: Recommended update for efivar Severity: important References: 1100077,1101023,1120862,1127544 Description: This update for efivar fixes the following issues: - fix logic that checks for UCS-2 string termination (bsc#1127544) - fix casting of IPv4 addresses - Don't require an EUI for NVMe (bsc#1100077) - Add support for ACPI Generic Container and Embedded Controller root nodes (bsc#1101023) - fix for compilation failures bsc#1120862 ----------------------------------------- Patch: SUSE-2020-2002 Released: Wed Jul 22 09:43:24 2020 Summary: Recommended update for lifecycle-data-sle-module-live-patching Severity: moderate References: 1020320 Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: - Live kernel patching update data for 4_12_14-150_52, 4_12_14-197_45. (bsc#1020320) ----------------------------------------- Patch: SUSE-2020-2006 Released: Wed Jul 22 16:00:52 2020 Summary: Recommended update for postgresql, postgresql12 Severity: moderate References: 1148643,1171924 Description: This update for postgresql, postgresql12 fixes the following issues: Postgresql12 was updated to 12.3 (bsc#1171924). - https://www.postgresql.org/about/news/2038/ - https://www.postgresql.org/docs/12/release-12-3.html - Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean and complete cutover to the new packaging schema. Also changed in the postgresql wrapper package: - Bump version to 12.0.1, so that the binary packages also have a cut-point to conflict with. - Conflict with versions of the binary packages prior to the May 2020 update, because we changed the package layout at that point and need a clean cutover. - Bump package version to 12, but leave default at 10 for SLE-15 and SLE-15-SP1. ----------------------------------------- Patch: SUSE-2020-2012 Released: Thu Jul 23 08:18:52 2020 Summary: Recommended update for flatpak Severity: moderate References: 1169619,1170416,1172316 Description: This update for flatpak fixes the following issues: - Fix for missing directories by creating a 'skeleton flatpak' repository using 'flatpak remotes' instead of creating the directory manually. (bsc#1172316, bsc#1169619, bsc#1170416) ----------------------------------------- Patch: SUSE-2020-2025 Released: Thu Jul 23 13:32:32 2020 Summary: Security update for perl-YAML-LibYAML Severity: moderate References: 1173703 Description: This update for perl-YAML-LibYAML fixes the following issues: perl-YAML-LibYAML was updated to 0.69: [bsc#1173703] * Security fix: Add $LoadBlessed option to turn on/off loading objects: Default is set to true. Note that, the behavior is unchanged. * Clarify documentation about exported functions * Dump() was modifying original data, adding a PV to numbers * Support standard tags !!str, !!map and !!seq instead of dying. * Support JSON::PP::Boolean and boolean.pm via $YAML::XS::Boolean. * Fix regex roundtrip. Fix loading of many regexes. ----------------------------------------- Patch: SUSE-2020-2029 Released: Thu Jul 23 13:50:04 2020 Summary: Security update for libraw Severity: moderate References: 1173674,CVE-2020-15503 Description: This update for libraw fixes the following issues: - security update - added patches fix CVE-2020-15503 [bsc#1173674], lack of thumbnail size range check can lead to buffer overflow + libraw-CVE-2020-15503.patch ----------------------------------------- Patch: SUSE-2020-2041 Released: Fri Jul 24 13:59:11 2020 Summary: Security update for rust, rust-cbindgen Severity: moderate References: 1115645,1154817,1173202,CVE-2020-1967 Description: This update for rust, rust-cbindgen fixes the following issues: rust was updated for use by Firefox 76ESR. - Fixed miscompilations with rustc 1.43 that lead to LTO failures (bsc#1173202) Update to version 1.43.1 - Updated openssl-src to 1.1.1g for CVE-2020-1967. - Fixed the stabilization of AVX-512 features. - Fixed `cargo package --list` not working with unpublished dependencies. Update to version 1.43.0 + Language: - Fixed using binary operations with `&{number}` (e.g. `&1.0`) not having the type inferred correctly. - Attributes such as `#[cfg()]` can now be used on `if` expressions. - Syntax only changes: * Allow `type Foo: Ord` syntactically. * Fuse associated and extern items up to defaultness. * Syntactically allow `self` in all `fn` contexts. * Merge `fn` syntax + cleanup item parsing. * `item` macro fragments can be interpolated into `trait`s, `impl`s, and `extern` blocks. For example, you may now write: ```rust macro_rules! mac_trait { ($i:item) => { trait T { $i } } } mac_trait! { fn foo() {} } ``` * These are still rejected *semantically*, so you will likely receive an error but these changes can be seen and parsed by macros and conditional compilation. + Compiler - You can now pass multiple lint flags to rustc to override the previous flags. For example; `rustc -D unused -A unused-variables` denies everything in the `unused` lint group except `unused-variables` which is explicitly allowed. However, passing `rustc -A unused-variables -D unused` denies everything in the `unused` lint group **including** `unused-variables` since the allow flag is specified before the deny flag (and therefore overridden). - rustc will now prefer your system MinGW libraries over its bundled libraries if they are available on `windows-gnu`. - rustc now buffers errors/warnings printed in JSON. Libraries: - `Arc<[T; N]>`, `Box<[T; N]>`, and `Rc<[T; N]>`, now implement `TryFrom>`,`TryFrom>`, and `TryFrom>` respectively. **Note** These conversions are only available when `N` is `0..=32`. - You can now use associated constants on floats and integers directly, rather than having to import the module. e.g. You can now write `u32::MAX` or `f32::NAN` with no imports. - `u8::is_ascii` is now `const`. - `String` now implements `AsMut`. - Added the `primitive` module to `std` and `core`. This module reexports Rust's primitive types. This is mainly useful in macros where you want avoid these types being shadowed. - Relaxed some of the trait bounds on `HashMap` and `HashSet`. - `string::FromUtf8Error` now implements `Clone + Eq`. + Stabilized APIs - `Once::is_completed` - `f32::LOG10_2` - `f32::LOG2_10` - `f64::LOG10_2` - `f64::LOG2_10` - `iter::once_with` + Cargo - You can now set config `[profile]`s in your `.cargo/config`, or through your environment. - Cargo will now set `CARGO_BIN_EXE_` pointing to a binary's executable path when running integration tests or benchmarks. `` is the name of your binary as-is e.g. If you wanted the executable path for a binary named `my-program`you would use `env!('CARGO_BIN_EXE_my-program')`. + Misc - Certain checks in the `const_err` lint were deemed unrelated to const evaluation, and have been moved to the `unconditional_panic` and `arithmetic_overflow` lints. + Compatibility Notes - Having trailing syntax in the `assert!` macro is now a hard error. This has been a warning since 1.36.0. - Fixed `Self` not having the correctly inferred type. This incorrectly led to some instances being accepted, and now correctly emits a hard error. Update to version 1.42.0: + Language - You can now use the slice pattern syntax with subslices. - You can now use #[repr(transparent)] on univariant enums. Meaning that you can create an enum that has the exact layout and ABI of the type it contains. - There are some syntax-only changes: * default is syntactically allowed before items in trait definitions. * Items in impls (i.e. consts, types, and fns) may syntactically leave out their bodies in favor of ;. * Bounds on associated types in impls are now syntactically allowed (e.g. type Foo: Ord;). * ... (the C-variadic type) may occur syntactically directly as the type of any function parameter. These are still rejected semantically, so you will likely receive an error but these changes can be seen and parsed by procedural macros and conditional compilation. + Compiler - Added tier 2 support for armv7a-none-eabi. - Added tier 2 support for riscv64gc-unknown-linux-gnu. - Option::{expect,unwrap} and Result::{expect, expect_err, unwrap, unwrap_err} now produce panic messages pointing to the location where they were called, rather than core's internals. Refer to Rust's platform support page for more information on Rust's tiered platform support. + Libraries - iter::Empty now implements Send and Sync for any T. - Pin::{map_unchecked, map_unchecked_mut} no longer require the return type to implement Sized. - io::Cursor now derives PartialEq and Eq. - Layout::new is now const. - Added Standard Library support for riscv64gc-unknown-linux-gnu. + Stabilized APIs - CondVar::wait_while - CondVar::wait_timeout_while - DebugMap::key - DebugMap::value - ManuallyDrop::take - matches! - ptr::slice_from_raw_parts_mut - ptr::slice_from_raw_parts + Cargo - You no longer need to include extern crate proc_macro; to be able to use proc_macro; in the 2018 edition. + Compatibility Notes - Error::description has been deprecated, and its use will now produce a warning. It's recommended to use Display/to_string instead. Update to version 1.41.1: - Always check types of static items - Always check lifetime bounds of `Copy` impls - Fix miscompilation in callers of `Layout::repeat` Update to version 1.41.0: + Language - You can now pass type parameters to foreign items when implementing traits. E.g. You can now write `impl From for Vec {}`. - You can now arbitrarily nest receiver types in the `self` position. E.g. you can now write `fn foo(self: Box>) {}`. Previously only `Self`, `&Self`, `&mut Self`, `Arc`, `Rc`, and `Box` were allowed. - You can now use any valid identifier in a `format_args` macro. Previously identifiers starting with an underscore were not allowed. - Visibility modifiers (e.g. `pub`) are now syntactically allowed on trait items and enum variants. These are still rejected semantically, but can be seen and parsed by procedural macros and conditional compilation. + Compiler - Rustc will now warn if you have unused loop `'label`s. - Removed support for the `i686-unknown-dragonfly` target. - Added tier 3 support\* for the `riscv64gc-unknown-linux-gnu` target. - You can now pass an arguments file passing the `@path` syntax to rustc. Note that the format differs somewhat from what is found in other tooling; please see the documentation for more information. - You can now provide `--extern` flag without a path, indicating that it is available from the search path or specified with an `-L` flag. Refer to Rust's [platform support page][forge-platform-support] for more information on Rust's tiered platform support. + Libraries - The `core::panic` module is now stable. It was already stable through `std`. - `NonZero*` numerics now implement `From` if it's a smaller integer width. E.g. `NonZeroU16` now implements `From`. - `MaybeUninit` now implements `fmt::Debug`. + Stabilized APIs - `Result::map_or` - `Result::map_or_else` - `std::rc::Weak::weak_count` - `std::rc::Weak::strong_count` - `std::sync::Weak::weak_count` - `std::sync::Weak::strong_count` + Cargo - Cargo will now document all the private items for binary crates by default. - `cargo-install` will now reinstall the package if it detects that it is out of date. - Cargo.lock now uses a more git friendly format that should help to reduce merge conflicts. - You can now override specific dependencies's build settings. E.g. `[profile.dev.package.image] opt-level = 2` sets the `image` crate's optimisation level to `2` for debug builds. You can also use `[profile..build-override]` to override build scripts and their dependencies. + Misc - You can now specify `edition` in documentation code blocks to compile the block for that edition. E.g. `edition2018` tells rustdoc that the code sample should be compiled the 2018 edition of Rust. - You can now provide custom themes to rustdoc with `--theme`, and check the current theme with `--check-theme`. - You can use `#[cfg(doc)]` to compile an item when building documentation. + Compatibility Notes - As previously announced 1.41.0 will be the last tier 1 release for 32-bit Apple targets. This means that the source code is still available to build, but the targets are no longer being tested and release binaries for those platforms will no longer be distributed by the Rust project. Please refer to the linked blog post for more information. - Bump version of libssh2 for SLE15; we now need a version with libssh2_userauth_publickey_frommemory(), which appeared in libssh2 1.6.0. Update to version 1.40.0 + Language - You can now use tuple `struct`s and tuple `enum` variant's constructors in `const` contexts. e.g. pub struct Point(i32, i32); const ORIGIN: Point = { let constructor = Point; constructor(0, 0) }; - You can now mark `struct`s, `enum`s, and `enum` variants with the `#[non_exhaustive]` attribute to indicate that there may be variants or fields added in the future. For example this requires adding a wild-card branch (`_ => {}`) to any match statements on a non-exhaustive `enum`. - You can now use function-like procedural macros in `extern` blocks and in type positions. e.g. `type Generated = macro!();` - Function-like and attribute procedural macros can now emit `macro_rules!` items, so you can now have your macros generate macros. - The `meta` pattern matcher in `macro_rules!` now correctly matches the modern attribute syntax. For example `(#[$m:meta])` now matches `#[attr]`, `#[attr{tokens}]`, `#[attr[tokens]]`, and `#[attr(tokens)]`. + Compiler - Added tier 3 support\* for the `thumbv7neon-unknown-linux-musleabihf` target. - Added tier 3 support for the `aarch64-unknown-none-softfloat` target. - Added tier 3 support for the `mips64-unknown-linux-muslabi64`, and `mips64el-unknown-linux-muslabi64` targets. + Libraries - The `is_power_of_two` method on unsigned numeric types is now a `const` function. + Stabilized APIs - BTreeMap::get_key_value - HashMap::get_key_value - Option::as_deref_mut - Option::as_deref - Option::flatten - UdpSocket::peer_addr - f32::to_be_bytes - f32::to_le_bytes - f32::to_ne_bytes - f64::to_be_bytes - f64::to_le_bytes - f64::to_ne_bytes - f32::from_be_bytes - f32::from_le_bytes - f32::from_ne_bytes - f64::from_be_bytes - f64::from_le_bytes - f64::from_ne_bytes - mem::take - slice::repeat - todo! + Cargo - Cargo will now always display warnings, rather than only on fresh builds. - Feature flags (except `--all-features`) passed to a virtual workspace will now produce an error. Previously these flags were ignored. - You can now publish `dev-dependencies` without including a `version`. + Misc - You can now specify the `#[cfg(doctest)]` attribute to include an item only when running documentation tests with `rustdoc`. + Compatibility Notes - As previously announced, any previous NLL warnings in the 2015 edition are now hard errors. - The `include!` macro will now warn if it failed to include the entire file. The `include!` macro unintentionally only includes the first _expression_ in a file, and this can be unintuitive. This will become either a hard error in a future release, or the behavior may be fixed to include all expressions as expected. - Using `#[inline]` on function prototypes and consts now emits a warning under `unused_attribute` lint. Using `#[inline]` anywhere else inside traits or `extern` blocks now correctly emits a hard error. Update to version 1.39.0 + Language - You can now create async functions and blocks with async fn, async move {}, and async {} respectively, and you can now call .await on async expressions. - You can now use certain attributes on function, closure, and function pointer parameters. - You can now take shared references to bind-by-move patterns in the if guards of match arms. + Compiler - Added tier 3 support for the i686-unknown-uefi target. - Added tier 3 support for the sparc64-unknown-openbsd target. - rustc will now trim code snippets in diagnostics to fit in your terminal. - You can now pass --show-output argument to test binaries to print the output of successful tests. + For more details: https://github.com/rust-lang/rust/blob/stable/RELEASES.md#version-1390-2019-11-07 - Switch to bundled version of libgit2 for now. libgit2-sys seems to expect using the bundled variant, which just seems to point to a snapshot of the master branch and doesn't match any released libgit2 (bsc#1154817). See: https://github.com/rust-lang/rust/issues/63476 and https://github.com/rust-lang/git2-rs/issues/458 for details. Update to version 1.38.0 + Language - The `#[global_allocator]` attribute can now be used in submodules. - The `#[deprecated]` attribute can now be used on macros. + Compiler - Added pipelined compilation support to `rustc`. This will improve compilation times in some cases. + Libraries - `ascii::EscapeDefault` now implements `Clone` and `Display`. - Derive macros for prelude traits (e.g. `Clone`, `Debug`, `Hash`) are now available at the same path as the trait. (e.g. The `Clone` derive macro is available at `std::clone::Clone`). This also makes all built-in macros available in `std`/`core` root. e.g. `std::include_bytes!`. - `str::Chars` now implements `Debug`. - `slice::{concat, connect, join}` now accepts `&[T]` in addition to `&T`. - `*const T` and `*mut T` now implement `marker::Unpin`. - `Arc<[T]>` and `Rc<[T]>` now implement `FromIterator`. - Added euclidean remainder and division operations (`div_euclid`, `rem_euclid`) to all numeric primitives. Additionally `checked`, `overflowing`, and `wrapping` versions are available for all integer primitives. - `thread::AccessError` now implements `Clone`, `Copy`, `Eq`, `Error`, and `PartialEq`. - `iter::{StepBy, Peekable, Take}` now implement `DoubleEndedIterator`. + Stabilized APIs - `<*const T>::cast` - `<*mut T>::cast` - `Duration::as_secs_f32` - `Duration::as_secs_f64` - `Duration::div_f32` - `Duration::div_f64` - `Duration::from_secs_f32` - `Duration::from_secs_f64` - `Duration::mul_f32` - `Duration::mul_f64` - `any::type_name` + Cargo - Added pipelined compilation support to `cargo`. - You can now pass the `--features` option multiple times to enable multiple features. + Misc - `rustc` will now warn about some incorrect uses of `mem::{uninitialized, zeroed}` that are known to cause undefined behaviour. Update to version 1.37.0 + Language - #[must_use] will now warn if the type is contained in a tuple, Box, or an array and unused. - You can now use the `cfg` and `cfg_attr` attributes on generic parameters. - You can now use enum variants through type alias. e.g. You can write the following: ``` type MyOption = Option; fn increment_or_zero(x: MyOption) -> u8 { match x { MyOption::Some(y) => y + 1, MyOption::None => 0, } } ``` - You can now use `_` as an identifier for consts. e.g. You can write `const _: u32 = 5;`. - You can now use `#[repr(align(X)]` on enums. - The `?` Kleene macro operator is now available in the 2015 edition. + Compiler - You can now enable Profile-Guided Optimization with the `-C profile-generate` and `-C profile-use` flags. For more information on how to use profile guided optimization, please refer to the rustc book. - The `rust-lldb` wrapper script should now work again. + Libraries - `mem::MaybeUninit` is now ABI-compatible with `T`. + Stabilized APIs - BufReader::buffer - BufWriter::buffer - Cell::from_mut - Cell<[T]>::as_slice_of_cells - Cell::as_slice_of_cells - DoubleEndedIterator::nth_back - Option::xor - Wrapping::reverse_bits - i128::reverse_bits - i16::reverse_bits - i32::reverse_bits - i64::reverse_bits - i8::reverse_bits - isize::reverse_bits - slice::copy_within - u128::reverse_bits - u16::reverse_bits - u32::reverse_bits - u64::reverse_bits - u8::reverse_bits - usize::reverse_bits + Cargo - Cargo.lock files are now included by default when publishing executable crates with executables. - You can now specify `default-run='foo'` in `[package]` to specify the default executable to use for `cargo run`. - cargo-vendor is now provided as a sub-command of cargo + Compatibility Notes - Using `...` for inclusive range patterns will now warn by default. Please transition your code to using the `..=` syntax for inclusive ranges instead. - Using a trait object without the `dyn` will now warn by default. Please transition your code to use `dyn Trait` for trait objects instead. Crab(String), Lobster(String), Person(String), let state = Creature::Crab('Ferris'); if let Creature::Crab(name) | Creature::Person(name) = state { println!('This creature's name is: {}', name); } unsafe { foo() } pub fn new(x: i32, y: i32) -> Self { Self(x, y) } pub fn is_origin(&self) -> bool { match self { Self(0, 0) => true, _ => false, } } Self: PartialOrd // can write `Self` instead of `List` Nil, Cons(T, Box) // likewise here fn test(&self) { println!('one'); } //~ ERROR duplicate definitions with name `test` fn test(&self) { println!('two'); } * Basic procedural macros allowing custom `#[derive]`, aka 'macros 1.1', are stable. This allows popular code-generating crates like Serde and Diesel to work ergonomically. [RFC 1681]. * [Tuple structs may be empty. Unary and empty tuple structs may be instantiated with curly braces][36868]. Part of [RFC 1506]. * [A number of minor changes to name resolution have been activated][37127]. They add up to more consistent semantics, allowing for future evolution of Rust macros. Specified in [RFC 1560], see its section on ['changes'] for details of what is different. The breaking changes here have been transitioned through the [`legacy_imports`] lint since 1.14, with no known regressions. * [In `macro_rules`, `path` fragments can now be parsed as type parameter bounds][38279] * [`?Sized` can be used in `where` clauses][37791] * [There is now a limit on the size of monomorphized types and it can be modified with the `#![type_size_limit]` crate attribute, similarly to the `#![recursion_limit]` attribute][37789] * [On Windows, the compiler will apply dllimport attributes when linking to extern functions][37973]. Additional attributes and flags can control which library kind is linked and its name. [RFC 1717]. * [Rust-ABI symbols are no longer exported from cdylibs][38117] * [The `--test` flag works with procedural macro crates][38107] * [Fix `extern 'aapcs' fn` ABI][37814] * [The `-C no-stack-check` flag is deprecated][37636]. It does nothing. * [The `format!` expander recognizes incorrect `printf` and shell-style formatting directives and suggests the correct format][37613]. * [Only report one error for all unused imports in an import list][37456] * [Avoid unnecessary `mk_ty` calls in `Ty::super_fold_with`][37705] * [Avoid more unnecessary `mk_ty` calls in `Ty::super_fold_with`][37979] * [Don't clone in `UnificationTable::probe`][37848] * [Remove `scope_auxiliary` to cut RSS by 10%][37764] * [Use small vectors in type walker][37760] * [Macro expansion performance was improved][37701] * [Change `HirVec>` to `HirVec` in `hir::Expr`][37642] * [Replace FNV with a faster hash function][37229] https://raw.githubusercontent.com/rust-lang/rust/master/RELEASES.md rust-cbindgen is shipped in version 0.14.1. ----------------------------------------- Patch: SUSE-2020-2042 Released: Fri Jul 24 13:59:31 2020 Summary: Recommended update for SAPHanaSR Severity: moderate References: 1173581 Description: This update for SAPHanaSR fixes the following issues: - Fix for log empty site names, but do not generate bad formatted cluster attribute name. (bsc#1173581) - Fix for documentation of some parameter defaults. - Adjust start/stop/promote/monitor action timeouts to match official recommendations. ----------------------------------------- Patch: SUSE-2020-2044 Released: Fri Jul 24 14:00:14 2020 Summary: Recommended update for gdm Severity: moderate References: 1171290 Description: This update for gdm fixes the following issues: -Fix for an issue when user session reuses tty7 same as greeter session, gdm doesn't bring up the greeter session after switching from other tty to tty7. (bsc#1171290) ----------------------------------------- Patch: SUSE-2020-2047 Released: Fri Jul 24 14:09:14 2020 Summary: Security update for tomcat Severity: important References: 1174117,1174121,CVE-2020-13934,CVE-2020-13935 Description: This update for tomcat fixes the following issues: - Fixed CVEs: * CVE-2020-13934 (bsc#1174121) * CVE-2020-13935 (bsc#1174117) ----------------------------------------- Patch: SUSE-2020-2051 Released: Mon Jul 27 08:14:42 2020 Summary: Recommended update for nodejs12 Severity: moderate References: 1173653 Description: This update for nodejs12 fixes the following issues: - Fixes reported memory leak. (bsc#1173653) ----------------------------------------- Patch: SUSE-2020-2061 Released: Wed Jul 29 07:25:06 2020 Summary: Recommended update for crmsh Severity: important References: 1174385 Description: This update for crmsh fixes the following issues: - Fix for SSH communication between HA nodes by copying ssh key to 'qnetd' while detect need a password. (bsc#1174385) ----------------------------------------- Patch: SUSE-2020-2067 Released: Wed Jul 29 11:11:40 2020 Summary: Security update for ldb Severity: moderate References: 1173159,CVE-2020-10730 Description: This update for ldb fixes the following issues: - CVE-2020-10730: Fixed a null de-reference in AD DC LDAP server when ASQ and VLV combined (bsc#1173159). ----------------------------------------- Patch: SUSE-2020-2068 Released: Wed Jul 29 11:12:41 2020 Summary: Security update for freerdp Severity: important References: 1169679,1169748,1171441,1171443,1171444,1171445,1171446,1171447,1171474,1173247,1173605,1174200,CVE-2020-11017,CVE-2020-11018,CVE-2020-11019,CVE-2020-11038,CVE-2020-11039,CVE-2020-11040,CVE-2020-11041,CVE-2020-11043,CVE-2020-11085,CVE-2020-11086,CVE-2020-11087,CVE-2020-11088,CVE-2020-11089,CVE-2020-11095,CVE-2020-11096,CVE-2020-11097,CVE-2020-11098,CVE-2020-11099,CVE-2020-11521,CVE-2020-11522,CVE-2020-11523,CVE-2020-11524,CVE-2020-11525,CVE-2020-11526,CVE-2020-13396,CVE-2020-13397,CVE-2020-13398,CVE-2020-4030,CVE-2020-4031,CVE-2020-4032,CVE-2020-4033 Description: This update for freerdp fixes the following issues: frerdp was updated to version 2.1.2 (bsc#1171441,bsc#1173247 and jsc#ECO-2006): - CVE-2020-11017: Fixed a double free which could have denied the server's service. - CVE-2020-11018: Fixed an out of bounds read which a malicious clients could have triggered. - CVE-2020-11019: Fixed an issue which could have led to denial of service if logger was set to 'WLOG_TRACE'. - CVE-2020-11038: Fixed a buffer overflow when /video redirection was used. - CVE-2020-11039: Fixed an issue which could have allowed arbitrary memory read and write when USB redirection was enabled. - CVE-2020-11040: Fixed an out of bounds data read in clear_decompress_subcode_rlex. - CVE-2020-11041: Fixed an issue with the configuration for sound backend which could have led to server's denial of service. - CVE-2020-11043: Fixed an out of bounds read in rfx_process_message_tileset. - CVE-2020-11085: Fixed an out of bounds read in cliprdr_read_format_list. - CVE-2020-11086: Fixed an out of bounds read in ntlm_read_ntlm_v2_client_challenge. - CVE-2020-11087: Fixed an out of bounds read in ntlm_read_AuthenticateMessage. - CVE-2020-11088: Fixed an out of bounds read in ntlm_read_NegotiateMessage. - CVE-2020-11089: Fixed an out of bounds read in irp function family. - CVE-2020-11095: Fixed a global out of bounds read in update_recv_primary_order. - CVE-2020-11096: Fixed a global out of bounds read in update_read_cache_bitmap_v3_order. - CVE-2020-11097: Fixed an out of bounds read in ntlm_av_pair_get. - CVE-2020-11098: Fixed an out of bounds read in glyph_cache_put. - CVE-2020-11099: Fixed an out of bounds Read in license_read_new_or_upgrade_license_packet. - CVE-2020-11521: Fixed an out of bounds write in planar.c (bsc#1171443). - CVE-2020-11522: Fixed an out of bounds read in gdi.c (bsc#1171444). - CVE-2020-11523: Fixed an integer overflow in region.c (bsc#1171445). - CVE-2020-11524: Fixed an out of bounds write in interleaved.c (bsc#1171446). - CVE-2020-11525: Fixed an out of bounds read in bitmap.c (bsc#1171447). - CVE-2020-11526: Fixed an out of bounds read in update_recv_secondary_order (bsc#1171674). - CVE-2020-13396: Fixed an Read in ntlm_read_ChallengeMessage. - CVE-2020-13397: Fixed an out of bounds read in security_fips_decrypt due to uninitialized value. - CVE-2020-13398: Fixed an out of bounds write in crypto_rsa_common. - CVE-2020-4030: Fixed an out of bounds read in `TrioParse`. - CVE-2020-4031: Fixed a use after free in gdi_SelectObject. - CVE-2020-4032: Fixed an integer casting in `update_recv_secondary_order`. - CVE-2020-4033: Fixed an out of bound read in RLEDECOMPRESS. - Fixed an issue where freerdp failed with -fno-common (bsc#1169748). - Fixed an issue where USB redirection with FreeRDP was not working (bsc#1169679). ----------------------------------------- Patch: SUSE-2020-2071 Released: Wed Jul 29 12:47:19 2020 Summary: Recommended update for sapconf Severity: moderate References: 1124453,1139176,1150868,1150870,1166925,1168067,1168840 Description: This update for sapconf fixes the following issues: - Check the values of the 'vm.dirty_*' settings to be in a valid range before activating or restoring these system values. (bsc#1168067) - Add a logrotate drop-in file for sapconf to control the size of the logfile. (bsc#1166925) - Implement and use the system wide security limits. (bsc#1168840) - Add support multi-queued scheduler for block devices. (jsc#SLE-11141, jsc#SLE-11144) - Remove usage of tuned from sapconf (jsc#SLE-10986, jsc#SLE-10989): - Only ONE configuration file for sapconf - All parameters of the tuned profile defined in tuned.conf sapconf - Implement Switching a sapconf profile. - Prevent sapconf related tuned error messages by turning off tuned in the preinstall phase and removing the 'active' sapconf profile. - If sapconf detects an improper tuned profile during start notes that the log, fails the start deliberatly and guides the administrator to the problem. (bsc#1139176) - Use absolute path in the configuration file. (bsc#1124453) - Replace the delimiter for a sed command in postinstall script, because of conflicts with rpm macros. (bsc#1150868, bsc#1150870) ----------------------------------------- Patch: SUSE-2020-2080 Released: Wed Jul 29 20:09:09 2020 Summary: Recommended update for libtool Severity: moderate References: 1171566 Description: This update for libtool provides missing the libltdl 32bit library. (bsc#1171566) ----------------------------------------- Patch: SUSE-2020-2082 Released: Thu Jul 30 09:49:35 2020 Summary: Recommended update for google-guest-agent, google-guest-configs, and google-guest-oslogin Severity: moderate References: 1174304,1174306 Description: The python based packages google-compute-engine-init and google-compute-engine-oslogin were deprecated and are now replaced by the new Go based packages google-guest-agent, google-guest-configs, and google-guest-oslogin (jsc#ECO-2099) ----------------------------------------- Patch: SUSE-2020-2083 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Severity: moderate References: 1156913 Description: This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) ----------------------------------------- Patch: SUSE-2020-2091 Released: Thu Jul 30 14:55:00 2020 Summary: Recommended update for python-kiwi Severity: moderate References: 1156677,1168973,1172928 Description: This update for python-kiwi fixes the following issues: - Fixed checking for root device in grub config. (bsc#1172928) - Fix for conflicting files of man-pages between different versions. (bsc#1168973, bsc#1156677) ----------------------------------------- Patch: SUSE-2020-2093 Released: Thu Jul 30 14:57:24 2020 Summary: Recommended update for tftpboot-installation-common Severity: low References: 1172161 Description: This update for tftpboot-installation-common fixes the following issues: - Fix typo in service file. (bsc#1172161) ----------------------------------------- Patch: SUSE-2020-2094 Released: Thu Jul 30 15:01:35 2020 Summary: Recommended update for crmsh Severity: low References: 1174588 Description: This update for crmsh fixes the following issues: - Fix for corosync to handle the return code of 'corosync-quorumtool' correctly. (bsc#1174588) ----------------------------------------- Patch: SUSE-2020-2095 Released: Thu Jul 30 17:10:15 2020 Summary: Security update for ghostscript Severity: important References: 1174415,CVE-2020-15900 Description: This update for ghostscript fixes the following issues: - fixed CVE-2020-15900 Memory Corruption (SAFER Sandbox Breakout) cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 (bsc#1174415) ----------------------------------------- Patch: SUSE-2020-2099 Released: Fri Jul 31 08:06:40 2020 Summary: Recommended update for systemd Severity: moderate References: 1173227,1173229,1173422 Description: This update for systemd fixes the following issues: - migrate-sysconfig-i18n.sh: fixed marker handling (bsc#1173229) The marker is used to make sure the script is run only once. Instead of storing it in /usr, use /var which is more appropriate for such file. Also make it owned by systemd package. - Fix inconsistent file modes for some ghost files (bsc#1173227) Ghost files are assumed by rpm to have mode 000 by default which is not consistent with file permissions set at runtime. Also /var/lib/systemd/random-seed was tracked wrongly as a directory. Also don't track (ghost) /etc/systemd/system/runlevel*.target aliases since we're not supposed to track units or aliases user might define/override. - Fix build of systemd on openSUSE Leap 15.2 (bsc#1173422) ----------------------------------------- Patch: SUSE-2020-2103 Released: Mon Aug 3 11:31:25 2020 Summary: Security update for the Linux Kernel Severity: important References: 1051510,1065729,1071995,1085030,1111666,1112178,1113956,1114279,1144333,1148868,1150660,1151927,1152624,1158983,1159058,1161016,1162002,1162063,1163309,1166985,1167104,1168081,1168959,1169194,1169514,1169771,1169795,1170011,1170442,1170592,1170617,1170618,1171124,1171424,1171529,1171530,1171558,1171732,1171739,1171743,1171753,1171759,1171835,1171841,1171868,1171904,1172247,1172257,1172344,1172458,1172484,1172537,1172538,1172687,1172719,1172759,1172775,1172781,1172782,1172783,1172871,1172872,1172999,1173060,1173074,1173146,1173265,1173280,1173284,1173428,1173514,1173567,1173573,1173746,1173818,1173820,1173825,1173826,1173833,1173838,1173839,1173845,1173857,1174113,1174115,1174122,1174123,1174186,1174187,1174296,1174343,1174356,1174409,1174438,1174462,1174543,CVE-2019-20810,CVE-2019-20908,CVE-2020-0305,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10769,CVE-2020-10773,CVE-2020-10781,CVE-2020-12771,CVE-2020-12888,CVE-2020-13974,CVE-2020-14416,CVE-2020-15393,CVE-2020-15780 Description: The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514). - CVE-2020-12771: An issue was discovered in btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999). - CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783). - CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781). - CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2019-20810: Fixed a memory leak in go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c because it did not call snd_card_free for a failure path (bnc#1172458). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10781: Fixed a denial of service issue in the ZRAM implementation (bsc#1173074). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bsc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c: incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bsc#1173567). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c: injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bsc#1173573). The following non-security bugs were fixed: - ACPI: GED: add support for _Exx / _Lxx handler methods (bsc#1111666). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (bsc#1111666). - ACPI: NFIT: Fix unlock on error in scrub_show() (bsc#1171753). - ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510). - ACPI: sysfs: Fix pm_profile_attr type (bsc#1111666). - ACPI: video: Use native backlight on Acer Aspire 5783z (bsc#1111666). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (bsc#1111666). - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510). - ALSA: hda: Add ElkhartLake HDMI codec vid (bsc#1111666). - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (bsc#1111666). - ALSA: hda/hdmi - enable runtime pm for newer AMD display audio (bsc#1111666). - ALSA: hda - let hs_mic be picked ahead of hp_mic (bsc#1111666). - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (bsc#1111666). - ALSA: hda/realtek - Add LED class support for micmute LED (bsc#1111666). - ALSA: hda/realtek - Enable micmute LED on and HP system (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (bsc#1111666). - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (bsc#1111666). - ALSA: lx6464es - add support for LX6464ESe pci express variant (bsc#1111666). - ALSA: opl3: fix infoleak in opl3 (bsc#1111666). - ALSA: pcm: disallow linking stream to itself (bsc#1111666). - ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (bsc#1111666). - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (bsc#1111666). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (bsc#1111666). - ALSA: usb-audio: Clean up quirk entries with macros (bsc#1111666). - ALSA: usb-audio: Fix inconsistent card PM state after resume (bsc#1111666). - ALSA: usb-audio: Fix packet size calculation (bsc#1111666). - ALSA: usb-audio: Fix racy list management in output queue (bsc#1111666). - ALSA: usb-audio: Improve frames size computation (bsc#1111666). - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (bsc#1111666). - ALSA: usb-audio: Use the new macro for HP Dock rename quirks (bsc#1111666). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12423). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (bsc#1111666). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (bsc#1111666). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (bsc#1111666). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (bsc#1111666). - ax25: fix setsockopt(SO_BINDTODEVICE) (networking-stable-20_05_27). - b43: Fix connection problem with WPA3 (bsc#1111666). - b43_legacy: Fix connection problem with WPA3 (bsc#1111666). - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)). - be2net: fix link failure after ethtool offline test (git-fixes). - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)). - block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)). - Bluetooth: Add SCO fallback for invalid LMP parameters error (bsc#1111666). - bnxt_en: Fix AER reset logic on 57500 chips (git-fixes). - bnxt_en: Fix ethtool selftest crash under error conditions (git-fixes). - bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails (git-fixes). - bnxt_en: Fix ipv6 RFS filter matching logic (git-fixes). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (git-fixes). - bnxt_en: Fix VF anti-spoof filter setup (networking-stable-20_05_12). - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features() (networking-stable-20_05_12). - bnxt_en: Improve AER slot reset (networking-stable-20_05_12). - brcmfmac: fix wrong location to get firmware feature (bsc#1111666). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: add new helper btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: Always use a cached extent_state in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix extent_state leak in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled after disable (bsc#1172247). - btrfs: Return EAGAIN if we can't start no snpashot write in check_can_nocow (bsc#1174438). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - btrfs: Use newly introduced btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads (bsc#1111666). - carl9170: remove P2P_GO support (bsc#1111666). - CDC-ACM: heed quirk also in error handling (git-fixes). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1167104). - ceph: request expedited service on session's last cap flush (bsc#1167104). - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages (bsc#1173857). - char/random: Add a newline at the end of the file (jsc#SLE-12423). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333). - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016). - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016). - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510). - clk: clk-flexgen: fix clock-critical handling (bsc#1051510). - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (bsc#1111666). - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)). - compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)). - copy_{to,from}_user(): consolidate object size checks (git fixes). - crypto: algboss - do not wait during notifier callback (bsc#1111666). - crypto: algif_skcipher - Cap recv SG list at ctx->used (bsc#1111666). - crypto: caam - update xts sector size for large input length (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - Crypto/chcr: fix for ccm(aes) failed test (bsc#1111666). - crypto: chelsio/chtls: properly set tp->lsndtime (bsc#1111666). - crypto: talitos - fix IPsec cipher in length (git-fixes). - crypto: talitos - reorder code in talitos_edesc_alloc() (git-fixes). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - /dev/mem: Add missing memory barriers for devmem_inode (git-fixes). - /dev/mem: Revoke mappings when a driver claims the region (git-fixes). - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (bsc#1111666). - dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)). - dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)). - dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)). - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)). - dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)). - dm: various cleanups to md->queue initialization code (git fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - driver-core, libnvdimm: Let device subsystems add local lockdep coverage (bsc#1171753). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617, bsc#1170618). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510). - drm: amd/display: fix Kconfig help text (bsc#1113956) * only fix DEBUG_KERNEL_DC - drm: bridge: adv7511: Extend list of audio sample rates (bsc#1111666). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1113956) * context changes - drm: encoder_slave: fix refcouting error for modules (bsc#1111666). - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1112178) - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (bsc#1111666). - drm/mediatek: Check plane visibility in atomic_update (bsc#1113956) * context changes - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (bsc#1111666). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (bsc#1111666). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1113956) - drm/radeon: fix double free (bsc#1113956) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1113956) - drm/sun4i: hdmi ddc clk: Fix size of m divider (bsc#1111666). - drm/tegra: hub: Do not enable orphaned window group (bsc#1111666). - drm/vkms: Hold gem object while still in-use (bsc#1113956) * context changes - Drop another USB dwc3 gadget patch that broke the build - Drop USB dwc3 gadget patch that broke the build on openSUSE-15.1 branch - e1000: Distribute switch variables for initialization (bsc#1111666). - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - e1000e: Relax condition to trigger reset for ME workaround (bsc#1111666). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - efi/random: Increase size of firmware supplied randomness (jsc#SLE-12423). - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12423). - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12423). - efi: Reorder pr_notice() with add_device_randomness() call (jsc#SLE-12423). - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510). - evm: Fix a small race in init_desc() (bsc#1051510). - ext4: fix a data race at inode->i_blocks (bsc#1171835). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - fdt: add support for rng-seed (jsc#SLE-12423). - fdt: Update CRC check for rng-seed (jsc#SLE-12423). - firmware: imx: scu: Fix corruption of header (git-fixes). - firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (bsc#1111666). - Fix boot crash with MD (bsc#1174343) Refresh patches.suse/mdraid-fix-read-write-bytes-accounting.patch - fix multiplication overflow in copy_fdtable() (bsc#1173825). - Fix Patch-mainline tag in the previous zram fix patch - fpga: dfl: afu: Corrected error handling levels (git-fixes). - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - gpiolib: Document that GPIO line names are not globally unique (bsc#1051510). - gpu: host1x: Detach driver on unregister (bsc#1111666). - gpu: ipu-v3: pre: do not trigger update if buffer address does not change (bsc#1111666). - HID: magicmouse: do not set up autorepeat (git-fixes). - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (bsc#1111666). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (bsc#1111666). - hwmon: (max6697) Make sure the OVERT mask is set correctly (bsc#1111666). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (bsc#1111666). - i2c: eg20t: Load module automatically if ID matches (bsc#1111666). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (bsc#1111666). - i40e: reduce stack usage in i40e_set_fc (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (bsc#1111666). - iio:humidity:hdc100x Fix alignment and data leak issues (bsc#1111666). - iio:magnetometer:ak8974: Fix alignment and data leak issues (bsc#1111666). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (bsc#1111666). - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510). - iio:pressure:ms5611 Fix buffer element alignment (bsc#1111666). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (bsc#1111666). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510). - ima: Fix ima digest hash table key calculation (bsc#1051510). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (bsc#1111666). - input: i8042 - Remove special PowerPC handling (git-fixes). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (bsc#1111666). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - intel_th: Fix a NULL dereference when hub driver is not loaded (bsc#1111666). - ipvlan: call dev_change_flags when ipvlan mode is reset (git-fixes). - ixgbevf: Remove limit of 10 entries for unicast filter list (git-fixes). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12423). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - kernfs: fix barrier usage in __kernfs_new_node() (bsc#1111666). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - KVM: x86: Fix APIC page invalidation race (bsc#1174122). - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - libceph: do not omit recovery_deletes in target_copy() (bsc#1174113). - libceph: ignore pool overlay and cache logic on redirects (bsc#1173146). - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock (bsc#1171753). - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant (bsc#1171753). - libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() (bsc#1171753). - libnvdimm: cover up changes in struct nvdimm_bus (bsc#1171753). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Initialize bad block for volatile namespaces (bnc#1151927 5.3.6). - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1172687 bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - mac80211: add option for setting control flags (bsc#1111666). - mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX (bsc#1111666). - mailbox: imx: Disable the clock on devm_mbox_controller_register() failure (git-fixes). - md: Avoid namespace collision with bitmap API (git fixes (block drivers)). - mdraid: fix read/write bytes accounting (bsc#1172537). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (bsc#1166985)). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - media: si2157: Better check for running tuner in init (bsc#1111666). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue (git-fixes). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue (git-fixes). - mlxsw: pci: Return error on PCI reset timeout (git-fixes). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed (git-fixes). - mlxsw: spectrum_dpipe: Add missing error path (git-fixes). - mlxsw: spectrum: Prevent force of 56G (git-fixes). - mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead (git-fixes). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (git-fixes). - mlxsw: spectrum_switchdev: Add MDB entries in prepare phase (git-fixes). - mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky (git-fixes). - mmc: block: Fix request completion in the CQE timeout path (bsc#1111666). - mmc: block: Fix use-after-free issue for rpmb (bsc#1111666). - mmc: fix compilation of user API (bsc#1051510). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (bsc#1111666). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (bsc#1111666). - Move upstreamed lpfc patches into sorted section - mvpp2: remove misleading comment (git-fixes). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - net/cxgb4: Check the return from t4_query_params properly (git-fixes). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (git-fixes). - net: ena: add missing ethtool TX timestamping indication (git-fixes). - net: ena: avoid memory access violation by validating req_id properly (git-fixes). - net: ena: do not wake up tx queue when down (git-fixes). - net: ena: ena-com.c: prevent NULL pointer dereference (git-fixes). - net: ena: ethtool: use correct value for crc32 hash (git-fixes). - net: ena: fix continuous keep-alive resets (git-fixes). - net: ena: fix corruption of dev_idx_to_host_tbl (git-fixes). - net: ena: fix default tx interrupt moderation interval (git-fixes). - net: ena: fix incorrect default RSS key (git-fixes). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (git-fixes). - net: ena: fix issues in setting interrupt moderation params in ethtool (git-fixes). - net: ena: fix potential crash when rxfh key is NULL (git-fixes). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (git-fixes). - net: ena: fix uses of round_jiffies() (git-fixes). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (git-fixes). - net: ena: reimplement set/get_coalesce() (git-fixes). - net: ena: rss: do not allocate key when not supported (git-fixes). - net: ena: rss: fix failure to get indirection table (git-fixes). - net: ena: rss: store hash function as values and not bits (git-fixes). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set (git-fixes). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net/mlx4_core: drop useless LIST_HEAD (git-fixes). - net/mlx4_core: fix a memory leak bug (git-fixes). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Avoid panic when setting vport rate (git-fixes). - net/mlx5: Continue driver initialization despite debugfs failure (git-fixes). - net/mlx5e: ethtool, Fix a typo in WOL function names (git-fixes). - net/mlx5e: Fix traffic duplication in ethtool steering (git-fixes). - net/mlx5e: Remove unnecessary clear_bit()s (git-fixes). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix crash upon suspend/resume (networking-stable-20_06_07). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net: mvmdio: allow up to four clocks to be specified for orion-mdio (git-fixes). - net: mvpp2: prs: Do not override the sign bit in SRAM parser shift (git-fixes). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qede: stop adding events on an already destroyed workqueue (git-fixes). - net: qed: fix excessive QM ILT lines consumption (git-fixes). - net: qed: fix NVMe login fails over VFs (git-fixes). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: revert 'net: get rid of an signed integer overflow in ip_idents_reserve()' (networking-stable-20_05_27). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: usb: qmi_wwan: add Telit 0x1050 composition (networking-stable-20_06_07). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K (git-fixes). - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592). - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592). - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() (bsc#1173857). - nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type (bsc#1111666). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - nvme: fail cancelled commands with NVME_SC_HOST_PATH_ERROR (bsc#1158983 bsc#1172538). - nvme-fc: Fail transport errors with NVME_SC_HOST_PATH (bsc#1158983 bsc#1172538). - nvme-tcp: fail command with NVME_SC_HOST_PATH_ERROR send failed (bsc#1158983 bsc#1172538). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - ocfs2: no need try to truncate file beyond i_size (bsc#1171841). - overflow: Fix -Wtype-limits compilation warnings (git fixes). - overflow.h: Add arithmetic shift helper (git fixes). - p54usb: add AirVasT USB stick device-id (bsc#1051510). - padata: ensure the reorder timer callback runs on the correct CPU (git-fixes). - padata: reorder work kABI fixup (git-fixes). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510). - PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510). - PCI: Generalize multi-function power dependency device links (bsc#1111666). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871, bsc#1172872). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871, bsc#1172872). - PCI: hv: Introduce hv_msi_entry (bsc#1172871, bsc#1172872). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871, bsc#1172872). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871, bsc#1172872). - PCI: pciehp: Fix indefinite wait on sysfs requests (git-fixes). - PCI: pciehp: Support interrupts sent from D3hot (git-fixes). - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes). - PCI: Program MPS for RCiEP devices (bsc#1051510). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - pcm_native: result of put_user() needs to be checked (bsc#1111666). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/intel/uncore: Handle invalid event coding for free-running counter (git-fixes). - perf/x86/uncore: Fix event group support (git-fixes). - pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510). - platform/x86: dell-laptop: do not register micmute LED if there is no token (bsc#1111666). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (bsc#1111666). - PM / Domains: Allow genpd users to specify default active wakeup behavior (git-fixes). - pnp: Use list_for_each_entry() instead of open coding (git fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510). - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510). - power: vexpress: add suppress_bind_attrs to true (bsc#1111666). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - qed: reduce maximum stack frame size (git-fixes). - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes). - r8152: support additional Microsoft Surface Ethernet Adapter variant (networking-stable-20_05_27). - raid5: remove gfp flags from scribble_alloc() (bsc#1166985). - RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1111666) - RDMA/efa: Set maximum pkeys device attribute (bsc#1111666) - RDMA/efa: Support remote read access in MR registration (bsc#1111666) - RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1111666) - README.BRANCH: Add Takashi Iwai as primary maintainer. - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (bsc#1111666). - resolve KABI warning for perf-pt-coresight (git-fixes). - Revert 'bcache: ignore pending signals when creating gc and allocator thread' (git fixes (block drivers)). - Revert commit e918e570415c ('tpm_tis: Remove the HID IFX0102') (bsc#1111666). - Revert 'dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues' (git fixes (block drivers)). - Revert 'thermal: mediatek: fix register index error' (bsc#1111666). - Revert 'tools lib traceevent: Remove unneeded qsort and uses memmove' - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scsi: aacraid: fix a signedness bug (bsc#1174296). - scsi: hisi_sas: fix calls to dma_set_mask_and_coherent() (bsc#1174296). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix inconsistent indenting (bsc#1158983). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1158983). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1158983). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1158983). - scsi: megaraid_sas: Fix a compilation warning (bsc#1174296). - scsi: mpt3sas: Fix double free in attach error handling (bsc#1174296). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1174296). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - spi: dw: use 'smp_mb()' to avoid sending spi data error (bsc#1051510). - spi: fix initial SPI_SR value in spi-fsl-dspi (bsc#1111666). - spi: pxa2xx: Apply CS clk quirk to BXT (bsc#1111666). - spi: spidev: fix a race between spidev_release and spidev_remove (bsc#1111666). - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (bsc#1111666). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (bsc#1111666). - staging: comedi: verify array index is correct before using it (bsc#1111666). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510). - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - timers: Add a function to start/reduce a timer (networking-stable-20_05_27). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (bsc#1111666). - tpm_tis: Remove the HID IFX0102 (bsc#1111666). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510). - tty: n_gsm: Fix SOF skipping (bsc#1051510). - tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - ubifs: remove broken lazytime support (bsc#1173826). - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - USB: c67x00: fix use after free in c67x00_giveback_urb (bsc#1111666). - usb: chipidea: core: add wakeup support for extcon (bsc#1111666). - usb: dwc2: Fix shutdown callback in platform (bsc#1111666). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510). - usb: dwc3: gadget: introduce cancelled_list (git-fixes). - usb: dwc3: gadget: never call ->complete() from ->ep_queue() (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - USB: ehci: reopen solution for Synopsys HC bug (git-fixes). - usb: gadget: fix potential double-free in m66592_probe (bsc#1111666). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (bsc#1111666). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (bsc#1111666). - usb: gadget: udc: Potential Oops in error handling code (bsc#1111666). - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (bsc#1111666). - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510). - usb: musb: Fix runtime PM imbalance on error (bsc#1051510). - usb: musb: start session in resume for host port (bsc#1051510). - usbnet: smsc95xx: Fix use-after-free after removal (bsc#1111666). - USB: ohci-sm501: Add missed iounmap() in remove (bsc#1111666). - USB: serial: ch341: add new Product ID for CH340 (bsc#1111666). - USB: serial: cypress_m8: enable Simply Automated UPB PIM (bsc#1111666). - USB: serial: iuu_phoenix: fix memory corruption (bsc#1111666). - USB: serial: option: add GosunCn GM500 series (bsc#1111666). - USB: serial: option: add Quectel EG95 LTE modem (bsc#1111666). - USB: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510). - USB: serial: qcserial: add DW5816e QDL support (bsc#1051510). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174123). - vfs: Fix EOVERFLOW testing in put_compat_statfs64 (bnc#1151927 5.3.6). - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag 'rxcsum' from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (git-fixes). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510). - watchdog: sp805: fix restart handler (bsc#1111666). - wil6210: add general initialization/size checks (bsc#1111666). - wil6210: check rx_buff_mgmt before accessing it (bsc#1111666). - wil6210: ignore HALP ICR if already handled (bsc#1111666). - wil6210: make sure Rx ring sizes are correlated (git-fixes). - work around mvfs bug (bsc#1162063). - x86/apic: Install an empty physflat_init_apic_ldr (bsc#1163309). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86: Fix early boot crash on gcc-10, third try (bsc#1114279). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - xfrm: fix error in comment (git fixes). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). ----------------------------------------- Patch: SUSE-2020-2111 Released: Tue Aug 4 07:55:36 2020 Summary: Recommended update for gnome-initial-setup Severity: moderate References: 1172910 Description: This update for gnome-initial-setup fixes the following issues: - Fix to start 'gnome-initial-setup' via 'xdg autostart' as an alternative to systemd user units on SLE-15-SP2. (bsc#1172910) ----------------------------------------- Patch: SUSE-2020-2113 Released: Tue Aug 4 10:39:23 2020 Summary: Recommended update for ocfs2-tools Severity: moderate References: 1170530 Description: This update for ocfs2-tools fixes the following issue: - Fix debugfs.ocfs2 error on devices with sector size 4096 (bsc#1170530) ----------------------------------------- Patch: SUSE-2020-2115 Released: Tue Aug 4 12:12:10 2020 Summary: Recommended update for opus Severity: moderate References: 1172526 Description: This update for opus fixes the following issues: - Fix for an issue when the 'CELTDecoder' can be larger than 21 and cauese crash by builds with custom modes or hardening. (bsc#1172526) ----------------------------------------- Patch: SUSE-2020-2116 Released: Tue Aug 4 15:12:41 2020 Summary: Security update for libX11 Severity: important References: 1174628,CVE-2020-14344 Description: This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628) ----------------------------------------- Patch: SUSE-2020-2126 Released: Wed Aug 5 09:26:46 2020 Summary: Recommended update for cloud-regionsrv-client Severity: moderate References: 1173474,1173475 Description: This update for cloud-regionsrv-client fixes the following issues: - Introduce containerbuild-regionsrv service to allow container building tools to access required data for accessing Public Cloud RMTs (bsc#1173474, bsc#1173475) ----------------------------------------- Patch: SUSE-2020-2127 Released: Wed Aug 5 10:28:23 2020 Summary: Recommended update for python-azure-agent Severity: important References: 1173866 Description: This update for python-azure-agent fixes the following issues: - Properly set the DHCP configuration to push the hostname to the DHCP server. (bsc#1173866) - Do not bring the interface down to push the hostname, just use 'ifup'. (bsc#1173866) ----------------------------------------- Patch: SUSE-2020-2128 Released: Wed Aug 5 10:28:47 2020 Summary: Recommended update for cryptctl Severity: moderate References: Description: cryptctl was updated to fix the following issue - crypto is shipped into the Basesystem module. (ECO-2067) ----------------------------------------- Patch: SUSE-2020-2130 Released: Wed Aug 5 13:01:43 2020 Summary: Recommended update for aws-iam-authenticator, cni, cni-plugins Severity: moderate References: 1098521 Description: This update ships initial versions of the aws-iam-authenticator, cni, cni-plugins packages to the Public Cloud module. (jsc#PM-1449, jsc#SLE-10777, bsc#1098521) This provides support for Amazon EKS. ----------------------------------------- Patch: SUSE-2020-2142 Released: Thu Aug 6 11:05:34 2020 Summary: Security update for xrdp Severity: important References: 1173580,CVE-2020-4044 Description: This update for xrdp fixes the following issues: - Update to version 0.9.13.1 + This is a security fix release that includes fixes for the following local buffer overflow vulnerability (bsc#1173580): CVE-2020-4044 ----------------------------------------- Patch: SUSE-2020-2143 Released: Thu Aug 6 11:06:49 2020 Summary: Security update for java-11-openjdk Severity: important References: 1174157,CVE-2020-14556,CVE-2020-14562,CVE-2020-14573,CVE-2020-14577,CVE-2020-14581,CVE-2020-14583,CVE-2020-14593,CVE-2020-14621 Description: This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.8+10 (July 2020 CPU, bsc#1174157) * Security fixes: + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming + JDK-8233239, CVE-2020-14562: Enhance TIFF support + JDK-8233255: Better Swing Buttons + JDK-8234032: Improve basic calendar services + JDK-8234042: Better factory production of certificates + JDK-8234418: Better parsing with CertificateFactory + JDK-8234836: Improve serialization handling + JDK-8236191: Enhance OID processing + JDK-8236867, CVE-2020-14573: Enhance Graal interface handling + JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior + JDK-8237592, CVE-2020-14577: Enhance certificate verification + JDK-8238002, CVE-2020-14581: Better matrix operations + JDK-8238013: Enhance String writing + JDK-8238804: Enhance key handling process + JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable + JDK-8238843: Enhanced font handing + JDK-8238920, CVE-2020-14583: Better Buffer support + JDK-8238925: Enhance WAV file playback + JDK-8240119, CVE-2020-14593: Less Affine Transformations + JDK-8240482: Improved WAV file playback + JDK-8241379: Update JCEKS support + JDK-8241522: Manifest improved jar headers redux + JDK-8242136, CVE-2020-14621: Better XML namespace handling * Other changes: + JDK-6933331: (d3d/ogl) java.lang.IllegalStateException: Buffers have not been created + JDK-7124307: JSpinner and changing value by mouse + JDK-8022574: remove HaltNode code after uncommon trap calls + JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails + JDK-8040630: Popup menus and tooltips flicker with previous popup contents when first shown + JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9) + JDK-8048215: [TESTBUG] java/lang/management/ManagementFactory/ThreadMXBeanProxy.java Expected non-null LockInfo + JDK-8051349: nsk/jvmti/scenarios/sampling/SP06/sp06t003 fails in nightly + JDK-8080353: JShell: Better error message on attempting to add default method + JDK-8139876: Exclude hanging nsk/stress/stack from execution with deoptimization enabled + JDK-8146090: java/lang/ref/ReachabilityFenceTest.java fails with -XX:+DeoptimizeALot + JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout + JDK-8156207: Resource allocated BitMaps are often cleared unnecessarily + JDK-8159740: JShell: corralled declarations do not have correct source to wrapper mapping + JDK-8175984: ICC_Profile has un-needed, not-empty finalize method + JDK-8176359: Frame#setMaximizedbounds not working properly in multi screen environments + JDK-8183369: RFC unconformity of HttpURLConnection with proxy + JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT + JDK-8189861: Refactor CacheFind + JDK-8191169: java/net/Authenticator/B4769350.java failed intermittently + JDK-8191930: [Graal] emits unparseable XML into compile log + JDK-8193879: Java debugger hangs on method invocation + JDK-8196019: java/awt/Window/Grab/GrabTest.java fails on Windows + JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails + JDK-8198000: java/awt/List/EmptyListEventTest/EmptyListEventTest.java debug assert on Windows + JDK-8198001: java/awt/Menu/WrongParentAfterRemoveMenu/ /WrongParentAfterRemoveMenu.java debug assert on Windows + JDK-8198339: Test javax/swing/border/Test6981576.java is unstable + JDK-8200701: jdk/jshell/ExceptionsTest.java fails on Windows, after JDK-8198801 + JDK-8203264: JNI exception pending in PlainDatagramSocketImpl.c:740 + JDK-8203672: JNI exception pending in PlainSocketImpl.c + JDK-8203673: JNI exception pending in DualStackPlainDatagramSocketImpl.c:398 + JDK-8204834: Fix confusing 'allocate' naming in OopStorage + JDK-8205399: Set node color on pinned HashMap.TreeNode deletion + JDK-8205653: test/jdk/sun/management/jmxremote/bootstrap/ /RmiRegistrySslTest.java and RmiSslBootstrapTest.sh fail with handshake_failure + JDK-8206179: com/sun/management/OperatingSystemMXBean/ /GetCommittedVirtualMemorySize.java fails with Committed virtual memory size illegal value + JDK-8207334: VM times out in VM_HandshakeAllThreads::doit() with RunThese30M + JDK-8208277: Code cache heap (-XX:ReservedCodeCacheSize) doesn't work with 1GB LargePages ----------------------------------------- Patch: SUSE-2020-2144 Released: Thu Aug 6 11:07:58 2020 Summary: Security update for wireshark Severity: moderate References: 1169063,1171899,1173606,CVE-2020-11647,CVE-2020-13164,CVE-2020-15466 Description: This update for wireshark fixes the following issues: - Wireshark to 3.2.5: * CVE-2020-15466: GVCP dissector infinite loop (bsc#1173606) * CVE-2020-13164: NFS dissector crash (bsc#1171899) * CVE-2020-11647: The BACapp dissector could crash (bsc#1169063) - Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.2.5.html ----------------------------------------- Patch: SUSE-2020-2147 Released: Thu Aug 6 13:36:01 2020 Summary: Security update for MozillaFirefox Severity: important References: 1171433,1174538,CVE-2020-15652,CVE-2020-15653,CVE-2020-15654,CVE-2020-15655,CVE-2020-15656,CVE-2020-15657,CVE-2020-15658,CVE-2020-15659,CVE-2020-6463,CVE-2020-6514 Description: This update for MozillaFirefox fixes the following issues: This update for MozillaFirefox and pipewire fixes the following issues: MozillaFirefox Extended Support Release 78.1.0 ESR * Fixed: Various stability, functionality, and security fixes (bsc#1174538) * CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514: WebRTC data channel leaks internal address to peer * CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653: Bypassing iframe sandbox when allowing popups * CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656: Type confusion for special arguments in IonMonkey * CVE-2020-15658: Overriding file type when saving to disk * CVE-2020-15657: DLL hijacking due to incorrect loading path * CVE-2020-15654: Custom cursor can overlay user interface * CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1 pipewire was updated to version 0.3.6 (bsc#1171433, jsc#ECO-2308): * Extensive memory leak fixing and stress testing was done. A big leak in screen sharing with DMA-BUF was fixed. * Compile fixes * Stability improvements in jack and pulseaudio layers. * Added the old portal module to make the Camera portal work again. This will be moved to the session manager in future versions. * Improvements to the GStreamer source and sink shutdown. * Fix compatibility with v2 clients again when negotiating buffers. ----------------------------------------- Patch: SUSE-2020-2148 Released: Thu Aug 6 13:36:17 2020 Summary: Recommended update for ca-certificates-mozilla Severity: important References: 1174673 Description: This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 ----------------------------------------- Patch: SUSE-2020-2162 Released: Fri Aug 7 08:00:52 2020 Summary: Recommended update for php7 Severity: moderate References: 1173786 Description: This update for php7 fixes the following issues: - Add 'tmpfiles.d' for 'php-fpm' to provide a base for a socket and fix this error accordingly. (bsc#1173786) ----------------------------------------- Patch: SUSE-2020-2172 Released: Fri Aug 7 16:11:00 2020 Summary: Security update for perl-XML-Twig Severity: moderate References: 1008644,CVE-2016-9180 Description: This update for perl-XML-Twig fixes the following issues: - Security fix [bsc#1008644, CVE-2016-9180] * Setting expand_external_ents to 0 or -1 currently doesn't work as expected; To completely turn off expanding external entities use no_xxe. * Update documentation for XML::Twig to mention problems with expand_external_ents and add information about new no_xxe argument ----------------------------------------- Patch: SUSE-2020-2197 Released: Tue Aug 11 13:32:49 2020 Summary: Security update for libX11 Severity: important References: 1174628,CVE-2020-14344 Description: This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628). ----------------------------------------- Patch: SUSE-2020-2199 Released: Tue Aug 11 13:34:24 2020 Summary: Security update for webkit2gtk3 Severity: important References: 1174662,CVE-2020-9862,CVE-2020-9893,CVE-2020-9894,CVE-2020-9895,CVE-2020-9915,CVE-2020-9925 Description: This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.4 (bsc#1174662): + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925. ----------------------------------------- Patch: SUSE-2020-2210 Released: Wed Aug 12 06:24:02 2020 Summary: Recommended update for osc Severity: moderate References: 1173926 Description: This update for osc fixes the following issues: - Fix for performance issues by assuming utf-8 or latin-1 as default, and speed up decoding. (bsc#1173926) ----------------------------------------- Patch: SUSE-2020-2219 Released: Wed Aug 12 15:47:42 2020 Summary: Recommended update for supportutils-plugin-suse-public-cloud and python3-azuremetadata Severity: moderate References: 1170475,1170476,1173238,1173240,1173357,1174618,1174847 Description: This update for supportutils-plugin-suse-public-cloud and python3-azuremetadata fixes the following issues: supportutils-plugin-suse-public-cloud: - Fixes an error when supportutils-plugin-suse-public-cloud and supportutils-plugin-salt are installed at the same time (bsc#1174618) - Sensitive information like credentials (such as access keys) will be removed when the metadata is being collected (bsc#1170475, bsc#1170476) python3-azuremetadata: - Added latest support for `--listapis` and `--api` (bsc#1173238, bsc#1173240) - Detects when the VM is running in ASM (Azure Classic) and does now handle the condition to generate the data without requiring access to the full IMDS available, only in ARM instances (bsc#1173357, bsc#1174847) ----------------------------------------- Patch: SUSE-2020-2220 Released: Wed Aug 12 16:23:08 2020 Summary: Recommended update for hawk2 Severity: moderate References: Description: This update for hawk2 fixes the following issue: Update to version 2.1.2+git.1594886920.d00b94aa: - Update puma rubygem requirement to version 4.3.5 for disabling TLSv1.0 and TLSv1.1 (jsc#SLE-6965) ----------------------------------------- Patch: SUSE-2020-2236 Released: Thu Aug 13 13:06:27 2020 Summary: Recommended update for wireguard-tools Severity: moderate References: Description: This update for wireguard-tools fixes the following issues: Update to version 1.0.20200513 * Makefile: remember to install all systemd units * ipc: openbsd: switch to array ioctl interface Update to version 1.0.20200510 * ipc: add support for openbsd kernel implementation * ipc: cleanup openbsd support * wg-quick: add support for openbsd kernel implementation * wg-quick: cleanup openbsd support * wg-quick: support dns search domains * Makefile: simplify silent cleaning * git: add gitattributes so tarball doesn't have gitignore files * terminal: specialize color_mode to stdout only * highlighter: insist on 256-bit keys, not 257-bit or 258-bit * wg-quick: android: support application whitelist * systemd: add wg-quick.target Update to version 1.0.20200319 * netlink: initialize mostly unused field * curve25519: squelch warnings on clang * man: fix grammar in wg(8) and wg-quick(8) * man: backlink wg-quick(8) in wg(8) * man: add a warning to the SaveConfig description * wincompat: use string_list instead of inflatable_buffer Update to version 1.0.20200206 * man: document dynamic debug trick for Linux * extract-{handshakes,keys}: rework for upstream kernel * netlink: remove libmnl requirement * embeddable-wg-library: use newer string_list * netlink: don't pretend that sysconf isn't a function * Small cleanups. Update to version 1.0.20200121 * Makefile: add standard 'all' target * ipc: simplify inflatable buffer and add fuzzer * fuzz: add generic command argument fuzzer * fuzz: add set and setconf fuzzers * netlink: make sure to clear return value when trying again * Makefile: sort inputs to linker so that build is reproducible - Initial package, version 1.0.20200102 ----------------------------------------- Patch: SUSE-2020-2252 Released: Mon Aug 17 14:16:31 2020 Summary: Recommended update for python-parallax Severity: moderate References: 1174894 Description: This update for python-parallax fixes the following issue: - Change format of scp command for ipv6 compatibility. (bsc#1174894) ----------------------------------------- Patch: SUSE-2020-2254 Released: Mon Aug 17 15:07:18 2020 Summary: Recommended update for prometheus-sap_host_exporter and prometheus-ha_cluster_exporter Severity: moderate References: 1174429 Description: This update for prometheus-sap_host_exporter and prometheus-ha_cluster_exporter fixes the following issues: prometheus-sap_host_exporter: - Added * --version command line parameter - Fixed * Some usage details are now further clarified prometheus-ha_cluster_exporter: - Features * Added support for corosync v3 - Changed * The CLI flag --enable-timestamps and its config option have been marked as deprecated - Fixes * Fixed an issue with `corosync-quorumtool` parsing in Corosync v2.3.6 ----------------------------------------- Patch: SUSE-2020-2256 Released: Mon Aug 17 15:08:46 2020 Summary: Recommended update for sysfsutils Severity: moderate References: 1155305 Description: This update for sysfsutils fixes the following issue: - Fix cdev name comparison. (bsc#1155305) ----------------------------------------- Patch: SUSE-2020-2265 Released: Tue Aug 18 12:08:55 2020 Summary: Security update for postgresql12 Severity: important References: 1175193,1175194,CVE-2020-14349,CVE-2020-14350 Description: This update for postgresql12 fixes the following issues: - update to 12.4: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/12/release-12-4.html ----------------------------------------- Patch: SUSE-2020-2276 Released: Wed Aug 19 13:22:45 2020 Summary: Security update for python Severity: moderate References: 1174091,CVE-2019-20907 Description: This update for python fixes the following issues: - CVE-2019-20907: Avoid a possible infinite loop caused by specifically crafted tarballs (bsc#1174091). ----------------------------------------- Patch: SUSE-2020-2277 Released: Wed Aug 19 13:24:03 2020 Summary: Security update for python3 Severity: moderate References: 1174091,CVE-2019-20907 Description: This update for python3 fixes the following issues: - bsc#1174091, CVE-2019-20907: avoiding possible infinite loop in specifically crafted tarball. ----------------------------------------- Patch: SUSE-2020-2280 Released: Wed Aug 19 21:27:31 2020 Summary: Recommended update for devscripts Severity: moderate References: 1174163 Description: This update for devscripts fixes the following issue: Update from version 2.15.1 to version 2.19.5 (bsc#1174163) - Add conflicts on packages with the same binaries. - Fixed license tag as suggested by licensedigger. - Changed download location for source tarball from Debian package pool to salsa.debian.org to avoid download errors. - Remove support for ancient openSUSE and non-SUSE distributions. ----------------------------------------- Patch: SUSE-2020-2281 Released: Wed Aug 19 21:28:12 2020 Summary: Recommended update for openssl-1_0_0 Severity: moderate References: 1174459 Description: This update for openssl-1_0_0 fixes the following issue: - Versioning the exported symbols and avoid failures due to the lack of versioning. (bsc#1174459) ----------------------------------------- Patch: SUSE-2020-2282 Released: Wed Aug 19 21:28:40 2020 Summary: Recommended update for libgit2 Severity: moderate References: 1157473 Description: This update for libgit2 provides the following fix: - Include the libgit2 package in SUSE Manager Server 4.0, no source changes made. (bsc#1157473) ----------------------------------------- Patch: SUSE-2020-2289 Released: Fri Aug 21 10:58:57 2020 Summary: Recommended update for davfs2 Severity: moderate References: 1173419 Description: This update for davfs2 fixes the following issue: - Respect nofail option and avoid to fail upon boot if the remote resource is not available. (bsc#1173419) ----------------------------------------- Patch: SUSE-2020-2302 Released: Tue Aug 25 11:08:40 2020 Summary: Recommended update for gnome-shell, gnome-shell-extension-desktop-icons, gnome-shell-extensions Severity: moderate References: 1167276,1169029,1169845,1171822,1172424 Description: This update for gnome-shell, gnome-shell-extension-desktop-icons, gnome-shell-extensions fixes the following issues: Changes in gnome-shell: Update to version 3.34.5 - Leave overview when locking the screen. - Avoid IO on the main thread. - Fix OSK layout fallback for unsupported variants. - Fix high-contrast/symbolic icon mix-up. - Updated translations. - Uniform the checks between SLE and openSUSE. (jsc#SLE-11720) - Show the network agent pop up when required. (bsc#1171822) - Set the button invisible when the user's can_switch is false or user-switch-enabled is disabled. (bsc#1167276) - Remove error in messages log when NetworkManager is not installed. (bsc#1172424) - Remove 'Getting invalid resource scale property' warnings in the log. (bsc#1169845) - Remove error in journal log. (bsc#1169029) Change in gnome-shell-extensions: - Uniform the checks between SLE and openSUSE. (jsc#SLE-11720) Change in gnome-shell-extension-desktop-icons: - Show mounted device icons. (jsc#SLE-12572) ----------------------------------------- Patch: SUSE-2020-2311 Released: Tue Aug 25 14:49:53 2020 Summary: Security update for apache2 Severity: moderate References: 1174052,1175070,1175071,1175074,CVE-2020-11984,CVE-2020-11993,CVE-2020-9490 Description: This update for apache2 fixes the following issues: - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071). - CVE-2020-11984: Fixed an information disclosure bug in mod_proxy_uwsgi (bsc#1175074). - CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070). - Solve a crash in mod_proxy_uwsgi for empty values of environment variables. (bsc#1174052) ----------------------------------------- Patch: SUSE-2020-2314 Released: Tue Aug 25 15:31:17 2020 Summary: Recommended update for cloud-regionsrv-client Severity: moderate References: 1174731,1174732,1174743,1174791,1174837,1174937 Description: This update for cloud-regionsrv-client contains the following fixes: - Update to version 9.1.2: (bsc#1174791, bsc#1174937) + Implement changes to configure the client to use https only for outbound traffic - plugin-ec2 to version 1.0.1 (bsc#1174743, bsc#1174837) + Prefer IMDSv2 and switch all IMDS access requests to support v2 token based access method. - Update to version 9.1.1: (bsc#1174731, bsc#1174732) + Do not immediately failover to a sibling system. Upon contact failure to the target system give the server/route time to recover. We have seen network instability trigger a pre-mature failover during initial registration causing problems later during updates. + When we do failover make sure the access credentials are known to the new target ----------------------------------------- Patch: SUSE-2020-2316 Released: Tue Aug 25 15:38:19 2020 Summary: Recommended update for regionServiceClientConfigEC2 Severity: moderate References: 1174791,1174937 Description: This update for regionServiceClientConfigEC2 contains the following fixes: - Update to version 2.2.1 (bsc#1174791, bsc#1174937) + New configuration to switch to https only outgoing traffic. ----------------------------------------- Patch: SUSE-2020-2318 Released: Tue Aug 25 15:39:22 2020 Summary: Recommended update for python3-ec2metadata Severity: moderate References: 1174743,1174837 Description: This update for python3-ec2metadata contains the following fixes: - Update to version 3.0.3 (bsc#1174743, bsc#1174837) + Prefer IMDSv2 and switch all IMDS access requests to support v2 token based access method. ----------------------------------------- Patch: SUSE-2020-2240 Released: Tue Aug 25 19:03:12 2020 Summary: Security update for xorg-x11-server Severity: important References: 1174633,1174635,1174638,CVE-2020-14345,CVE-2020-14346,CVE-2020-14347 Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426). - CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429). - CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428). ----------------------------------------- Patch: SUSE-2020-2334 Released: Wed Aug 26 11:18:36 2020 Summary: Recommended update for NetworkManager Severity: moderate References: 1164642 Description: This update for NetworkManager fixes the following issues: - Fix for NetworkManager not to mount automatically entries which are marked as 'noauto' Modify nfs script. (bsc#1164642) ----------------------------------------- Patch: SUSE-2020-2338 Released: Wed Aug 26 13:45:01 2020 Summary: Recommended update for cloud-regionsrv-client Severity: important References: 1175752,1175753 Description: This update for cloud-regionsrv-client fixes the following issues: - Fixed an issue where the cache object for the update server was incomplete (bsc#1175752, bsc#1175753) ----------------------------------------- Patch: SUSE-2020-2341 Released: Wed Aug 26 15:57:46 2020 Summary: Recommended update for regionServiceClientConfigGCE Severity: moderate References: 1174791,1174937 Description: This update for regionServiceClientConfigGCE contains the following fixes: - Update to version 3.0.1. (bsc#1174791, bsc#1174937) + New configuration to switch to https only outgoing traffic. ----------------------------------------- Patch: SUSE-2020-2346 Released: Wed Aug 26 17:03:06 2020 Summary: Security update for graphviz Severity: low References: 1093447,CVE-2018-10196 Description: This update for graphviz fixes the following issues: - CVE-2018-10196: Fixed a null dereference in rebuild_vlis (bsc#1093447). ----------------------------------------- Patch: SUSE-2020-2349 Released: Wed Aug 26 17:15:21 2020 Summary: Recommended update for hyper-v Severity: moderate References: 1093910,1174443,1174444 Description: This update for hyper-v fixes the following issues: - Remove dependency to network-online.target now that gethostname is used in kvp_daemon. (bsc#1174443, bsc#1174444) - Reopen the devices if read() or write() returns errors. - Use either python2 or python3 for lsvmbus. (bsc#1093910) - Remove sysv init scripts. - Enable build on aarch64. ----------------------------------------- Patch: SUSE-2020-2351 Released: Wed Aug 26 17:19:38 2020 Summary: Recommended update for suse-prime Severity: moderate References: 1173632 Description: This update for suse-prime fixes the following issues: Update from version 0.7.7 to version 0.7.14 - Avoid endless loop when nvidia modules cannot be unloaded. (bsc#1173632) - Fixes *user_logout_waiter* for gdm autologin. - Prevents intermittent 1s - 1.5s freezes on Turing GPU's in nvidia mode. - Improved documentation: * fixed requirements for DynamicPowerManagement to power off NVIDIA GPU (Turing GPU or later is needed!) * Better explain power-off/powersave option of NVIDIA GPU * Improved documentation about the requirements for NVIDIA's PRIME render offload support; it needs Xserver of Leap 15.2 or later * Fixed syntax in command - Use full path in invoking prime-select - Blacklist *ipmi_msghandler*, *ipmi_devintf* kernel modules Make sure these kernel modules are not loaded. Otherwise it may not be possible to turn off NVIDIA GPU. ----------------------------------------- Patch: SUSE-2020-2355 Released: Thu Aug 27 18:25:58 2020 Summary: Security update for postgresql10 Severity: important References: 1175193,1175194,CVE-2020-14349,CVE-2020-14350 Description: This update for postgresql10 fixes the following issues: - update to 10.14: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/10/release-10-14.html ----------------------------------------- Patch: SUSE-2020-2357 Released: Thu Aug 27 18:26:58 2020 Summary: Security update for libqt5-qtbase Severity: moderate References: 1172726,1173758,CVE-2020-13962 Description: This update for libqt5-qtbase fixes the following issues: - Fixed a possible crash in certificate parsing. - Fixed a DoS in QSslSocket (bsc#1172726, CVE-2020-13962). - Added support for PostgreSQL 12 (bsc#1173758). ----------------------------------------- Patch: SUSE-2020-2373 Released: Fri Aug 28 12:58:51 2020 Summary: Security update for SUSE Manager 4.1.1 Severity: moderate References: 1136857,1165572,1169553,1169780,1170244,1170468,1170654,1171281,1172279,1172504,1172709,1172807,1172831,1172839,1173169,1173522,1173535,1173554,1173566,1173584,1173932,1173982,1173997,1174025,1174167,1174201,1174229,1174325,1174405,1174470,1174965,1175485,1175555,1175558,1175724,1175791,678126,CVE-2020-11022 Description: This consolidated update includes multiple patchinfos for SUSE Manager Server and Proxy. This patchinfo is used for the codestream release only. ----------------------------------------- Patch: SUSE-2020-2378 Released: Fri Aug 28 14:52:31 2020 Summary: Recommended update for python-azure-agent Severity: moderate References: 1175198 Description: This update for python-azure-agent contains the following fix: - Drop paa_sudo_sle15_nopwd.patch (bsc#1175198) + sudoers file is managed by cloud-init we no longer need this hack ----------------------------------------- Patch: SUSE-2020-2380 Released: Fri Aug 28 14:54:08 2020 Summary: Recommended update for supportutils-plugin-suse-public-cloud Severity: moderate References: 1175250,1175251 Description: This update for supportutils-plugin-suse-public-cloud contains the following fix: - Update to version 1.0.5: (bsc#1175250, bsc#1175251) + Query for new GCE initialization code packages ----------------------------------------- Patch: SUSE-2020-2384 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Severity: low References: 1170964 Description: This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) ----------------------------------------- Patch: SUSE-2020-2394 Released: Mon Aug 31 17:16:14 2020 Summary: Recommended update for lifecycle-data-sle-module-live-patching Severity: moderate References: 1020320 Description: This update for lifecycle-data-sle-module-live-patching fixes the following issue: Live kernel patching update data. (bsc#1020320) - New data for 4_12_14-150_55, 4_12_14-197_48, 5_3_18-22, 5_3_18-24_9. ----------------------------------------- Patch: SUSE-2020-2408 Released: Tue Sep 1 11:47:04 2020 Summary: Security update for freerdp Severity: moderate References: 1174321,CVE-2020-15103 Description: This update for freerdp fixes the following issues: - CVE-2020-15103: Fix integer overflow due to missing input sanitation in rdpegfx channel (bsc#1174321). ----------------------------------------- Patch: SUSE-2020-2411 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 Description: This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR → WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------- Patch: SUSE-2020-2415 Released: Tue Sep 1 13:45:00 2020 Summary: Recommended update for python-kiwi Severity: moderate References: 1096738,1165730,1172908,1173226,1173356,1174009 Description: This update for python-kiwi contains the following fixes: - Bump version up to 9.21.7: This version upgrade includes several fixes: * Skip filesystem check for XFS prior xfs_grow running xfs_repair check isn't strictly necessary before resizing, and in some cases it may even prevent resizing by giving an error that would be cleared through mounting the fs (e.g. when the fs wasn't cleanly umounted, and thus letting xfs recover and replay its journal). Given that xfs can only grow online (while being mounted), this is sufficient to ensure that the fs is in a state where it can be resized. This is related to bsc#1174009. (bsc#1174009) * Fixed grub setup in EFI/BOOT directory kiwi copied the same grub.cfg file as it exists in boot/grub2 to the efi path. This is wrong as the setup in the efi boot directory is used to enable normal grub loading and not providing the user grub configuration. In addition the changes here makes sure that the early grub boot code is placed into the system in any EFI case except for secure boot when shim-install is present. If shim-install is present it also creates the early grub boot setup such that kiwi doesn't have to do it. This Fixes #1491 and Fixes bsc#1172908. (bsc#1172908) * Use rsync in inplace transfer mode Using the --inplace option in rsync helps to save space on syncing the rootfs data and prevents e.g OBS workers from running out of VM space when transfering root filesystem data. Also using --inplace allows to keep hardlinks intact. This is related to bsc#1096738. (bsc#1096738) * Don't keep copy of grub2-install in the system To prevent shim-install from calling grub2-install in uefi mode kiwi temporary replaces the tool by a noop. This acts as a workaround for an issue in shim-install. However the workaround left a file copy of grub2-install in the system which should not happen. This commit Fixes bsc#1173226 and Fixes #1490. (bsc#1173226) * Fixes live ISOs This commit fixes iso images. Due to a change introduced in c7ed1cf live ISOs were no longer booting as the rootfs.img filesystem was copied to the squashfs container while being still mounted. Because of that, at boot time, it refused to mount. This commit adds umount method for the filesystem base class, so it can be umounted before deleting the instance. Fixes #1489 and bsc#1173356. (bsc#1173356) * Support grub timeout_style parameter Grub supports a style setting that influences the display of the menu depending on the configured timeout value. With this patch kiwi allows to specify the style via a new bootloader parameter named timeout_style='hidden|countdown'. If not set the grub default applies which shows the menu in any case. This Fixes bsc#1165730 and Fixes #1404. (bsc#1165730) * Use auto video mode as default for grub An explicit video mode 800x600 was used for grub if no video mode setup exists in the XML description. For grub this should better result in the auto mode. Related to bsc#1165730. (bsc#1165730) ----------------------------------------- Patch: SUSE-2020-2416 Released: Tue Sep 1 13:45:28 2020 Summary: Recommended update for python3-ec2imgutils Severity: moderate References: 1172579,1172948 Description: This update for python3-ec2imgutils contains the following fixes: - Fixed an error, when an image gets deprecated using its name (bsc#1172948) - Added new utility ec2listimg to list images owned by the specified account - Fixed an error when an image is not allowed to be copied and shared with a specific account (bsc#1172579) ----------------------------------------- Patch: SUSE-2020-2420 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Severity: moderate References: 1174551,1174736 Description: This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------- Patch: SUSE-2020-2424 Released: Tue Sep 1 13:53:52 2020 Summary: Recommended update for yast2-rmt Severity: moderate References: 1171555,1172674 Description: This update for yast2-rmt fixes the following issues: - Handle Common Name length. (bsc#1172674) - Changed placeholders in translatable strings to support better the 'gettext' language format tags. (bsc#1171555) ----------------------------------------- Patch: SUSE-2020-2425 Released: Tue Sep 1 13:54:05 2020 Summary: Recommended update for nfs-utils Severity: moderate References: 1174260 Description: This update for nfs-utils fixes the following issues: - Fix a bug when concurrent 'gssd' requests arrive from kernel, causing hanging NFS mounts. (bsc#1174260) ----------------------------------------- Patch: SUSE-2020-2440 Released: Tue Sep 1 22:14:33 2020 Summary: Recommended update for libmaxminddb Severity: moderate References: 1175006 Description: This update for libmaxminddb fixes the following issues: - update to 1.4.3: * Use of uninitialized memory in dump_entry_data_list() could have cause a heap buffer flow in mmdblookup [bsc#1175006] ----------------------------------------- Patch: SUSE-2020-2441 Released: Tue Sep 1 22:16:10 2020 Summary: Recommended update for avahi Severity: moderate References: 1154063 Description: This update for avahi fixes the following issues: - When changing ownership of /var/lib/autoipd, only change ownership of files owned by avahi, to mitigate against possible exploits (bsc#1154063). ----------------------------------------- Patch: SUSE-2020-2442 Released: Wed Sep 2 09:32:01 2020 Summary: Security update for squid Severity: critical References: 1173455,1175664,1175665,1175671,CVE-2020-15049,CVE-2020-15810,CVE-2020-15811,CVE-2020-24606 Description: This update for squid fixes the following issues: squid was updated to version 4.13: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply (bsc#1175671). - CVE-2020-15811: Improve Transfer-Encoding handling (bsc#1175665). - CVE-2020-15810: Enforce token characters for field-name (bsc#1175664). ----------------------------------------- Patch: SUSE-2020-2445 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Severity: moderate References: 1175109,CVE-2020-8231 Description: This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------- Patch: SUSE-2020-2451 Released: Wed Sep 2 12:30:38 2020 Summary: Recommended update for dracut Severity: important References: 1167494,996146 Description: This update for dracut fixes the following issues: Update from version 049.1+suse.152.g8506e86f to version 049.1+suse.156.g7d852636: - net-lib.sh: support infiniband network mac addresses (bsc#996146) - 95nfs: use ip_params_for_remote_addr() (bsc#1167494) - 95iscsi: use ip_params_for_remote_addr() (bsc#1167494) - dracut-functions: add ip_params_for_remote_addr() helper (bsc#1167494) ----------------------------------------- Patch: SUSE-2020-2452 Released: Wed Sep 2 13:58:24 2020 Summary: Security update for xorg-x11-server Severity: important References: 1174910,1174913,CVE-2020-14361,CVE-2020-14362 Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). ----------------------------------------- Patch: SUSE-2020-2453 Released: Wed Sep 2 13:59:21 2020 Summary: Security update for java-1_8_0-ibm Severity: moderate References: 1174157,1175259,CVE-2019-17639,CVE-2020-14556,CVE-2020-14577,CVE-2020-14578,CVE-2020-14579,CVE-2020-14581,CVE-2020-14583,CVE-2020-14593,CVE-2020-14621 Description: This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 15 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - JAVA.UTIL.ZIP.DEFLATER OPERATIONS THROW JAVA.LANG.INTERNALERROR - JAVA 8 DECODER OBJECTS CONSUME A LARGE AMOUNT OF JAVA HEAP - TRANSLATION MESSAGES UPDATE FOR JCL - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Java Virtual Machine: - IBM JAVA REGISTERS A HANDLER BY DEFAULT FOR SIGABRT - LARGE MEMORY FOOTPRINT HELD BY TRACECONTEXT OBJECT * JIT Compiler: - CRASH IN THE INTERPRETER AFTER OSR FROM INLINED SYNCHRONIZED METHOD IN DEBUGGING MODE - INTERMITTENT ASSERTION FAILURE REPORTED - CRASH IN RESOLVECLASSREF() DURING AOT LOAD - JIT CRASH DURING CLASS UNLOADING IN J9METHOD_HT::ONCLASSUNLOADING() - SEGMENTATION FAULT WHILE COMPILING A METHOD - UNEXPECTED CLASSCASTEXCEPTION THROWN IN HIGH LEVEL PARALLEL APPLICATION ON IBM Z PLATFORM * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE - CHANGES TO IBMJCE AND IBMJCEPLUS PROVIDERS - IBMJCEPLUS FAILS, WHEN THE SECURITY MANAGER IS ENABLED, WITH DEFAULT PERMISSIONS, SPECIFIED IN JAVA.POLICY FILE - IN CERTAIN INSTANCES, IBMJCEPLUS PROVIDER THROWS EXCEPTION FROM KEYFACTORY CLASS ----------------------------------------- Patch: SUSE-2020-2456 Released: Wed Sep 2 14:01:48 2020 Summary: Security update for php7 Severity: moderate References: 1175223,CVE-2020-7068 Description: This update for php7 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the phar_parse_zipfile function (bsc#1175223). ----------------------------------------- Patch: SUSE-2020-2458 Released: Wed Sep 2 15:44:30 2020 Summary: Recommended update for iputils Severity: moderate References: 927831 Description: This update for iputils fixes the following issue: - ping: Remove workaround for bug in IP_RECVERR on raw sockets. (bsc#927831) ----------------------------------------- Patch: SUSE-2020-2464 Released: Wed Sep 2 23:25:41 2020 Summary: Recommended update for icewm Severity: moderate References: 1170420,1173441 Description: This update for icewm fixes the following issues: - Fixes an issue where icewm updates could no longer be installed (bsc#1173441, bsc#1170420) ----------------------------------------- Patch: SUSE-2020-2467 Released: Wed Sep 2 23:28:13 2020 Summary: Recommended update for aws-cli, python-boto3, and python-botocore Severity: moderate References: 1075263,1118021,1118024,1118027,1146853,1175147,1175148 Description: This update for aws-cli, python-boto3, and python-botocore fixes the following issues: - This update mainly focuses on updating the API clients. Please refer to the rpm changelog of each package to receive a detailed list of all changes. ----------------------------------------- Patch: SUSE-2020-2470 Released: Wed Sep 2 23:29:43 2020 Summary: Recommended update for lshw Severity: moderate References: 1168865,1169668,1172156 Description: This update for lshw fixes the following issues: - Fixes the detection of powerpc products (bsc#1172156) - Fixed an issue where lshw crashed on powerpc and aarch64 (bsc#1168865, bsc#1169668) ----------------------------------------- Patch: SUSE-2020-2474 Released: Thu Sep 3 12:10:29 2020 Summary: Security update for libX11 Severity: moderate References: 1175239,CVE-2020-14363 Description: This update for libX11 fixes the following issues: - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239). ----------------------------------------- Patch: SUSE-2020-2479 Released: Thu Sep 3 14:32:57 2020 Summary: Recommended update for crmsh Severity: moderate References: 1175057 Description: This update for crmsh fixes the following issues: - Fixes an issue by 'ssh_merge' function for compatibility. (bsc#1175057) - Adjust sbd config process to fix bug on sbd stage. (bsc#1175057) ----------------------------------------- Patch: SUSE-2020-2489 Released: Fri Sep 4 11:39:19 2020 Summary: Recommended update for fwupdate Severity: moderate References: 1174543 Description: This update of fwupdate fixes the following issue: - rebuilt with new signing key. (bsc#1174543) ----------------------------------------- Patch: SUSE-2020-2541 Released: Fri Sep 4 17:36:17 2020 Summary: Security update for the Linux Kernel Severity: important References: 1065600,1065729,1071995,1074701,1083548,1085030,1085235,1085308,1087078,1087082,1094912,1100394,1102640,1105412,1111666,1112178,1113956,1120163,1133021,1144333,1152148,1163524,1165629,1166965,1169790,1170232,1171688,1171988,1172073,1172108,1172247,1172418,1172428,1172781,1172782,1172783,1172871,1172872,1172873,1172963,1173485,1173798,1173954,1174003,1174026,1174070,1174161,1174205,1174387,1174484,1174547,1174549,1174550,1174625,1174658,1174685,1174689,1174699,1174734,1174757,1174771,1174840,1174841,1174843,1174844,1174845,1174852,1174873,1174887,1174904,1174926,1174968,1175062,1175063,1175064,1175065,1175066,1175067,1175112,1175127,1175128,1175149,1175199,1175213,1175228,1175232,1175284,1175393,1175394,1175396,1175397,1175398,1175399,1175400,1175401,1175402,1175403,1175404,1175405,1175406,1175407,1175408,1175409,1175410,1175411,1175412,1175413,1175414,1175415,1175416,1175417,1175418,1175419,1175420,1175421,1175422,1175423,1175440,1175493,1175515,1175518,1175526,1175550,1175654,1175666,1175667,1175668,1175669,1175670,1175767,1175768,1175769,1175770,1175771,1175772,1175786,1175873,CVE-2020-10135,CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-16166,CVE-2020-1749,CVE-2020-24394 Description: The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988). The following non-security bugs were fixed: - ACPI: kABI fixes for subsys exports (bsc#1174968). - ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq (bsc#1174968). - ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for hibernate (bsc#1174968). - ACPI: PM: Introduce 'poweroff' callbacks for ACPI PM domain and LPSS (bsc#1174968). - ACPI: PM: Simplify and fix PM domain hibernation callbacks (bsc#1174968). - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - ALSA: core: pcm_iec958: fix kernel-doc (bsc#1111666). - ALSA: echoaduio: Drop superfluous volatile modifier (bsc#1111666). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (bsc#1111666). - ALSA: hda: Add support for Loongson 7A1000 controller (bsc#1111666). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (bsc#1111666). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (bsc#1111666). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (bsc#1111666). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (bsc#1111666). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (bsc#1111666). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (bsc#1111666). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (bsc#1111666). - ALSA: hda/realtek - Add quirk for Lenovo Carbon X1 8th gen (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GL63 (bsc#1111666). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek - change to suitable link model for ASUS platform (bsc#1111666). - ALSA: hda/realtek - Check headset type by unplug and resume (bsc#1111666). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (bsc#1111666). - ALSA: hda/realtek: Fix add a 'ultra_low_power' function for intel reference board (alc256) (bsc#1111666). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (bsc#1111666). - ALSA: hda/realtek - Fixed HP right speaker no sound (bsc#1111666). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (bsc#1111666). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning (bsc#1111666). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (bsc#1111666). - ALSA: hda - reverse the setting value in the micmute_led_set (bsc#1111666). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: pci: delete repeated words in comments (bsc#1111666). - ALSA: seq: oss: Serialize ioctls (bsc#1111666). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (bsc#1111666). - ALSA: usb-audio: add startech usb audio dock name (bsc#1111666). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (bsc#1111666). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (bsc#1111666). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (bsc#1111666). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (bsc#1111666). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: fix spelling mistake 'buss' -> 'bus' (bsc#1111666). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb/line6: remove 'defined but not used' warning (bsc#1111666). - arm64: Add MIDR encoding for HiSilicon Taishan CPUs (bsc#1174547). - arm64: Add MIDR encoding for NVIDIA CPUs (bsc#1174547). - arm64: add sysfs vulnerability show for meltdown (bsc#1174547). - arm64: Add sysfs vulnerability show for spectre-v1 (bsc#1174547). - arm64: add sysfs vulnerability show for spectre-v2 (bsc#1174547). - arm64: add sysfs vulnerability show for speculative store bypass (bsc#1174547). - arm64: Advertise mitigation of Spectre-v2, or lack thereof (bsc#1174547). - arm64: Always enable spectre-v2 vulnerability detection (bsc#1174547). - arm64: Always enable ssb vulnerability detection (bsc#1174547). - arm64: backtrace: Do not bother trying to unwind the userspace stack (bsc#1175397). - arm64: capabilities: Add NVIDIA Denver CPU to bp_harden list (bsc#1174547). - arm64: capabilities: Merge duplicate Cavium erratum entries (bsc#1174547). - arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (bsc#1174547). - arm64: cpufeature: Enable Qualcomm Falkor/Kryo errata 1003 (bsc#1175398). - arm64: Do not mask out PTE_RDONLY in pte_same() (bsc#1175393). - arm64: enable generic CPU vulnerabilites support (bsc#1174547). Update config/arm64/default - arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default (bsc#1175394). - arm64: errata: Do not define type field twice for arm64_errata entries (bsc#1174547). - arm64: errata: Update stale comment (bsc#1174547). - arm64: Get rid of __smccc_workaround_1_hvc_* (bsc#1174547). - arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (bsc#1174547). - arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (bsc#1174547). - arm64: kpti: Whitelist Cortex-A CPUs that do not implement the CSV3 field (bsc#1174547). - arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (bsc#1174547). - arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 (bsc#1133021). - arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (bsc#1174547). - arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening (bsc#1174547). - arm64: mm: Fix pte_mkclean, pte_mkdirty semantics (bsc#1175526). - arm64: Provide a command line to disable spectre_v2 mitigation (bsc#1174547). - arm64: Silence clang warning on mismatched value/register sizes (bsc#1175396). - arm64/speculation: Support 'mitigations=' cmdline option (bsc#1174547). - arm64: ssbd: explicitly depend on (bsc#1175399). - arm64: ssbs: Do not treat CPUs with SSBS as unaffected by SSB (bsc#1174547). - arm64: ssbs: Fix context-switch when SSBS is present on all CPUs (bsc#1175669). - arm64/sve: Fix wrong free for task->thread.sve_state (bsc#1175400). - arm64/sve: should not depend on (bsc#1175401). - arm64: tlbflush: avoid writing RES0 bits (bsc#1175402). - arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (bsc#1174547). - ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 (bsc#1133021). - ARM: KVM: invalidate icache on guest exit for Cortex-A15 (bsc#1133021). - ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 (bsc#1133021). - ASoC: hda/tegra: Set buffer alignment to 128 bytes (bsc#1111666). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - ax88172a: fix ax88172a_unbind() failures (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - bcache: allocate meta data pages as compound pages (bsc#1172873). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: Fix use-after-free in blkdev_get() (bsc#1174843). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (bsc#1111666). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bonding: fix a potential double-unregister (git-fixes). - bonding: show saner speed for broadcast mode (git-fixes). - bpf: Fix map leak in HASH_OF_MAPS map (git-fixes). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (bsc#1111666). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (bsc#1111666). - brcmfmac: To fix Bss Info flag definition Bug (bsc#1111666). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: Open code btrfs_write_and_wait_marked_extents (bsc#1175149). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: Rename and export clear_btree_io_tree (bsc#1175149). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - bus: hisi_lpc: Add .remove method to avoid driver unbind crash (bsc#1174658). - bus: hisi_lpc: Do not fail probe for unrecognised child devices (bsc#1174658). - bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-free (bsc#1174658). - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes). - cfg80211: check vendor command doit pointer before use (git-fixes). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428). - cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428). - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428). - clk: at91: clk-generated: check best_rate against ranges (bsc#1111666). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (bsc#1111666). - clk: iproc: round clock rate to the closest (bsc#1111666). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1174549 - console: newport_con: fix an issue about leak related system resources (git-fixes). - constrants: fix malformed XML Closing tag of an element is '', not ''. Fixes: 8b37de2eb835 ('rpm/constraints.in: Increase memory for kernel-docs') - Created new preempt kernel flavor (jsc#SLE-11309) Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel. - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - crypto: rockchip - fix scatterlist nents error (git-fixes). - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes). - crypto: talitos - check AES key size (git-fixes). - crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - dev: Defer free of skbs in flush_backlog (git-fixes). - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dlm: remove BUG() before panic() (bsc#1174844). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - Documentation/networking: Add net DIM documentation (bsc#1174852). - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (bsc#1175403). - dpaa2-eth: free already allocated channels on probe defer (bsc#1175404). - dpaa2-eth: prevent array underflow in update_cls_rule() (bsc#1175405). - dpaa_eth: add dropped frames to percpu ethtool stats (bsc#1174550). - dpaa_eth: add newline in dev_err() msg (bsc#1174550). - dpaa_eth: avoid timestamp read on error paths (bsc#1175406). - dpaa_eth: change DMA device (bsc#1174550). - dpaa_eth: cleanup skb_to_contig_fd() (bsc#1174550). - dpaa_eth: defer probing after qbman (bsc#1174550). - dpaa_eth: extend delays in ndo_stop (bsc#1174550). - dpaa_eth: fix DMA mapping leak (bsc#1174550). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1174550). - dpaa_eth: FMan erratum A050385 workaround (bsc#1174550). - dpaa_eth: perform DMA unmapping before read (bsc#1175407). - dpaa_eth: register a device link for the qman portal used (bsc#1174550). - dpaa_eth: remove netdev_err() for user errors (bsc#1174550). - dpaa_eth: remove redundant code (bsc#1174550). - dpaa_eth: simplify variables used in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use a page to store the SGT (bsc#1174550). - dpaa_eth: use fd information in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use only one buffer pool per interface (bsc#1174550). - dpaa_eth: use page backed rx buffers (bsc#1174550). - driver core: Avoid binding drivers to dead devices (git-fixes). - Drivers: hv: balloon: Remove dependencies on guest page size (git-fixes). - Drivers: hv: vmbus: Fix virt_to_hvpfn() for X86_PAE (git-fixes). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127, bsc#1175128). - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup() (git-fixes). - drivers/perf: hisi: Fix typo in events attribute array (bsc#1175408). - drivers/perf: hisi: Fixup one DDRC PMU register offset (bsc#1175410). - drivers/perf: hisi: Fix wrong value for all counters enable (bsc#1175409). - drm: Added orientation quirk for ASUS tablet model T103HAF (bsc#1111666). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (bsc#1111666). - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (bsc#1111666). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (bsc#1113956) * refresh for context changes - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1113956) - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1113956) * refreshed for context changes - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1113956) * move drm_mipi_dbi.c -> tinydrm/mipi-drm.c * refresh for context changes - drm/debugfs: fix plain echo to connector 'force' attribute (bsc#1111666). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (bsc#1111666). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (bsc#1112178) * updated names of get/put functions - drm: hold gem reference until object is no longer accessed (bsc#1113956) - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm: ratelimit crtc event overflow error (bsc#1111666). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (bsc#1111666). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm/radeon: disable AGP by default (bsc#1111666). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (bsc#1111666). - drm/rockchip: fix VOP_WIN_GET macro (bsc#1175411). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (bsc#1111666). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (bsc#1175232). - drm/vmwgfx: Fix two list_for_each loop exit tests (bsc#1111666). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (bsc#1111666). - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - efi/memreserve: deal with memreserve entries in unmapped memory (bsc#1174685). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1174840). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fat: do not allow to mount if the FAT length == 0 (bsc#1174845). - fbdev: Detect integer underflow at 'struct fbcon_ops'->clear_margins. (bsc#1112178) * move files drivers/video/fbdev/core -> drivers/video/console * refresh for context changes - firmware: google: check if size is valid when decoding VPD data (git-fixes). - firmware: google: increment VPD key_len properly (git-fixes). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fsl/fman: add API to get the device behind a fman port (bsc#1174550). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: detect FMan erratum A050385 (bsc#1174550). - fsl/fman: do not touch liodn base regs reserved on non-PAMU SoCs (bsc#1174550). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: remove unused struct member (bsc#1174550). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: fix memleak in cuse_channel_open (bsc#1174926). - fuse: fix missing unlock_page in fuse_writepage() (bsc#1174904). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175062). - fuse: fix weird page warning (bsc#1175063). - fuse: flush dirty data/metadata before non-truncate setattr (bsc#1175064). - fuse: truncate pending writes on O_TRUNC (bsc#1175065). - fuse: verify attributes (bsc#1175066). - fuse: verify nlink (bsc#1175067). - genetlink: remove genl_bind (networking-stable-20_07_17). - go7007: add sanity checking for endpoints (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (bsc#1111666). - HID: hiddev: fix mess in hiddev_open() (git-fixes). - HISI LPC: Re-Add ACPI child enumeration support (bsc#1174658). - HISI LPC: Stop using MFD APIs (bsc#1174658). - hv_balloon: Balloon up according to request page number (git-fixes). - hv_balloon: Use a static page for the balloon_up send buffer (git-fixes). - hv_netvsc: Allow scatter-gather feature to be tunable (git-fixes). - hv_netvsc: do not use VF device if link is down (git-fixes). - hv_netvsc: Fix a warning of suspicious RCU usage (git-fixes). - hv_netvsc: Fix error handling in netvsc_attach() (git-fixes). - hv_netvsc: Fix extra rcu_read_unlock in netvsc_recv_callback() (git-fixes). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes). - hv_netvsc: Fix unwanted wakeup in netvsc_attach() (git-fixes). - hv_netvsc: flag software created hash value (git-fixes). - hv_netvsc: Remove 'unlikely' from netvsc_select_queue (git-fixes). - i2c: rcar: in slave mode, clear NACK earlier (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (bsc#1111666). - i40e: Fix crash during removing i40e driver (git-fixes). - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - include/linux/poison.h: remove obsolete comment (git fixes (poison)). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (bsc#1111666). - integrity: remove redundant initialization of variable ret (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - ip_tunnel: Emit events for post-register MTU changes (git-fixes). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: restore binding to ifaces with a large mtu (git-fixes). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv4: Silence suspicious RCU usage warning (git-fixes). - ipv6: fix memory leaks on IPV6_ADDRFORM path (git-fixes). - ipvlan: fix device features (git-fixes). - ipvs: allow connection reuse for unconfirmed conntrack (git-fixes). - ipvs: fix refcount usage for conns in ops mode (git-fixes). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1111666). - iwlegacy: Check the return value of pcie_capability_read_*() (bsc#1111666). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kabi: genetlink: remove genl_bind (kabi). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)). - kernel-docs: Change Requires on python-Sphinx to earlier than version 3 References: bsc#1166965 From 3 on the internal API that the build system uses was rewritten in an incompatible way. See https://github.com/sphinx-doc/sphinx/issues/7421 and https://bugzilla.suse.com/show_bug.cgi?id=1166965#c16 for some details. - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - KVM: arm64: Ensure 'params' is initialised when looking up sys register (bsc#1133021). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm/arm64: Fix young bit from mmu notifier (bsc#1133021). - KVM: arm/arm64: vgic: Do not rely on the wrong pending table (bsc#1133021). - KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections (bsc#1133021). - KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests (bsc#1133021). - KVM: arm: Make inject_abt32() inject an external abort instead (bsc#1133021). - kvm: Change offset in kvm_write_guest_offset_cached to unsigned (bsc#1133021). - KVM: Check for a bad hva before dropping into the ghc slow path (bsc#1133021). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - lib/dim: Fix -Wunused-const-variable warnings (bsc#1174852). - lib: dimlib: fix help text typos (bsc#1174852). - lib: logic_pio: Add logic_pio_unregister_range() (bsc#1174658). - lib: logic_pio: Avoid possible overlap for unregistering regions (bsc#1174658). - lib: logic_pio: Fix RCU usage (bsc#1174658). - linux/dim: Add completions count to dim_sample (bsc#1174852). - linux/dim: Fix overflow in dim calculation (bsc#1174852). - linux/dim: Move implementation to .c files (bsc#1174852). - linux/dim: Move logic to dim.h (bsc#1174852). - linux/dim: Remove 'net' prefix from internal DIM members (bsc#1174852). - linux/dim: Rename externally exposed macros (bsc#1174852). - linux/dim: Rename externally used net_dim members (bsc#1174852). - linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1174852). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - MAINTAINERS: add entry for Dynamic Interrupt Moderation (bsc#1174852). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: vpss: clean up resources in init (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: rk808: Fix RK818 ID template (bsc#1175412). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mm: filemap: clear idle flag for writes (bsc#1175769). - mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate (git fixes (mm/migrate)). - mm/mmu_notifier: use hlist_add_head_rcu() (git fixes (mm/mmu_notifiers)). - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git fixes (mm/rmap)). - mm/shmem.c: cast the type of unmap_start to u64 (git fixes (mm/shmem)). - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mtd: spi-nor: Fix an error code in spi_nor_read_raw() (bsc#1175413). - mtd: spi-nor: fix kernel-doc for spi_nor::info (bsc#1175414). - mtd: spi-nor: fix kernel-doc for spi_nor::reg_proto (bsc#1175415). - mtd: spi-nor: fix silent truncation in spi_nor_read_raw() (bsc#1175416). - mwifiex: Prevent memory corruption handling keys (git-fixes). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (git-fixes). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: dsa: b53: check for timeout (git-fixes). - net: ena: Add first_interrupt field to napi struct (bsc#1174852). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1174852). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1174852). - net: ena: clean up indentation issue (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: get_channels: use combined only (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: ethtool: support set_channels callback (bsc#1174852). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix incorrect setting of the number of msix vectors (bsc#1174852). - net: ena: fix incorrect update of intr_delay_resolution (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: fix update of interrupt moderation register (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: implement XDP drop support (bsc#1174852). - net: ena: Implement XDP_TX action (bsc#1174852). - net: ena: make ethtool -l show correct max number of queues (bsc#1174852). - net: ena: Make missed_tx stat incremental (bsc#1083548). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: multiple queue creation related cleanups (bsc#1174852). - net: ena: Prevent reset after device destruction (bsc#1083548). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1174852). - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1174852). - net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1174852). - net: ena: remove redundant print of number of queues (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: remove set but not used variable 'rx_ring' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1174852). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1174852). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: broadcom: have drivers select DIMLIB as needed (bsc#1174852). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: fec: correct the error path for regulator disable in probe (git-fixes). - netfilter: x_tables: add counters allocation wrapper (git-fixes). - netfilter: x_tables: cap allocations at 512 mbyte (git-fixes). - netfilter: x_tables: limit allocation requests for blob rule heads (git-fixes). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: gre: recompute gre csum for sctp over gre tunnels (git-fixes). - net: hns3: add autoneg and change speed support for fibre port (bsc#1174070). - net: hns3: add support for FEC encoding control (bsc#1174070). - net: hns3: add support for multiple media type (bsc#1174070). - net: hns3: fix a not link up issue when fibre port supports autoneg (bsc#1174070). - net: hns3: fix for FEC configuration (bsc#1174070). - net: hns3: fix port capbility updating issue (bsc#1174070). - net: hns3: fix port setting handle for fibre port (bsc#1174070). - net: hns3: fix selftest fail issue for fibre port with autoneg on (bsc#1174070). - net: hns3: restore the MAC autoneg state after reset (bsc#1174070). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: ip6_gre: Request headroom in __gre6_xmit() (git-fixes). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: make symbol 'flush_works' static (git-fixes). - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes). - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes). - net: netsec: Fix signedness bug in netsec_probe() (bsc#1175417). - net: netsec: initialize tx ring on ndo_open (bsc#1175418). - net: phy: Check harder for errors in get_phy_id() (bsc#1111666). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: Set fput_needed iff FDPUT_FPUT is set (git-fixes). - net: socionext: Fix a signedness bug in ave_probe() (bsc#1175419). - net: socionext: replace napi_alloc_frag with the netdev variant on init (bsc#1175420). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: stmmac: Fix RX packet size > 8191 (git-fixes). - net: udp: Fix wrong clean up for IS_UDPLITE macro (git-fixes). - net: update net_dim documentation after rename (bsc#1174852). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - netvsc: unshare skb in VF rx handler (git-fixes). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - NTB: Fix an error in get link status (git-fixes). - ntb_netdev: fix sleep time mismatch (git-fixes). - NTB: ntb_transport: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate 'fallback' variable (bsc#1172108). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: change slot number type s16 to u16 (bsc#1175786). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). - ocfs2: fix value of OCFS2_INVALID_SLOT (bsc#1175767). - ocfs2: load global_inode_alloc (bsc#1172963). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (bsc#1113956) - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (git-fixes). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI: dwc: Move interrupt acking into the proper callback (bsc#1175666). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: Fix 'try' semantics of bus and slot reset (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, bsc#1172872, git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - PM / CPU: replace raw_notifier with atomic_notifier (git fixes (kernel/pm)). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (bsc#1175668). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails. - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (bsc#1175668). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - propagate_one(): mnt_set_mountpoint() needs mount_lock (bsc#1174841). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - rds: Prevent kernel-infoleak in rds_notify_queue_get() (git-fixes). - Revert 'ALSA: hda: call runtime_allow() for all hda controllers' (bsc#1111666). - Revert 'drm/amdgpu: Fix NULL dereference in dpm sysfs handlers' (bsc#1113956) * refresh for context changes - Revert 'ocfs2: avoid inode removal while nfsd is accessing it' This reverts commit 9e096c72476eda333a9998ff464580c00ff59c83. - Revert 'ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).' This reverts commit 0bf6e248f93736b3f17f399b4a8f64ffa30d371e. - Revert 'ocfs2: load global_inode_alloc (bsc#1172963).' This reverts commit fc476497b53f967dc615b9cbad9427ba3107b5c4. - Revert pciehp patches that broke booting (bsc#1174887) - Revert 'scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe' (bsc#1171688 bsc#1174003). - Revert 'scsi: qla2xxx: Fix crash on qla2x00_mailbox_command' (bsc#1171688 bsc#1174003). - Revert 'xen/balloon: Fix crash when ballooning on x86 32 bit PAE' (bsc#1065600). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rpm/check-for-config-changes: Ignore CONFIG_CC_VERSION_TEXT - rpm/check-for-config-changes: Ignore CONFIG_LD_VERSION - rpm/constraints.in: Increase memory for kernel-docs References: https://build.opensuse.org/request/show/792664 - rpm: drop execute permissions on source files Sometimes a source file with execute permission appears in upstream repository and makes it into our kernel-source packages. This is caught by OBS build checks and may even result in build failures. Sanitize the source tree by removing execute permissions from all C source and header files. - rpm/kabi.pl: account for namespace field being moved last Upstream is moving the namespace field in Module.symvers last in order to preserve backwards compatibility with kmod tools (depmod, etc). Fix the kabi.pl script to expect the namespace field last. Since split() ignores trailing empty fields and delimeters, switch to using tr to count how many fields/tabs are in a line. Also, in load_symvers(), pass LIMIT of -1 to split() so it does not strip trailing empty fields, as namespace is an optional field. - rpm/kernel-binary.spec.in: do not run klp-symbols for configs with no modules Starting with 5.8-rc1, s390x/zfcpdump builds fail because rpm/klp-symbols script does not find .tmp_versions directory. This is missing because s390x/zfcpdump is built without modules (CONFIG_MODULES disabled). As livepatching cannot work without modules, the cleanest solution is setting %klp_symbols to 0 if CONFIG_MODULES is disabled. (We cannot simply add another condition to the place where %klp_symbols is set as it can be already set to 1 from prjconf.) - rpm/kernel-binary.spec.in: restrict livepatch metapackage to default flavor It has been reported that the kernel-*-livepatch metapackage got erroneously enabled for SLE15-SP3's new -preempt flavor, leading to a unresolvable dependency to a non-existing kernel-livepatch-x.y.z-preempt package. As SLE12 and SLE12-SP1 have run out of livepatching support, the need to build said metapackage for the -xen flavor is gone and the only remaining flavor for which they're still wanted is -default. Restrict the build of the kernel-*-livepatch metapackage to the -default flavor. - rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup Co-Authored-By: Adam Spiers - rpm/kernel-obs-build.spec.in: Enable overlayfs Overlayfs is needed for podman or docker builds when no more specific driver can be used (like lvm or btrfs). As the default build fs is ext4 currently, we need overlayfs kernel modules to be available. - rpm/kernel-source.spec.in: Add obsolete_rebuilds (boo#1172073). - rpm/mkspec-dtb: add mt76 based dtb package - rpm/package-descriptions: garbege collection remove old ARM and Xen flavors. - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - s390, dcssblk: kaddr and pfn can be NULL to ->direct_access() (bsc#1174873). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - scripts/git_sort/git_sort.py: add bluetooth/bluetooth-next.git repository - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: smartpqi: add bay identifier (bsc#1172418). - scsi: smartpqi: add gigabyte controller (bsc#1172418). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: add inquiry timeouts (bsc#1172418). - scsi: smartpqi: add module param for exposure order (bsc#1172418). - scsi: smartpqi: add module param to hide vsep (bsc#1172418). - scsi: smartpqi: add new pci ids (bsc#1172418). - scsi: smartpqi: add pci ids for fiberhome controller (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: add sysfs entries (bsc#1172418). - scsi: smartpqi: Align driver syntax with oob (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: change TMF timeout from 60 to 30 seconds (bsc#1172418). - scsi: smartpqi: correct hang when deleting 32 lds (bsc#1172418). - scsi: smartpqi: correct REGNEWD return status (bsc#1172418). - scsi: smartpqi: correct syntax issue (bsc#1172418). - scsi: smartpqi: fix call trace in device discovery (bsc#1172418). - scsi: smartpqi: fix controller lockup observed during force reboot (bsc#1172418). - scsi: smartpqi: fix LUN reset when fw bkgnd thread is hung (bsc#1172418). - scsi: smartpqi: fix problem with unique ID for physical device (bsc#1172418). - scsi: smartpqi: identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask (bsc#1172418). - scsi: smartpqi: remove unused manifest constants (bsc#1172418). - scsi: smartpqi: Reporting unhandled SCSI errors (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update copyright (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: storvsc: Correctly set number of hardware queues for IDE disk (git-fixes). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - Set VIRTIO_CONSOLE=y (bsc#1175667). - sign also s390x kernel images (bsc#1163524) - soc: fsl: qbman: allow registering a device link for the portal user (bsc#1174550). - soc: fsl: qbman_portals: add APIs to retrieve the probing status (bsc#1174550). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: nxp-fspi: Ensure width is respected in spi-mem operations (bsc#1175421). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1175422). - spi: spi-mem: export spi_mem_default_supports_op() (bsc#1175421). - staging: fsl-dpaa2: ethsw: Add missing netdevice check (bsc#1175423). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - tty: serial: fsl_lpuart: add imx8qxp support (bsc#1175670). - tty: serial: fsl_lpuart: free IDs allocated by IDA (bsc#1175670). - Update patch reference for a tipc fix patch (bsc#1175515) - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - USB: iowarrior: fix up report size handling for some devices (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: cp210x: enable USB generic throttle/unthrottle (git-fixes). - USB: serial: cp210x: re-enable auto-RTS on open (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - USB: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - USB: serial: qcserial: add EM7305 QDL product ID (git-fixes). - USB: xhci: define IDs for various ASMedia host controllers (git-fixes). - USB: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - USB: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - USB: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - VFS: Check rename_lock in lookup_fast() (bsc#1174734). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - vt_compat_ioctl(): clean up, use compat_ptr() properly (git-fixes). - vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (bsc#1111666). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (bsc#1111666). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (bsc#1111666). - wl1251: fix always return 0 error (git-fixes). - x86/hyperv: Create and use Hyper-V page definitions (git-fixes). - x86/hyper-v: Fix overflow bug in fill_gva_list() (git-fixes). - x86/hyperv: Make hv_vcpu_is_preempted() visible (git-fixes). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xfrm: check id proto in validate_tmpl() (git-fixes). - xfrm: clean up xfrm protocol checks (git-fixes). - xfrm_user: uncoditionally validate esn replay attribute struct (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes). ----------------------------------------- Patch: SUSE-2020-2549 Released: Fri Sep 4 18:25:50 2020 Summary: Recommended update for OpenStack clients Severity: moderate References: 1121610,1174571,917818 Description: Updated OpenStack clients to the latest OpenStack release named Ussuri. ----------------------------------------- Patch: SUSE-2020-2551 Released: Fri Sep 4 18:29:31 2020 Summary: Optional update for meson Severity: low References: 1173025 Description: This update for meson doesn't fix any user visible issues, but fixes internal test cases only (bsc#1173025) ----------------------------------------- Patch: SUSE-2020-2556 Released: Mon Sep 7 14:31:43 2020 Summary: Recommended update for python3-azuremetadata Severity: moderate References: 1175609,1175610 Description: This update for python3-azuremetadata contains the following fix: - Fix provides directive (bsc#1175609, bsc#1175610) + The provides directive must set a version or update does not work as expected ----------------------------------------- Patch: SUSE-2020-2558 Released: Mon Sep 7 14:32:59 2020 Summary: Recommended update for tomcat Severity: moderate References: 1092163,1172562,1173103 Description: This update for tomcat fixes the following issues: - Fixed the package alternatives for tomcat-servlet-4_0-api to use /usr/share/java/servlet.jar instead of /usr/share/java/tomcat-servlet.jar - We kept /usr/share/java/tomcat-servlet.jar as a symlink for compatibility reasons (bsc#1092163) - Removed write permissions on several files and directories for the tomcat group (bsc#1172562) - Changed the tomcat.pid location from /var/run to /run (bsc#1173103) ----------------------------------------- Patch: SUSE-2020-2559 Released: Mon Sep 7 14:33:27 2020 Summary: Recommended update for xrdp Severity: moderate References: 1171415 Description: This update for xrdp fixes the following issue: - Fallback session to icewm when a selected desktop environment is not found (bsc#1171415) ----------------------------------------- Patch: SUSE-2020-2562 Released: Mon Sep 7 17:09:53 2020 Summary: Security update for go1.14 Severity: important References: 1164903,1169832,1170826,1172868,1174153,1174191,1174977,CVE-2020-14039,CVE-2020-15586,CVE-2020-16845 Description: This update for go1.14 fixes the following issues: - go1.14 was updated to version 1.14.7 - CVE-2020-16845: dUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (bsc#1174977). - go1.14.6 (released 2020-07-16) includes fixes to the go command, the compiler, the linker, vet, and the database/sql, encoding/json, net/http, reflect, and testing packages. Refs bsc#1164903 go1.14 release tracking Refs bsc#1174153 bsc#1174191 * go#39991 runtime: missing deferreturn on linux/ppc64le * go#39920 net/http: panic on misformed If-None-Match Header with http.ServeContent * go#39849 cmd/compile: internal compile error when using sync.Pool: mismatched zero/store sizes * go#39824 cmd/go: TestBuildIDContainsArchModeEnv/386 fails on linux/386 in Go 1.14 and 1.13, not 1.15 * go#39698 reflect: panic from malloc after MakeFunc function returns value that is also stored globally * go#39636 reflect: DeepEqual can return true for values that are not equal * go#39585 encoding/json: incorrect object key unmarshaling when using custom TextUnmarshaler as Key with string va lues * go#39562 cmd/compile/internal/ssa: TestNexting/dlv-dbg-hist failing on linux-386-longtest builder because it trie s to use an older version of dlv which only supports linux/amd64 * go#39308 testing: streaming output loses parallel subtest associations * go#39288 cmd/vet: update for new number formats * go#39101 database/sql: context cancellation allows statements to execute after rollback * go#38030 doc: BuildNameToCertificate deprecated in go 1.14 not mentioned in the release notes * go#40212 net/http: Expect 100-continue panics in httputil.ReverseProxy bsc#1174153 CVE-2020-15586 * go#40210 crypto/x509: Certificate.Verify method seemingly ignoring EKU requirements on Windows bsc#1174191 CVE-2020-14039 (Windows only) - Add patch to ensure /etc/hosts is used if /etc/nsswitch.conf is not present bsc#1172868 gh#golang/go#35305 ----------------------------------------- Patch: SUSE-2020-2567 Released: Tue Sep 8 12:03:33 2020 Summary: Recommended update for azure-li-services Severity: important References: Description: This update for azure-li-services fixes the following issues: - Update prometheus monitoring modules for the LI and VLI images for SLE15-SP1/SP2 and GA. (jsc#SLE-10545, jsc#SLE-10902, jsc#SLE-10903, jsc#ECO-817, jsc#ECO-818) ----------------------------------------- Patch: SUSE-2020-2568 Released: Tue Sep 8 13:55:56 2020 Summary: Optional update for iscsi-formula Severity: important References: Description: This update adds iscsi-formula to the SLES for SAP products. (jsc#ECO-2443, jsc#ECO-1965, jsc#SLE-4047) ----------------------------------------- Patch: SUSE-2020-2569 Released: Tue Sep 8 14:58:49 2020 Summary: Security update for libjpeg-turbo Severity: moderate References: 1172491,CVE-2020-13790 Description: This update for libjpeg-turbo fixes the following issues: - CVE-2020-13790: Fixed a heap-based buffer over-read via a malformed PPM input file (bsc#1172491). ----------------------------------------- Patch: SUSE-2020-2579 Released: Wed Sep 9 08:34:16 2020 Summary: Security update for the Linux Kernel Severity: important References: 1058115,1112178,1136666,1171558,1173060,1175691,1176069,CVE-2020-14386 Description: The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bugfixes. The following security bug was fixed: - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bugs were fixed: - EDAC: Fix reference count leaks (bsc#1112178). - KVM: SVM: fix svn_pin_memory()'s use of get_user_pages_fast() (bsc#1112178). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - sched/deadline: Initialize ->dl_boosted (bsc#1112178). - scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666). - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666). - scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666). - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bsc#1171558 bsc#1136666 bsc#1173060). - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666). - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666). - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666). - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666). - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666). - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1112178). - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1112178). - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). ----------------------------------------- Patch: SUSE-2020-2581 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Severity: moderate References: 1174154,CVE-2020-15719 Description: This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------- Patch: SUSE-2020-2593 Released: Thu Sep 10 13:56:09 2020 Summary: Recommended update for gtk3 Severity: moderate References: 1167951 Description: This update for gtk3 fixes the following issues: Update from version 3.24.14 to version 3.24.20 - Updated translations. - GtkMenu under X11 cannot work with touchscreen because it cannot handle touch events properly. (bsc#1167951) - GtkFileChooser: - Prevent selection changes after overwrite confirmation. - Don't grab focus to the sidebar on click. - Avoid a use-after-free in GtkFileSystemModel. - Fix some keynav issues. - Fix a crash. - Support selecting directories with a new enough file chooser portal. - GtkEmojiChooser: Remove blacklist. - GtkAboutDialog: Add more licenses. - GtkMenuButton: disable focus-on-click. - Adwaita: - Lower the contrast of checkboxes - Use tabular figures where appropriate. - Color tweaks for dark mode. - Improve rendering of rounded corners. - HighContrast: Export the same public colors as Adwaita - Derive the HighContrast and HighContrastInverse themes from Adwaita. - Wayland: - Fix more sizing regressions in Epiphany and LibreOffice menus and popups in general. - Fix firefox sizing problems. - Prevent Alt lingering after Alt-Tab. - Load compose sequences from ~/.Compose. - Fix a crash in the Wayland input method. - Fix problems with clipboard handling. - Fix a crash in the Wayland input method. - Support cursor scale of 400%. - Fix a crash in glade. - textview: Speed up tag handling. - css: Support font-feature-settings ----------------------------------------- Patch: SUSE-2020-2594 Released: Thu Sep 10 14:02:49 2020 Summary: Recommended update for clone-master-clean-up Severity: moderate References: 1174147 Description: This update for clone-master-clean-up fixes the following issues: - Cleanup salt client ID and 'osad' authentication configuration file and the system ID. (bsc#1174147) ----------------------------------------- Patch: SUSE-2020-2612 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Severity: moderate References: 1176179,CVE-2020-24977 Description: This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------- Patch: SUSE-2020-2616 Released: Mon Sep 14 10:34:31 2020 Summary: Recommended update for python-argparse-manpage Severity: low References: Description: This update for python-argparse-manpage fixes the following issues: - Made the multiline text look better ----------------------------------------- Patch: SUSE-2020-2630 Released: Mon Sep 14 18:26:03 2020 Summary: Recommended update for biosdevname Severity: moderate References: 1174491 Description: This update for biosdevname fixes the following issues: - Read DMI info rom sysfs. (bsc#1174491) A kernel with Secure Boot lockdown may prohibit reading the contents of /dev/mem, hence biosdevname fails. The recent kernel provides the DMI byte contents in /sys/firmware/dmi/tables/*. - Add buffer read helper using read explicitly. mmap can't work well with a sysfs file and it's required to read the contents explicitly via read, even if USE_MMAP is enabled. ----------------------------------------- Patch: SUSE-2020-2639 Released: Tue Sep 15 16:23:43 2020 Summary: Recommended update for realmd Severity: moderate References: 1175616 Description: This update for realmd fixes the following issue: - Fix pam misconfiguration. (bsc#1175616) ----------------------------------------- Patch: SUSE-2020-2646 Released: Wed Sep 16 12:07:28 2020 Summary: Security update for perl-DBI Severity: important References: 1176409,1176412,CVE-2020-14392,CVE-2020-14393 Description: This update for perl-DBI fixes the following issues: Security issues fixed: - CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412). - CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409). ----------------------------------------- Patch: SUSE-2020-2651 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Severity: moderate References: 1175811,1175830,1175831 Description: This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------- Patch: SUSE-2020-2655 Released: Wed Sep 16 14:44:27 2020 Summary: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin Severity: moderate References: 1174745,1175173,1175740,1175741 Description: This update for google-guest-agent, google-guest-configs, google-guest-oslogin contains the following fixes: - Update to version 20200819.00. (bsc#1175740, bsc#1175741) * handle oslogin enable/disable cases (#70). (bsc#1175173) * add README (#69) * Fix metric for addIPForwardEntry (#68) * Correctly determine default route index (#67) * oslogin: dont add entry to pam.d/su (#66) * end group.conf with newline (#64) * Add source field in googet spec (#59) * Set route to metadata on interface with default route (#47) * fix typo in boto.cfg (#62) - Properly handle enabling of systemd services when upgrading from the old google-compute-engine-init package (bsc#1174745) - Update to version 20200626.00. (bsc#1175740, bsc#1175741) * Updates the udev rules for local SSD disks. (#9) * Fix tx affinity logic when number of CPUs is above 32 (#6) - Switch udev requires to pkgconfig to allow the build service to use the -mini package for build optimization - Update to version 20200819.00. (bsc#1175740, bsc#1175741) * deny non-2fa users (#37) * use asterisks instead (#39) * set passwords to ! (#38) * correct index 0 bug (#36) * Support security key generated OTP challenges. (#35) - No post action for ssh ----------------------------------------- Patch: SUSE-2020-2657 Released: Wed Sep 16 14:45:07 2020 Summary: Recommended update for mutter Severity: moderate References: 1175559 Description: This update for mutter provides the following fixes: - Don't use libGLESv2.so but libGLESv2.so.2 for COGL driver. (bsc#1175559) - Update to version 3.34.6: + Fix various clipboard issues. + Fix locate-pointer feature interfering with keybindings. + Fix overview key on X11 when using multiple keyboard layouts. + Preserve keyboard state on VT switch. + Fixed crashes. + Plugged memory leaks. + Misc. bug fixes and cleanups. ----------------------------------------- Patch: SUSE-2020-2658 Released: Wed Sep 16 14:45:24 2020 Summary: Recommended update for build Severity: moderate References: 1170956,1172563,1174854 Description: This update for build fixes the following issues: - fix factory version in config file (bsc#1170956) - add missing ignores for Leap 15.2 (bsc#1174854) - fix sysrq handling for KVM builds - avoid double removal of obscpio files - docker: * support builds using USER root statements * proper error handling when obs-docker-support gets called as non-root * helm build target support * support milestone handling - support repo files without types set (SLE 15 SP2 zypp) - add default substitute for system-packages:repo-creation - Support recursive kiwi profile usage - fix dependencies for Fedora 33 - Set $YAML::XS::LoadBlessed = 0 for Appimage/Snapcraft - add a new variable to track build time needed for ccache eviction - create folder for ccache archive to be copied before rsync - also package pkg-config files by default into baselibs. (bsc#1172563) - Use shorter kernel flag for mitigations - Ignore, if shutdown behavior changed by build in z/VM - Control disk-space consumption while creating ccache archive - cleaning ccache - create folders before trying to copy ccache.tar - Generate .packages and .basepackages files for docker builds - enable sysrq operations on boot - Set kvm_serial_device to virtio-serial in the fixup - Split console arg setting code into kvm_add_console_args - Update for zVM to make container builds work. - Write to /proc/sys/kernel/hostname if the hostname command is not available - Use --cgroup-manager=cgroupfs when calling podman - Also squash by default in podman builds - Support different interpreters in prein/postin scriptlets - Use grep -E instead of egrep to check for the needsbinariesforbuild flag - Use new Build::Intrepo module - Add new Intrepo module to read/write build's internal repo format - remove .gz from _ccache archive as it is no longer compressed - Add support for Arch in build-recipe-kiwi - Autodetect whether to use --pipe option of systemd-nspawn. - Split parse_depfile() from readdeps() - enable compression on ccache - add bugzilla numbers for s390 workaround - extend --ccache to generate _ccache.tar.gz and implement --pkg-ccache - disable transparent_hugepage on s390x guests for now, causes hangs - set buildflavor also for Build::parse - Leap 15.2 config update (libzstd1 for rpm) - handle obscpio extraction error as fatal - Return correct exit code from systemd-nspawn build - Spec parser: do not parse included files from end to start - running disk full check also outside of VM - run disk full check only for chroot - Spec parser: add support for %elif, %elifarch, %elifos - Support rpm's %include statement (EXPERIMENTAL, known limitations) - Do not do vminstall expansion in expanddeps unless --vm is used - 15.2 config: preinstall gcrypt deps again - Recommends for Fedora based distros - support obsgendiff functionality - various smaller code cleanups - additional test cases for spec file parsing - various fixes for cornercases during spec file parsing - fix regression in && operator handling of rpm spec file parser - Correctly expand macros defined with %global - 15.2 config: temporary revert gcrypt preinstall until distro has changed - factory config: ignore libxtables for iproute2, not needed for ip tool - Follow upstream rpm changes in regard to logical ops - Fix macro expansion of lines containing newlines - add missing header file to avoid compile warnings - support OBS-Milestone comment for kiwi - switch to preinstall expansion for factory ----------------------------------------- Patch: SUSE-2020-2659 Released: Wed Sep 16 14:46:06 2020 Summary: Recommended update for openwsman Severity: moderate References: 1174541,1175631 Description: This update for openwsman fixes the following issues: - Don't crash if OpenSSL SSL context fails to initialize. (bsc#1175631) - Adapt to openssl 1.1.1. (bsc#1174541) ----------------------------------------- Patch: SUSE-2020-2667 Released: Thu Sep 17 14:46:50 2020 Summary: Recommended update for openssl-1_0_0 Severity: moderate References: 1175429 Description: This update for openssl-1_0_0 fixes the following issues: - Provide the same symbols as other distros in a compatible package. (bsc#1175429) - Add OPENSSL_1.0.1_EC symbol. (bsc#1175429) ----------------------------------------- Patch: SUSE-2020-2668 Released: Thu Sep 17 14:47:21 2020 Summary: Recommended update for PackageKit Severity: moderate References: 1169739 Description: This update for PackageKit provides the following fix: - zypp: Cleanup temporary files when PackageKit quits. (bsc#1169739) ----------------------------------------- Patch: SUSE-2020-2671 Released: Thu Sep 17 15:11:47 2020 Summary: Optional update for libxmlb Severity: low References: 1174848 Description: This update for libxmlb fixes the following issues: - libxmlb-devel was missing in the Desktop Applications module. This update adds it (bsc#1174848) ----------------------------------------- Patch: SUSE-2020-2676 Released: Thu Sep 17 23:48:03 2020 Summary: Recommended update for star Severity: moderate References: 1170726 Description: This update for star fixes the following issues: - Support backreferences for spax. (bsc#1170726) The subst command for pax now supports the \1, \2, ... escapes for \(...\) selections in the from pattern, like it is used by sed(1). ----------------------------------------- Patch: SUSE-2020-2685 Released: Fri Sep 18 17:56:57 2020 Summary: Recommended update for sapwmp Severity: moderate References: 1174002,1175458,1176264 Description: This update for sapwmp fixes the following issues: sapwmp was updated to version 0.1+git.1599582034.723ec7d: * RPM: Update documentation URL * supportconfig: Adjust for generic slice name * RPM: Migrate configuration from sap.slice to SAP.slice * All: Rename sap.slice to SAP.slice * RPM: Don't treat sap.slice as service (bsc#1176264) * calibration: Row oriented format * RPM: Require kernel fix for bsc#1174002 * calibration: Randomize time of sampling * cgroups: sap.slice has MemoryAccounting=yes (bsc#1175458) * supportconfig: Graceful handling of gone PIDs * Calibration: Make sure memory controller is enabled * RPM: Add better explanation of missing sapsys group ----------------------------------------- Patch: SUSE-2020-2689 Released: Mon Sep 21 10:56:11 2020 Summary: Security update for jasper Severity: moderate References: 1010979,1010980,1020451,1020456,1020458,1020460,1045450,1057152,1088278,1114498,1115637,1117328,1120805,1120807,CVE-2016-9398,CVE-2016-9399,CVE-2017-14132,CVE-2017-5499,CVE-2017-5503,CVE-2017-5504,CVE-2017-5505,CVE-2017-9782,CVE-2018-18873,CVE-2018-19139,CVE-2018-19543,CVE-2018-20570,CVE-2018-20622,CVE-2018-9252 Description: This update for jasper fixes the following issues: - CVE-2016-9398: Improved patch for already fixed issue (bsc#1010979). - CVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980). - CVE-2017-5499: Validate component depth bit (bsc#1020451). - CVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456). - CVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458). - CVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460). - CVE-2017-14132: Fix heap base overflow in by checking components (bsc#1057152). - CVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize (bsc#1088278). - CVE-2018-18873: Fix null pointer deref in ras_putdatastd (bsc#1114498). - CVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms (bsc#1115637). - CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup (bsc#1117328). - CVE-2018-20570: Fix heap based buffer over-read in jp2_encode (bsc#1120807). - CVE-2018-20622: Fix memory leak in jas_malloc.c (bsc#1120805). ----------------------------------------- Patch: SUSE-2020-2692 Released: Mon Sep 21 11:37:40 2020 Summary: Recommended update for crmsh Severity: moderate References: 1176178 Description: This update for crmsh fixes the following issues: - Fixes an issue when parallax shows an error by joining a node. (bsc#1176178) ----------------------------------------- Patch: SUSE-2020-2704 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Severity: moderate References: 1174079 Description: This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------- Patch: SUSE-2020-2706 Released: Tue Sep 22 15:08:19 2020 Summary: Recommended update for xorg-x11-server Severity: moderate References: 1176015 Description: This update for xorg-x11-server fixes the following issues: - fix crash in XWayland when undocking laptop. (bsc#1176015) - fix for XWayland abort in Present code. (bsc#1176015) - Import various fixes from 1.20 branch solving XWayland crashes. (bsc#1176015) ----------------------------------------- Patch: SUSE-2020-2709 Released: Tue Sep 22 15:35:58 2020 Summary: Recommended update for pdate to version 1.0.5 (bsc#1174791, bsc#1174937) Severity: low References: 1174791,1174937 Description: - Update to version 1.0.5 (bsc#1174791, bsc#1174937) + New configuration to switch to https only outgoing traffic + Use latest API to query the metadata server and send additional data ----------------------------------------- Patch: SUSE-2020-2710 Released: Tue Sep 22 17:06:19 2020 Summary: Security update for rubygem-actionpack-5_1 Severity: important References: 1172177,CVE-2020-8164 Description: This update for rubygem-actionpack-5_1 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. (bsc#1172177) ----------------------------------------- Patch: SUSE-2020-2712 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Severity: moderate References: 1175568,CVE-2020-8027 Description: This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------- Patch: SUSE-2020-2716 Released: Wed Sep 23 06:22:14 2020 Summary: Recommended update for freeradius-server Severity: moderate References: 1170505,1174905 Description: This update for freeradius-server fixes the following issues: - Fix permissions in logrotate config global section and let systemd start it properly. (bsc#1170505, bsc#1174905) ----------------------------------------- Patch: SUSE-2020-2717 Released: Wed Sep 23 06:23:56 2020 Summary: Recommended update for gdm Severity: moderate References: 1168515 Description: This update for gdm fixes the following issue: - Update udev rules to enable Wayland on Cirrus chipset. (bsc#1168515) ----------------------------------------- Patch: SUSE-2020-2729 Released: Wed Sep 23 16:00:48 2020 Summary: Security update for cifs-utils Severity: moderate References: 1152930,1174477,CVE-2020-14342 Description: This update for cifs-utils fixes the following issues: - CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs (bsc#1174477). - Fixed an invalid free in mount.cifs; (bsc#1152930). ----------------------------------------- Patch: SUSE-2020-2731 Released: Thu Sep 24 07:42:32 2020 Summary: Security update for conmon, fuse-overlayfs, libcontainers-common, podman Severity: moderate References: 1162432,1164090,1165738,1171578,1174075,1175821,1175957,CVE-2020-1726 Description: This update for conmon, fuse-overlayfs, libcontainers-common, podman fixes the following issues: podman was updated to v2.0.6 (bsc#1175821) - install missing systemd units for the new Rest API (bsc#1175957) and a few man-pages that where missing before - Drop varlink API related bits (in favor of the new API) - fix install location for zsh completions * Fixed a bug where running systemd in a container on a cgroups v1 system would fail. * Fixed a bug where /etc/passwd could be re-created every time a container is restarted if the container's /etc/passwd did not contain an entry for the user the container was started as. * Fixed a bug where containers without an /etc/passwd file specifying a non-root user would not start. * Fixed a bug where the --remote flag would sometimes not make remote connections and would instead attempt to run Podman locally. Update to v2.0.6: * Features - Rootless Podman will now add an entry to /etc/passwd for the user who ran Podman if run with --userns=keep-id. - The podman system connection command has been reworked to support multiple connections, and reenabled for use! - Podman now has a new global flag, --connection, to specify a connection to a remote Podman API instance. * Changes - Podman's automatic systemd integration (activated by the --systemd=true flag, set by default) will now activate for containers using /usr/local/sbin/init as their command, instead of just /usr/sbin/init and /sbin/init (and any path ending in systemd). - Seccomp profiles specified by the --security-opt seccomp=... flag to podman create and podman run will now be honored even if the container was created using --privileged. * Bugfixes - Fixed a bug where the podman play kube would not honor the hostIP field for port forwarding (#5964). - Fixed a bug where the podman generate systemd command would panic on an invalid restart policy being specified (#7271). - Fixed a bug where the podman images command could take a very long time (several minutes) to complete when a large number of images were present. - Fixed a bug where the podman logs command with the --tail flag would not work properly when a large amount of output would be printed ((#7230)[https://github.com//issues/7230]). - Fixed a bug where the podman exec command with remote Podman would not return a non-zero exit code when the exec session failed to start (e.g. invoking a non-existent command) (#6893). - Fixed a bug where the podman load command with remote Podman would did not honor user-specified tags (#7124). - Fixed a bug where the podman system service command, when run as a non-root user by Systemd, did not properly handle the Podman pause process and would not restart properly as a result (#7180). - Fixed a bug where the --publish flag to podman create, podman run, and podman pod create did not properly handle a host IP of 0.0.0.0 (attempting to bind to literal 0.0.0.0, instead of all IPs on the system) (#7104). - Fixed a bug where the podman start --attach command would not print the container's exit code when the command exited due to the container exiting. - Fixed a bug where the podman rm command with remote Podman would not remove volumes, even if the --volumes flag was specified (#7128). - Fixed a bug where the podman run command with remote Podman and the --rm flag could exit before the container was fully removed. - Fixed a bug where the --pod new:... flag to podman run and podman create would create a pod that did not share any namespaces. - Fixed a bug where the --preserve-fds flag to podman run and podman exec could close the wrong file descriptors while trying to close user-provided descriptors after passing them into the container. - Fixed a bug where default environment variables ($PATH and $TERM) were not set in containers when not provided by the image. - Fixed a bug where pod infra containers were not properly unmounted after exiting. - Fixed a bug where networks created with podman network create with an IPv6 subnet did not properly set an IPv6 default route. - Fixed a bug where the podman save command would not work properly when its output was piped to another command (#7017). - Fixed a bug where containers using a systemd init on a cgroups v1 system could leak mounts under /sys/fs/cgroup/systemd to the host. - Fixed a bug where podman build would not generate an event on completion (#7022). - Fixed a bug where the podman history command with remote Podman printed incorrect creation times for layers (#7122). - Fixed a bug where Podman would not create working directories specified by the container image if they did not exist. - Fixed a bug where Podman did not clear CMD from the container image if the user overrode ENTRYPOINT (#7115). - Fixed a bug where error parsing image names were not fully reported (part of the error message containing the exact issue was dropped). - Fixed a bug where the podman images command with remote Podman did not support printing image tags in Go templates supplied to the --format flag (#7123). - Fixed a bug where the podman rmi --force command would not attempt to unmount containers it was removing, which could cause a failure to remove the image. - Fixed a bug where the podman generate systemd --new command could incorrectly quote arguments to Podman that contained whitespace, leading to nonfunctional unit files (#7285). - Fixed a bug where the podman version command did not properly include build time and Git commit. - Fixed a bug where running systemd in a Podman container on a system that did not use the systemd cgroup manager would fail (#6734). - Fixed a bug where capabilities from --cap-add were not properly added when a container was started as a non-root user via --user. - Fixed a bug where Pod infra containers were not properly cleaned up when they stopped, causing networking issues (#7103). * API - Fixed a bug where the libpod and compat Build endpoints did not accept the application/tar content type (instead only accepting application/x-tar) (#7185). - Fixed a bug where the libpod Exists endpoint would attempt to write a second header in some error conditions (#7197). - Fixed a bug where compat and libpod Network Inspect and Network Remove endpoints would return a 500 instead of 404 when the requested network was not found. - Added a versioned _ping endpoint (e.g. http://localhost/v1.40/_ping). - Fixed a bug where containers started through a systemd-managed instance of the REST API would be shut down when podman system service shut down due to its idle timeout (#7294). - Added stronger parameter verification for the libpod Network Create endpoint to ensure subnet mask is a valid value. - The Pod URL parameter to the Libpod Container List endpoint has been deprecated; the information previously gated by the Pod boolean will now be included in the response unconditionally. - Change hard requires for AppArmor to Recommends. They are not needed for runtime or with SELinux but already installed if AppArmor is used [jsc#SMO-15] - Add BuildRequires for pkg-config(libselinux) to build with SELinux support [jsc#SMO-15] Update to v2.0.4 * Fixed a bug where the output of podman image search did not populate the Description field as it was mistakenly assigned to the ID field. * Fixed a bug where podman build - and podman build on an HTTP target would fail. * Fixed a bug where rootless Podman would improperly chown the copied-up contents of anonymous volumes (#7130). * Fixed a bug where Podman would sometimes HTML-escape special characters in its CLI output. * Fixed a bug where the podman start --attach --interactive command would print the container ID of the container attached to when exiting (#7068). * Fixed a bug where podman run --ipc=host --pid=host would only set --pid=host and not --ipc=host (#7100). * Fixed a bug where the --publish argument to podman run, podman create and podman pod create would not allow binding the same container port to more than one host port (#7062). * Fixed a bug where incorrect arguments to podman images --format could cause Podman to segfault. * Fixed a bug where podman rmi --force on an image ID with more than one name and at least one container using the image would not completely remove containers using the image (#7153). * Fixed a bug where memory usage in bytes and memory use percentage were swapped in the output of podman stats --format=json. * Fixed a bug where the libpod and compat events endpoints would fail if no filters were specified (#7078). * Fixed a bug where the CgroupVersion field in responses from the compat Info endpoint was prefixed by 'v' (instead of just being '1' or '2', as is documented). - Suggest katacontainers instead of recommending it. It's not enabled by default, so it's just bloat Update to v2.0.3 * Fix handling of entrypoint * log API: add context to allow for cancelling * fix API: Create container with an invalid configuration * Remove all instances of named return 'err' from Libpod * Fix: Correct connection counters for hijacked connections * Fix: Hijacking v2 endpoints to follow rfc 7230 semantics * Remove hijacked connections from active connections list * version/info: format: allow more json variants * Correctly print STDOUT on non-terminal remote exec * Fix container and pod create commands for remote create * Mask out /sys/dev to prevent information leak from the host * Ensure sig-proxy default is propagated in start * Add SystemdMode to inspect for containers * When determining systemd mode, use full command * Fix lint * Populate remaining unused fields in `pod inspect` * Include infra container information in `pod inspect` * play-kube: add suport for 'IfNotPresent' pull type * docs: user namespace can't be shared in pods * Fix 'Error: unrecognized protocol \'TCP\' in port mapping' * Error on rootless mac and ip addresses * Fix & add notes regarding problematic language in codebase * abi: set default umask and rlimits * Used reference package with errors for parsing tag * fix: system df error when an image has no name * Fix Generate API title/description * Add noop function disable-content-trust * fix play kube doesn't override dockerfile ENTRYPOINT * Support default profile for apparmor * Bump github.com/containers/common to v0.14.6 * events endpoint: backwards compat to old type * events endpoint: fix panic and race condition * Switch references from libpod.conf to containers.conf * podman.service: set type to simple * podman.service: set doc to podman-system-service * podman.service: use default registries.conf * podman.service: use default killmode * podman.service: remove stop timeout * systemd: symlink user->system * vendor golang.org/x/text@v0.3.3 * Fix a bug where --pids-limit was parsed incorrectly * search: allow wildcards * [CI:DOCS]Do not copy policy.json into gating image * Fix systemd pid 1 test * Cirrus: Rotate keys post repo. rename * The libpod.conf(5) man page got removed and all references are now pointing towards containers.conf(5), which will be part of the libcontainers-common package. Update to podman v2.0.2 * fix race condition in `libpod.GetEvents(...)` * Fix bug where `podman mount` didn't error as rootless * remove podman system connection * Fix imports to ensure v2 is used with libpod * Update release notes for v2.0.2 * specgen: fix order for setting rlimits * Ensure umask is set appropriately for 'system service' * generate systemd: improve pod-flags filter * Fix a bug with APIv2 compat network remove to log an ErrNetworkNotFound instead of nil * Fixes --remote flag issues * Pids-limit should only be set if the user set it * Set console mode for windows * Allow empty host port in --publish flag * Add a note on the APIs supported by `system service` * fix: Don't override entrypoint if it's `nil` * Set TMPDIR to /var/tmp by default if not set * test: add tests for --user and volumes * container: move volume chown after spec generation * libpod: volume copyup honors namespace mappings * Fix `system service` panic from early hangup in events * stop podman service in e2e tests * Print errors from individual containers in pods * auto-update: clarify systemd-unit requirements * podman ps truncate the command * move go module to v2 * Vendor containers/common v0.14.4 * Bump to imagebuilder v1.1.6 on v2 branch * Account for non-default port number in image name - Changes since v2.0.1 * Update release notes with further v2.0.1 changes * Fix inspect to display multiple label: changes * Set syslog for exit commands on log-level=debug * Friendly amendment for pr 6751 * podman run/create: support all transports * systemd generate: allow manual restart of container units in pods * Revert sending --remote flag to containers * Print port mappings in `ps` for ctrs sharing network * vendor github.com/containers/common@v0.14.3 * Update release notes for v2.0.1 * utils: drop default mapping when running uid!=0 * Set stop signal to 15 when not explicitly set * podman untag: error if tag doesn't exist * Reformat inspect network settings * APIv2: Return `StatusCreated` from volume creation * APIv2:fix: Remove `/json` from compat network EPs * Fix ssh-agent support * libpod: specify mappings to the storage * APIv2:doc: Fix swagger doc to refer to volumes * Add podman network to bash command completions * Fix typo in manpage for `podman auto update`. * Add JSON output field for ps * V2 podman system connection * image load: no args required * Re-add PODMAN_USERNS environment variable * Fix conflicts between privileged and other flags * Bump required go version to 1.13 * Add explicit command to alpine container in test case. * Use POLL_DURATION for timer * Stop following logs using timers * 'pod' was being truncated to 'po' in the names of the generated systemd unit files. * rootless_linux: improve error message * Fix podman build handling of --http-proxy flag * correct the absolute path of `rm` executable * Makefile: allow customizable GO_BUILD * Cirrus: Change DEST_BRANCH to v2.0 Update to podman v2.0.0 * The `podman generate systemd` command now supports the `--new` flag when used with pods, allowing portable services for pods to be created. * The `podman play kube` command now supports running Kubernetes Deployment YAML. * The `podman exec` command now supports the `--detach` flag to run commands in the container in the background. * The `-p` flag to `podman run` and `podman create` now supports forwarding ports to IPv6 addresses. * The `podman run`, `podman create` and `podman pod create` command now support a `--replace` flag to remove and replace any existing container (or, for `pod create`, pod) with the same name * The `--restart-policy` flag to `podman run` and `podman create` now supports the `unless-stopped` restart policy. * The `--log-driver` flag to `podman run` and `podman create` now supports the `none` driver, which does not log the container's output. * The `--mount` flag to `podman run` and `podman create` now accepts `readonly` option as an alias to `ro`. * The `podman generate systemd` command now supports the `--container-prefix`, `--pod-prefix`, and `--separator` arguments to control the name of generated unit files. * The `podman network ls` command now supports the `--filter` flag to filter results. * The `podman auto-update` command now supports specifying an authfile to use when pulling new images on a per-container basis using the `io.containers.autoupdate.authfile` label. * Fixed a bug where the `podman exec` command would log to journald when run in containers loggined to journald ([#6555](https://github.com/containers/libpod/issues/6555)). * Fixed a bug where the `podman auto-update` command would not preserve the OS and architecture of the original image when pulling a replacement ([#6613](https://github.com/containers/libpod/issues/6613)). * Fixed a bug where the `podman cp` command could create an extra `merged` directory when copying into an existing directory ([#6596](https://github.com/containers/libpod/issues/6596)). * Fixed a bug where the `podman pod stats` command would crash on pods run with `--network=host` ([#5652](https://github.com/containers/libpod/issues/5652)). * Fixed a bug where containers logs written to journald did not include the name of the container. * Fixed a bug where the `podman network inspect` and `podman network rm` commands did not properly handle non-default CNI configuration paths ([#6212](https://github.com/containers/libpod/issues/6212)). * Fixed a bug where Podman did not properly remove containers when using the Kata containers OCI runtime. * Fixed a bug where `podman inspect` would sometimes incorrectly report the network mode of containers started with `--net=none`. * Podman is now better able to deal with cases where `conmon` is killed before the container it is monitoring. Update to podman v1.9.3: * Fixed a bug where, on FIPS enabled hosts, FIPS mode secrets were not properly mounted into containers * Fixed a bug where builds run over Varlink would hang * Fixed a bug where podman save would fail when the target image was specified by digest * Fixed a bug where rootless containers with ports forwarded to them could panic and dump core due to a concurrency issue (#6018) * Fixed a bug where rootless Podman could race when opening the rootless user namespace, resulting in commands failing to run * Fixed a bug where HTTP proxy environment variables forwarded into the container by the --http-proxy flag could not be overridden by --env or --env-file * Fixed a bug where rootless Podman was setting resource limits on cgroups v2 systems that were not using systemd-managed cgroups (and thus did not support resource limits), resulting in containers failing to start Update podman to v1.9.1: * Bugfixes - Fixed a bug where healthchecks could become nonfunctional if container log paths were manually set with --log-path and multiple container logs were placed in the same directory - Fixed a bug where rootless Podman could, when using an older libpod.conf, print numerous warning messages about an invalid CGroup manager config - Fixed a bug where rootless Podman would sometimes fail to close the rootless user namespace when joining it Update podman to v1.9.0: * Features - Experimental support has been added for podman run --userns=auto, which automatically allocates a unique UID and GID range for the new container's user namespace - The podman play kube command now has a --network flag to place the created pod in one or more CNI networks - The podman commit command now supports an --iidfile flag to write the ID of the committed image to a file - Initial support for the new containers.conf configuration file has been added. containers.conf allows for much more detailed configuration of some Podman functionality * Changes - There has been a major cleanup of the podman info command resulting in breaking changes. Many fields have been renamed to better suit usage with APIv2 - All uses of the --timeout flag have been switched to prefer the alternative --time. The --timeout flag will continue to work, but man pages and --help will use the --time flag instead * Bugfixes - Fixed a bug where some volume mounts from the host would sometimes not properly determine the flags they should use when mounting - Fixed a bug where Podman was not propagating $PATH to Conmon and the OCI runtime, causing issues for some OCI runtimes that required it - Fixed a bug where rootless Podman would print error messages about missing support for systemd cgroups when run in a container with no cgroup support - Fixed a bug where podman play kube would not properly handle container-only port mappings (#5610) - Fixed a bug where the podman container prune command was not pruning containers in the created and configured states - Fixed a bug where Podman was not properly removing CNI IP address allocations after a reboot (#5433) - Fixed a bug where Podman was not properly applying the default Seccomp profile when --security-opt was not given at the command line * HTTP API - Many Libpod API endpoints have been added, including Changes, Checkpoint, Init, and Restore - Resolved issues where the podman system service command would time out and exit while there were still active connections - Stability overall has greatly improved as we prepare the API for a beta release soon with Podman 2.0 * Misc - The default infra image for pods has been upgraded to k8s.gcr.io/pause:3.2 (from 3.1) to address a bug in the architecture metadata for non-AMD64 images - The slirp4netns networking utility in rootless Podman now uses Seccomp filtering where available for improved security - Updated Buildah to v1.14.8 - Updated containers/storage to v1.18.2 - Updated containers/image to v5.4.3 - Updated containers/common to v0.8.1 - Add 'systemd' BUILDFLAGS to build with support for journald logging (bsc#1162432) Update podman to v1.8.2: * Features - Initial support for automatically updating containers managed via Systemd unit files has been merged. This allows containers to automatically upgrade if a newer version of their image becomes available * Bugfixes - Fixed a bug where unit files generated by podman generate systemd --new would not force containers to detach, causing the unit to time out when trying to start - Fixed a bug where podman system reset could delete important system directories if run as rootless on installations created by older Podman (#4831) - Fixed a bug where image built by podman build would not properly set the OS and Architecture they were built with (#5503) - Fixed a bug where attached podman run with --sig-proxy enabled (the default), when built with Go 1.14, would repeatedly send signal 23 to the process in the container and could generate errors when the container stopped (#5483) - Fixed a bug where rootless podman run commands could hang when forwarding ports - Fixed a bug where rootless Podman would not work when /proc was mounted with the hidepid option set - Fixed a bug where the podman system service command would use large amounts of CPU when --timeout was set to 0 (#5531) * HTTP API - Initial support for Libpod endpoints related to creating and operating on image manifest lists has been added - The Libpod Healthcheck and Events API endpoints are now supported - The Swagger endpoint can now handle cases where no Swagger documentation has been generated Update podman to v1.8.1: * Features - Many networking-related flags have been added to podman pod create to enable customization of pod networks, including --add-host, --dns, --dns-opt, --dns-search, --ip, --mac-address, --network, and --no-hosts - The podman ps --format=json command now includes the ID of the image containers were created with - The podman run and podman create commands now feature an --rmi flag to remove the image the container was using after it exits (if no other containers are using said image) ([#4628](https://github.com/containers/libpod/issues/4628)) - The podman create and podman run commands now support the --device-cgroup-rule flag (#4876) - While the HTTP API remains in alpha, many fixes and additions have landed. These are documented in a separate subsection below - The podman create and podman run commands now feature a --no-healthcheck flag to disable healthchecks for a container (#5299) - Containers now recognize the io.containers.capabilities label, which specifies a list of capabilities required by the image to run. These capabilities will be used as long as they are more restrictive than the default capabilities used - YAML produced by the podman generate kube command now includes SELinux configuration passed into the container via --security-opt label=... (#4950) * Bugfixes - Fixed CVE-2020-1726, a security issue where volumes manually populated before first being mounted into a container could have those contents overwritten on first being mounted into a container - Fixed a bug where Podman containers with user namespaces in CNI networks with the DNS plugin enabled would not have the DNS plugin's nameserver added to their resolv.conf ([#5256](https://github.com/containers/libpod/issues/5256)) - Fixed a bug where trailing / characters in image volume definitions could cause them to not be overridden by a user-specified mount at the same location ([#5219](https://github.com/containers/libpod/issues/5219)) - Fixed a bug where the label option in libpod.conf, used to disable SELinux by default, was not being respected (#5087) - Fixed a bug where the podman login and podman logout commands required the registry to log into be specified (#5146) - Fixed a bug where detached rootless Podman containers could not forward ports (#5167) - Fixed a bug where rootless Podman could fail to run if the pause process had died - Fixed a bug where Podman ignored labels that were specified with only a key and no value (#3854) - Fixed a bug where Podman would fail to create named volumes when the backing filesystem did not support SELinux labelling (#5200) - Fixed a bug where --detach-keys='' would not disable detaching from a container (#5166) - Fixed a bug where the podman ps command was too aggressive when filtering containers and would force --all on in too many situations - Fixed a bug where the podman play kube command was ignoring image configuration, including volumes, working directory, labels, and stop signal (#5174) - Fixed a bug where the Created and CreatedTime fields in podman images --format=json were misnamed, which also broke Go template output for those fields ([#5110](https://github.com/containers/libpod/issues/5110)) - Fixed a bug where rootless Podman containers with ports forwarded could hang when started (#5182) - Fixed a bug where podman pull could fail to parse registry names including port numbers - Fixed a bug where Podman would incorrectly attempt to validate image OS and architecture when starting containers - Fixed a bug where Bash completion for podman build -f would not list available files that could be built (#3878) - Fixed a bug where podman commit --change would perform incorrect validation, resulting in valid changes being rejected (#5148) - Fixed a bug where podman logs --tail could take large amounts of memory when the log file for a container was large (#5131) - Fixed a bug where Podman would sometimes incorrectly generate firewall rules on systems using firewalld - Fixed a bug where the podman inspect command would not display network information for containers properly if a container joined multiple CNI networks ([#4907](https://github.com/containers/libpod/issues/4907)) - Fixed a bug where the --uts flag to podman create and podman run would only allow specifying containers by full ID (#5289) - Fixed a bug where rootless Podman could segfault when passed a large number of file descriptors - Fixed a bug where the podman port command was incorrectly interpreting additional arguments as container names, instead of port numbers - Fixed a bug where units created by podman generate systemd did not depend on network targets, and so could start before the system network was ready (#4130) - Fixed a bug where exec sessions in containers which did not specify a user would not inherit supplemental groups added to the container via --group-add - Fixed a bug where Podman would not respect the $TMPDIR environment variable for placing large temporary files during some operations (e.g. podman pull) ([#5411](https://github.com/containers/libpod/issues/5411)) * HTTP API - Initial support for secure connections to servers via SSH tunneling has been added - Initial support for the libpod create and logs endpoints for containers has been added - Added a /swagger/ endpoint to serve API documentation - The json endpoint for containers has received many fixes - Filtering images and containers has been greatly improved, with many bugs fixed and documentation improved - Image creation endpoints (commit, pull, etc) have seen many fixes - Server timeout has been fixed so that long operations will no longer trigger the timeout and shut the server down - The stats endpoint for containers has seen major fixes and now provides accurate output - Handling the HTTP 304 status code has been fixed for all endpoints - Many fixes have been made to API documentation to ensure it matches the code * Misc - The Created field to podman images --format=json has been renamed to CreatedSince as part of the fix for (#5110). Go templates using the old name shou ld still work - The CreatedTime field to podman images --format=json has been renamed to CreatedAt as part of the fix for (#5110). Go templates using the old name should still work - The before filter to podman images has been renamed to since for Docker compatibility. Using before will still work, but documentation has been changed to use the new since filter - Using the --password flag to podman login now warns that passwords are being passed in plaintext - Some common cases where Podman would deadlock have been fixed to warn the user that podman system renumber must be run to resolve the deadlock - Configure br_netfilter for podman automatically (bsc#1165738) The trigger is only excuted when updating podman-cni-config while the command was running conmon was update to v2.0.20 (bsc#1175821) - journald: fix logging container name - container logging: Implement none driver - 'off', 'null' or 'none' all work. - ctrl: warn if we fail to unlink - Drop fsync calls - Reap PIDs before running exit command - Fix log path parsing - Add --sync option to prevent conmon from double forking - Add --no-sync-log option to instruct conmon to not sync the logs of the containers upon shutting down. This feature fixes a regression where we unconditionally dropped the log sync. It is possible the container logs could be corrupted on a sudden power-off. If you need container logs to remain in consistent state after a sudden shutdown, please update from v2.0.19 to v2.0.20 - Update to v2.0.17: - Add option to delay execution of exit command - Update to v2.0.16: - tty: flush pending data when fd is ready - Enable support for journald logging (bsc#1162432) - Update to v2.0.15: - store status while waiting for pid - Update to v2.0.14: - drop usage of splice(2) - avoid hanging on stdin - stdio: sometimes quit main loop after io is done - ignore sigpipe - Update to v2.0.12 - oom: fix potential race between verification steps - Update to v2.0.11 - log: reject --log-tag with k8s-file - chmod std files pipes - adjust score to -1000 to prevent conmon from ever being OOM killed - container OOM: verify cgroup hasn't been cleaned up before reporting OOM - journal logging: write to /dev/null instead of -1 fuse-overlayfs was updated to 1.1.2 (bsc#1175821): - fix memory leak when creating whiteout files. - fix lookup for overflow uid when it is different than the overflow gid. - use openat2(2) when available. - accept 'ro' as mount option. - fix set mtime for a symlink. - fix some issues reported by static analysis. - fix potential infinite loop on a short read. - fix creating a directory if the destination already exists in the upper layer. - report correctly the number of links for a directory also for subsequent stat calls - stop looking up the ino in the lower layers if the file could not be opened - make sure the destination is deleted before doing a rename(2). It prevents a left over directory to cause delete to fail with EEXIST. - honor --debug. libcontainers-common was updated to fix: - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Added containers/common tarball for containers.conf(5) man page - Install containers.conf default configuration in /usr/share/containers - libpod repository on github got renamed to podman - Update to image 5.5.1 - Add documentation for credHelpera - Add defaults for using the rootless policy path - Update libpod/podman to 2.0.3 - docs: user namespace can't be shared in pods - Switch references from libpod.conf to containers.conf - Allow empty host port in --publish flag - update document login see config.json as valid - Update storage to 1.20.2 - Add back skip_mount_home - Remove remaining difference between SLE and openSUSE package and ship the some mounts.conf default configuration on both platforms. As the sources for the mount point do not exist on openSUSE by default this config will basically have no effect on openSUSE. (jsc#SLE-12122, bsc#1175821) - Update to image 5.4.4 - Remove registries.conf VERSION 2 references from man page - Intial authfile man page - Add $HOME/.config/containers/certs.d to perHostCertDirPath - Add $HOME/.config/containers/registries.conf to config path - registries.conf.d: add stances for the registries.conf - update to libpod 1.9.3 - userns: support --userns=auto - Switch to using --time as opposed to --timeout to better match Docker - Add support for specifying CNI networks in podman play kube - man pages: fix inconsistencies - Update to storage 1.19.1 - userns: add support for auto - store: change the default user to containers - config: honor XDG_CONFIG_HOME - Remove the /var/lib/ca-certificates/pem/SUSE.pem workaround again. It never ended up in SLES and a different way to fix the underlying problem is being worked on. - Add registry.opensuse.org as default registry [bsc#1171578] - Add /var/lib/ca-certificates/pem/SUSE.pem to the SLES mounts. This for making container-suseconnect working in the public cloud on-demand images. It needs that file for being able to verify the server certificates of the RMT servers hosted in the public cloud. (https://github.com/SUSE/container-suseconnect/issues/41) ----------------------------------------- Patch: SUSE-2020-2735 Released: Thu Sep 24 13:32:25 2020 Summary: Recommended update for systemd-rpm-macros Severity: moderate References: 1173034 Description: This update for systemd-rpm-macros fixes the following issues: - Introduce macro '%service_del_postun_without_restart' to resolve blocking new releases based on this. (bsc#1173034) ----------------------------------------- Patch: SUSE-2020-2739 Released: Thu Sep 24 15:05:34 2020 Summary: Recommended update for gnote Severity: moderate References: 1075342 Description: This update for gnote fixes the following issues: - Fix for newly enabled plugin 'Export to HTML' as it is not responding by selection. (bsc#1075342) ----------------------------------------- Patch: SUSE-2020-2742 Released: Thu Sep 24 17:54:54 2020 Summary: Security update for libqt5-qtbase Severity: important References: 1172515,1176315,CVE-2020-17507 Description: This update for libqt5-qtbase fixes the following issues: - CVE-2020-17507: Fixed a buffer overflow in XBM parser (bsc#1176315) - Fixed various issues discovered by fuzzing: - Made handling of XDG_RUNTIME_DIR more secure (bsc#1172515): ----------------------------------------- Patch: SUSE-2020-2744 Released: Thu Sep 24 17:56:23 2020 Summary: Security update for tiff Severity: moderate References: 1146608,CVE-2019-14973 Description: This update for tiff fixes the following issues: - CVE-2019-14973: Fixed an improper check which was depended on the compiler which could have led to integer overflow (bsc#1146608). ----------------------------------------- Patch: SUSE-2020-2745 Released: Fri Sep 25 06:12:01 2020 Summary: Recommended update for crmsh Severity: moderate References: 1148873,1176441 Description: This update for crmsh fixes the following issues: - Fixed an issue when 'hb_report' does not collect data from archived logs. (bsc#1148873, bsc#1176441) ----------------------------------------- Patch: SUSE-2020-2749 Released: Fri Sep 25 11:10:33 2020 Summary: Security update for MozillaFirefox Severity: important References: 1167976,1173986,1173991,1174284,1174420,1175686,1176756,CVE-2020-15663,CVE-2020-15664,CVE-2020-15670,CVE-2020-15673,CVE-2020-15676,CVE-2020-15677,CVE-2020-15678 Description: This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43) - CVE-2020-15677: Download origin spoofing via redirect - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a contenteditable element - CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario - CVE-2020-15673: Fixed memory safety bugs - Enhance fix for wayland-detection (bsc#1174420) - Attempt to fix langpack-parallelization by introducing separate obj-dirs for each lang (bsc#1173986, bsc#1167976) - Firefox was updated to 78.2.0 ESR (bsc#1175686, MFSA 2020-38) - CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege - CVE-2020-15664: Attacker-induced prompt for extension installation - CVE-2020-15670: Fixed memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 - Fixed Firefox tab crash in FIPS mode (bsc#1174284). - Fixed broken translation-loading (bsc#1173991) - allow addon sideloading - mark signatures for langpacks non-mandatory - do not autodisable user profile scopes - Google API key is not usable for geolocation service any more ----------------------------------------- Patch: SUSE-2020-2757 Released: Fri Sep 25 19:45:40 2020 Summary: Recommended update for nfs-utils Severity: moderate References: 1173104 Description: This update for nfs-utils fixes the following issue: - Some scripts are requiring Python2 while it is not installed by default and they can work with Python3. (bsc#1173104) ----------------------------------------- Patch: SUSE-2020-2758 Released: Fri Sep 25 19:46:16 2020 Summary: Optional update for pyzy Severity: low References: Description: This update for pyzy doesn't fix any user visible issues, but improves the building of the package from its source. ----------------------------------------- Patch: SUSE-2020-2761 Released: Mon Sep 28 09:24:39 2020 Summary: Security update for go1.14 Severity: moderate References: 1164903,1176031,CVE-2020-24553 Description: This update for go1.14 fixes the following issues: - go1.14.9 (released 2020-09-09) includes fixes to the compiler, linker, runtime, documentation, and the net/http and testing packages. Refs bsc#1164903 go1.14 release tracking * go#41192 net/http/fcgi: race detected during execution of TestResponseWriterSniffsContentType test * go#41016 net/http: Transport.CancelRequest no longer cancels in-flight request * go#40973 net/http: RoundTrip unexpectedly changes Request * go#40968 runtime: checkptr incorrectly -race flagging when using &^ arithmetic * go#40938 cmd/compile: R12 can be clobbered for write barrier call on PPC64 * go#40848 testing: '=== PAUSE' lines do not change the test name for the next log line * go#40797 cmd/compile: inline marker targets not reachable after assembly on arm * go#40766 cmd/compile: inline marker targets not reachable after assembly on ppc64x * go#40501 cmd/compile: for range loop reading past slice end * go#40411 runtime: Windows service lifecycle events behave incorrectly when called within a golang environment * go#40398 runtime: fatal error: checkdead: runnable g * go#40192 runtime: pageAlloc.searchAddr may point to unmapped memory in discontiguous heaps, violating its invariant * go#39955 cmd/link: incorrect GC bitmap when global's type is in another shared object * go#39690 cmd/compile: s390x floating point <-> integer conversions clobbering the condition code * go#39279 net/http: Re-connect with upgraded HTTP2 connection fails to send Request.body * go#38904 doc: include fix for #34437 in Go 1.14 release notes - go1.14.8 (released 2020-09-01) includes security fixes to the net/http/cgi and net/http/fcgi packages. CVE-2020-24553 Refs bsc#1164903 go1.14 release tracking * bsc#1176031 CVE-2020-24553 * go#41164 net/http/cgi,net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified ----------------------------------------- Patch: SUSE-2020-2773 Released: Tue Sep 29 08:15:31 2020 Summary: Recommended update for python3-susepubliccloudinfo Severity: moderate References: 1176102,1176103 Description: This update for python3-susepubliccloudinfo contains the following fixes: - Update to version 1.2.2: (bsc#1176102, bsc#1176103) + Support query for providers/frameworks, regions, and image states. ----------------------------------------- Patch: SUSE-2020-2782 Released: Tue Sep 29 11:40:22 2020 Summary: Recommended update for systemd-rpm-macros Severity: important References: 1176932 Description: This update for systemd-rpm-macros fixes the following issues: - Backport missing macros of directory paths from upstream + %_environmentdir + %_modulesloaddir + %_modprobedir - Make sure %_restart_on_update_never and %_stop_on_removal_never don't expand to the empty string. (bsc#1176932) Otherwise sequences like the following code: if [ ... ]; then %_restart_on_update_never fi would result in the following incorrect shell syntax: if [ ... ]; then fi ----------------------------------------- Patch: SUSE-2020-2613 Released: Tue Sep 29 14:06:01 2020 Summary: Recommended update for certification-sles-eal4, installation-images, patterns-certification, system-role-common-criteria Severity: moderate References: 1172898,1176112 Description: This update for certification-sles-eal4, installation-images, patterns-certification, system-role-common-criteria fixes the following issues: This updates provided various packages required for Common Criteria certification. certification-sles-eal4: - This package contains setup scripts that are used after installation of a common criteria system role. patterns-certification: - This package contains the packages to be installed. system-role-common-criteria: - This system role is used in the installer to be select and enable the Common Critera installation role. ----------------------------------------- Patch: SUSE-2020-2796 Released: Tue Sep 29 14:30:55 2020 Summary: Recommended update for hyper-v Severity: moderate References: 1116957 Description: This update for hyper-v fixes the following issues: - Fixes an issue when hyper-v services not running after booting from SLES12SP3 ISO. (bsc#1116957) ----------------------------------------- Patch: SUSE-2020-2799 Released: Wed Sep 30 07:51:02 2020 Summary: Recommended update for gnome-tweaks Severity: moderate References: 1162080 Description: This update for gnome-tweaks fixes the following issues: - Fix for Gnome-tweaks as titlebar starts flickering when setting button placement to left. (bsc#1162080, glgo#GNOME/gnome-tweaks#245) ----------------------------------------- Patch: SUSE-2020-2804 Released: Wed Sep 30 11:43:16 2020 Summary: Recommended update for xiterm Severity: moderate References: 1158271 Description: This update for xiterm fixes the following issues: - Fix for not enabled application keypad mode. (bsc#1158271) ----------------------------------------- Patch: SUSE-2020-2811 Released: Thu Oct 1 09:19:57 2020 Summary: Optional update for adding Grafana dashboards to SLES for SAP Severity: moderate References: Description: This update adds grafana-ha-cluster-dashboards, grafana-sap-hana-dashboards, grafana-sap-netweaver-dashboards, grafana-sap-providers to SLES for SAP (jsc#ECO-2237) grafana-ha-cluster-dashboards: - Release 1.0.2 * update title and description * fixed datasource variable initialization * minor Grafana 7 compatibility fixes * use recommends instead of requires on grafana (jsc#SLE-10545) grafana-sap-providers: - First release grafana-sap-hana-dashboards: - Release 1.0.1 * Remove 'detail' word from file names for simplicity * Update title and description grafana-sap-netweaver-dashboards: - Release 1.0.1 * Update schema to Grafana 7 * Update title and description ----------------------------------------- Patch: SUSE-2020-2813 Released: Thu Oct 1 09:55:07 2020 Summary: Security update for nodejs12 Severity: important References: 1172686,1173937,1176589,1176605,CVE-2020-15095,CVE-2020-8201,CVE-2020-8252 Description: This update for nodejs12 fixes the following issues: - nodejs12 was updated to 12.18.4 LTS: - CVE-2020-8201: Fixed an HTTP Request Smuggling due to CR-to-Hyphen conversion (bsc#1176605). - CVE-2020-8252: Fixed a buffer overflow in realpath (bsc#1176589). - CVE-2020-15095: Fixed an information leak through log files (bsc#1173937). - Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation on Aarch64 with gcc10 (bsc#1172686) ----------------------------------------- Patch: SUSE-2020-2819 Released: Thu Oct 1 10:39:16 2020 Summary: Recommended update for libzypp, zypper Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 Description: This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------- Patch: SUSE-2020-2825 Released: Fri Oct 2 08:44:28 2020 Summary: Recommended update for suse-build-key Severity: moderate References: 1170347,1176759 Description: This update for suse-build-key fixes the following issues: - The SUSE Notary Container key is different from the build signing key, include this key instead as suse-container-key. (PM-1845 bsc#1170347) - The SUSE build key for SUSE Linux Enterprise 12 and 15 is extended by 4 more years. (bsc#1176759) ----------------------------------------- Patch: SUSE-2020-2828 Released: Fri Oct 2 10:33:22 2020 Summary: Security update for perl-DBI Severity: important References: 1176764,CVE-2019-20919 Description: This update for perl-DBI fixes the following issues: - CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764). ----------------------------------------- Patch: SUSE-2020-2842 Released: Fri Oct 2 12:17:55 2020 Summary: Recommended update for golang-github-prometheus-node_exporter Severity: moderate References: 1151557 Description: This update for golang-github-prometheus-node_exporter fixes the following issues: - Add missing sysconfig file in rpm bsc#1151557 - Changes from 1.0.1 * Changes to build specification + Modify spec: update golang version to 1.14 + Remove update tarball script + Add _service file to allow for updates via `osc service disabledrun` * Bug fixes + [BUGFIX] filesystem_freebsd: Fix label values #1728 + [BUGFIX] Update prometheus/procfs to fix log noise #1735 + [BUGFIX] Fix build tags for collectors #1745 + [BUGFIX] Handle no data from powersupplyclass #1747, #1749 - Changes from 1.0.0 * Bug fixes + [BUGFIX] Read /proc/net files with a single read syscall #1380 + [BUGFIX] Renamed label state to name on node_systemd_service_restart_total. #1393 + [BUGFIX] Fix netdev nil reference on Darwin #1414 + [BUGFIX] Strip path.rootfs from mountpoint labels #1421 + [BUGFIX] Fix seconds reported by schedstat #1426 + [BUGFIX] Fix empty string in path.rootfs #1464 + [BUGFIX] Fix typo in cpufreq metric names #1510 + [BUGFIX] Read /proc/stat in one syscall #1538 + [BUGFIX] Fix OpenBSD cache memory information #1542 + [BUGFIX] Refactor textfile collector to avoid looping defer #1549 + [BUGFIX] Fix network speed math #1580 + [BUGFIX] collector/systemd: use regexp to extract systemd version #1647 + [BUGFIX] Fix initialization in perf collector when using multiple CPUs #1665 + [BUGFIX] Fix accidentally empty lines in meminfo_linux #1671 * Several enhancements + See https://github.com/prometheus/node_exporter/releases/tag/v1.0.0 - Changes from 1.0.0-rc.0 Breaking changes * The netdev collector CLI argument --collector.netdev.ignored-devices was renamed to --collector.netdev.device-blacklist in order to conform with the systemd collector. #1279 * The label named state on node_systemd_service_restart_total metrics was changed to name to better describe the metric. #1393 * Refactoring of the mdadm collector changes several metrics node_md_disks_active is removed node_md_disks now has a state label for 'fail', 'spare', 'active' disks. node_md_is_active is replaced by node_md_state with a state set of 'active', 'inactive', 'recovering', 'resync'. * Additional label mountaddr added to NFS device metrics to distinguish mounts from the same URL, but different IP addresses. #1417 * Metrics node_cpu_scaling_frequency_min_hrts and node_cpu_scaling_frequency_max_hrts of the cpufreq collector were renamed to node_cpu_scaling_frequency_min_hertz and node_cpu_scaling_frequency_max_hertz. #1510 * Collectors that are enabled, but are unable to find data to collect, now return 0 for node_scrape_collector_success. ----------------------------------------- Patch: SUSE-2020-2850 Released: Fri Oct 2 12:26:03 2020 Summary: Recommended update for lvm2 Severity: moderate References: 1175110 Description: This update for lvm2 fixes the following issues: - Fixed an issue when the hot spares in LVM not added automatically. (bsc#1175110) ----------------------------------------- Patch: SUSE-2020-2852 Released: Fri Oct 2 16:55:39 2020 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1173470,1175844 Description: This update for openssl-1_1 fixes the following issues: FIPS: * Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470). * Add shared secret KAT to FIPS DH selftest (bsc#1175844). ----------------------------------------- Patch: SUSE-2020-2854 Released: Mon Oct 5 06:53:24 2020 Summary: Recommended update for libdlm Severity: moderate References: 1121380,1175812 Description: This update for libdlm fixes the following issues: - Add dependency relationship between 'libdlm' and 'dlm-kmp'. (bsc#1121380) - Add notes in 'dlm.conf' man page. (bsc#1175812) ----------------------------------------- Patch: SUSE-2020-2863 Released: Tue Oct 6 09:28:41 2020 Summary: Recommended update for efivar Severity: moderate References: 1175989 Description: This update for efivar fixes the following issues: - Fixed an issue when segmentation fault are caused on non-EFI systems. (bsc#1175989) ----------------------------------------- Patch: SUSE-2020-2864 Released: Tue Oct 6 10:34:14 2020 Summary: Security update for gnutls Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 Description: This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------- Patch: SUSE-2020-2869 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 Description: This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------- Patch: SUSE-2020-2880 Released: Fri Oct 9 14:43:00 2020 Summary: Security update for tigervnc Severity: critical References: 1176733,CVE-2020-26117 Description: This update for tigervnc fixes the following issues: - CVE-2020-26117: Server certificates were stored as certiticate authorities, allowing malicious owners of these certificates to impersonate any server after a client had added an exception (bsc#1176733) ----------------------------------------- Patch: SUSE-2020-2885 Released: Fri Oct 9 14:50:51 2020 Summary: Recommended update for xmlsec1 Severity: moderate References: 1177233 Description: This update for xmlsec1 fixes the following issue: - xmlsec1-devel, xmlsec1-openssl-devel and xmlsec-nss-devel are added to the Basesystem module. (bsc#1177233) ----------------------------------------- Patch: SUSE-2020-2886 Released: Fri Oct 9 14:58:08 2020 Summary: Recommended update for subversion Severity: moderate References: Description: This update for subversion fixes the following issues: - Add patch to remove dependency on 'kdelibs4support' just to run kf5-config pointing the headers and libraries. (jsc#SLE-11901): ----------------------------------------- Patch: SUSE-2020-2893 Released: Mon Oct 12 14:14:55 2020 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1177479 Description: This update for openssl-1_1 fixes the following issues: - Restore private key check in EC_KEY_check_key (bsc#1177479) ----------------------------------------- Patch: SUSE-2020-2899 Released: Tue Oct 13 14:18:03 2020 Summary: Security update for rubygem-activesupport-5_1 Severity: critical References: 1172186,CVE-2020-8165 Description: This update for rubygem-activesupport-5_1 fixes the following issues: - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution (bsc#1172186) ----------------------------------------- Patch: SUSE-2020-2906 Released: Tue Oct 13 15:49:18 2020 Summary: Security update for the Linux Kernel Severity: important References: 1055186,1065600,1065729,1094244,1112178,1113956,1154366,1167527,1169972,1171688,1171742,1173115,1174899,1175228,1175749,1175882,1176011,1176022,1176038,1176235,1176242,1176278,1176316,1176317,1176318,1176319,1176320,1176321,1176381,1176423,1176482,1176507,1176536,1176544,1176545,1176546,1176548,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176788,1176789,1176869,1176877,1176935,1176950,1176962,1176966,1176990,1177030,1177041,1177042,1177043,1177044,1177121,1177206,1177291,1177293,1177294,1177295,1177296,CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14381,CVE-2020-14390,CVE-2020-25212,CVE-2020-25284,CVE-2020-25641,CVE-2020-25643,CVE-2020-26088 Description: The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-14381: Fixed requeue paths such that filp was valid when dropping the references (bsc#1176011). - CVE-2019-25643: Fixed an improper input validation in ppp_cp_parse_cr function which could have led to memory corruption and read overflow (bsc#1177206). - CVE-2020-25641: Fixed ann issue where length bvec was causing softlockups (bsc#1177121). The following non-security bugs were fixed: - 9p: Fix memory leak in v9fs_mount (git-fixes). - ACPI: EC: Reference count query handlers under lock (git-fixes). - airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes). - airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes). - airo: Fix read overflows sending packets (git-fixes). - ALSA: asihpi: fix iounmap in error handler (git-fixes). - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes). - ALSA; firewire-tascam: exclude Tascam FE-8 from detection (git-fixes). - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes). - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes). - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes). - altera-stapl: altera_get_note: prevent write beyond end of 'key' (git-fixes). - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes). - arm64: KVM: Do not generate UNDEF when LORegion feature is present (jsc#SLE-4084). - arm64: KVM: regmap: Fix unexpected switch fall-through (jsc#SLE-4084). - asm-generic: fix -Wtype-limits compiler warnings (bsc#1112178). - ASoC: kirkwood: fix IRQ error handling (git-fixes). - ASoC: tegra: Fix reference count leaks (git-fixes). - ath10k: fix array out-of-bounds access (git-fixes). - ath10k: fix memory leak for tpc_stats_final (git-fixes). - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes). - batman-adv: Add missing include for in_interrupt() (git-fixes). - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes). - batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes). - batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes). - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes). - bcache: Convert pr_ uses to a more typical style (git fixes (block drivers)). - bcache: fix overflow in offset_to_stripe() (git fixes (block drivers)). - bcm63xx_enet: correct clock usage (git-fixes). - bcm63xx_enet: do not write to random DMA channel on BCM6345 (git-fixes). - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)). - blktrace: fix debugfs use after free (git fixes (block drivers)). - block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)). - block: revert back to synchronous request_queue removal (git fixes (block drivers)). - block: Use non _rcu version of list functions for tag_set_list (git-fixes). - Bluetooth: Fix refcount use-after-free issue (git-fixes). - Bluetooth: guard against controllers sending zero'd events (git-fixes). - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes). - Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes). - Bluetooth: prefetch channel before killing sock (git-fixes). - bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29). - bonding: use nla_get_u64 to extract the value for IFLA_BOND_AD_ACTOR_SYSTEM (git-fixes). - btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789). - btrfs: tree-checker: fix the error message for transid error (bsc#1176788). - ceph: do not allow setlease on cephfs (bsc#1177041). - ceph: fix potential mdsc use-after-free crash (bsc#1177042). - ceph: fix use-after-free for fsc->mdsc (bsc#1177043). - ceph: handle zero-length feature mask in session messages (bsc#1177044). - cfg80211: regulatory: reject invalid hints (bsc#1176699). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - clk: Add (devm_)clk_get_optional() functions (git-fixes). - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes). - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED (git-fixes). - clk/ti/adpll: allocate room for terminating null (git-fixes). - clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes). - cpufreq: intel_pstate: Fix EPP setting via sysfs in active mode (bsc#1176966). - dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes). - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes). - dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes). - dmaengine: tegra-apb: Prevent race conditions on channel's freeing (git-fixes). - dmaengine: zynqmp_dma: fix burst length configuration (git-fixes). - dm crypt: avoid truncating the logical block size (git fixes (block drivers)). - dm: fix redundant IO accounting for bios that need splitting (git fixes (block drivers)). - dm integrity: fix a deadlock due to offloading to an incorrect workqueue (git fixes (block drivers)). - dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)). - dm: report suspended device during destroy (git fixes (block drivers)). - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)). - dm: use noio when sending kobject event (git fixes (block drivers)). - dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)). - dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)). - dm zoned: assign max_io_len correctly (git fixes (block drivers)). - Drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes). - Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877). - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes). - drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29). - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes). - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes). - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes). - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes). - drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes). - drm/amdgpu: increase atombios cmd timeout (git-fixes). - drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdkfd: fix a memory leak issue (git-fixes). - drm/amdkfd: Fix reference count leaks (git-fixes). - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes). - drm/ast: Initialize DRAM type before posting GPU (bsc#1113956) * context changes - drm/mediatek: Add exception handing in mtk_drm_probe() if component init fail (git-fixes). - drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata() (git-fixes). - drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes). - drm/msm: add shutdown support for display platform_driver (git-fixes). - drm/msm: Disable preemption on all 5xx targets (git-fixes). - drm/msm: fix leaks if initialization fails (git-fixes). - drm/msm/gpu: make ringbuffer readonly (bsc#1112178) * context changes - drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes). - drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes). - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes). - drm/nouveau: fix runtime pm imbalance on error (git-fixes). - drm/omap: fix possible object reference leak (git-fixes). - drm/radeon: fix multiple reference count leak (git-fixes). - drm/radeon: Prefer lower feedback dividers (git-fixes). - drm/radeon: revert 'Prefer lower feedback dividers' (git-fixes). - drm/sun4i: Fix dsi dcs long write function (git-fixes). - drm/sun4i: sun8i-csc: Secondary CSC register correction (git-fixes). - drm/tve200: Stabilize enable/disable (git-fixes). - drm/vc4/vc4_hdmi: fill ASoC card owner (git-fixes). - e1000: Do not perform reset in reset_task if we are already down (git-fixes). - fbcon: prevent user font height or width change from causing (bsc#1112178) * move from drivers/video/fbdev/fbcon to drivers/video/console * context changes - Fix error in kabi fix for: NFSv4: Fix OPEN / CLOSE race (bsc#1176950). - ftrace: Move RCU is watching check after recursion check (git-fixes). - ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes). - gma/gma500: fix a memory disclosure bug due to uninitialized bytes (git-fixes). - gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes). - gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable() (git-fixes). - gtp: fix Illegal context switch in RCU read-side critical section (git-fixes). - gtp: fix use-after-free in gtp_newlink() (git-fixes). - Hide e21a4f3a930c as of its duplication - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes). - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659). - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877). - hv_utils: return error if host timesysnc update is stale (bsc#1176877). - hwmon: (applesmc) check status earlier (git-fixes). - i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes). - i2c: cpm: Fix i2c_ram structure (git-fixes). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - ieee802154/adf7242: check status of adf7242_read_reg (git-fixes). - ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes). - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes). - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes). - iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes). - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes). - iio: adc: mcp3422: fix locking on error path (git-fixes). - iio: adc: mcp3422: fix locking scope (git-fixes). - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes). - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes). - iio: improve IIO_CONCENTRATION channel type description (git-fixes). - iio:light:ltr501 Fix timestamp alignment issue (git-fixes). - iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes). - include: add additional sizes (bsc#1094244 ltc#168122). - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177293). - iommu/amd: Fix potential @entry null deref (bsc#1177294). - iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176316). - iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177291). - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176317). - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177295). - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176318). - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177296). - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176319). - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176320). - kernel-syms.spec.in: Also use bz compression (boo#1175882). - KVM: arm64: Change 32-bit handling of VM system registers (jsc#SLE-4084). - KVM: arm64: Cleanup __activate_traps and __deactive_traps for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Configure c15, PMU, and debug register traps on cpu load/put for VHE (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 32-bit sysregs to vcpu load/put (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 64-bit sysregs to vcpu load/put on VHE (jsc#SLE-4084). - KVM: arm64: Directly call VHE and non-VHE FPSIMD enabled functions (jsc#SLE-4084). - KVM: arm64: Do not deactivate VM on VHE systems (jsc#SLE-4084). - KVM: arm64: Do not save the host ELR_EL2 and SPSR_EL2 on VHE systems (jsc#SLE-4084). - KVM: arm64: Factor out fault info population and gic workarounds (jsc#SLE-4084). - KVM: arm64: Fix order of vcpu_write_sys_reg() arguments (jsc#SLE-4084). - KVM: arm64: Forbid kprobing of the VHE world-switch code (jsc#SLE-4084). - KVM: arm64: Improve debug register save/restore flow (jsc#SLE-4084). - KVM: arm64: Introduce framework for accessing deferred sysregs (jsc#SLE-4084). - KVM: arm64: Introduce separate VHE/non-VHE sysreg save/restore functions (jsc#SLE-4084). - KVM: arm64: Introduce VHE-specific kvm_vcpu_run (jsc#SLE-4084). - KVM: arm64: Move common VHE/non-VHE trap config in separate functions (jsc#SLE-4084). - KVM: arm64: Move debug dirty flag calculation out of world switch (jsc#SLE-4084). - KVM: arm64: Move HCR_INT_OVERRIDE to default HCR_EL2 guest flag (jsc#SLE-4084). - KVM: arm64: Move userspace system registers into separate function (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of 32-bit registers (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of ELR_EL1 (jsc#SLE-4084). - KVM: arm64: Remove kern_hyp_va() use in VHE switch function (jsc#SLE-4084). - KVM: arm64: Remove noop calls to timer save/restore from VHE switch (jsc#SLE-4084). - KVM: arm64: Rework hyp_panic for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Rewrite sysreg alternatives to static keys (jsc#SLE-4084). - KVM: arm64: Rewrite system register accessors to read/write functions (jsc#SLE-4084). - KVM: arm64: Slightly improve debug save/restore functions (jsc#SLE-4084). - KVM: arm64: Unify non-VHE host/guest sysreg save and restore functions (jsc#SLE-4084). - KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE (jsc#SLE-4084). - KVM: arm/arm64: Avoid vcpu_load for other vcpu ioctls than KVM_RUN (jsc#SLE-4084). - KVM: arm/arm64: Avoid VGICv3 save/restore on VHE with no IRQs (jsc#SLE-4084). - KVM: arm/arm64: Get rid of vcpu->arch.irq_lines (jsc#SLE-4084). - KVM: arm/arm64: Handle VGICv3 save/restore from the main VGIC code on VHE (jsc#SLE-4084). - KVM: arm/arm64: Move vcpu_load call after kvm_vcpu_first_run_init (jsc#SLE-4084). - KVM: arm/arm64: Move VGIC APR save/restore to vgic put/load (jsc#SLE-4084). - KVM: arm/arm64: Prepare to handle deferred save/restore of SPSR_EL1 (jsc#SLE-4084). - KVM: arm/arm64: Remove leftover comment from kvm_vcpu_run_vhe (jsc#SLE-4084). - KVM: introduce kvm_arch_vcpu_async_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_run (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_guest_debug (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_sregs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_translate (jsc#SLE-4084). - KVM: PPC: Fix compile error that occurs when CONFIG_ALTIVEC=n (jsc#SLE-4084). - KVM: Prepare for moving vcpu_load/vcpu_put into arch specific code (jsc#SLE-4084). - KVM: SVM: Add a dedicated INVD intercept routine (bsc#1112178). - KVM: SVM: Fix disable pause loop exit/pause filtering capability on SVM (bsc#1176321). - KVM: Take vcpu->mutex outside vcpu_load (jsc#SLE-4084). - libceph: allow setting abort_on_full for rbd (bsc#1169972). - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742). - libnvdimm: cover up struct nvdimm changes (bsc#1171742). - libnvdimm/security, acpi/nfit: unify zero-key for all security commands (bsc#1171742). - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527). - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742). - lib/raid6: use vdupq_n_u8 to avoid endianness warnings (git fixes (block drivers)). - mac802154: tx: fix use-after-free (git-fixes). - md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)). - media: davinci: vpif_capture: fix potential double free (git-fixes). - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes). - media: smiapp: Fix error handling at NVM reading (git-fixes). - media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes). - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes). - mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes). - mm/page_alloc.c: fix a crash in free_pages_prepare() (git fixes (mm/pgalloc)). - mm/vmalloc.c: move 'area->pages' after if statement (git fixes (mm/vmalloc)). - mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of cfi_amdstd_setup() (git-fixes). - mtd: lpddr: Fix a double free in probe() (git-fixes). - mtd: phram: fix a double free issue in error path (git-fixes). - mtd: properly check all write ioctls for permissions (git-fixes). - net: dsa: b53: Fix sparse warnings in b53_mmap.c (git-fixes). - net: dsa: b53: Use strlcpy() for ethtool::get_strings (git-fixes). - net: dsa: mv88e6xxx: fix 6085 frame mode masking (git-fixes). - net: dsa: mv88e6xxx: Fix interrupt masking on removal (git-fixes). - net: dsa: mv88e6xxx: Fix name of switch 88E6141 (git-fixes). - net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge() (git-fixes). - net: dsa: mv88e6xxx: Unregister MDIO bus on error path (git-fixes). - net: dsa: qca8k: Allow overwriting CPU port setting (git-fixes). - net: dsa: qca8k: Enable RXMAC when bringing up a port (git-fixes). - net: dsa: qca8k: Force CPU port to its highest bandwidth (git-fixes). - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes). - net: fs_enet: do not call phy_stop() in interrupts (git-fixes). - net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15). - net: lan78xx: Bail out if lan78xx_get_endpoints fails (git-fixes). - net: lan78xx: replace bogus endpoint lookup (networking-stable-20_08_08). - net: lio_core: fix potential sign-extension overflow on large shift (git-fixes). - net/mlx5: Add meaningful return codes to status_to_err function (git-fixes). - net/mlx5: E-Switch, Use correct flags when configuring vlan (git-fixes). - net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded (git-fixes). - net: mvneta: fix mtu change on port without link (git-fixes). - net-next: ax88796: Do not free IRQ in ax_remove() (already freed in ax_close()) (git-fixes). - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15). - net: qca_spi: Avoid packet drop during initial sync (git-fixes). - net: qca_spi: Make sure the QCA7000 reset is triggered (git-fixes). - net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15). - net/smc: fix dmb buffer shortage (git-fixes). - net/smc: fix restoring of fallback changes (git-fixes). - net/smc: fix sock refcounting in case of termination (git-fixes). - net/smc: improve close of terminated socket (git-fixes). - net/smc: Prevent kernel-infoleak in __smc_diag_dump() (git-fixes). - net/smc: remove freed buffer from list (git-fixes). - net/smc: reset sndbuf_desc if freed (git-fixes). - net/smc: set rx_off for SMCR explicitly (git-fixes). - net/smc: switch smcd_dev_list spinlock to mutex (git-fixes). - net/smc: tolerate future SMCD versions (git-fixes). - net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() (git-fixes). - net: stmmac: Disable ACS Feature for GMAC >= 4 (git-fixes). - net: stmmac: do not stop NAPI processing when dropping a packet (git-fixes). - net: stmmac: dwmac4: fix flow control issue (git-fixes). - net: stmmac: dwmac_lib: fix interchanged sleep/timeout values in DMA reset function (git-fixes). - net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array (git-fixes). - net: stmmac: dwmac-meson8b: fix internal RGMII clock configuration (git-fixes). - net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b (git-fixes). - net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs (git-fixes). - net: stmmac: dwmac-meson8b: only configure the clocks in RGMII mode (git-fixes). - net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_rx_desc_resources()' (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_tx_desc_resources()' (git-fixes). - net: stmmac: rename dwmac4_tx_queue_routing() to match reality (git-fixes). - net: stmmac: set MSS for each tx DMA channel (git-fixes). - net: stmmac: Use correct values in TQS/RQS fields (git-fixes). - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29). - net: systemport: Fix software statistics for SYSTEMPORT Lite (git-fixes). - net: systemport: Fix sparse warnings in bcm_sysport_insert_tsb() (git-fixes). - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() (git-fixes). - net: ucc_geth - fix Oops when changing number of buffers in the ring (git-fixes). - NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935). - nvme-fc: set max_segments to lldd max value (bsc#1176038). - nvme-pci: override the value of the controller's numa node (bsc#1176507). - ocfs2: give applications more IO opportunities during fstrim (bsc#1175228). - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes). - PCI/ASPM: Allow re-enabling Clock PM (git-fixes). - PCI: Fix pci_create_slot() reference count leak (git-fixes). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix incorrect programming of OB windows (git-fixes). - phy: samsung: s5pv210-usb2: Add delay after reset (git-fixes). - pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes). - powerpc/64s: Blacklist functions invoked on a trap (bsc#1094244 ltc#168122). - powerpc/64s: Fix HV NMI vs HV interrupt recoverability test (bsc#1094244 ltc#168122). - powerpc/64s: Fix unrelocated interrupt trampoline address test (bsc#1094244 ltc#168122). - powerpc/64s: Include header file to fix a warning (bsc#1094244 ltc#168122). - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122). - powerpc/64s: sreset panic if there is no debugger or crash dump handlers (bsc#1094244 ltc#168122). - powerpc/64s: system reset interrupt preserve HSRRs (bsc#1094244 ltc#168122). - powerpc: Add cputime_to_nsecs() (bsc#1065729). - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436). - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208). - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122). - powerpc/init: Do not advertise radix during client-architecture-support (bsc#1055186 ltc#153436 ). - powerpc/kernel: Cleanup machine check function declarations (bsc#1065729). - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588). - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436). - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588). - powerpc/mm: Move book3s64 specifics in subdirectory mm/book3s64 (bsc#1176022 ltc#187208). - powerpc/powernv: Remove real mode access limit for early allocations (bsc#1176022 ltc#187208). - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436). - powerpc/pseries/le: Work around a firmware quirk (bsc#1094244 ltc#168122). - powerpc/pseries: lift RTAS limit for radix (bsc#1176022 ltc#187208). - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122). - powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122). - powerpc/pseries: radix is not subject to RMA limit, remove it (bsc#1176022 ltc#187208). - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122). - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122). - powerpc/traps: fix recoverability of machine check handling on book3s/32 (bsc#1094244 ltc#168122). - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122). - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729). - power: supply: max17040: Correct voltage reading (git-fixes). - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (git fixes (rcu)). - regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732) - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618). - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, '--ca-check' is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package. - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882). - rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The '-c' option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file. - rtc: ds1374: fix possible race condition (git-fixes). - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes). - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08). - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29). - s390/mm: fix huge pte soft dirty copying (git-fixes). - s390/qeth: do not process empty bridge port events (git-fixes). - s390/qeth: integrate RX refill worker with NAPI (git-fixes). - s390/qeth: tolerate pre-filled RX buffer (git-fixes). - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - scsi: libfc: Fix for double free() (bsc#1174899). - scsi: libfc: free response frame from GPN_ID (bsc#1174899). - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899). - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes). - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes). - scsi: qla2xxx: Fix regression on sparc64 (git-fixes). - scsi: qla2xxx: Fix the return value (bsc#1171688). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688). - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes). - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes). - serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes). - serial: 8250_port: Do not service RX FIFO if throttled (git-fixes). - Set CONFIG_HAVE_KVM_VCPU_ASYNC_IOCTL=y (jsc#SLE-4084). - SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08). - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes). - tools/power/cpupower: Fix initializer override in hsw_ext_cstates (bsc#1112178). - USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes). - USB: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes). - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes). - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes). - USB: Fix out of sync data toggle if a configured device is reconfigured (git-fixes). - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes). - USB: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes). - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes). - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes). - USB: hso: check for return value in hso_serial_common_create() (networking-stable-20_08_08). - usblp: fix race between disconnect() and read() (git-fixes). - USB: lvtest: return proper error code in probe (git-fixes). - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set (git-fixes). - USB: qmi_wwan: add D-Link DWM-222 A2 device ID (git-fixes). - USB: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes). - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes). - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes). - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes). - USB: serial: option: support dynamic Quectel USB compositions (git-fixes). - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value (git-fixes). - USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes). - USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes). - USB: uas: Add quirk for PNY Pro Elite (git-fixes). - USB: UAS: fix disconnect by unplugging a hub (git-fixes). - USB: yurex: Fix bad gfp argument (git-fixes). - vgacon: remove software scrollback support (bsc#1176278). - video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes). - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)). - vrf: prevent adding upper devices (git-fixes). - vxge: fix return of a free'd memblock on a failed dma mapping (git-fixes). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/events: do not use chip_data for legacy IRQs (bsc#1065600). - xen uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600). - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes). - yam: fix possible memory leak in yam_init_driver (git-fixes). ----------------------------------------- Patch: SUSE-2020-2910 Released: Tue Oct 13 16:02:04 2020 Summary: Recommended update for cloud-regionsrv-client Severity: moderate References: 1176858,1176859 Description: This update for cloud-regionsrv-client contains the following fixes: - Update to version 9.1.4 (bsc#1176858, bsc#1176859) + Properly handle the exit code for SUSEConnect and provide log message with failure details for registration failure ----------------------------------------- Patch: SUSE-2020-2913 Released: Tue Oct 13 16:51:01 2020 Summary: Security update for crmsh Severity: moderate References: 1163581,1176569 Description: This update for crmsh fixes the following issues: - Fixed start_delay with start-delay(bsc#1176569) - fix on_fail should be on-fail(bsc#1176569) - config: Try to handle configparser.MissingSectionHeaderError while reading config file - ui_configure: Obscure sensitive data by default(bsc#1163581) ----------------------------------------- Patch: SUSE-2020-2914 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 Description: This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. ----------------------------------------- Patch: SUSE-2020-2917 Released: Wed Oct 14 11:29:48 2020 Summary: Recommended update for mokutil Severity: moderate References: 1173115 Description: This update for mokutil fixes the following issue: - Add options for CA and kernel keyring checks (bsc#1173115) ----------------------------------------- Patch: SUSE-2020-2934 Released: Thu Oct 15 13:38:44 2020 Summary: Recommended update for gnome-shell Severity: moderate References: 1176051,1176304 Description: This update for gnome-shell fixes the following issues: - Fix for systemd profile to be given the value for 'ExecStart' with absolute path. (bsc#1176051) - Move branding image file to branding-SLE package. (jsc#SLE-11720, bsc#1176304) This update for gnome-shell-extensions fixes the following issues: - Move branding image file to branding-SLE package. (jsc#SLE-11720, bsc#1176304) ----------------------------------------- Patch: SUSE-2020-2935 Released: Thu Oct 15 13:39:38 2020 Summary: Recommended update for PackageKit Severity: moderate References: 1175315 Description: This update for PackageKit fixes the following issue: - Set the PATH variable for avoiding issues when installing packages. (bsc#1175315) ----------------------------------------- Patch: SUSE-2020-2936 Released: Thu Oct 15 13:41:33 2020 Summary: Recommended update for iproute2 Severity: moderate References: 1175281 Description: This update for iproute2 provides the following fix: - Add the iproute2-arpd sub-package to the SLE Basesystem module. (bsc#1175281) ----------------------------------------- Patch: SUSE-2020-2941 Released: Fri Oct 16 09:41:57 2020 Summary: Security update for php7 Severity: important References: 1177351,1177352,CVE-2020-7069,CVE-2020-7070 Description: This update for php7 fixes the following issues: - CVE-2020-7069: Fixed an issue when AES-CCM mode was used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV was used (bsc#1177351). - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names (bsc#1177352). ----------------------------------------- Patch: SUSE-2020-2945 Released: Fri Oct 16 10:06:06 2020 Summary: Recommended update for python-azure-agent Severity: critical References: 1176368,1176369,1177161,1177257 Description: This update for python-azure-agent fixes the following issues: - Fixes an issue when the 'python-azure-agent' fails to initialize Azure instances. (bsc#1177161, bsc#1177257) Update to version 2.2.49.2 (bsc#1176368, bsc#1176369) + Do not use --unit with systemd-cgls (#1910) + Report processes that do not belong to the agent's cgroup (#1908) + Use controller mount point for extension cgroup path (#1899) + Improvements in setup of cgroups (#1896) + Remove ExtensionsMetricsData and per-process Memory data (#1884) + Fix return value of start_extension_command (#1927) + Remove import * (#1900) + Fix flaky ExtensionCleanupTest class (#1898) + Fix codecov badge (#1883) + Changed codecov to run on py3.8 (#1875) + Update documentation on /dev/random (#1909) + Mount options are in mount(8) (#1893) + Remove ssh host key thumbprint in report ready (#1913) + Emit AutoUpdate value at service start only (#1907) + Add logging for version mismatch (#1895) + Send telemetry event if libdir changes (#1897) + Add log collector utility (#1847) + Move AutoUpdate reporting to HeartBeat event (#1919) + Removing infinite download of extension manifest without a new GS (#1874) + Fix wrongful dir deletion (#1873) + Fix the cleanup-outdated-handlers to only delete handlers that are not present in the GS (#1889) + Expose periods of environment thread in waagent.conf (#1891) + Added user @kevinclark19a as Contributor. (#1906) - From 2.2.48.1 + Refactoring GoalState class out of Protocol, making Protocol thread-safe, removing stale dependencies of Protocol and removing the dependency on the file system to read the Protocol info + Fetch goal state when creating HostPluginProtocol (#1799) + Separate goal state from the protocol class (#1777) + Make protocol util a singleton per thread (#1743, #1756) + Fetch goal state before sending telemetry (#1751) + Remove file dependency (#1754) + Others (#1758, #1767, #1744, #1749, #1816, #1820) + New logs for goal state fetch (#1797) and refresh (#1794). + Thread name added to logs (#1778) + Populate telemetry events at creation time (#1791) + Periodic HeartBeat to be logged to the file (#1755) + Add unit test to verify call stacks on telemetry events (#1828) + Others (#1841, #1842, #1846) + Handling errors while reading extension status files (Limiting Size and Transient issues)(#1761) + Enable SWAP on Resource Disk as Application Certification Support suggested (#1762) + Update 'Provisioning' options in default configs ( #1853) + Drop Metadata Server Support (#1806, #1839, #1840 ) + Improve documentation of ResourceDisk.EnableSwapEncryption (#1782) + Removed is_snappy function (#1774) + Handle exceptions in monitor thread (#1770) + Fix timestamp for periodic operations in the monitor thread (#1879) + Fix permissions on the Ubuntu systemd service file (#1814) + Update hostname setting for SUSE distros (#1832) + Python 3.8 improvements + support for Ubuntu 20.04 (#1860, #1865, #1738) + Testing and dev-infra improvements [#1771, #1768, #1800, #1826, #1827, #1833] + Others (#1854, #1858) - From 2.2.46 + [#1741] Do not update goal state when refreshing the host plugin + [#1731] Fix upgrade sequence when update command fails + [#1725] Initialize CPU usage + [#1716, #1737] Added UTC logging and correcting the format + [#1651, #1729] Start sending PerformanceCounter metrics and additional memory information for Cgroups ----------------------------------------- Patch: SUSE-2020-2947 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 Description: This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------- Patch: SUSE-2020-2950 Released: Fri Oct 16 15:49:51 2020 Summary: Recommended update for python-aliyun-python-sdk, python-aliyun-python-sdk-aas, python-aliyun-python-sdk-acm, python-aliyun-python-sdk-acms-open, python-aliyun-python-sdk-actiontrail, python-aliyun-python-sdk-adb, python-aliyun-python-sdk-address-purification, python-aliyun-python-sdk-aegis, python-aliyun-python-sdk-afs, python-aliyun-python-sdk-airec, python-aliyun-python-sdk-alidns, python-aliyun-python-sdk-aligreen-console, python-aliyun-python-sdk-alimt, python-aliyun-python-sdk-alinlp, python-aliyun-python-sdk-aliyuncvc, python-aliyun-python-sdk-amqp-open, python-aliyun-python-sdk-appmallsservice, python-aliyun-python-sdk-arms, python-aliyun-python-sdk-arms4finance, python-aliyun-python-sdk-baas, python-aliyun-python-sdk-brinekingdom, python-aliyun-python-sdk-bss, python-aliyun-python-sdk-bssopenapi, python-aliyun-python-sdk-cams, python-aliyun-python-sdk-cas, python-aliyun-python-sdk-cassandra, python-aliyun-python-sdk-cbn, python-aliyun-python-sdk-ccc, python-aliyun-python-sdk-ccs, python-aliyun-python-sdk-cdn, python-aliyun-python-sdk-chatbot, python-aliyun-python-sdk-clickhouse, python-aliyun-python-sdk-cloudapi, python-aliyun-python-sdk-cloudauth, python-aliyun-python-sdk-cloudesl, python-aliyun-python-sdk-cloudgame, python-aliyun-python-sdk-cloudmarketing, python-aliyun-python-sdk-cloudphoto, python-aliyun-python-sdk-cloudwf, python-aliyun-python-sdk-cms, python-aliyun-python-sdk-codeup, python-aliyun-python-sdk-companyreg, python-aliyun-python-sdk-core, python-aliyun-python-sdk-cr, python-aliyun-python-sdk-crm, python-aliyun-python-sdk-cs, python-aliyun-python-sdk-csb, python-aliyun-python-sdk-cspro, python-aliyun-python-sdk-cusanalytic_sc_online, python-aliyun-python-sdk-das, python-aliyun-python-sdk-dataworks-public, python-aliyun-python-sdk-dbfs, python-aliyun-python-sdk-dbs, python-aliyun-python-sdk-dcdn, python-aliyun-python-sdk-dds, python-aliyun-python-sdk-democenter, python-aliyun-python-sdk-devops-rdc, python-aliyun-python-sdk-dms-enterprise, python-aliyun-python-sdk-domain, python-aliyun-python-sdk-domain-intl, python-aliyun-python-sdk-drds, python-aliyun-python-sdk-dts, python-aliyun-python-sdk-dybaseapi, python-aliyun-python-sdk-dyplsapi, python-aliyun-python-sdk-dypnsapi, python-aliyun-python-sdk-dysmsapi, python-aliyun-python-sdk-dyvmsapi, python-aliyun-python-sdk-eas, python-aliyun-python-sdk-eci, python-aliyun-python-sdk-ecs, python-aliyun-python-sdk-edas, python-aliyun-python-sdk-ehpc, python-aliyun-python-sdk-elasticsearch, python-aliyun-python-sdk-emr, python-aliyun-python-sdk-ens, python-aliyun-python-sdk-ess, python-aliyun-python-sdk-faas, python-aliyun-python-sdk-facebody, python-aliyun-python-sdk-fnf, python-aliyun-python-sdk-foas, python-aliyun-python-sdk-ft, python-aliyun-python-sdk-geoip, python-aliyun-python-sdk-goodstech, python-aliyun-python-sdk-gpdb, python-aliyun-python-sdk-green, python-aliyun-python-sdk-gts-phd, python-aliyun-python-sdk-hbase, python-aliyun-python-sdk-hbr, python-aliyun-python-sdk-highddos, python-aliyun-python-sdk-hiknoengine, python-aliyun-python-sdk-hivisengine, python-aliyun-python-sdk-hpc, python-aliyun-python-sdk-hsm, python-aliyun-python-sdk-httpdns, python-aliyun-python-sdk-imageaudit, python-aliyun-python-sdk-imageenhan, python-aliyun-python-sdk-imageprocess, python-aliyun-python-sdk-imagerecog, python-aliyun-python-sdk-imagesearch, python-aliyun-python-sdk-imageseg, python-aliyun-python-sdk-imgsearch, python-aliyun-python-sdk-imm, python-aliyun-python-sdk-industry-brain, python-aliyun-python-sdk-iot, python-aliyun-python-sdk-iqa, python-aliyun-python-sdk-ivision, python-aliyun-python-sdk-ivpd, python-aliyun-python-sdk-jaq, python-aliyun-python-sdk-jarvis, python-aliyun-python-sdk-jarvis-public, python-aliyun-python-sdk-kms, python-aliyun-python-sdk-ledgerdb, python-aliyun-python-sdk-linkedmall, python-aliyun-python-sdk-linkface, python-aliyun-python-sdk-linkwan, python-aliyun-python-sdk-live, python-aliyun-python-sdk-lubancloud, python-aliyun-python-sdk-market, python-aliyun-python-sdk-mopen, python-aliyun-python-sdk-mts, python-aliyun-python-sdk-multimediaai, python-aliyun-python-sdk-nas, python-aliyun-python-sdk-netana, python-aliyun-python-sdk-nlp-automl, python-aliyun-python-sdk-nls-cloud-meta, python-aliyun-python-sdk-objectdet, python-aliyun-python-sdk-ocr, python-aliyun-python-sdk-ocs, python-aliyun-python-sdk-oms, python-aliyun-python-sdk-ons, python-aliyun-python-sdk-onsmqtt, python-aliyun-python-sdk-oos, python-aliyun-python-sdk-openanalytics, python-aliyun-python-sdk-openanalytics-open, python-aliyun-python-sdk-opensearch, python-aliyun-python-sdk-ossadmin, python-aliyun-python-sdk-ots, python-aliyun-python-sdk-outboundbot, python-aliyun-python-sdk-paistudio, python-aliyun-python-sdk-petadata, python-aliyun-python-sdk-polardb, python-aliyun-python-sdk-productcatalog, python-aliyun-python-sdk-pts, python-aliyun-python-sdk-push, python-aliyun-python-sdk-pvtz, python-aliyun-python-sdk-qualitycheck, python-aliyun-python-sdk-quickbi-public, python-aliyun-python-sdk-r-kvstore, python-aliyun-python-sdk-ram, python-aliyun-python-sdk-rdc, python-aliyun-python-sdk-rds, python-aliyun-python-sdk-reid, python-aliyun-python-sdk-resourcemanager, python-aliyun-python-sdk-retailcloud, python-aliyun-python-sdk-risk, python-aliyun-python-sdk-ros, python-aliyun-python-sdk-rtc, python-aliyun-python-sdk-sae, python-aliyun-python-sdk-saf, python-aliyun-python-sdk-sas, python-aliyun-python-sdk-sas-api, python-aliyun-python-sdk-scdn, python-aliyun-python-sdk-schedulerx2, python-aliyun-python-sdk-sddp, python-aliyun-python-sdk-slb, python-aliyun-python-sdk-smartag, python-aliyun-python-sdk-smc, python-aliyun-python-sdk-snsuapi, python-aliyun-python-sdk-status, python-aliyun-python-sdk-sts, python-aliyun-python-sdk-tag, python-aliyun-python-sdk-tesladam, python-aliyun-python-sdk-teslamaxcompute, python-aliyun-python-sdk-teslastream, python-aliyun-python-sdk-trademark, python-aliyun-python-sdk-ubsms, python-aliyun-python-sdk-uis, python-aliyun-python-sdk-unimkt, python-aliyun-python-sdk-vcs, python-aliyun-python-sdk-viapiutils, python-aliyun-python-sdk-videoenhan, python-aliyun-python-sdk-videorecog, python-aliyun-python-sdk-videosearch, python-aliyun-python-sdk-videoseg, python-aliyun-python-sdk-visionai, python-aliyun-python-sdk-visionai-poc, python-aliyun-python-sdk-vod, python-aliyun-python-sdk-voicenavigator, python-aliyun-python-sdk-vpc, python-aliyun-python-sdk-vs, python-aliyun-python-sdk-waf-openapi, python-aliyun-python-sdk-webplus, python-aliyun-python-sdk-welfare-inner, python-aliyun-python-sdk-workorder, python-aliyun-python-sdk-xspace, python-aliyun-python-sdk-xtrace, python-aliyun-python-sdk-yundun, python-aliyun-python-sdk-yundun-ds, python-pycryptodome Severity: moderate References: 1175230 Description: This update for python-aliyun-python-sdk, python-aliyun-python-sdk-aas, python-aliyun-python-sdk-acm, python-aliyun-python-sdk-acms-open, python-aliyun-python-sdk-actiontrail, python-aliyun-python-sdk-adb, python-aliyun-python-sdk-address-purification, python-aliyun-python-sdk-aegis, python-aliyun-python-sdk-afs, python-aliyun-python-sdk-airec, python-aliyun-python-sdk-alidns, python-aliyun-python-sdk-aligreen-console, python-aliyun-python-sdk-alimt, python-aliyun-python-sdk-alinlp, python-aliyun-python-sdk-aliyuncvc, python-aliyun-python-sdk-amqp-open, python-aliyun-python-sdk-appmallsservice, python-aliyun-python-sdk-arms, python-aliyun-python-sdk-arms4finance, python-aliyun-python-sdk-baas, python-aliyun-python-sdk-brinekingdom, python-aliyun-python-sdk-bss, python-aliyun-python-sdk-bssopenapi, python-aliyun-python-sdk-cams, python-aliyun-python-sdk-cas, python-aliyun-python-sdk-cassandra, python-aliyun-python-sdk-cbn, python-aliyun-python-sdk-ccc, python-aliyun-python-sdk-ccs, python-aliyun-python-sdk-cdn, python-aliyun-python-sdk-chatbot, python-aliyun-python-sdk-clickhouse, python-aliyun-python-sdk-cloudapi, python-aliyun-python-sdk-cloudauth, python-aliyun-python-sdk-cloudesl, python-aliyun-python-sdk-cloudgame, python-aliyun-python-sdk-cloudmarketing, python-aliyun-python-sdk-cloudphoto, python-aliyun-python-sdk-cloudwf, python-aliyun-python-sdk-cms, python-aliyun-python-sdk-codeup, python-aliyun-python-sdk-companyreg, python-aliyun-python-sdk-core, python-aliyun-python-sdk-cr, python-aliyun-python-sdk-crm, python-aliyun-python-sdk-cs, python-aliyun-python-sdk-csb, python-aliyun-python-sdk-cspro, python-aliyun-python-sdk-cusanalytic_sc_online, python-aliyun-python-sdk-das, python-aliyun-python-sdk-dataworks-public, python-aliyun-python-sdk-dbfs, python-aliyun-python-sdk-dbs, python-aliyun-python-sdk-dcdn, python-aliyun-python-sdk-dds, python-aliyun-python-sdk-democenter, python-aliyun-python-sdk-devops-rdc, python-aliyun-python-sdk-dms-enterprise, python-aliyun-python-sdk-domain, python-aliyun-python-sdk-domain-intl, python-aliyun-python-sdk-drds, python-aliyun-python-sdk-dts, python-aliyun-python-sdk-dybaseapi, python-aliyun-python-sdk-dyplsapi, python-aliyun-python-sdk-dypnsapi, python-aliyun-python-sdk-dysmsapi, python-aliyun-python-sdk-dyvmsapi, python-aliyun-python-sdk-eas, python-aliyun-python-sdk-eci, python-aliyun-python-sdk-ecs, python-aliyun-python-sdk-edas, python-aliyun-python-sdk-ehpc, python-aliyun-python-sdk-elasticsearch, python-aliyun-python-sdk-emr, python-aliyun-python-sdk-ens, python-aliyun-python-sdk-ess, python-aliyun-python-sdk-faas, python-aliyun-python-sdk-facebody, python-aliyun-python-sdk-fnf, python-aliyun-python-sdk-foas, python-aliyun-python-sdk-ft, python-aliyun-python-sdk-geoip, python-aliyun-python-sdk-goodstech, python-aliyun-python-sdk-gpdb, python-aliyun-python-sdk-green, python-aliyun-python-sdk-gts-phd, python-aliyun-python-sdk-hbase, python-aliyun-python-sdk-hbr, python-aliyun-python-sdk-highddos, python-aliyun-python-sdk-hiknoengine, python-aliyun-python-sdk-hivisengine, python-aliyun-python-sdk-hpc, python-aliyun-python-sdk-hsm, python-aliyun-python-sdk-httpdns, python-aliyun-python-sdk-imageaudit, python-aliyun-python-sdk-imageenhan, python-aliyun-python-sdk-imageprocess, python-aliyun-python-sdk-imagerecog, python-aliyun-python-sdk-imagesearch, python-aliyun-python-sdk-imageseg, python-aliyun-python-sdk-imgsearch, python-aliyun-python-sdk-imm, python-aliyun-python-sdk-industry-brain, python-aliyun-python-sdk-iot, python-aliyun-python-sdk-iqa, python-aliyun-python-sdk-ivision, python-aliyun-python-sdk-ivpd, python-aliyun-python-sdk-jaq, python-aliyun-python-sdk-jarvis, python-aliyun-python-sdk-jarvis-public, python-aliyun-python-sdk-kms, python-aliyun-python-sdk-ledgerdb, python-aliyun-python-sdk-linkedmall, python-aliyun-python-sdk-linkface, python-aliyun-python-sdk-linkwan, python-aliyun-python-sdk-live, python-aliyun-python-sdk-lubancloud, python-aliyun-python-sdk-market, python-aliyun-python-sdk-mopen, python-aliyun-python-sdk-mts, python-aliyun-python-sdk-multimediaai, python-aliyun-python-sdk-nas, python-aliyun-python-sdk-netana, python-aliyun-python-sdk-nlp-automl, python-aliyun-python-sdk-nls-cloud-meta, python-aliyun-python-sdk-objectdet, python-aliyun-python-sdk-ocr, python-aliyun-python-sdk-ocs, python-aliyun-python-sdk-oms, python-aliyun-python-sdk-ons, python-aliyun-python-sdk-onsmqtt, python-aliyun-python-sdk-oos, python-aliyun-python-sdk-openanalytics, python-aliyun-python-sdk-openanalytics-open, python-aliyun-python-sdk-opensearch, python-aliyun-python-sdk-ossadmin, python-aliyun-python-sdk-ots, python-aliyun-python-sdk-outboundbot, python-aliyun-python-sdk-paistudio, python-aliyun-python-sdk-petadata, python-aliyun-python-sdk-polardb, python-aliyun-python-sdk-productcatalog, python-aliyun-python-sdk-pts, python-aliyun-python-sdk-push, python-aliyun-python-sdk-pvtz, python-aliyun-python-sdk-qualitycheck, python-aliyun-python-sdk-quickbi-public, python-aliyun-python-sdk-r-kvstore, python-aliyun-python-sdk-ram, python-aliyun-python-sdk-rdc, python-aliyun-python-sdk-rds, python-aliyun-python-sdk-reid, python-aliyun-python-sdk-resourcemanager, python-aliyun-python-sdk-retailcloud, python-aliyun-python-sdk-risk, python-aliyun-python-sdk-ros, python-aliyun-python-sdk-rtc, python-aliyun-python-sdk-sae, python-aliyun-python-sdk-saf, python-aliyun-python-sdk-sas, python-aliyun-python-sdk-sas-api, python-aliyun-python-sdk-scdn, python-aliyun-python-sdk-schedulerx2, python-aliyun-python-sdk-sddp, python-aliyun-python-sdk-slb, python-aliyun-python-sdk-smartag, python-aliyun-python-sdk-smc, python-aliyun-python-sdk-snsuapi, python-aliyun-python-sdk-status, python-aliyun-python-sdk-sts, python-aliyun-python-sdk-tag, python-aliyun-python-sdk-tesladam, python-aliyun-python-sdk-teslamaxcompute, python-aliyun-python-sdk-teslastream, python-aliyun-python-sdk-trademark, python-aliyun-python-sdk-ubsms, python-aliyun-python-sdk-uis, python-aliyun-python-sdk-unimkt, python-aliyun-python-sdk-vcs, python-aliyun-python-sdk-viapiutils, python-aliyun-python-sdk-videoenhan, python-aliyun-python-sdk-videorecog, python-aliyun-python-sdk-videosearch, python-aliyun-python-sdk-videoseg, python-aliyun-python-sdk-visionai, python-aliyun-python-sdk-visionai-poc, python-aliyun-python-sdk-vod, python-aliyun-python-sdk-voicenavigator, python-aliyun-python-sdk-vpc, python-aliyun-python-sdk-vs, python-aliyun-python-sdk-waf-openapi, python-aliyun-python-sdk-webplus, python-aliyun-python-sdk-welfare-inner, python-aliyun-python-sdk-workorder, python-aliyun-python-sdk-xspace, python-aliyun-python-sdk-xtrace, python-aliyun-python-sdk-yundun, python-aliyun-python-sdk-yundun-ds, python-pycryptodome contains the following changes: Initial shipment for Alibaba Cloud SDK and dependencies. (bsc#1175230, jsc#ECO-2011, jsc#PM-1919) The following packages are being added: python-aliyun-python-sdk-aas python-aliyun-python-sdk-acms-open python-aliyun-python-sdk-acm python-aliyun-python-sdk-actiontrail python-aliyun-python-sdk-adb python-aliyun-python-sdk-address-purification python-aliyun-python-sdk-aegis python-aliyun-python-sdk-afs python-aliyun-python-sdk-airec python-aliyun-python-sdk-alidns python-aliyun-python-sdk-aligreen-console python-aliyun-python-sdk-alimt python-aliyun-python-sdk-alinlp python-aliyun-python-sdk-aliyuncvc python-aliyun-python-sdk-amqp-open python-aliyun-python-sdk-appmallsservice python-aliyun-python-sdk-arms4finance python-aliyun-python-sdk-arms python-aliyun-python-sdk-baas python-aliyun-python-sdk-brinekingdom python-aliyun-python-sdk-bssopenapi python-aliyun-python-sdk-bss python-aliyun-python-sdk-cams python-aliyun-python-sdk-cassandra python-aliyun-python-sdk-cas python-aliyun-python-sdk-cbn python-aliyun-python-sdk-ccc python-aliyun-python-sdk-ccs python-aliyun-python-sdk-cdn python-aliyun-python-sdk-chatbot python-aliyun-python-sdk-clickhouse python-aliyun-python-sdk-cloudapi python-aliyun-python-sdk-cloudauth python-aliyun-python-sdk-cloudesl python-aliyun-python-sdk-cloudgame python-aliyun-python-sdk-cloudmarketing python-aliyun-python-sdk-cloudphoto python-aliyun-python-sdk-cloudwf python-aliyun-python-sdk-cms python-aliyun-python-sdk-codeup python-aliyun-python-sdk-companyreg python-aliyun-python-sdk-core python-aliyun-python-sdk-crm python-aliyun-python-sdk-cr python-aliyun-python-sdk-csb python-aliyun-python-sdk-cspro python-aliyun-python-sdk-cs python-aliyun-python-sdk-cusanalytic_sc_online python-aliyun-python-sdk-das python-aliyun-python-sdk-dataworks-public python-aliyun-python-sdk-dbfs python-aliyun-python-sdk-dbs python-aliyun-python-sdk-dcdn python-aliyun-python-sdk-dds python-aliyun-python-sdk-democenter python-aliyun-python-sdk-devops-rdc python-aliyun-python-sdk-dms-enterprise python-aliyun-python-sdk-domain-intl python-aliyun-python-sdk-domain python-aliyun-python-sdk-drds python-aliyun-python-sdk-dts python-aliyun-python-sdk-dybaseapi python-aliyun-python-sdk-dyplsapi python-aliyun-python-sdk-dypnsapi python-aliyun-python-sdk-dysmsapi python-aliyun-python-sdk-dyvmsapi python-aliyun-python-sdk-eas python-aliyun-python-sdk-eci python-aliyun-python-sdk-ecs python-aliyun-python-sdk-edas python-aliyun-python-sdk-ehpc python-aliyun-python-sdk-elasticsearch python-aliyun-python-sdk-emr python-aliyun-python-sdk-ens python-aliyun-python-sdk-ess python-aliyun-python-sdk-faas python-aliyun-python-sdk-facebody python-aliyun-python-sdk-fnf python-aliyun-python-sdk-foas python-aliyun-python-sdk-ft python-aliyun-python-sdk-geoip python-aliyun-python-sdk-goodstech python-aliyun-python-sdk-gpdb python-aliyun-python-sdk-green python-aliyun-python-sdk-gts-phd python-aliyun-python-sdk-hbase python-aliyun-python-sdk-hbr python-aliyun-python-sdk-highddos python-aliyun-python-sdk-hiknoengine python-aliyun-python-sdk-hivisengine python-aliyun-python-sdk-hpc python-aliyun-python-sdk-hsm python-aliyun-python-sdk-httpdns python-aliyun-python-sdk-imageaudit python-aliyun-python-sdk-imageenhan python-aliyun-python-sdk-imageprocess python-aliyun-python-sdk-imagerecog python-aliyun-python-sdk-imagesearch python-aliyun-python-sdk-imageseg python-aliyun-python-sdk-imgsearch python-aliyun-python-sdk-imm python-aliyun-python-sdk-industry-brain python-aliyun-python-sdk-iot python-aliyun-python-sdk-iqa python-aliyun-python-sdk-ivision python-aliyun-python-sdk-ivpd python-aliyun-python-sdk-jaq python-aliyun-python-sdk-jarvis-public python-aliyun-python-sdk-jarvis python-aliyun-python-sdk-kms python-aliyun-python-sdk-ledgerdb python-aliyun-python-sdk-linkedmall python-aliyun-python-sdk-linkface python-aliyun-python-sdk-linkwan python-aliyun-python-sdk-live python-aliyun-python-sdk-lubancloud python-aliyun-python-sdk-market python-aliyun-python-sdk-mopen python-aliyun-python-sdk-mts python-aliyun-python-sdk-multimediaai python-aliyun-python-sdk-nas python-aliyun-python-sdk-netana python-aliyun-python-sdk-nlp-automl python-aliyun-python-sdk-nls-cloud-meta python-aliyun-python-sdk-objectdet python-aliyun-python-sdk-ocr python-aliyun-python-sdk-ocs python-aliyun-python-sdk-oms python-aliyun-python-sdk-onsmqtt python-aliyun-python-sdk-ons python-aliyun-python-sdk-oos python-aliyun-python-sdk-openanalytics-open python-aliyun-python-sdk-openanalytics python-aliyun-python-sdk-opensearch python-aliyun-python-sdk-ossadmin python-aliyun-python-sdk-ots python-aliyun-python-sdk-outboundbot python-aliyun-python-sdk-paistudio python-aliyun-python-sdk-petadata python-aliyun-python-sdk-polardb python-aliyun-python-sdk-productcatalog python-aliyun-python-sdk-pts python-aliyun-python-sdk-push python-aliyun-python-sdk-pvtz python-aliyun-python-sdk-qualitycheck python-aliyun-python-sdk-quickbi-public python-aliyun-python-sdk-ram python-aliyun-python-sdk-rdc python-aliyun-python-sdk-rds python-aliyun-python-sdk-reid python-aliyun-python-sdk-resourcemanager python-aliyun-python-sdk-retailcloud python-aliyun-python-sdk-risk python-aliyun-python-sdk-r-kvstore python-aliyun-python-sdk-ros python-aliyun-python-sdk-rtc python-aliyun-python-sdk-sae python-aliyun-python-sdk-saf python-aliyun-python-sdk-sas-api python-aliyun-python-sdk-sas python-aliyun-python-sdk-scdn python-aliyun-python-sdk-schedulerx2 python-aliyun-python-sdk-sddp python-aliyun-python-sdk-slb python-aliyun-python-sdk-smartag python-aliyun-python-sdk-smc python-aliyun-python-sdk-snsuapi python-aliyun-python-sdk-status python-aliyun-python-sdk-sts python-aliyun-python-sdk python-aliyun-python-sdk-tag python-aliyun-python-sdk-tesladam python-aliyun-python-sdk-teslamaxcompute python-aliyun-python-sdk-teslastream python-aliyun-python-sdk-trademark python-aliyun-python-sdk-ubsms python-aliyun-python-sdk-uis python-aliyun-python-sdk-unimkt python-aliyun-python-sdk-vcs python-aliyun-python-sdk-viapiutils python-aliyun-python-sdk-videoenhan python-aliyun-python-sdk-videorecog python-aliyun-python-sdk-videosearch python-aliyun-python-sdk-videoseg python-aliyun-python-sdk-visionai-poc python-aliyun-python-sdk-visionai python-aliyun-python-sdk-vod python-aliyun-python-sdk-voicenavigator python-aliyun-python-sdk-vpc python-aliyun-python-sdk-vs python-aliyun-python-sdk-waf-openapi python-aliyun-python-sdk-webplus python-aliyun-python-sdk-welfare-inner python-aliyun-python-sdk-workorder python-aliyun-python-sdk-xspace python-aliyun-python-sdk-xtrace python-aliyun-python-sdk-yundun-ds python-aliyun-python-sdk-yundun python-pycryptodome ----------------------------------------- Patch: SUSE-2020-2951 Released: Fri Oct 16 16:09:38 2020 Summary: Security update for transfig Severity: moderate References: 1143650,CVE-2019-14275 Description: This update for transfig fixes the following issues: Security issue fixed: - CVE-2019-14275: Fixed stack-based buffer overflow in the calc_arrow function (bsc#1143650). ----------------------------------------- Patch: SUSE-2020-2958 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Severity: moderate References: 1158830 Description: This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------- Patch: SUSE-2020-2965 Released: Tue Oct 20 13:27:21 2020 Summary: Recommended update for cni, cni-plugins Severity: moderate References: 1172786 Description: This update ships cni and cni-plugins to the Public Cloud Module of SUSE Linux Enterprise 15 SP2. ----------------------------------------- Patch: SUSE-2020-2966 Released: Tue Oct 20 16:03:58 2020 Summary: Security update for hunspell Severity: low References: 1151867,CVE-2019-16707 Description: This update for hunspell fixes the following issues: - CVE-2019-16707: Fixed an invalid read in SuggestMgr:leftcommonsubstring (bsc#1151867). ----------------------------------------- Patch: SUSE-2020-2971 Released: Tue Oct 20 16:41:36 2020 Summary: Recommended update for shim-susesigned Severity: moderate References: 1177315 Description: This update contains changes needed for Common criteria certification. shim: * add a temporary shim loader EFI signed by SUSE that contains additional checks of Extended Key Usage for Codesigning (bsc#1177315) The Common Criteria system role for 15-SP2 was adjusted: * Configure alternative shim (bsc#1177315) * Remove curve25519-sha256@libssh.org as it doesn't work in fips mode * doc: logrotate is started via timer ----------------------------------------- Patch: SUSE-2020-2979 Released: Wed Oct 21 11:37:14 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1176173 Description: This update for mozilla-nss fixes the following issue: - FIPS: Adjust the Diffie-Hellman and Elliptic Curve Diffie-Hellman algorithms to be NIST SP800-56Arev3 compliant (bsc#1176173). ----------------------------------------- Patch: SUSE-2020-2983 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Severity: moderate References: 1176123 Description: This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) ----------------------------------------- Patch: SUSE-2020-2985 Released: Wed Oct 21 15:11:39 2020 Summary: Recommended update for prometheus-ha_cluster_exporter Severity: moderate References: Description: This update for prometheus-ha_cluster_exporter fixes the following issues: - Implement SBD watchdog and 'msgwait' timeout metrics. - Handle correctly corosync membership parsing with 'qdevice' enabled. ----------------------------------------- Patch: SUSE-2020-2989 Released: Thu Oct 22 08:53:10 2020 Summary: Recommended update for chrony Severity: moderate References: 1171806 Description: This update for chrony fixes the following issues: - Integrate three upstream patches to fix an infinite loop in chronyc. (bsc#1171806) ----------------------------------------- Patch: SUSE-2020-2992 Released: Thu Oct 22 09:10:59 2020 Summary: Recommended update for prometheus-hanadb_exporter Severity: moderate References: Description: This update for prometheus-hanadb_exporter fixes the following issue: Release 0.7.2 - Lookup for `/usr/etc` and the fallback `/etc` directory for config files. ----------------------------------------- Patch: SUSE-2020-2994 Released: Thu Oct 22 09:11:50 2020 Summary: Recommended update for grafana-sap-netweaver-dashboards Severity: moderate References: 1177229 Description: This update for grafana-sap-netweaver-dashboards fixes the following issue: Release 1.0.3 - Add variable for prometheus datasource. (bsc#1177229) ----------------------------------------- Patch: SUSE-2020-2995 Released: Thu Oct 22 10:03:09 2020 Summary: Security update for freetype2 Severity: important References: 1177914,CVE-2020-15999 Description: This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914). ----------------------------------------- Patch: SUSE-2020-3004 Released: Thu Oct 22 17:44:31 2020 Summary: Recommended update for python-shaptools, salt-shaptools, habootstrap-formula, saphanabootstrap-formula, sapnwbootstrap-formula Severity: moderate References: 1174994,1175709 Description: python-shaptools: - Fix how HANA database is started and stopped to work in multi host environment. sapcontrol commands are used instead of HDB now. (jsc#SLE-4047) - Fix issue when secondary registration fails after a successful 'SSFS' files copy process. (bsc#1175709) Now the registration return code will be checked in the new call. salt-shaptools: - Fix how HANA database is started and stopped to work in multi host environment. sapcontrol commands are used instead of HDB now. (jsc#SLE-4047) habootstrap-formula: - Update the prevalidation logic to check for valid sbd entries (jsc#SLE-4047) - Improve Formula with form description (jsc#SLE-4047) - Update the SUMA form.yml file and prevalidation state with latest changes in project - Include the pillar example file in package. (bsc#1174994) - Fix how HANA database is started and stopped to work in multi host environment. sapcontrol commands are used instead of HDB now. (jsc#SLE-4047) saphanabootstrap-formula: - Update the package version after SUMA form update and extraction logic update (jsc#SLE-4047) - Fix the hana media extraction and installation logics when using exe archives - Update the SUMA hana form metadata, to show hana form under SAP deployment group - Update SUMA form.yml file and prevalidation state with latest changes in formula - Change the default 'hana_extract_dir' hana media extraction location - Remove copy of config files for exporters since we use /usr/etc - Include the pillar example file in package. (bsc#1174994, jsc#SLE-4047) - Add hana active/active resources to the cluster template - Change `route_table` by `route_name` to make the variable usage more meaningful - Add support to extract zip,rar,exe,sar hana media - This change in non backward compatible. The variable hdbserver_extract_dir is replaced by hana_extract_dir - Fix provisioning of hanadb_exporter in SLE12, where python3-pip must be always installed. - Fix how HANA database is started and stopped to work in multi host environment. sapcontrol commands are used instead of HDB now. (jsc#SLE-4047) sapnwbootstrap-formula: - Create SUMA form based on latest pillar and formula data (jsc#SLE-4047) - Implement the differences between ENSA1 and ENSA2 versions - Add the keepalive configuration changes - Include the pillar example file in package. (bsc#1174994, jsc#SLE-4047) - Add support to extract nw media archives. This change is non backward compatible. - Remove default swpm installer extract directory and add nw_extract_dir variable to store all extracted NW media - Fix how HANA database is started and stopped to work in multi host environment. sapcontrol commands are used instead of HDB now. (jsc#SLE-4047) ----------------------------------------- Patch: SUSE-2020-3007 Released: Thu Oct 22 17:51:48 2020 Summary: Recommended update for lifecycle-data-sle-module-live-patching Severity: moderate References: 1020320 Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: - Added data for 4_12_14-150_58, 4_12_14-197_51, 4_12_14-197_56, 5_3_18-24_12, 5_3_18-24_15. (bsc#1020320) ----------------------------------------- Patch: SUSE-2020-3009 Released: Thu Oct 22 17:52:34 2020 Summary: Recommended update for tboot Severity: moderate References: 1176378 Description: This update for tboot fixes the following issues: - Fix for 'tboot' issues on platform coming with preloaded 'SINIT' modules with padding. (bsc#1176378) ----------------------------------------- Patch: SUSE-2020-3012 Released: Thu Oct 22 22:36:57 2020 Summary: Recommended update for sysstat Severity: moderate References: 1174227 Description: This update for sysstat fixes the following issues: - Fix for an issue when 'iowait' output of 'sar' can also decrement as a result of inaccurate tracking. (bsc#1174227) ----------------------------------------- Patch: SUSE-2020-3021 Released: Fri Oct 23 14:20:03 2020 Summary: Security update for MozillaFirefox Severity: important References: 1176756,1177872,CVE-2020-15683,CVE-2020-15969 Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872, bsc#1176756) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * Fixed: Fixed legacy preferences not being properly applied when set via GPO ----------------------------------------- Patch: SUSE-2020-3025 Released: Fri Oct 23 15:33:09 2020 Summary: Recommended update for myspell-dictionaries Severity: moderate References: 1176716 Description: This update of myspell-dictionaries provides the following fix: - Ship the de_AT and de_CH dictionaries to the SLE Basesystem 15-SP2 module. (bsc#1176716) ----------------------------------------- Patch: SUSE-2020-3026 Released: Fri Oct 23 15:35:51 2020 Summary: Optional update for the Public Cloud Module Severity: moderate References: Description: This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398). The following packages were included: - python3-grpcio - python3-protobuf - python3-google-api-core - python3-google-cloud-core - python3-google-cloud-storage - python3-google-resumable-media - python3-googleapis-common-protos - python3-grpcio-gcp - python3-mock (updated to version 3.0.5) ----------------------------------------- Patch: SUSE-2020-3041 Released: Tue Oct 27 09:25:30 2020 Summary: Recommended update for java-1_8_0-ibm Severity: moderate References: 1175295 Description: This update for java-1_8_0-ibm fixes the following issues: - Fix a Java ifix for z15 compression problem. (bsc#1175295) ----------------------------------------- Patch: SUSE-2020-3042 Released: Tue Oct 27 10:17:47 2020 Summary: Recommended update for apache2 Severity: low References: Description: This update for apache2 fixes the following issues: - Added -a argument to 'gensslcert' to allow to override the default SAN value ----------------------------------------- Patch: SUSE-2020-3045 Released: Tue Oct 27 14:34:44 2020 Summary: Security update for virt-bootstrap Severity: moderate References: 1140750,CVE-2019-13314 Description: This update for virt-bootstrap fixes the following issues: Security issue fixed: - CVE-2019-13314: Allow providing the container's root password using a file (bsc#1140750). ----------------------------------------- Patch: SUSE-2020-3046 Released: Tue Oct 27 14:41:21 2020 Summary: Recommended update for shim-susesigned Severity: moderate References: 1177315 Description: This update for shim-susesigned fixes the following issues: - Fix a buffer use-after-free at the end of the EKU verification in shim-susesigned (bsc#1177315) ----------------------------------------- Patch: SUSE-2020-3048 Released: Tue Oct 27 16:05:17 2020 Summary: Recommended update for libsolv, libzypp, yaml-cpp, zypper Severity: moderate References: 1174918,1176192,1176435,1176712,1176740,1176902,1177238,935885 Description: This update for libsolv, libzypp, yaml-cpp, zypper fixes the following issues: libzypp was updated to 17.25.1: - When kernel-rt has been installed, the purge-kernels service fails during boot. (bsc#1176902) - Use package name provides as group key in purge-kernel (bsc#1176740 bsc#1176192) kernel-default-base has new packaging, where the kernel uname -r does not reflect the full package version anymore. This patch adds additional logic to use the most generic/shortest edition each package provides with %{packagename}= to group the kernel packages instead of the rpm versions. This also changes how the keep-spec for specific versions is applied, instead of matching the package versions, each of the package name provides will be matched. - RepoInfo: Return the type of the local metadata cache as fallback (bsc#1176435) - VendorAttr: Fix broken 'suse,opensuse' equivalence handling. Enhance API and testcases. (bsc#1174918) - Update docs regarding 'opensuse' namepace matching. - Link against libzstd to close libsolvs open references (as we link statically) yaml-cpp: - The libyaml-cpp0_6 library package is added the to the Basesystem module, LTSS and ESPOS channels, and the INSTALLER channels, as a new libzypp dependency. No source changes were done to yaml-cpp. zypper was updated to 1.14.40: - info: Assume descriptions starting with '

' are richtext (bsc#935885) - help: prevent 'whatis' from writing to stderr (bsc#1176712) - wp: point out that command is aliased to a search command and searches case-insensitive (jsc#SLE-16271) libsolv was updated to 0.7.15 to fix: - make testcase_mangle_repo_names deal correctly with freed repos [bsc#1177238] - fix deduceq2addedmap clearing bits outside of the map - conda: feature depriorization first - conda: fix startswith implementation - move find_update_seeds() call in cleandeps calculation - set SOLVABLE_BUILDHOST in rpm and rpmmd parsers - new testcase_mangle_repo_names() function - new solv_fmemopen() function ----------------------------------------- Patch: SUSE-2020-3058 Released: Wed Oct 28 06:11:14 2020 Summary: Recommended update for catatonit Severity: moderate References: 1176155 Description: This update for catatonit fixes the following issues: - Fixes an issue when catatonit hangs when process dies in very specific way. (bsc#1176155) ----------------------------------------- Patch: SUSE-2020-3059 Released: Wed Oct 28 06:11:23 2020 Summary: Recommended update for sysconfig Severity: moderate References: 1173391,1176285,1176325 Description: This update for sysconfig fixes the following issues: - Fix for 'netconfig' to run with a new library including fallback to the previous location. (bsc#1176285) - Fix for changing content of such files like '/etc/resolv.conf' to avoid linked applications re-read them and unnecessarily re-initializes themselves accordingly. (bsc#1176325) - Fix for 'chrony helper' calling in background. (bsc#1173391) - Fix for configuration file by creating a symlink for it to prevent false ownership on the file. (bsc#1159566) ----------------------------------------- Patch: SUSE-2020-3060 Released: Wed Oct 28 08:09:21 2020 Summary: Security update for binutils Severity: moderate References: 1126826,1126829,1126831,1140126,1142649,1143609,1153768,1153770,1157755,1160254,1160590,1163333,1163744,CVE-2019-12972,CVE-2019-14250,CVE-2019-14444,CVE-2019-17450,CVE-2019-17451,CVE-2019-9074,CVE-2019-9075,CVE-2019-9077 Description: This update for binutils fixes the following issues: binutils was updated to version 2.35. (jsc#ECO-2373) Update to binutils 2.35: * The assembler can now produce DWARF-5 format line number tables. * Readelf now has a 'lint' mode to enable extra checks of the files it is processing. * Readelf will now display '[...]' when it has to truncate a symbol name. The old behaviour - of displaying as many characters as possible, up to the 80 column limit - can be restored by the use of the --silent-truncation option. * The linker can now produce a dependency file listing the inputs that it has processed, much like the -M -MP option supported by the compiler. - fix DT_NEEDED order with -flto [bsc#1163744] Update to binutils 2.34: * The disassembler (objdump --disassemble) now has an option to generate ascii art thats show the arcs between that start and end points of control flow instructions. * The binutils tools now have support for debuginfod. Debuginfod is a HTTP service for distributing ELF/DWARF debugging information as well as source code. The tools can now connect to debuginfod servers in order to download debug information about the files that they are processing. * The assembler and linker now support the generation of ELF format files for the Z80 architecture. - Add new subpackages for libctf and libctf-nobfd. - Disable LTO due to bsc#1163333. - Includes fixes for these CVEs: bsc#1153768 aka CVE-2019-17451 aka PR25070 bsc#1153770 aka CVE-2019-17450 aka PR25078 - fix various build fails on aarch64 (PR25210, bsc#1157755). Update to binutils 2.33.1: * Adds support for the Arm Scalable Vector Extension version 2 (SVE2) instructions, the Arm Transactional Memory Extension (TME) instructions and the Armv8.1-M Mainline and M-profile Vector Extension (MVE) instructions. * Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE, Cortex-A76AE, and Cortex-A77 processors. * Adds a .float16 directive for both Arm and AArch64 to allow encoding of 16-bit floating point literals. * For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not) Loongson3 LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no] configure time option to set the default behavior. Set the default if the configure option is not used to 'no'. * The Cortex-A53 Erratum 843419 workaround now supports a choice of which workaround to use. The option --fix-cortex-a53-843419 now takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp] which can be used to force a particular workaround to be used. See --help for AArch64 for more details. * Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties in the AArch64 ELF linker. * Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI on inputs and use PLTs protected with BTI. * Add -z pac-plt for AArch64 to pick PAC enabled PLTs. * Add --source-comment[=] option to objdump which if present, provides a prefix to source code lines displayed in a disassembly. * Add --set-section-alignment = option to objcopy to allow the changing of section alignments. * Add --verilog-data-width option to objcopy for verilog targets to control width of data elements in verilog hex format. * The separate debug info file options of readelf (--debug-dump=links and --debug-dump=follow) and objdump (--dwarf=links and --dwarf=follow-links) will now display and/or follow multiple links if more than one are present in a file. (This usually happens when gcc's -gsplit-dwarf option is used). In addition objdump's --dwarf=follow-links now also affects its other display options, so that for example, when combined with --syms it will cause the symbol tables in any linked debug info files to also be displayed. In addition when combined with --disassemble the --dwarf= follow-links option will ensure that any symbol tables in the linked files are read and used when disassembling code in the main file. * Add support for dumping types encoded in the Compact Type Format to objdump and readelf. - Includes fixes for these CVEs: bsc#1126826 aka CVE-2019-9077 aka PR1126826 bsc#1126829 aka CVE-2019-9075 aka PR1126829 bsc#1126831 aka CVE-2019-9074 aka PR24235 bsc#1140126 aka CVE-2019-12972 aka PR23405 bsc#1143609 aka CVE-2019-14444 aka PR24829 bsc#1142649 aka CVE-2019-14250 aka PR90924 * Add xBPF target * Fix various problems with DWARF 5 support in gas * fix nm -B for objects compiled with -flto and -fcommon. ----------------------------------------- Patch: SUSE-2020-3061 Released: Wed Oct 28 08:42:07 2020 Summary: Recommended update for kernel-livepatch-tools Severity: moderate References: Description: This update for kernel-livepatch-tools fixes the following issues: - Add support for compressed kernel modules (jsc#SLE-10886) ----------------------------------------- Patch: SUSE-2020-3062 Released: Wed Oct 28 08:43:54 2020 Summary: Recommended update for xscreensaver Severity: moderate References: 1101393,1165170,890595 Description: This update for xscreensaver fixes the following issues: - update to 5.44 (ECO-2755): * New hacks, gibson, etruscanvenus and scooter * BSOD supports Tivo and Nintendo * New color options in romanboy, projectiveplane, hypertorus and klein * Performance tweaks for eruption, fireworkx, halftone, halo, moire2, rd-bomb * X11: Always use $HOME/.xscreensaver, not getpwuid's directory * New hacks GravityWell, DeepStars, handsy. * GLPlanet now supports the Mercator projection. * Bouncing Cow has mathematically ideal cows. * Foggy toasters. * Unknown Pleasures can now use an image file as a clip mask. * Updated webcollage for recent changes. * Added some sample unlock dialog color schemes to the .ad file. * On systemd systems, closing your laptop lid actually lock your screen now. (bsc#1101393) * Lock after completing fade (bsc#1101393). * sonar can ping without being setuid by using setcap. * The new font-loading fallback heuristics work again. * Fixed `noof' from displaying minimalistically. * Rewrote `unknownpleasures' to be faster, and a true waterfall graph. * If the xscreensaver daemon is setuid, the screen wont be unlocked. * Fix a BadWindow error. (bsc#1165170) * Suspend/Resumes don't show the desktop content before loading the lock screen. (bsc#1101393) * No longer require Xxf86misc extension, which is no longer supported and it has been removed from Xserver years ago. * New hacks filmleader vfeedback glitchpeg, razzledazzle, peepers, crumbler, maze3d and esper. * webcollagenow works with ImageMagick. * Improvements of GLPlanet, DymaxionMap, Tessellimage, XAnalogTV. * More heuristics for using RSS feeds as image sources. * Built-in image assets are now PNG instead of XPM or XBM. * Better font-loading fallback. * In case of too old versions, the message will advise to open a bugreport. (bsc#890595). ----------------------------------------- Patch: SUSE-2020-3063 Released: Wed Oct 28 08:45:07 2020 Summary: Recommended update for rubygem-railties-5_1 Severity: moderate References: 1174315 Description: This update for rubygem-railties-5_1 fixes the following issue: - Fix rubygems dependencies for puma update and respect older version. (bnc#1174315) ----------------------------------------- Patch: SUSE-2020-3065 Released: Wed Oct 28 09:38:43 2020 Summary: Security update for sane-backends Severity: important References: 1172524,CVE-2020-12861,CVE-2020-12862,CVE-2020-12863,CVE-2020-12864,CVE-2020-12865,CVE-2020-12866,CVE-2020-12867 Description: This update for sane-backends fixes the following issues: sane-backends was updated to 1.0.31 to further improve hardware enablement for scanner devices (jsc#ECO-2418 jsc#SLE-15561 jsc#SLE-15560) and also fix various security issues: - CVE-2020-12861,CVE-2020-12865: Fixed an out of bounds write (bsc#1172524) - CVE-2020-12862,CVE-2020-12863,CVE-2020-12864,: Fixed an out of bounds read (bsc#1172524) - CVE-2020-12866,CVE-2020-12867: Fixed a null pointer dereference (bsc#1172524) The upstream changelogs can be found here: - https://gitlab.com/sane-project/backends/-/releases/1.0.28 - https://gitlab.com/sane-project/backends/-/releases/1.0.29 - https://gitlab.com/sane-project/backends/-/releases/1.0.30 - https://gitlab.com/sane-project/backends/-/releases/1.0.31 ----------------------------------------- Patch: SUSE-2020-3068 Released: Wed Oct 28 11:46:10 2020 Summary: Security update for tomcat Severity: moderate References: 1177582,CVE-2020-13943 Description: This update for tomcat fixes the following issues: - CVE-2020-13943: Fixed HTTP/2 Request mix-up (bsc#1177582) ----------------------------------------- Patch: SUSE-2020-3074 Released: Thu Oct 29 08:27:49 2020 Summary: Recommended update for certification-sles-eal4 Severity: moderate References: 1178169 Description: This update for certification-sles-eal4 fixes the following issues: * Fixed typo in the CC system role (bsc#1178169) ----------------------------------------- Patch: SUSE-2020-3076 Released: Thu Oct 29 10:07:56 2020 Summary: Recommended update for go1.14 Severity: low References: Description: This update for go1.14 fixes the following issues: - includes fixes to the compiler, runtime, and the plugin and testing packages. * database/sql: TestTxCannotCommitAfterRollback failures on windows-amd64-2008 builder * runtime: memory corruption from stack-allocated defer on 32-bit * memory corruption on linux/386 with float32 arithmetic, GO386=387, buildmode pie/c-archive * runtime: 'fatal error: unexpected signal during runtime execution' on windows-amd64-longtest builder of Go 1.15.2 commit * testing: summary and test output interleaved * plugin: program on linux/s390x sometimes hangs after calling 'plugin.Open' * runtime: pcdata is -2 and 12 locals stack map entries error on nil pointer * runtime: race between stack shrinking and channel send/recv leads to bad sudog values ----------------------------------------- Patch: SUSE-2020-3091 Released: Thu Oct 29 16:35:37 2020 Summary: Security update for MozillaThunderbird and mozilla-nspr Severity: important References: 1174230,1176384,1176756,1176899,1177977,CVE-2020-15673,CVE-2020-15676,CVE-2020-15677,CVE-2020-15678,CVE-2020-15683,CVE-2020-15969 Description: This update for MozillaThunderbird and mozilla-nspr fixes the following issues: - Mozilla Thunderbird 78.4 * new: MailExtensions: browser.tabs.sendMessage API added * new: MailExtensions: messageDisplayScripts API added * changed: Yahoo and AOL mail users using password authentication will be migrated to OAuth2 * changed: MailExtensions: messageDisplay APIs extended to support multiple selected messages * changed: MailExtensions: compose.begin functions now support creating a message with attachments * fixed: Thunderbird could freeze when updating global search index * fixed: Multiple issues with handling of self-signed SSL certificates addressed * fixed: Recipient address fields in compose window could expand to fill all available space * fixed: Inserting emoji characters in message compose window caused unexpected behavior * fixed: Button to restore default folder icon color was not keyboard accessible * fixed: Various keyboard navigation fixes * fixed: Various color-related theme fixes * fixed: MailExtensions: Updating attachments with onBeforeSend.addListener() did not work MFSA 2020-47 (bsc#1177977) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Thunderbird 78.4 - Mozilla Thunderbird 78.3.3 * OpenPGP: Improved support for encrypting with subkeys * OpenPGP message status icons were not visible in message header pane * Creating a new calendar event did not require an event title - Mozilla Thunderbird 78.3.2 (bsc#1176899) * OpenPGP: Improved support for encrypting with subkeys * OpenPGP: Encrypted messages with international characters were sometimes displayed incorrectly * Single-click deletion of recipient pills with middle mouse button restored * Searching an address book list did not display results * Dark mode, high contrast, and Windows theming fixes - Mozilla Thunderbird 78.3.1 * fix crash in nsImapProtocol::CreateNewLineFromSocket - Mozilla Thunderbird 78.3.0 MFSA 2020-44 (bsc#1176756) * CVE-2020-15677 Download origin spoofing via redirect * CVE-2020-15676 XSS when pasting attacker-controlled data into a contenteditable element * CVE-2020-15678 When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after- free scenario * CVE-2020-15673 Memory safety bugs fixed in Thunderbird 78.3 - update mozilla-nspr to version 4.25.1 * The macOS platform code for shared library loading was changed to support macOS 11. * Dependency needed for the MozillaThunderbird udpate ----------------------------------------- Patch: SUSE-2020-3099 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Severity: moderate References: 1177460 Description: This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------- Patch: SUSE-2020-3101 Released: Thu Oct 29 19:35:22 2020 Summary: Recommended update for p7zip Severity: moderate References: 1177648 Description: This update for p7zip provides the following fix: - Add p7zip-full to SLE-Module-Basesystem 15-SP2 to fix building RPM packages that have 7z source files. (bsc#1177648) ----------------------------------------- Patch: SUSE-2020-3102 Released: Thu Oct 29 19:37:05 2020 Summary: Recommended update for gnome-desktop Severity: moderate References: 1176596 Description: This update for gnome-desktop fixes the following issues: - Fix a crash caused by a malformed background xml file. (bsc#1176596) - Update testsuite for new Hebrew clock format. - Updated translations. ----------------------------------------- Patch: SUSE-2020-3115 Released: Mon Nov 2 10:35:39 2020 Summary: Security update for python Severity: moderate References: 1177211,CVE-2020-26116 Description: This update for python fixes the following issues: - bsc#1177211 (CVE-2020-26116) no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. ----------------------------------------- Patch: SUSE-2020-3116 Released: Mon Nov 2 13:45:14 2020 Summary: Recommended update for dash Severity: moderate References: 1160260,1177691 Description: This update for dash fixes the following issues: - Update to version 0.5.11.2 (bsc#1177691) * Add -fcommon to %optflags (bsc#1160260) * Fix a pathname expansion bug in dash (bsc#1177691) ----------------------------------------- Patch: SUSE-2020-3120 Released: Mon Nov 2 16:28:57 2020 Summary: Recommended update for mutter Severity: low References: 1175532 Description: This update for mutter fixes the following issue: - Fix copy and paste failing sometimes in wine applications. (bsc#1175532) ----------------------------------------- Patch: SUSE-2020-3123 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Severity: important References: 1177460,1178346,1178350,1178353 Description: This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------- Patch: SUSE-2020-3132 Released: Tue Nov 3 12:11:17 2020 Summary: Security update for gnome-settings-daemon, gnome-shell Severity: moderate References: 1172760,1175155,CVE-2020-17489 Description: This update for gnome-settings-daemon, gnome-shell fixes the following issues: gnome-settings-daemon: - Add support for recent UCM related changes in ALSA and PulseAudio. (jsc#SLE-16518) - Don't warn when a default source or sink is missing and the PulseAudio daemon is restarting. (jsc#SLE-16518) - Don't warn about starting/stopping services which don't exist. (bsc#1172760). gnome-shell: - Add support for recent UCM related changes in ALSA and PulseAudio. (jsc#SLE-16518) - CVE-2020-17489: reset auth prompt on vt switch before fade in in loginDialog (bsc#1175155). ----------------------------------------- Patch: SUSE-2020-3137 Released: Tue Nov 3 12:13:55 2020 Summary: Recommended update for bcache-tools Severity: moderate References: 1174075,1176244 Description: This update for bcache-tools fixes the following issues: - Remove dependency of 'smartcols' as bcache-tools code doesn't need it anymore. (jsc#SLE-9807) - Implement 'bcache-status'. (jsc#SLE-9807) - Remove the dependency on libsmartcols. (jsc#SLE-9807) - Fix for potential coredump issues. (jsc#SLE-9807) - Add more swap bitwise for different CPU endians. (jsc#SLE-9807) - Fixed an issue when an rpm macro '%{_libexecdir}' results braking packages. (bsc#1174075) - Fixed an issue when 'bcache' causing system crashing by using a legacy path. (bsc#1176244) ----------------------------------------- Patch: SUSE-2020-3138 Released: Tue Nov 3 12:14:03 2020 Summary: Recommended update for systemd Severity: moderate References: 1104902,1154935,1165502,1167471,1173422,1176513,1176800 Description: This update for systemd fixes the following issues: - seccomp: shm{get,at,dt} now have their own numbers everywhere (bsc#1173422) - test-seccomp: log function names - test-seccomp: add log messages when skipping tests - basic/virt: Detect PowerVM hypervisor (bsc#1176800) - fs-util: suppress world-writable warnings if we read /dev/null - udevadm: rename option '--log-priority' into '--log-level' - udev: rename kernel option 'log_priority' into 'log_level' - fstab-generator: add 'nofail' when NFS 'bg' option is used (bsc#1176513) - Fix memory protection default (bsc#1167471) - cgroup: Support 0-value for memory protection directives and accepts MemorySwapMax=0 (bsc#1154935) - Improve latency and reliability when users log in/out (bsc#1104902, bsc#1165502) ----------------------------------------- Patch: SUSE-2020-3148 Released: Wed Nov 4 11:04:22 2020 Summary: Recommended update for dbxtool Severity: moderate References: Description: This update for dbxtool fixes the following issues: dbxtool version 8 is included in SUSE Linux Enterprise. (jsc#ECO-2560 jsc#PM-2042 jsc#SLE-16062) This contains the dbxtool for handling and storing the UEFI DBX database, to deploy deny lists of UEFI binaries e.g. in regards to the BootHole security issue. ----------------------------------------- Patch: SUSE-2020-3152 Released: Wed Nov 4 11:07:07 2020 Summary: Security update for apache-commons-httpclient Severity: important References: 1178171,945190,CVE-2014-3577,CVE-2015-5262 Description: This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577] ----------------------------------------- Patch: SUSE-2020-3157 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1177864 Description: This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------- Patch: SUSE-2020-3164 Released: Thu Nov 5 10:35:45 2020 Summary: Security update for ImageMagick Severity: moderate References: 1106272,1178067,CVE-2020-27560 Description: This update for ImageMagick fixes the following issues: - CVE-2020-27560: Fixed potential denial of service in OptimizeLayerFrames function in MagickCore/layer.c (bsc#1178067). - Fixed greyish image produced by incorrect colorspace (bsc#1106272). ----------------------------------------- Patch: SUSE-2020-3166 Released: Thu Nov 5 10:37:34 2020 Summary: Security update for wireshark Severity: moderate References: 1175204,1176908,1176909,1176910,CVE-2020-17498,CVE-2020-25862,CVE-2020-25863,CVE-2020-25866 Description: This update for wireshark fixes the following issues: - Update to wireshark 3.2.7: * CVE-2020-25863: MIME Multipart dissector crash (bsc#1176908) * CVE-2020-25862: TCP dissector crash (bsc#1176909) * CVE-2020-25866: BLIP dissector crash (bsc#1176910) * CVE-2020-17498: Kafka dissector crash (bsc#1175204) ----------------------------------------- Patch: SUSE-2020-3170 Released: Thu Nov 5 13:34:34 2020 Summary: Recommended update for crmsh Severity: moderate References: 1122391,1148874,1165644,1175708,1177980 Description: This update for crmsh fixes the following issues: - Converting deprecated 'score' in rsc_order to 'kind' (bsc#1122391) - Fixed a bug where crmsh exited with an error, even if the 'error' is actually a warning (bsc#1122391) - Fixed an issue where 'crm cluster remove node' didn't stop nor disable the hawk service on that node (bsc#1175708) - Checks now whether pacemaker.service and corosync.service are already running/stopped (bsc#1177980) - Fixed a bug where the node address was not removed from the corosync.conf file on node removal (bsc#1165644) - Collecting corosync.log in hb_report if it is defined in config file (bsc#1148874) ----------------------------------------- Patch: SUSE-2020-3199 Released: Fri Nov 6 13:01:11 2020 Summary: Recommended update for SUSEConnect Severity: moderate References: 1155027 Description: This update for SUSEConnect fixes the following issues: - Recognize more formats when parsing the '.curlrc' for proxy credentials. (bsc#1155027) - Add 'rpmlintrc' to filter false-positive warning about patch not applied - Extend the YaST API in order to access to the package search functionality. (jsc#SLE-9109) ----------------------------------------- Patch: SUSE-2020-3248 Released: Fri Nov 6 17:02:05 2020 Summary: Recommended update for SUSE Manager Client Tools Severity: moderate References: 1167907,1169664 Description: This update fixes the following issues: dracut-saltboot: - Support autosign grains in saltboot intrd grafana: - Update to version 7.1.5: * Features / Enhancements - Stats: Stop counting the same user multiple times. - Field overrides: Filter by field name using regex. - AzureMonitor: map more units. - Explore: Don't run queries on datasource change. - Graph: Support setting field unit & override data source (automatic) unit. - Explore: Unification of logs/metrics/traces user interface - Table: JSON Cell should try to convert strings to JSON - Variables: enables cancel for slow query variables queries. - TimeZone: unify the time zone pickers to one that can rule them all. - Search: support URL query params. - Grafana-UI: Add FileUpload. - TablePanel: Sort numbers correctly. * Bug fixes - Alerting: remove LongToWide call in alerting. - AzureMonitor: fix panic introduced in 7.1.4 when unit was unspecified and alias was used. - Variables: Fixes issue with All variable not being resolved. - Templating: Fixes so texts show in picker not the values. - Templating: Templating: Fix undefined result when using raw interpolation format - TextPanel: Fix content overflowing panel boundaries. - StatPanel: Fix stat panel display name not showing when explicitly set. - Query history: Fix search filtering if null value. - Flux: Ensure connections to InfluxDB are closed. - Dashboard: Fix for viewer can enter panel edit mode by modifying url (but cannot not save anything). - Prometheus: Fix prom links in mixed mode. - Sign In Use correct url for the Sign In button. - StatPanel: Fixes issue with name showing for single series / field results - BarGauge: Fix space bug in single series mode. - Auth: Fix POST request failures with anonymous access - Templating: Fix recursive loop of template variable queries when changing ad-hoc-variable - Templating: Fixed recursive queries triggered when switching dashboard settings view - GraphPanel: Fix annotations overflowing panels. - Prometheus: Fix performance issue in processing of histogram labels. - Datasources: Handle URL parsing error. - Security: Use Header.Set and Header.Del for X-Grafana-User header. * Changes in spec file - Fix golang version = 1.14 to avoid dependency conflicts on some OBS projects grafana-ha-cluster-dashboards: - Add the package to the SUSE Manager Client Tools 12 channels. grafana-sap-hana-dashboards: - Add the package to the SUSE Manager Client Tools 12 channels. grafana-sap-netweaver-dashboards: - Add the package to the SUSE Manager Client Tools 12 channels. grafana-sap-providers: - Add the package to the SUSE Manager Client Tools 12 channels. mgr-daemon: - Update translation strings spacecmd: - Python3 fixes for errata in spacecmd (bsc#1169664) - Added support for i18n of user-facing strings - Python3 fix for sorted usage (bsc#1167907) spacewalk-client-tools: - Remove RH references in Python/Ruby localization and use the product name instead ----------------------------------------- Patch: SUSE-2020-3253 Released: Mon Nov 9 07:45:04 2020 Summary: Recommended update for mozilla-nss Severity: moderate References: 1174697,1176173 Description: This update for mozilla-nss fixes the following issues: - Fixes an issue for Mozilla Firefox which has failed in fips mode (bsc#1174697) - FIPS: Adjust the Diffie-Hellman and Elliptic Curve Diffie-Hellman algorithms to be NIST SP800-56Arev3 compliant (bsc#1176173). ----------------------------------------- Patch: SUSE-2020-3259 Released: Mon Nov 9 14:28:19 2020 Summary: Recommended update for haproxy Severity: moderate References: 1178277 Description: This update for haproxy fixes the following issues: - Build haproxy against openssl-1.1.1d to enable TLS 1.3 support (bsc#1178277) ----------------------------------------- Patch: SUSE-2020-3261 Released: Tue Nov 10 09:45:30 2020 Summary: Security update for SDL Severity: moderate References: 1141844,CVE-2019-13616 Description: This update for SDL fixes the following issues: Security issue fixed: - CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit (bsc#1141844). ----------------------------------------- Patch: SUSE-2020-3264 Released: Tue Nov 10 09:50:29 2020 Summary: Security update for zeromq Severity: moderate References: 1176116,1176256,1176257,1176258,1176259,CVE-2020-15166 Description: This update for zeromq fixes the following issues: - CVE-2020-15166: Fixed the possibility of unauthenticated clients causing a denial-of-service (bsc#1176116). - Fixed a heap overflow when receiving malformed ZMTP v1 packets (bsc#1176256) - Fixed a memory leak in client induced by malicious server(s) without CURVE/ZAP (bsc#1176257) - Fixed memory leak when processing PUB messages with metadata (bsc#1176259) - Fixed a stack overflow in PUB/XPUB subscription store (bsc#1176258) ----------------------------------------- Patch: SUSE-2020-3269 Released: Tue Nov 10 15:57:24 2020 Summary: Security update for python-waitress Severity: moderate References: 1160790,1161088,1161089,1161670,CVE-2019-16785,CVE-2019-16786,CVE-2019-16789,CVE-2019-16792 Description: This update for python-waitress to 1.4.3 fixes the following security issues: - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling (bsc#1161088). - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding (bsc#1161089). - CVE-2019-16789: HTTP request smuggling through invalid whitespace characters (bsc#1160790). - CVE-2019-16792: HTTP request smuggling by sending the Content-Length header twice (bsc#1161670). ----------------------------------------- Patch: SUSE-2020-3271 Released: Tue Nov 10 19:05:17 2020 Summary: Security update for ucode-intel Severity: moderate References: 1170446,1173594,CVE-2020-8695,CVE-2020-8698 Description: This update for ucode-intel fixes the following issues: - Intel CPU Microcode updated to 20201027 pre-release - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) # New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile # Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile ----------------------------------------- Patch: SUSE-2020-3291 Released: Wed Nov 11 12:26:29 2020 Summary: Optional update for python-redis and redis Severity: moderate References: 1002351,1047218,1061967,1064980,1097430,1131555,798455,835815,991250,CVE-2013-7458,CVE-2015-8080,CVE-2016-10517,CVE-2016-8339,CVE-2017-15047,CVE-2018-11218,CVE-2018-11219 Description: This optional update for python-redis and redis provides the following fixes python-redis: - Update to version to 3.4.1 (jsc#ECO-2417) * Move the username argument in the Redis and Connection classes to the end of the argument list. This helps those poor souls that specify all their connection options as non-keyword arguments. * Prior to ACL support, redis-py ignored the username component of Connection URLs. With ACL support, usernames are no longer ignored and are used to authenticate against an ACL rule. Some cloud vendors with managed Redis instances (like Heroku) provide connection URLs with a username component pre-ACL that is not intended to be used. Sending that username to Redis servers < 6.0.0 results in an error. Attempt to detect this condition and retry the AUTH command with only the password such that authentication continues to work for these users. * Removed the __eq__ hooks to Redis and ConnectionPool that were added in 3.4.0. This ended up being a bad idea as two separate connection pools be considered equal yet manage a completely separate set of connections. * Allow empty pipelines to be executed if there are WATCHed keys. This is a convenient way to test if any of the watched keys changed without actually running any other commands. * Removed support for end of life Python 3.4. * Added support for all ACL commands in Redis 6. * Pipeline instances now always evaluate to True. Prior to this change, pipeline instances relied on __len__ for boolean evaluation which meant that pipelines with no commands on the stack would be considered False. * Client instances and Connection pools now support a 'client_name' argument. If supplied, all connections created will call CLIENT SETNAME as soon as the connection is opened. * Added the 'ssl_check_hostname' argument to specify whether SSL connections should require the server hostname to match the hostname specified in the SSL cert. By default 'ssl_check_hostname' is False for backwards compatibility. * Added support for the TYPE argument to SCAN. * Better thread and fork safety in ConnectionPool and BlockingConnectionPool. Added better locking to synchronize critical sections rather than relying on CPython-specific implementation details relating to atomic operations. Adjusted how the pools identify and deal with a fork. Added a ChildDeadlockedError exception that is raised by child processes in the very unlikely chance that a deadlock is encountered. * Further fix for the SSLError -> TimeoutError mapping to work on obscure releases of Python 2.7. * Fixed a potential error handling bug for the SSLError -> TimeoutError mapping introduced in 3.3.9. * Mapped Python 2.7 SSLError to TimeoutError where appropriate. Timeouts should now consistently raise TimeoutErrors on Python 2.7 for both unsecured and secured connections. * Fixed MONITOR parsing to properly parse IPv6 client addresses * Fixed a regression introduced in 3.3.0 * Resolve a race condition with the PubSubWorkerThread. * Response callbacks are now case insensitive. * Added support for hiredis-py 1.0.0 encoding error support. * Add READONLY and READWRITE commands. * Added extensive health checks that keep the connections lively. * Many more changes, see upstream changelog. * Add missing build dependency setuptools * Fix SentinelConnectionPool to work in multiprocess/forked environments - Update to 3.2.0 (bsc#1131555) * Added support for `select.poll` to test whether data can be read on a socket. This should allow for significantly more connections to be used with pubsub. * Attempt to guarentee that the ConnectionPool hands out healthy connections. Healthy connections are those that have an established socket connection to the Redis server, are ready to accept a command and have no data available to read. * Use the socket.IPPROTO_TCP constant instead of socket.SOL_TCP. IPPROTO_TCP is available on more interpreters (Jython for instance). * Fixed a regression introduced in 3.0 that mishandles exceptions not derived from the base Exception class. KeyboardInterrupt and gevent.timeout notable. * Significant improvements to handing connections with forked processes. Parent and child processes no longer trample on each others' connections. * PythonParser no longer closes the associated connection's socket. The connection itself will close the socket. * Connection URLs must have one of the following schemes: redis://, rediss://, unix://. * Fixed an issue with retry_on_timeout logic that caused some TimeoutErrors to be retried. * Added support for SNI for SSL. * Fixed ConnectionPool repr for pools with no connections. * Fixed GEOHASH to return a None value when specifying a place that doesn't exist on the server. * Fixed XREADGROUP to return an empty dictionary for messages that have been deleted but still exist in the unacknowledged queue. * Added an owned method to Lock objects. owned returns a boolean indicating whether the current lock instance still owns the lock. * Allow lock.acquire() to accept an optional token argument. If provided, the token argument is used as the unique value used to claim the lock. * Added a reacquire method to Lock objects. reaquire attempts to renew the lock such that the timeout is extended to the same value that the lock was initially acquired with. * Stream names found within XREAD and XREADGROUP responses now properly respect the decode_responses flag. * XPENDING_RANGE now requires the user the specify the min, max and count arguments. Newer versions of Redis prevent count from being infinite so it's left to the user to specify these values explicitly. * ZADD now returns None when xx=True and incr=True and an element is specified that doesn't exist in the sorted set. This matches what the server returns in this case. * Added client_kill_filter that accepts various filters to identify and kill clients. * Fixed a race condition that occurred when unsubscribing and resubscribing to the same channel or pattern in rapid succession. * Added a LockNotOwnedError that is raised when trying to extend or release a lock that is no longer owned. This is a subclass of LockError so previous code should continue to work as expected. * Fixed a bug in GEORADIUS that forced decoding of places without respecting the decode_responses option. * add recommendation for python-hiredis * Fixed regression with UnixDomainSocketConnection caused by 3.0.0. * Fixed an issue with the new asynchronous flag on flushdb and flushall. * Updated Lock.locked() method to indicate whether *any* process has acquired the lock, not just the current one. This is in line with the behavior of threading.Lock. - Update to version 3.0.0: BACKWARDS INCOMPATIBLE CHANGES * When using a Lock as a context manager and the lock fails to be acquired a LockError is now raised. This prevents the code block inside the context manager from being executed if the lock could not be acquired. * Renamed LuaLock to Lock. * Removed the pipeline based Lock implementation in favor of the LuaLock implementation. * Only bytes, strings and numbers (ints, longs and floats) are acceptable for keys and values. Previously redis-py attempted to cast other types to str() and store the result. This caused must confusion and frustration when passing boolean values (cast to 'True' and 'False') or None values (cast to 'None'). It is now the user's responsibility to cast all key names and values to bytes, strings or numbers before passing the value to redis-py. * The StrictRedis class has been renamed to Redis. StrictRedis will continue to exist as an alias of Redis for the forseeable future. * The legacy Redis client class has been removed. It caused much confusion to users. * ZINCRBY arguments 'value' and 'amount' have swapped order to match the the Redis server. The new argument order is: keyname, amount, value. * MGET no longer raises an error if zero keys are passed in. Instead an empty list is returned. * MSET and MSETNX now require all keys/values to be specified in a single dictionary argument named mapping. This was changed to allow for future options to these commands in the future. * ZADD now requires all element names/scores be specified in a single dictionary argument named mapping. This was required to allow the NX, XX, CH and INCR options to be specified. OTHER CHANGES * Added missing DECRBY command. * CLUSTER INFO and CLUSTER NODES respones are now properly decoded to strings. * Added a 'locked()' method to Lock objects. This method returns True if the lock has been acquired and owned by the current process, otherwise False. * EXISTS now supports multiple keys. It's return value is now the number of keys in the list that exist. * Ensure all commands can accept key names as bytes. This fixes issues with BLPOP, BRPOP and SORT. * All errors resulting from bad user input are raised as DataError exceptions. DataError is a subclass of RedisError so this should be transparent to anyone previously catching these. * Added support for NX, XX, CH and INCR options to ZADD * Added support for the MIGRATE command * Added support for the MEMORY USAGE and MEMORY PURGE commands. * Added support for the 'asynchronous' argument to FLUSHDB and FLUSHALL commands. * Added support for the BITFIELD command. * Improved performance on pipeline requests with large chunks of data. * Fixed test suite to not fail if another client is connected to the server the tests are running against. * Added support for SWAPDB. * Added support for all STREAM commands. * SHUTDOWN now accepts the 'save' and 'nosave' arguments. * Added support for ZPOPMAX, ZPOPMIN, BZPOPMAX, BZPOPMIN. * Added support for the 'type' argument in CLIENT LIST. * Added support for CLIENT PAUSE. * Added support for CLIENT ID and CLIENT UNBLOCK. * GEODIST now returns a None value when referencing a place that does not exist. * Added a ping() method to pubsub objects. * Fixed a bug with keys in the INFO dict that contained ':' symbols. * ssl_cert_reqs now has a default value of 'required' by default. This should make connecting to a remote Redis server over SSL more secure. * max_connections is now a valid querystring argument for creating connection pools from URLs. * Added the UNLINK command. * Added socket_type option to Connection for configurability. * Lock.do_acquire now atomically sets acquires the lock and sets the expire value via set(nx=True, px=timeout). * Added 'count' argument to SPOP. * Fixed an issue parsing client_list respones that contained an '='. * Fix rounding issues with geolocation, it is not stable enought to produce pinpoint equal results among 32bit platforms * Run tests by launching redis server * Require redis on runtime redis: - Update to version 6.0.8 (jsc#PM-1615, jsc#PM-1622, jsc#PM-1681, jsc#ECO-2867, jsc#PM-1547, jsc#CAPS-56, jsc#SLE-11578, jsc#SLE-12821) * bug fixes when using with Sentinel * bug fixes when using CONFIG REWRITE * Remove THP warning when set to madvise * Allow EXEC with read commands on readonly replica in cluster * Add masters/replicas options to redis-cli --cluster call command * CONFIG SET could hung the client when arrives during RDB/ROF loading * LPOS command when RANK is greater than matches responded with broken protocol * Add oom-score-adj configuration option to control Linux OOM killer * Show IO threads statistics and status in INFO output * Add optional tls verification mode (see tls-auth-clients) * Fix crash when enabling CLIENT TRACKING with prefix * EXEC always fails with EXECABORT and multi-state is cleared * RESTORE ABSTTL won't store expired keys into the db * redis-cli better handling of non-pritable key names * TLS: Ignore client cert when tls-auth-clients off * Tracking: fix invalidation message on flush * Notify systemd on Sentinel startup * Fix crash on a misuse of STRALGO * Fix a few rare leaks (STRALGO error misuse, Sentinel) * Fix a possible invalid access in defrag of scripts * Add LPOS command to search in a list * Use user+pass for MIGRATE in redis-cli and redis-benchmark in cluster mode * redis-cli support TLS for --pipe, --rdb and --replica options * TLS: Session caching configuration support * Fix handling of speical chars in ACL LOAD * Make Redis Cluster more robust about operation errors that may lead to two clusters to mix together * Revert the sendfile() implementation of RDB transfer * Fix TLS certificate loading for chained certificates * Fix AOF rewirting of KEEPTTL SET option * Fix MULTI/EXEC behavior during -BUSY script errors * fix a severe replication bug introduced in Redis 6 by the 'meaningful offset' feature * fix a crash introduced in 6.0.2 * fix to client side caching when keys are evicted from the tracking table but no notifications are sent * add BR pkgconfig(libsystemd) for the rewritten systemd support and force building with it * XCLAIM AOF/replicas propagation fixed. * Client side caching: new NOLOOP option to avoid getting notified about changes performed by ourselves. * ACL GENPASS now uses HMAC-SHA256 and have an optional 'bits' argument. It means you can use it as a general purpose 'secure random strings' primitive! * Cluster 'SLOTS' subcommand memory optimization. * The LCS command is now a subcommand of STRALGO. * Meaningful offset for replicas as well. More successful partial resynchronizations. * Optimize memory usage of deferred replies. * Faster CRC64 algorithm for faster RDB loading. * XINFO STREAM FULL, a new subcommand to get the whole stream state. * CLIENT KILL USER . * MIGRATE AUTH2 option, for ACL style authentication support. * use libatomic also on ppc * add hash file from redis-hashes and verify it during build ----------------------------------------- Patch: SUSE-2020-3308 Released: Thu Nov 12 14:20:07 2020 Summary: Recommended update for sysstat Severity: moderate References: 1177747 Description: This update for sysstat fixes the following issues: - Fix iostat switch '-y' to display the correct results. (bsc#1177747) ----------------------------------------- Patch: SUSE-2020-2779 Released: Thu Nov 12 15:00:21 2020 Summary: Recommended update for rsyslog Severity: moderate References: 1173433,1178627 Description: This update for rsyslog fixes the following issues: - Fix the URL for bug reporting. (bsc#1173433) - ship rsyslog-module-mmnormalize module which was forgotten in GA (bsc#1178627) ----------------------------------------- Patch: SUSE-2020-3312 Released: Thu Nov 12 16:05:57 2020 Summary: Security update for MozillaFirefox Severity: important References: 1178588,CVE-2020-26950 Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.1 ESR * Fixed: Security fix MFSA 2020-49 (bsc#1178588) * CVE-2020-26950 (bmo#1675905) Write side effects in MCallGetProperty opcode not accounted for ----------------------------------------- Patch: SUSE-2020-3313 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Severity: important References: 1178387,CVE-2020-25692 Description: This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------- Patch: SUSE-2020-3317 Released: Fri Nov 13 08:53:23 2020 Summary: Recommended update for SAPHanaSR-ScaleOut Severity: moderate References: 1144729,1174610,1176330 Description: This update for SAPHanaSR-ScaleOut fixes the following issues: - adapt man page SAPHanaSR-showAttr(8) and the README. (bsc#1144729) - Fixed an issue when takeover in maintenance mode master node still has PROMOTED status. (bsc#1176330) - Score of secondary in takeover phase increased from 122 to 145 to avoid promotion of former primary masternameserver candidates. (bsc#1174610) - Fixed typos and improved descriptions in comments. - Change default timeouts and intervals to match the official recommendations. ----------------------------------------- Patch: SUSE-2020-3321 Released: Fri Nov 13 13:16:01 2020 Summary: Recommended update for rpmlint Severity: moderate References: 1176676,1177684 Description: This update for rpmlint fixes the following issues: - Backported systemd portable1 D-Bus whitelisting (bsc#1176676). - Backporsted pam_pwquality whitelisting for PackageHub (bsc#1177684). ----------------------------------------- Patch: SUSE-2020-3323 Released: Fri Nov 13 15:25:55 2020 Summary: Recommended update for cloud-init Severity: moderate References: 1174443,1174444,1177526 Description: This update for cloud-init contains the following fixes: + Avoid exception if no gateway information is present and warning is triggered for existing routing. (bsc#1177526) Update to version 20.2 (bsc#1174443, bsc#1174444) + doc/format: reference make-mime.py instead of an inline script (#334) + Add docs about creating parent folders (#330) [Adrian Wilkins] + DataSourceNoCloud/OVF: drop claim to support FTP (#333) (LP: #1875470) + schema: ignore spurious pylint error (#332) + schema: add json schema for write_files module (#152) + BSD: find_devs_with_ refactoring (#298) [Gonéri Le Bouder] + nocloud: drop work around for Linux 2.6 (#324) [Gonéri Le Bouder] + cloudinit: drop dependencies on unittest2 and contextlib2 (#322) + distros: handle a potential mirror filtering error case (#328) + log: remove unnecessary import fallback logic (#327) + .travis.yml: don't run integration test on ubuntu/* branches (#321) + More unit test documentation (#314) + conftest: introduce disable_subp_usage autouse fixture (#304) + YAML align indent sizes for docs readability (#323) [Tak Nishigori] + network_state: add missing space to log message (#325) + tests: add missing mocks for get_interfaces_by_mac (#326) (LP: #1873910) + test_mounts: expand happy path test for both happy paths (#319) + cc_mounts: fix incorrect format specifiers (#316) (LP: #1872836) + swap file 'size' being used before checked if str (#315) [Eduardo Otubo] + HACKING.rst: add pytest version gotchas section (#311) + docs: Add steps to re-run cloud-id and cloud-init (#313) [Joshua Powers] + readme: OpenBSD is now supported (#309) [Gonéri Le Bouder] + net: ignore 'renderer' key in netplan config (#306) (LP: #1870421) + Add support for NFS/EFS mounts (#300) [Andrew Beresford] (LP: #1870370) + openbsd: set_passwd should not unlock user (#289) [Gonéri Le Bouder] + tools/.github-cla-signers: add beezly as CLA signer (#301) + util: remove unnecessary lru_cache import fallback (#299) + HACKING.rst: reorganise/update CLA signature info (#297) + distros: drop leading/trailing hyphens from mirror URL labels (#296) + HACKING.rst: add note about variable annotations (#295) + CiTestCase: stop using and remove sys_exit helper (#283) + distros: replace invalid characters in mirror URLs with hyphens (#291) (LP: #1868232) + rbxcloud: gracefully handle arping errors (#262) [Adam Dobrawy] + Fix cloud-init ignoring some misdeclared mimetypes in user-data. [Kurt Garloff] + net: ubuntu focal prioritize netplan over eni even if both present (#267) (LP: #1867029) + cloudinit: refactor util.is_ipv4 to net.is_ipv4_address (#292) + net/cmdline: replace type comments with annotations (#294) + HACKING.rst: add Type Annotations design section (#293) + net: introduce is_ip_address function (#288) + CiTestCase: remove now-unneeded parse_and_read helper method (#286) + .travis.yml: allow 30 minutes of inactivity in cloud tests (#287) + sources/tests/test_init: drop use of deprecated inspect.getargspec (#285) + setup.py: drop NIH check_output implementation (#282) + Identify SAP Converged Cloud as OpenStack [Silvio Knizek] + add Openbsd support (#147) [Gonéri Le Bouder] + HACKING.rst: add examples of the two test class types (#278) + VMWware: support to update guest info gc status if enabled (#261) [xiaofengw-vmware] + Add lp-to-git mapping for kgarloff (#279) + set_passwords: avoid chpasswd on BSD (#268) [Gonéri Le Bouder] + HACKING.rst: add Unit Testing design section (#277) + util: read_cc_from_cmdline handle urlencoded yaml content (#275) + distros/tests/test_init: add tests for _get_package_mirror_info (#272) + HACKING.rst: add links to new Code Review Process doc (#276) + freebsd: ensure package update works (#273) [Gonéri Le Bouder] + doc: introduce Code Review Process documentation (#160) + tools: use python3 (#274) + cc_disk_setup: fix RuntimeError (#270) (LP: #1868327) + cc_apt_configure/util: combine search_for_mirror implementations (#271) + bsd: boottime does not depend on the libc soname (#269) [Gonéri Le Bouder] + test_oracle,DataSourceOracle: sort imports (#266) + DataSourceOracle: update .network_config docstring (#257) + cloudinit/tests: remove unneeded with_logs configuration (#263) + .travis.yml: drop stale comment (#255) + .gitignore: add more common directories (#258) + ec2: render network on all NICs and add secondary IPs as static (#114) (LP: #1866930) + ec2 json validation: fix the reference to the 'merged_cfg' key (#256) [Paride Legovini] + releases.yaml: quote the Ubuntu version numbers (#254) [Paride Legovini] + cloudinit: remove six from packaging/tooling (#253) + util/netbsd: drop six usage (#252) + workflows: introduce stale pull request workflow (#125) + cc_resolv_conf: introduce tests and stabilise output across Python versions (#251) + fix minor issue with resolv_conf template (#144) [andreaf74] + doc: CloudInit also support NetBSD (#250) [Gonéri Le Bouder] + Add Netbsd support (#62) [Gonéri Le Bouder] + tox.ini: avoid substition syntax that causes a traceback on xenial (#245) + Add pub_key_ed25519 to cc_phone_home (#237) [Daniel Hensby] + Introduce and use of a list of GitHub usernames that have signed CLA (#244) + workflows/cla.yml: use correct username for CLA check (#243) + tox.ini: use xenial version of jsonpatch in CI (#242) + workflows: CLA validation altered to fail status on pull_request (#164) + tox.ini: bump pyflakes version to 2.1.1 (#239) + cloudinit: move to pytest for running tests (#211) + instance-data: add cloud-init merged_cfg and sys_info keys to json (#214) (LP: #1865969) + ec2: Do not fallback to IMDSv1 on EC2 (#216) + instance-data: write redacted cfg to instance-data.json (#233) (LP: #1865947) + net: support network-config:disabled on the kernel commandline (#232) (LP: #1862702) + ec2: only redact token request headers in logs, avoid altering request (#230) (LP: #1865882) + docs: typo fixed: dta → data [Alexey Vazhnov] + Fixes typo on Amazon Web Services (#217) [Nick Wales] + Fix docs for OpenStack DMI Asset Tag (#228) [Mark T. Voelker] (LP: #1669875) + Add physical network type: cascading to openstack helpers (#200) [sab-systems] + tests: add focal integration tests for ubuntu (#225) - From 20.1 (first vesrion after 19.4) + ec2: Do not log IMDSv2 token values, instead use REDACTED (#219) (LP: #1863943) + utils: use SystemRandom when generating random password. (#204) [Dimitri John Ledkov] + docs: mount_default_files is a list of 6 items, not 7 (#212) + azurecloud: fix issues with instances not starting (#205) (LP: #1861921) + unittest: fix stderr leak in cc_set_password random unittest output. (#208) + cc_disk_setup: add swap filesystem force flag (#207) + import sysvinit patches from freebsd-ports tree (#161) [Igor Galić] + docs: fix typo (#195) [Edwin Kofler] + sysconfig: distro-specific config rendering for BOOTPROTO option (#162) [Robert Schweikert] (LP: #1800854) + cloudinit: replace 'from six import X' imports (except in util.py) (#183) + run-container: use 'test -n' instead of 'test ! -z' (#202) [Paride Legovini] + net/cmdline: correctly handle static ip= config (#201) [Dimitri John Ledkov] (LP: #1861412) + Replace mock library with unittest.mock (#186) + HACKING.rst: update CLA link (#199) + Scaleway: Fix DatasourceScaleway to avoid backtrace (#128) [Louis Bouchard] + cloudinit/cmd/devel/net_convert.py: add missing space (#191) + tools/run-container: drop support for python2 (#192) [Paride Legovini] + Print ssh key fingerprints using sha256 hash (#188) (LP: #1860789) + Make the RPM build use Python 3 (#190) [Paride Legovini] + cc_set_password: increase random pwlength from 9 to 20 (#189) (LP: #1860795) + .travis.yml: use correct Python version for xenial tests (#185) + cloudinit: remove ImportError handling for mock imports (#182) + Do not use fallocate in swap file creation on xfs. (#70) [Eduardo Otubo] (LP: #1781781) + .readthedocs.yaml: install cloud-init when building docs (#181) (LP: #1860450) + Introduce an RTD config file, and pin the Sphinx version to the RTD default (#180) + Drop most of the remaining use of six (#179) + Start removing dependency on six (#178) + Add Rootbox & HyperOne to list of cloud in README (#176) [Adam Dobrawy] + docs: add proposed SRU testing procedure (#167) + util: rename get_architecture to get_dpkg_architecture (#173) + Ensure util.get_architecture() runs only once (#172) + Only use gpart if it is the BSD gpart (#131) [Conrad Hoffmann] + freebsd: remove superflu exception mapping (#166) [Gonéri Le Bouder] + ssh_auth_key_fingerprints_disable test: fix capitalization (#165) [Paride Legovini] + util: move uptime's else branch into its own boottime function (#53) [Igor Galić] (LP: #1853160) + workflows: add contributor license agreement checker (#155) + net: fix rendering of 'static6' in network config (#77) (LP: #1850988) + Make tests work with Python 3.8 (#139) [Conrad Hoffmann] + fixed minor bug with mkswap in cc_disk_setup.py (#143) [andreaf74] + freebsd: fix create_group() cmd (#146) [Gonéri Le Bouder] + doc: make apt_update example consistent (#154) + doc: add modules page toc with links (#153) (LP: #1852456) + Add support for the amazon variant in cloud.cfg.tmpl (#119) [Frederick Lefebvre] + ci: remove Python 2.7 from CI runs (#137) + modules: drop cc_snap_config config module (#134) + migrate-lp-user-to-github: ensure Launchpad repo exists (#136) + docs: add initial troubleshooting to FAQ (#104) [Joshua Powers] + doc: update cc_set_hostname frequency and descrip (#109) [Joshua Powers] (LP: #1827021) + freebsd: introduce the freebsd renderer (#61) [Gonéri Le Bouder] + cc_snappy: remove deprecated module (#127) + HACKING.rst: clarify that everyone needs to do the LP->GH dance (#130) + freebsd: cloudinit service requires devd (#132) [Gonéri Le Bouder] + cloud-init: fix capitalisation of SSH (#126) + doc: update cc_ssh clarify host and auth keys [Joshua Powers] (LP: #1827021) + ci: emit names of tests run in Travis (#120) ----------------------------------------- Patch: SUSE-2020-3327 Released: Sat Nov 14 07:22:33 2020 Summary: Recommended update for sap-suse-cluster-connector Severity: moderate References: 1136933,1166647,1177507 Description: This update for sap-suse-cluster-connector fixes the following issues: - Add new cluster action names according to the documentation that leads out the old action names. (bsc#1166647) - Support the output format of different versions of the command '/usr/sbin/crm_simulate'. (bsc#1177507) - Remove unused and outdated /etc/sap_suse_cluster_connector file. (bsc#1136933) ----------------------------------------- Patch: SUSE-2020-3328 Released: Sat Nov 14 07:23:30 2020 Summary: Recommended update for ocfs2-tools Severity: moderate References: 1178248 Description: This update for ocfs2-tools fixes the following issues: - Fix for pointing out the default value of mount options. (bsc#1178248) ----------------------------------------- Patch: SUSE-2020-3333 Released: Mon Nov 16 12:07:00 2020 Summary: Security update for gdm Severity: important References: 1178150,CVE-2020-16125 Description: This update for gdm fixes the following issues: - Exit with failure if loading existing users fails (bsc#1178150 CVE-2020-16125). ----------------------------------------- Patch: SUSE-2020-3338 Released: Mon Nov 16 13:11:28 2020 Summary: Recommended update for prometheus-hanadb_exporter Severity: moderate References: 1178339 Description: This update for prometheus-hanadb_exporter fixes the following issues: - Fix using systemd macros in spec file. (bsc#1178339) ----------------------------------------- Patch: SUSE-2020-3352 Released: Tue Nov 17 09:31:48 2020 Summary: Security update for raptor Severity: important References: 1178593,CVE-2017-18926 Description: This update for raptor fixes the following issues: - Fixed a heap overflow vulnerability (bsc#1178593, CVE-2017-18926). ----------------------------------------- Patch: SUSE-2020-3357 Released: Tue Nov 17 11:29:38 2020 Summary: Recommended update for apache2 Severity: low References: 1178007 Description: This update for apache2 fixes the following issues: - The path to the systemd-ask-password binary was wrongly set in apache2-systemd-ask-pass ----------------------------------------- Patch: SUSE-2020-3358 Released: Tue Nov 17 13:17:10 2020 Summary: Security update for tcpdump Severity: moderate References: 1178466,CVE-2020-8037 Description: This update for tcpdump fixes the following issues: - CVE-2020-8037: Fixed an issue where PPP decapsulator did not allocate the right buffer size (bsc#1178466). ----------------------------------------- Patch: SUSE-2020-3359 Released: Tue Nov 17 13:18:30 2020 Summary: Security update for java-11-openjdk Severity: moderate References: 1177943,CVE-2020-14779,CVE-2020-14781,CVE-2020-14782,CVE-2020-14792,CVE-2020-14796,CVE-2020-14797,CVE-2020-14798,CVE-2020-14803 Description: This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.9-11 (October 2020 CPU, bsc#1177943) * New features + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector * Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236196: Improve string pooling + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8240124: Better VM Interning + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Other changes + JDK-6532025: GIF reader throws misleading exception with truncated images + JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/ /PDialogTest.java needs update by removing an infinite loop + JDK-8022535: [TEST BUG] javax/swing/text/html/parser/ /Test8017492.java fails + JDK-8062947: Fix exception message to correctly represent LDAP connection failure + JDK-8067354: com/sun/jdi/GetLocalVariables4Test.sh failed + JDK-8134599: TEST_BUG: java/rmi/transport/closeServerSocket/ /CloseServerSocket.java fails intermittently with Address already in use + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect + JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider + JDK-8172404: Tools should warn if weak algorithms are used before restricting them + JDK-8193367: Annotated type variable bounds crash javac + JDK-8202117: com/sun/jndi/ldap/RemoveNamingListenerTest.java fails intermittently: Connection reset + JDK-8203026: java.rmi.NoSuchObjectException: no such object in table + JDK-8203281: [Windows] JComboBox change in ui when editor.setBorder() is called + JDK-8203382: Rename SystemDictionary::initialize_wk_klass to resolve_wk_klass + JDK-8203393: com/sun/jdi/JdbMethodExitTest.sh and JdbExprTest.sh fail due to timeout + JDK-8203928: [Test] Convert non-JDB scaffolding serviceability shell script tests to java + JDK-8204963: javax.swing.border.TitledBorder has a memory leak + JDK-8204994: SA might fail to attach to process with 'Windbg Error: WaitForEvent failed' + JDK-8205534: Remove SymbolTable dependency from serviceability agent + JDK-8206309: Tier1 SA tests fail + JDK-8208281: java/nio/channels/ /AsynchronousSocketChannel/Basic.java timed out + JDK-8209109: [TEST] rewrite com/sun/jdi shell tests to java version - step1 + JDK-8209332: [TEST] test/jdk/com/sun/jdi/CatchPatternTest.sh is incorrect + JDK-8209342: Problemlist SA tests on Solaris due to Error attaching to process: Can't create thread_db agent! + JDK-8209343: Test javax/swing/border/TestTitledBorderLeak.java should be marked as headful + JDK-8209517: com/sun/jdi/BreakpointWithFullGC.java fails with timeout + JDK-8209604: [TEST] rewrite com/sun/jdi shell tests to java version - step2 + JDK-8209605: com/sun/jdi/BreakpointWithFullGC.java fails with ZGC + JDK-8209608: Problem list com/sun/jdi/BreakpointWithFullGC.java + JDK-8210131: vmTestbase/nsk/jvmti/scenarios/allocation/AP10/ /ap10t001/TestDescription.java failed with ObjectFree: GetCurrentThreadCpuTimerInfo returned unexpected error code + JDK-8210243: [TEST] rewrite com/sun/jdi shell tests to java version - step3 + JDK-8210527: JShell: NullPointerException in jdk.jshell.Eval.translateExceptionStack + JDK-8210560: [TEST] convert com/sun/jdi redefineClass-related tests + JDK-8210725: com/sun/jdi/RedefineClearBreakpoint.java fails with waitForPrompt timed out after 60 seconds + JDK-8210748: [TESTBUG] lib.jdb.Jdb.waitForPrompt() should clarify which output is the pending reply after a timeout + JDK-8210760: [TEST] rewrite com/sun/jdi shell tests to java version - step4 + JDK-8210977: jdk/jfr/event/oldobject/TestThreadLocalLeak.java fails to find ThreadLocalObject + JDK-8211292: [TEST] convert com/sun/jdi/DeferredStepTest.sh test + JDK-8211694: JShell: Redeclared variable should be reset + JDK-8212200: assert when shared java.lang.Object is redefined by JVMTI agent + JDK-8212629: [TEST] wrong breakpoint in test/jdk/com/sun/jdi/DeferredStepTest + JDK-8212665: com/sun/jdi/DeferredStepTest.java: jj1 (line 57) - unexpected. lastLine=52, minLine=52, maxLine=55 + JDK-8212807: tools/jar/multiRelease/Basic.java times out + JDK-8213182: Minimal VM build failure after JDK-8212200 (assert when shared java.lang.Object is redefined by JVMTI agent) + JDK-8213214: Set -Djava.io.tmpdir= when running tests + JDK-8213275: ReplaceCriticalClasses.java fails with jdk.internal.vm.PostVMInitHook not found + JDK-8213574: Deadlock in string table expansion when dumping lots of CDS classes + JDK-8213703: LambdaConversionException: Invalid receiver type not a subtype of implementation type interface + JDK-8214074: Ghash optimization using AVX instructions + JDK-8214491: Upgrade to JLine 3.9.0 + JDK-8214797: TestJmapCoreMetaspace.java timed out + JDK-8215243: JShell tests failing intermitently with 'Problem cleaning up the following threads:' + JDK-8215244: jdk/jshell/ToolBasicTest.java testHistoryReference failed + JDK-8215354: x86_32 build failures after JDK-8214074 (Ghash optimization using AVX instructions) + JDK-8215438: jshell tool: Ctrl-D causes EOF + JDK-8216021: RunTest.gmk might set concurrency level to 1 on Windows + JDK-8216974: HttpConnection not returned to the pool after 204 response + JDK-8218948: SimpleDateFormat :: format - Zone Names are not reflected correctly during run time + JDK-8219712: code_size2 (defined in stub_routines_x86.hpp) is too small on new Skylake CPUs + JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs + JDK-8221658: aarch64: add necessary predicate for ubfx patterns + JDK-8221759: Crash when completing 'java.io.File.path' + JDK-8221918: runtime/SharedArchiveFile/serviceability/ /ReplaceCriticalClasses.java fails: Shared archive not found + JDK-8222074: Enhance auto vectorization for x86 + JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp + JDK-8222769: [TESTBUG] TestJFRNetworkEvents should not rely on hostname command + JDK-8223688: JShell: crash on the instantiation of raw anonymous class + JDK-8223777: In posix_spawn mode, failing to exec() jspawnhelper does not result in an error + JDK-8223940: Private key not supported by chosen signature algorithm + JDK-8224184: jshell got IOException at exiting with AIX + JDK-8224234: compiler/codegen/TestCharVect2.java fails in test_mulc + JDK-8225037: java.net.JarURLConnection::getJarEntry() throws NullPointerException + JDK-8225625: AES Electronic Codebook (ECB) encryption and decryption optimization using AVX512 + VAES instructions + JDK-8226536: Catch OOM from deopt that fails rematerializing objects + JDK-8226575: OperatingSystemMXBean should be made container aware + JDK-8226697: Several tests which need the @key headful keyword are missing it. + JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous + JDK-8227059: sun/security/tools/keytool/ /DefaultSignatureAlgorithm.java timed out + JDK-8227269: Slow class loading when running with JDWP + JDK-8227595: keytool/fakegen/DefaultSignatureAlgorithm.java fails due to 'exitValue = 6' + JDK-8228448: Jconsole can't connect to itself + JDK-8228967: Trust/Key store and SSL context utilities for tests + JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow + JDK-8229815: Upgrade Jline to 3.12.1 + JDK-8230000: some httpclients testng tests run zero test + JDK-8230002: javax/xml/jaxp/unittest/transform/ /SecureProcessingTest.java runs zero test + JDK-8230010: Remove jdk8037819/BasicTest1.java + JDK-8230094: CCE in createXMLEventWriter(Result) over an arbitrary XMLStreamWriter + JDK-8230402: Allocation of compile task fails with assert: 'Leaking compilation tasks?' + JDK-8230767: FlightRecorderListener returns null recording + JDK-8230870: (zipfs) Add a ZIP FS test that is similar to test/jdk/java/util/zip/EntryCount64k.java + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread + JDK-8231586: enlarge encoding space for OopMapValue offsets + JDK-8231953: Wrong assumption in assertion in oop::register_oop + JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes + JDK-8232083: Minimal VM is broken after JDK-8231586 + JDK-8232161: Align some one-way conversion in MS950 charset with Windows + JDK-8232855: jshell missing word in /help help + JDK-8233027: OopMapSet::all_do does oms.next() twice during iteration + JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR + JDK-8233386: Initialize NULL fields for unused decorations + JDK-8233452: java.math.BigDecimal.sqrt() with RoundingMode.FLOOR results in incorrect result + JDK-8233686: XML transformer uses excessive amount of memory + JDK-8233741: AES Countermode (AES-CTR) optimization using AVX512 + VAES instructions + JDK-8233829: javac cannot find non-ASCII module name under non-UTF8 environment + JDK-8233958: Memory retention due to HttpsURLConnection finalizer that serves no purpose + JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater() + JDK-8234058: runtime/CompressedOops/ /CompressedClassPointers.java fails with 'Narrow klass base: 0x0000000000000000' missing from stdout/stderr + JDK-8234149: Several regression tests do not dispose Frame at end + JDK-8234347: 'Turkey' meta time zone does not generate composed localized names + JDK-8234385: [TESTBUG] java/awt/EventQueue/6980209/ /bug6980209.java fails in linux nightly + JDK-8234535: Cross compilation fails due to missing CFLAGS for the BUILD_CC + JDK-8234541: C1 emits an empty message when it inlines successfully + JDK-8234687: change javap reporting on unknown attributes + JDK-8236464: SO_LINGER option is ignored by SSLSocket in JDK 11 + JDK-8236548: Localized time zone name inconsistency between English and other locales + JDK-8236617: jtreg test containers/docker/ /TestMemoryAwareness.java fails after 8226575 + JDK-8237182: Update copyright header for shenandoah and epsilon files + JDK-8237888: security/infra/java/security/cert/ /CertPathValidator/certification/LuxTrustCA.java fails when checking validity interval + JDK-8237977: Further update javax/net/ssl/compatibility/Compatibility.java + JDK-8238270: java.net HTTP/2 client does not decrease stream count when receives 204 response + JDK-8238284: [macos] Zero VM build fails due to an obvious typo + JDK-8238380: java.base/unix/native/libjava/childproc.c 'multiple definition' link errors with GCC10 + JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c 'multiple definition' link errors with GCC10 + JDK-8238388: libj2gss/NativeFunc.o 'multiple definition' link errors with GCC10 + JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes + JDK-8238710: LingeredApp doesn't log stdout/stderr if exits with non-zero code + JDK-8239083: C1 assert(known_holder == NULL || (known_holder->is_instance_klass() && (!known_holder->is_interface() || ((ciInstanceKlass*)known_holder)->has_nonstatic_concrete_methods())), 'should be non-static concrete method'); + JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD + JDK-8240169: javadoc fails to link to non-modular api docs + JDK-8240295: hs_err elapsed time in seconds is not accurate enough + JDK-8240360: NativeLibraryEvent has wrong library name on Linux + JDK-8240676: Meet not symmetric failure when running lucene on jdk8 + JDK-8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support + JDK-8241065: Shenandoah: remove leftover code after JDK-8231086 + JDK-8241086: Test runtime/NMT/HugeArenaTracking.java is failing on 32bit Windows + JDK-8241130: com.sun.jndi.ldap.EventSupport.removeDeadNotifier: java.lang.NullPointerException + JDK-8241138: http.nonProxyHosts=* causes StringIndexOutOfBoundsException in DefaultProxySelector + JDK-8241319: WB_GetCodeBlob doesn't have ResourceMark + JDK-8241478: vmTestbase/gc/gctests/Steal/steal001/steal001.java fails with OOME + JDK-8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure + JDK-8241750: x86_32 build failure after JDK-8227269 + JDK-8242184: CRL generation error with RSASSA-PSS + JDK-8242283: Can't start JVM when java home path includes non-ASCII character + JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array + JDK-8243029: Rewrite javax/net/ssl/compatibility/ /Compatibility.java with a flexible interop test framework + JDK-8243138: Enhance BaseLdapServer to support starttls extended request + JDK-8243320: Add SSL root certificates to Oracle Root CA program + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program + JDK-8243389: enhance os::pd_print_cpu_info on linux + JDK-8243453: java --describe-module failed with non-ASCII module name under non-UTF8 environment + JDK-8243470: [macos] bring back O2 opt level for unsafe.cpp + JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions + JDK-8243925: Toolkit#getScreenInsets() returns wrong value on HiDPI screens (Windows) + JDK-8244087: 2020-04-24 public suffix list update + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 + JDK-8244164: AArch64: jaotc generates incorrect code for compressed OOPs with non-zero heap base + JDK-8244196: adjust output in os_linux + JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in + JDK-8244287: JFR: Methods samples have line number 0 + JDK-8244703: 'platform encoding not initialized' exceptions with debugger, JNI + JDK-8244719: CTW: C2 compilation fails with 'assert(!VerifyHashTableKeys || _hash_lock == 0) failed: remove node from hash table before modifying it' + JDK-8244729: Shenandoah: remove resolve paths from SBSA::generate_shenandoah_lrb + JDK-8244763: Update --release 8 symbol information after JSR 337 MR3 + JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor + JDK-8245151: jarsigner should not raise duplicate warnings on verification + JDK-8245616: Bump update version for OpenJDK: jdk-11.0.9 + JDK-8245714: 'Bad graph detected in build_loop_late' when loads are pinned on loop limit check uncommon branch + JDK-8245801: StressRecompilation triggers assert 'redundunt OSR recompilation detected. memory leak in CodeCache!' + JDK-8245832: JDK build make-static-libs should build all JDK libraries + JDK-8245880: Shenandoah: check class unloading flag early in concurrent code root scan + JDK-8245981: Upgrade to jQuery 3.5.1 + JDK-8246027: Minimal fastdebug build broken after JDK-8245801 + JDK-8246094: [macos] Sound Recording and playback is not working + JDK-8246153: TestEliminateArrayCopy fails with -XX:+StressReflectiveCode + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ + JDK-8246196: javax/management/MBeanServer/OldMBeanServerTest fails with AssertionError + JDK-8246203: Segmentation fault in verification due to stack overflow with -XX:+VerifyIterativeGVN + JDK-8246330: Add TLS Tests for Legacy ECDSA curves + JDK-8246453: TestClone crashes with 'all collected exceptions must come from the same place' + JDK-8247246: Add explicit ResolvedJavaType.link and expose presence of default methods + JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node + JDK-8247502: PhaseStringOpts crashes while optimising effectively dead code + JDK-8247615: Initialize the bytes left for the heap sampler + JDK-8247824: CTW: C2 (Shenandoah) compilation fails with SEGV in SBC2Support::pin_and_expand + JDK-8247874: Replacement in VersionProps.java.template not working when --with-vendor-bug-url contains '&' + JDK-8247979: aarch64: missing side effect of killing flags for clearArray_reg_reg + JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention + JDK-8248219: aarch64: missing memory barrier in fast_storefield and fast_accessfield + JDK-8248348: Regression caused by the update to BCEL 6.0 + JDK-8248385: [testbug][11u] Adapt TestInitiExceptions to jtreg 5.1 + JDK-8248495: [macos] zerovm is broken due to libffi headers location + JDK-8248851: CMS: Missing memory fences between free chunk check and klass read + JDK-8248987: AOT's Linker.java seems to eagerly fail-fast on Windows + JDK-8249159: Downport test rework for SSLSocketTemplate from 8224650 + JDK-8249215: JFrame::setVisible crashed with -Dfile.encoding=UTF-8 on Japanese Windows. + JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel + JDK-8249255: Build fails if source code in cygwin home dir + JDK-8249277: TestVerifyIterativeGVN.java is failing with timeout in OpenJDK 11 + JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList + JDK-8249560: Shenandoah: Fix racy GC request handling + JDK-8249801: Shenandoah: Clear soft-refs on requested GC cycle + JDK-8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases + JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets + JDK-8250609: C2 crash in IfNode::fold_compares + JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics + JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java + JDK-8250787: Provider.put no longer registering aliases in FIPS env + JDK-8250826: jhsdb does not work with coredump which comes from Substrate VM + JDK-8250827: Shenandoah: needs to reset/finish StringTable's dead count before/after parallel walk + JDK-8250844: Make sure {type,obj}ArrayOopDesc accessors check the bounds + JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher + JDK-8251354: Shenandoah: Fix jdk/jfr/tool/TestPrintJSON.java test failure + JDK-8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U + JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java + JDK-8251487: Shenandoah: missing detail timing tracking for final mark cleaning phase + JDK-8252120: compiler/oracle/TestCompileCommand.java misspells 'occured' + JDK-8252157: JDK-8231209 11u backport breaks jmm binary compatibility + JDK-8252258: [11u] JDK-8242154 changes the default vendor + JDK-8252804: [test] Fix 'ReleaseDeflater.java' test after downport of 8234011 + JDK-8253134: JMM_VERSION should remain at 0x20020000 (JDK 10) in JDK 11 + JDK-8253283: [11u] Test build/translations/ /VerifyTranslations.java failing after JDK-8252258 + JDK-8253813: Backout JDK-8244287 from 11u: it causes several crashes + Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)' introduced in jdk 11.0.9 ----------------------------------------- Patch: SUSE-2020-3369 Released: Thu Nov 19 09:26:11 2020 Summary: Security update for go1.14 Severity: moderate References: 1164903,1178750,1178752,1178753,CVE-2020-28362,CVE-2020-28366,CVE-2020-28367 Description: This update for go1.14 fixes the following issues: - go1.14.12 (released 2020-11-12) includes security fixes to the cmd/go and math/big packages. * go#42553 math/big: panic during recursive division of very large numbers (bsc#1178750 CVE-2020-28362) * go#42560 cmd/go: arbitrary code can be injected into cgo generated files (bsc#1178752 CVE-2020-28367) * go#42557 cmd/go: improper validation of cgo flags can lead to remote code execution at build time (bsc#1178753 CVE-2020-28366) * go#42155 time: Location interprets wrong timezone (DST) with slim zoneinfo * go#42112 x/net/http2: the first write error on a connection will cause all subsequent write requests to fail blindly * go#41991 runtime: macOS-only segfault on 1.14+ with 'split stack overflow' * go#41913 net/http: request.Clone doesn't deep copy TransferEncoding * go#41703 runtime: macOS syscall.Exec can get SIGILL due to preemption signal * go#41386 x/net/http2: connection-level flow control not returned if stream errors, causes server hang ----------------------------------------- Patch: SUSE-2020-3373 Released: Thu Nov 19 09:27:44 2020 Summary: Security update for ucode-intel Severity: moderate References: 1170446,1173592,1173594,CVE-2020-8695,CVE-2020-8696,CVE-2020-8698 Description: This update for ucode-intel fixes the following issues: - Updated Intel CPU Microcode to 20201110 official release. - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592) - Release notes: - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html). - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html). - Update for functional issues. Refer to [Second Generation Intel® Xeon® Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel® Xeon® Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel® Xeon® Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel® Core™ Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel® Core™ Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel® Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel® Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel® Xeon® E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel® Xeon® E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details. ### New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | LKF | B2/B3 | 06-8a-01/10 | | 00000028 | Core w/Hybrid Technology | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile ### Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile ----------------------------------------- Patch: SUSE-2020-3376 Released: Thu Nov 19 09:29:13 2020 Summary: Security update for wireshark Severity: moderate References: 1177406,1178291,CVE-2020-26575,CVE-2020-28030 Description: This update for wireshark fixes the following issues: - wireshark was updated to 3.2.8: - CVE-2020-26575: Fixed an issue where FBZERO dissector was entering in infinite loop (bsc#1177406) - CVE-2020-28030: Fixed an issue where GQUIC dissector was crashing (bsc#1178291) * Infinite memory allocation while parsing this tcp packet ----------------------------------------- Patch: SUSE-2020-3377 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Severity: moderate References: 1178512,CVE-2020-28196 Description: This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------- Patch: SUSE-2020-3378 Released: Thu Nov 19 09:30:03 2020 Summary: Security update for podman Severity: moderate References: 1176804,1178122,1178392,CVE-2020-14370 Description: This update for podman fixes the following issues: Security issue fixed: - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API (bsc#1176804). Non-security issues fixed: - add dependency to timezone package or podman fails to build a container (bsc#1178122) - Install new auto-update system units - Update to v2.1.1 (bsc#1178392): * Changes - The `podman info` command now includes the cgroup manager Podman is using. * API - The REST API now includes a Server header in all responses. - Fixed a bug where the Libpod and Compat Attach endpoints could terminate early, before sending all output from the container. - Fixed a bug where the Compat Create endpoint for containers did not properly handle the Interactive parameter. - Fixed a bug where the Compat Kill endpoint for containers could continue to run after a fatal error. - Fixed a bug where the Limit parameter of the Compat List endpoint for Containers did not properly handle a limit of 0 (returning nothing, instead of all containers) [#7722]. - The Libpod Stats endpoint for containers is being deprecated and will be replaced by a similar endpoint with additional features in a future release. - Changes in v2.1.0 * Features - A new command, `podman image mount`, has been added. This allows for an image to be mounted, read-only, to inspect its contents without creating a container from it [#1433]. - The `podman save` and `podman load` commands can now create and load archives containing multiple images [#2669]. - Rootless Podman now supports all `podman network` commands, and rootless containers can now be joined to networks. - The performance of `podman build` on `ADD` and `COPY` instructions has been greatly improved, especially when a `.dockerignore` is present. - The `podman run` and `podman create` commands now support a new mode for the `--cgroups` option, `--cgroups=split`. Podman will create two cgroups under the cgroup it was launched in, one for the container and one for Conmon. This mode is useful for running Podman in a systemd unit, as it ensures that all processes are retained in systemd's cgroup hierarchy [#6400]. - The `podman run` and `podman create` commands can now specify options to slirp4netns by using the `--network` option as follows: `--net slirp4netns:opt1,opt2`. This allows for, among other things, switching the port forwarder used by slirp4netns away from rootlessport. - The `podman ps` command now features a new option, `--storage`, to show containers from Buildah, CRI-O and other applications. - The `podman run` and `podman create` commands now feature a `--sdnotify` option to control the behavior of systemd's sdnotify with containers, enabling improved support for Podman in `Type=notify` units. - The `podman run` command now features a `--preserve-fds` opton to pass file descriptors from the host into the container [#6458]. - The `podman run` and `podman create` commands can now create overlay volume mounts, by adding the `:O` option to a bind mount (e.g. `-v /test:/test:O`). Overlay volume mounts will mount a directory into a container from the host and allow changes to it, but not write those changes back to the directory on the host. - The `podman play kube` command now supports the Socket HostPath type [#7112]. - The `podman play kube` command now supports read-only mounts. - The `podman play kube` command now supports setting labels on pods from Kubernetes metadata labels. - The `podman play kube` command now supports setting container restart policy [#7656]. - The `podman play kube` command now properly handles `HostAlias` entries. - The `podman generate kube` command now adds entries to `/etc/hosts` from `--host-add` generated YAML as `HostAlias` entries. - The `podman play kube` and `podman generate kube` commands now properly support `shareProcessNamespace` to share the PID namespace in pods. - The `podman volume ls` command now supports the `dangling` filter to identify volumes that are dangling (not attached to any container). - The `podman run` and `podman create` commands now feature a `--umask` option to set the umask of the created container. - The `podman create` and `podman run` commands now feature a `--tz` option to set the timezone within the container [#5128]. - Environment variables for Podman can now be added in the `containers.conf` configuration file. - The `--mount` option of `podman run` and `podman create` now supports a new mount type, `type=devpts`, to add a `devpts` mount to the container. This is useful for containers that want to mount `/dev/` from the host into the container, but still create a terminal. - The `--security-opt` flag to `podman run` and `podman create` now supports a new option, `proc-opts`, to specify options for the container's `/proc` filesystem. - Podman with the `crun` OCI runtime now supports a new option to `podman run` and `podman create`, `--cgroup-conf`, which allows for advanced configuration of cgroups on cgroups v2 systems. - The `podman create` and `podman run` commands now support a `--override-variant` option, to override the architecture variant of the image that will be pulled and ran. - A new global option has been added to Podman, `--runtime-flags`, which allows for setting flags to use when the OCI runtime is called. - The `podman manifest add` command now supports the `--cert-dir`, `--auth-file`, `--creds`, and `--tls-verify` options. * Security - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API. * Changes - Podman will now retry pulling an image 3 times if a pull fails due to network errors. - The `podman exec` command would previously print error messages (e.g. `exec session exited with non-zero exit code -1`) when the command run exited with a non-0 exit code. It no longer does this. The `podman exec` command will still exit with the same exit code as the command run in the container did. - Error messages when creating a container or pod with a name that is already in use have been improved. - For read-only containers running systemd init, Podman creates a tmpfs filesystem at `/run`. This was previously limited to 65k in size and mounted `noexec`, but is now unlimited size and mounted `exec`. - The `podman system reset` command no longer removes configuration files for rootless Podman. * API - The Libpod API version has been bumped to v2.0.0 due to a breaking change in the Image List API. - Docker-compatible Volume Endpoints (Create, Inspect, List, Remove, Prune) are now available! - Added an endpoint for generating systemd unit files for containers. - The `last` parameter to the Libpod container list endpoint now has an alias, `limit` [#6413]. - The Libpod image list API new returns timestamps in Unix format, as integer, as opposed to as strings - The Compat Inspect endpoint for containers now includes port information in NetworkSettings. - The Compat List endpoint for images now features limited support for the (deprecated) `filter` query parameter [#6797]. - Fixed a bug where the Compat Create endpoint for containers was not correctly handling bind mounts. - Fixed a bug where the Compat Create endpoint for containers would not return a 404 when the requested image was not present. - Fixed a bug where the Compat Create endpoint for containers did not properly handle Entrypoint and Command from images. - Fixed a bug where name history information was not properly added in the Libpod Image List endpoint. - Fixed a bug where the Libpod image search endpoint improperly populated the Description field of responses. - Added a `noTrunc` option to the Libpod image search endpoint. - Fixed a bug where the Pod List API would return null, instead of an empty array, when no pods were present [#7392]. - Fixed a bug where endpoints that hijacked would do perform the hijack too early, before being ready to send and receive data [#7195]. - Fixed a bug where Pod endpoints that can operate on multiple containers at once (e.g. Kill, Pause, Unpause, Stop) would not forward errors from individual containers that failed. - The Compat List endpoint for networks now supports filtering results [#7462]. - Fixed a bug where the Top endpoint for pods would return both a 500 and 404 when run on a non-existent pod. - Fixed a bug where Pull endpoints did not stream progress back to the client. - The Version endpoints (Libpod and Compat) now provide version in a format compatible with Docker. - All non-hijacking responses to API requests should not include headers with the version of the server. - Fixed a bug where Libpod and Compat Events endpoints did not send response headers until the first event occurred [#7263]. - Fixed a bug where the Build endpoints (Compat and Libpod) did not stream progress to the client. - Fixed a bug where the Stats endpoints (Compat and Libpod) did not properly handle clients disconnecting. - Fixed a bug where the Ignore parameter to the Libpod Stop endpoint was not performing properly. - Fixed a bug where the Compat Logs endpoint for containers did not stream its output in the correct format [#7196]. ----------------------------------------- Patch: SUSE-2020-3380 Released: Thu Nov 19 09:31:15 2020 Summary: Security update for wpa_supplicant Severity: moderate References: 1131644,1131868,1131870,1131871,1131872,1131874,1133640,1144443,1150934,1156920,1166933,1167331,930077,930078,930079,CVE-2015-4141,CVE-2015-4142,CVE-2015-4143,CVE-2015-8041,CVE-2017-13077,CVE-2017-13078,CVE-2017-13079,CVE-2017-13080,CVE-2017-13081,CVE-2017-13082,CVE-2017-13086,CVE-2017-13087,CVE-2017-13088,CVE-2018-14526,CVE-2019-11555,CVE-2019-13377,CVE-2019-16275,CVE-2019-9494,CVE-2019-9495,CVE-2019-9497,CVE-2019-9498,CVE-2019-9499 Description: This update for wpa_supplicant fixes the following issues: Security issue fixed: - CVE-2019-16275: Fixed an AP mode PMF disconnection protection bypass (bsc#1150934). Non-security issues fixed: - Enable SAE support (jsc#SLE-14992). - Limit P2P_DEVICE name to appropriate ifname size. - Fix wicked wlan (bsc#1156920) - Restore fi.epitest.hostap.WPASupplicant.service (bsc#1167331) - With v2.9 fi.epitest.hostap.WPASupplicant.service is obsolete (bsc#1167331) - Fix WLAN config on boot with wicked. (bsc#1166933) - Update to 2.9 release: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - allow the set of groups to be configured (eap_pwd_groups) - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1) * fixed a regression in OpenSSL 1.1+ engine loading * added validation of RSNE in (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * extended EAP-SIM/AKA fast re-authentication to allow use with FILS * extended ca_cert_blob to support PEM format * improved robustness of P2P Action frame scheduling * added support for EAP-SIM/AKA using anonymous@realm identity * fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method * added experimental support for EAP-TEAP peer (RFC 7170) * added experimental support for EAP-TLS peer with TLS v1.3 * fixed a regression in WMM parameter configuration for a TDLS peer * fixed a regression in operation with drivers that offload 802.1X 4-way handshake * fixed an ECDH operation corner case with OpenSSL * SAE changes - added support for SAE Password Identifier - changed default configuration to enable only groups 19, 20, 21 (i.e., disable groups 25 and 26) and disable all unsuitable groups completely based on REVmd changes - do not regenerate PWE unnecessarily when the AP uses the anti-clogging token mechanisms - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP - started to prefer FT-SAE over SAE AKM if both are enabled - started to prefer FT-SAE over FT-PSK if both are enabled - fixed FT-SAE when SAE PMKSA caching is used - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256) - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868) * EAP-pwd changes - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870) - verify server scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644) - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640) - enforce rand,mask generation rules more strictly - fix a memory leak in PWE derivation - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27) - SAE/EAP-pwd side-channel attack update [https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443) * fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y * Hotspot 2.0 changes - do not indicate release number that is higher than the one AP supports - added support for release number 3 - enable PMF automatically for network profiles created from credentials * fixed OWE network profile saving * fixed DPP network profile saving * added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1) * added Multi-AP backhaul STA support * fixed build with LibreSSL * number of MKA/MACsec fixes and extensions * extended domain_match and domain_suffix_match to allow list of values * fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL * started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled * extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384 * fixed KEK2 derivation for FILS+FT * extended client_cert file to allow loading of a chain of PEM encoded certificates * extended beacon reporting functionality * extended D-Bus interface with number of new properties * fixed a regression in FT-over-DS with mac80211-based drivers * OpenSSL: allow systemwide policies to be overridden * extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability * added support for random P2P Device/Interface Address use * extended PEAP to derive EMSK to enable use with ERP/FILS * extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1) * removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS) * extended domain_match and domain_suffix_match to allow list of values * added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order * fixed PTK rekeying with FILS and FT * fixed WPA packet number reuse with replayed messages and key reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) * fixed unauthenticated EAPOL-Key decryption in wpa_supplicant [https://w1.fi/security/2018-1/] (CVE-2018-14526) * added support for FILS (IEEE 802.11ai) shared key authentication * added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA) * added support for DPP (Wi-Fi Device Provisioning Protocol) * added support for RSA 3k key case with Suite B 192-bit level * fixed Suite B PMKSA caching not to update PMKID during each 4-way handshake * fixed EAP-pwd pre-processing with PasswordHashHash * added EAP-pwd client support for salted passwords * fixed a regression in TDLS prohibited bit validation * started to use estimated throughput to avoid undesired signal strength based roaming decision * MACsec/MKA: - new macsec_linux driver interface support for the Linux kernel macsec module - number of fixes and extensions * added support for external persistent storage of PMKSA cache (PMKSA_GET/PMKSA_ADD control interface commands; and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case) * fixed mesh channel configuration pri/sec switch case * added support for beacon report * large number of other fixes, cleanup, and extensions * added support for randomizing local address for GAS queries (gas_rand_mac_addr parameter) * fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel * added option for using random WPS UUID (auto_uuid=1) * added SHA256-hash support for OCSP certificate matching * fixed EAP-AKA' to add AT_KDF into Synchronization-Failure * fixed a regression in RSN pre-authentication candidate selection * added option to configure allowed group management cipher suites (group_mgmt network profile parameter) * removed all PeerKey functionality * fixed nl80211 AP and mesh mode configuration regression with Linux 4.15 and newer * added ap_isolate configuration option for AP mode * added support for nl80211 to offload 4-way handshake into the driver * added support for using wolfSSL cryptographic library * SAE - added support for configuring SAE password separately of the WPA2 PSK/passphrase - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability - added support for Password Identifier - fixed FT-SAE PMKID matching * Hotspot 2.0 - added support for fetching of Operator Icon Metadata ANQP-element - added support for Roaming Consortium Selection element - added support for Terms and Conditions - added support for OSEN connection in a shared RSN BSS - added support for fetching Venue URL information * added support for using OpenSSL 1.1.1 * FT - disabled PMKSA caching with FT since it is not fully functional - added support for SHA384 based AKM - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128, BIP-GMAC-256 in addition to previously supported BIP-CMAC-128 - fixed additional IE inclusion in Reassociation Request frame when using FT protocol - Changed service-files for start after network (systemd-networkd). ----------------------------------------- Patch: SUSE-2020-3381 Released: Thu Nov 19 10:53:38 2020 Summary: Recommended update for systemd Severity: moderate References: 1177458,1177490,1177510 Description: This update for systemd fixes the following issues: - build-sys: optionally disable support of journal over the network (bsc#1177458) - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510) - mount: don't propagate errors from mount_setup_unit() further up - Rely on the new build option --disable-remote for journal_remote This allows to drop the workaround that consisted in cleaning journal-upload files and {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled. - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458) These files were incorrectly packaged in the main package when systemd-journal_remote was disabled. - Make use of %{_unitdir} and %{_sysusersdir} - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------- Patch: SUSE-2020-3382 Released: Thu Nov 19 11:03:01 2020 Summary: Recommended update for dmidecode Severity: moderate References: 1174257 Description: This update for dmidecode fixes the following issues: - Add partial support for SMBIOS 3.4.0. (bsc#1174257) - Skip details of uninstalled memory modules. (bsc#1174257) ----------------------------------------- Patch: SUSE-2020-3384 Released: Thu Nov 19 11:33:53 2020 Summary: Security update for perl-DBI Severity: moderate References: 1176492,CVE-2014-10401,CVE-2014-10402 Description: This update for perl-DBI fixes the following issues: - DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). [bsc#1176492, CVE-2014-10401, CVE-2014-10402] ----------------------------------------- Patch: SUSE-2020-3423 Released: Thu Nov 19 16:11:31 2020 Summary: Security update for buildah Severity: moderate References: 1165184,1167864,CVE-2019-10214,CVE-2020-10696 Description: This update for buildah fixes the following issues: buildah was updated to v1.17.0 (bsc#1165184): * Handle cases where other tools mount/unmount containers * overlay.MountReadOnly: support RO overlay mounts * overlay: use fusermount for rootless umounts * overlay: fix umount * Switch default log level of Buildah to Warn. Users need to see these messages * Drop error messages about OCI/Docker format to Warning level * build(deps): bump github.com/containers/common from 0.26.0 to 0.26.2 * tests/testreport: adjust for API break in storage v1.23.6 * build(deps): bump github.com/containers/storage from 1.23.5 to 1.23.7 * build(deps): bump github.com/fsouza/go-dockerclient from 1.6.5 to 1.6.6 * copier: put: ignore Typeflag='g' * Use curl to get repo file (fix #2714) * build(deps): bump github.com/containers/common from 0.25.0 to 0.26.0 * build(deps): bump github.com/spf13/cobra from 1.0.0 to 1.1.1 * Remove docs that refer to bors, since we're not using it * Buildah bud should not use stdin by default * bump containerd, docker, and golang.org/x/sys * Makefile: cross: remove windows.386 target * copier.copierHandlerPut: don't check length when there are errors * Stop excessive wrapping * CI: require that conformance tests pass * bump(github.com/openshift/imagebuilder) to v1.1.8 * Skip tlsVerify insecure BUILD_REGISTRY_SOURCES * Fix build path wrong containers/podman#7993 * refactor pullpolicy to avoid deps * build(deps): bump github.com/containers/common from 0.24.0 to 0.25.0 * CI: run gating tasks with a lot more memory * ADD and COPY: descend into excluded directories, sometimes * copier: add more context to a couple of error messages * copier: check an error earlier * copier: log stderr output as debug on success * Update nix pin with make nixpkgs * Set directory ownership when copied with ID mapping * build(deps): bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0 * build(deps): bump github.com/containers/common from 0.23.0 to 0.24.0 * Cirrus: Remove bors artifacts * Sort build flag definitions alphabetically * ADD: only expand archives at the right time * Remove configuration for bors * Shell Completion for podman build flags * Bump c/common to v0.24.0 * New CI check: xref --help vs man pages * CI: re-enable several linters * Move --userns-uid-map/--userns-gid-map description into buildah man page * add: preserve ownerships and permissions on ADDed archives * Makefile: tweak the cross-compile target * Bump containers/common to v0.23.0 * chroot: create bind mount targets 0755 instead of 0700 * Change call to Split() to safer SplitN() * chroot: fix handling of errno seccomp rules * build(deps): bump github.com/containers/image/v5 from 5.5.2 to 5.6.0 * Add In Progress section to contributing * integration tests: make sure tests run in ${topdir}/tests * Run(): ignore containers.conf's environment configuration * Warn when setting healthcheck in OCI format * Cirrus: Skip git-validate on branches * tools: update git-validation to the latest commit * tools: update golangci-lint to v1.18.0 * Add a few tests of push command * Add(): fix handling of relative paths with no ContextDir * build(deps): bump github.com/containers/common from 0.21.0 to 0.22.0 * Lint: Use same linters as podman * Validate: reference HEAD * Fix buildah mount to display container names not ids * Update nix pin with make nixpkgs * Add missing --format option in buildah from man page * Fix up code based on codespell * build(deps): bump github.com/openshift/imagebuilder from 1.1.6 to 1.1.7 * build(deps): bump github.com/containers/storage from 1.23.4 to 1.23.5 * Improve buildah completions * Cirrus: Fix validate commit epoch * Fix bash completion of manifest flags * Uniform some man pages * Update Buildah Tutorial to address BZ1867426 * Update bash completion of manifest add sub command * copier.Get(): hard link targets shouldn't be relative paths * build(deps): bump github.com/onsi/gomega from 1.10.1 to 1.10.2 * Pass timestamp down to history lines * Timestamp gets updated everytime you inspect an image * bud.bats: use absolute paths in newly-added tests * contrib/cirrus/lib.sh: don't use CN for the hostname * tests: Add some tests * Update manifest add man page * Extend flags of manifest add * build(deps): bump github.com/containers/storage from 1.23.3 to 1.23.4 * build(deps): bump github.com/onsi/ginkgo from 1.14.0 to 1.14.1 * CI: expand cross-compile checks Update to v1.16.2: * fix build on 32bit arches * containerImageRef.NewImageSource(): don't always force timestamps * Add fuse module warning to image readme * Heed our retry delay option values when retrying commit/pull/push * Switch to containers/common for seccomp * Use --timestamp rather then --omit-timestamp * docs: remove outdated notice * docs: remove outdated notice * build-using-dockerfile: add a hidden --log-rusage flag * build(deps): bump github.com/containers/image/v5 from 5.5.1 to 5.5.2 * Discard ReportWriter if user sets options.Quiet * build(deps): bump github.com/containers/common from 0.19.0 to 0.20.3 * Fix ownership of content copied using COPY --from * newTarDigester: zero out timestamps in tar headers * Update nix pin with `make nixpkgs` * bud.bats: correct .dockerignore integration tests * Use pipes for copying * run: include stdout in error message * run: use the correct error for errors.Wrapf * copier: un-export internal types * copier: add Mkdir() * in_podman: don't get tripped up by $CIRRUS_CHANGE_TITLE * docs/buildah-commit.md: tweak some wording, add a --rm example * imagebuildah: don’t blank out destination names when COPYing * Replace retry functions with common/pkg/retry * StageExecutor.historyMatches: compare timestamps using .Equal * Update vendor of containers/common * Fix errors found in coverity scan * Change namespace handling flags to better match podman commands * conformance testing: ignore buildah.BuilderIdentityAnnotation labels * Vendor in containers/storage v1.23.0 * Add buildah.IsContainer interface * Avoid feeding run_buildah to pipe * fix(buildahimage): add xz dependency in buildah image * Bump github.com/containers/common from 0.15.2 to 0.18.0 * Howto for rootless image building from OpenShift * Add --omit-timestamp flag to buildah bud * Update nix pin with `make nixpkgs` * Shutdown storage on failures * Handle COPY --from when an argument is used * Bump github.com/seccomp/containers-golang from 0.5.0 to 0.6.0 * Cirrus: Use newly built VM images * Bump github.com/opencontainers/runc from 1.0.0-rc91 to 1.0.0-rc92 * Enhance the .dockerignore man pages * conformance: add a test for COPY from subdirectory * fix bug manifest inspct * Add documentation for .dockerignore * Add BuilderIdentityAnnotation to identify buildah version * DOC: Add quay.io/containers/buildah image to README.md * Update buildahimages readme * fix spelling mistake in 'info' command result display * Don't bind /etc/host and /etc/resolv.conf if network is not present * blobcache: avoid an unnecessary NewImage() * Build static binary with `buildGoModule` * copier: split StripSetidBits into StripSetuidBit/StripSetgidBit/StripStickyBit * tarFilterer: handle multiple archives * Fix a race we hit during conformance tests * Rework conformance testing * Update 02-registries-repositories.md * test-unit: invoke cmd/buildah tests with --flags * parse: fix a type mismatch in a test * Fix compilation of tests/testreport/testreport * build.sh: log the version of Go that we're using * test-unit: increase the test timeout to 40/45 minutes * Add the 'copier' package * Fix & add notes regarding problematic language in codebase * Add dependency on github.com/stretchr/testify/require * CompositeDigester: add the ability to filter tar streams * BATS tests: make more robust * vendor golang.org/x/text@v0.3.3 * Switch golang 1.12 to golang 1.13 * imagebuildah: wait for stages that might not have even started yet * chroot, run: not fail on bind mounts from /sys * chroot: do not use setgroups if it is blocked * Set engine env from containers.conf * imagebuildah: return the right stage's image as the 'final' image * Fix a help string * Deduplicate environment variables * switch containers/libpod to containers/podman * Bump github.com/containers/ocicrypt from 1.0.2 to 1.0.3 * Bump github.com/opencontainers/selinux from 1.5.2 to 1.6.0 * Mask out /sys/dev to prevent information leak * linux: skip errors from the runtime kill * Mask over the /sys/fs/selinux in mask branch * Add VFS additional image store to container * tests: add auth tests * Allow 'readonly' as alias to 'ro' in mount options * Ignore OS X specific consistency mount option * Bump github.com/onsi/ginkgo from 1.13.0 to 1.14.0 * Bump github.com/containers/common from 0.14.0 to 0.15.2 * Rootless Buildah should default to IsolationOCIRootless * imagebuildah: fix inheriting multi-stage builds * Make imagebuildah.BuildOptions.Architecture/OS optional * Make imagebuildah.BuildOptions.Jobs optional * Resolve a possible race in imagebuildah.Executor.startStage() * Switch scripts to use containers.conf * Bump openshift/imagebuilder to v1.1.6 * Bump go.etcd.io/bbolt from 1.3.4 to 1.3.5 * buildah, bud: support --jobs=N for parallel execution * executor: refactor build code inside new function * Add bud regression tests * Cirrus: Fix missing htpasswd in registry img * docs: clarify the 'triples' format * CHANGELOG.md: Fix markdown formatting * Add nix derivation for static builds * Bump to v1.16.0-dev - Update to v1.15.1 * Mask over the /sys/fs/selinux in mask branch * chroot: do not use setgroups if it is blocked * chroot, run: not fail on bind mounts from /sys * Allow 'readonly' as alias to 'ro' in mount options * Add VFS additional image store to container * vendor golang.org/x/text@v0.3.3 * Make imagebuildah.BuildOptions.Architecture/OS optional Update to v1.15.0: * Add CVE-2020-10696 to CHANGELOG.md and changelog.txt * fix lighttpd example * remove dependency on openshift struct * Warn on unset build arguments * vendor: update seccomp/containers-golang to v0.4.1 * Updated docs * clean up comments * update exit code for tests * Implement commit for encryption * implementation of encrypt/decrypt push/pull/bud/from * fix resolve docker image name as transport * Add preliminary profiling support to the CLI * Evaluate symlinks in build context directory * fix error info about get signatures for containerImageSource * Add Security Policy * Cirrus: Fixes from review feedback * imagebuildah: stages shouldn't count as their base images * Update containers/common v0.10.0 * Add registry to buildahimage Dockerfiles * Cirrus: Use pre-installed VM packages + F32 * Cirrus: Re-enable all distro versions * Cirrus: Update to F31 + Use cache images * golangci-lint: Disable gosimple * Lower number of golangci-lint threads * Fix permissions on containers.conf * Don't force tests to use runc * Return exit code from failed containers * cgroup_manager should be under [engine] * Use c/common/pkg/auth in login/logout * Cirrus: Temporarily disable Ubuntu 19 testing * Add containers.conf to stablebyhand build * Update gitignore to exclude test Dockerfiles * Remove warning for systemd inside of container Update to v1.14.6: * Make image history work correctly with new args handling * Don't add args to the RUN environment from the Builder Update to v1.14.5: * Revert FIPS mode change Update to v1.14.4: * Update unshare man page to fix script example * Fix compilation errors on non linux platforms * Preserve volume uid and gid through subsequent commands * Fix potential CVE in tarfile w/ symlink * Fix .dockerignore with globs and ! commands Update to v1.14.2: * Search for local runtime per values in containers.conf * Set correct ownership on working directory * Improve remote manifest retrieval * Correct a couple of incorrect format specifiers * manifest push --format: force an image type, not a list type * run: adjust the order in which elements are added to $ * getDateAndDigestAndSize(): handle creation time not being set * Make the commit id clear like Docker * Show error on copied file above context directory in build * pull/from/commit/push: retry on most failures * Repair buildah so it can use containers.conf on the server side * Fixing formatting & build instructions * Fix XDG_RUNTIME_DIR for authfile * Show validation command-line Update to v1.14.0: * getDateAndDigestAndSize(): use manifest.Digest * Touch up os/arch doc * chroot: handle slightly broken seccomp defaults * buildahimage: specify fuse-overlayfs mount options * parse: don't complain about not being able to rename something to itself * Fix build for 32bit platforms * Allow users to set OS and architecture on bud * Fix COPY in containerfile with envvar * Add --sign-by to bud/commit/push, --remove-signatures for pull/push * Add support for containers.conf * manifest push: add --format option Update to v1.13.1: * copyFileWithTar: close source files at the right time * copy: don't digest files that we ignore * Check for .dockerignore specifically * Don't setup excludes, if their is only one pattern to match * set HOME env to /root on chroot-isolation by default * docs: fix references to containers-*.5 * fix bug Add check .dockerignore COPY file * buildah bud --volume: run from tmpdir, not source dir * Fix imageNamePrefix to give consistent names in buildah-from * cpp: use -traditional and -undef flags * discard outputs coming from onbuild command on buildah-from --quiet * make --format columnizing consistent with buildah images * Fix option handling for volumes in build * Rework overlay pkg for use with libpod * Fix buildahimage builds for buildah * Add support for FIPS-Mode backends * Set the TMPDIR for pulling/pushing image to $TMPDIR Update to v1.12.0: * Allow ADD to use http src * imgtype: reset storage opts if driver overridden * Start using containers/common * overlay.bats typo: fuse-overlays should be fuse-overlayfs * chroot: Unmount with MNT_DETACH instead of UnmountMountpoints() * bind: don't complain about missing mountpoints * imgtype: check earlier for expected manifest type * Add history names support Update to v1.11.6: * Handle missing equal sign in --from and --chown flags for COPY/ADD * bud COPY does not download URL * Fix .dockerignore exclude regression * commit(docker): always set ContainerID and ContainerConfig * Touch up commit man page image parameter * Add builder identity annotations. Update to v1.11.5: * buildah: add 'manifest' command * pkg/supplemented: add a package for grouping images together * pkg/manifests: add a manifest list build/manipulation API * Update for ErrUnauthorizedForCredentials API change in containers/image * Update for manifest-lists API changes in containers/image * version: also note the version of containers/image * Move to containers/image v5.0.0 * Enable --device directory as src device * Add clarification to the Tutorial for new users * Silence 'using cache' to ensure -q is fully quiet * Move runtime flag to bud from common * Commit: check for storage.ErrImageUnknown using errors.Cause() * Fix crash when invalid COPY --from flag is specified. Update to v1.11.4: * buildah: add a 'manifest' command * pkg/manifests: add a manifest list build/manipulation API * Update for ErrUnauthorizedForCredentials API change in containers/image * Update for manifest-lists API changes in containers/image * Move to containers/image v5.0.0 * Enable --device directory as src device * Add clarification to the Tutorial for new users * Silence 'using cache' to ensure -q is fully quiet * Move runtime flag to bud from common * Commit: check for storage.ErrImageUnknown using errors.Cause() * Fix crash when invalid COPY --from flag is specified. Update to v1.11.3: * Add cgroups2 * Add support for retrieving context from stdin '-' * Added tutorial on how to include Buildah as library * Fix --build-args handling * Print build 'STEP' line to stdout, not stderr * Use Containerfile by default Update to v1.11.2: * Add some cleanup code * Move devices code to unit specific directory. Update to v1.11.1: * Add --devices flag to bud and from * Add support for /run/.containerenv * Allow mounts.conf entries for equal source and destination paths * Fix label and annotation for 1-line Dockerfiles * Preserve file and directory mount permissions * Replace --debug=false with --log-level=error * Set TMPDIR to /var/tmp by default * Truncate output of too long image names * Ignore EmptyLayer if Squash is set Update to v1.11.0: * Add --digestfile and Re-add push statement as debug * Add --log-level command line option and deprecate --debug * Add security-related volume options to validator * Allow buildah bud to be called without arguments * Allow to override build date with SOURCE_DATE_EPOCH * Correctly detect ExitError values from Run() * Disable empty logrus timestamps to reduce logger noise * Fix directory pull image names * Fix handling of /dev/null masked devices * Fix possible runtime panic on bud * Update bud/from help to contain indicator for --dns=none * Update documentation about bud * Update shebangs to take env into consideration * Use content digests in ADD/COPY history entries * add support for cgroupsV2 * add: add a DryRun flag to AddAndCopyOptions * add: handle hard links when copying with .dockerignore * add: teach copyFileWithTar() about symlinks and directories * imagebuilder: fix detection of referenced stage roots * pull/commit/push: pay attention to $BUILD_REGISTRY_SOURCES * run_linux: fix mounting /sys in a userns Update to v1.10.1: * Add automatic apparmor tag discovery * Add overlayfs to fuse-overlayfs tip * Bug fix for volume minus syntax * Bump container/storage v1.13.1 and containers/image v3.0.1 * Bump containers/image to v3.0.2 to fix keyring issue * Fix bug whereby --get-login has no effect * Bump github.com/containernetworking/cni to v0.7.1 - Add appamor-pattern requirement - Update build process to match the latest repository architecture - Update to v1.10.0 * vendor github.com/containers/image@v3.0.0 * Remove GO111MODULE in favor of -mod=vendor * Vendor in containers/storage v1.12.16 * Add '-' minus syntax for removal of config values * tests: enable overlay tests for rootless * rootless, overlay: use fuse-overlayfs * vendor github.com/containers/image@v2.0.1 * Added '-' syntax to remove volume config option * delete successfully pushed message * Add golint linter and apply fixes * vendor github.com/containers/storage@v1.12.15 * Change wait to sleep in buildahimage readme * Handle ReadOnly images when deleting images * Add support for listing read/only images * from/import: record the base image's digest, if it has one * Fix CNI version retrieval to not require network connection * Add misspell linter and apply fixes * Add goimports linter and apply fixes * Add stylecheck linter and apply fixes * Add unconvert linter and apply fixes * image: make sure we don't try to use zstd compression * run.bats: skip the 'z' flag when testing --mount * Update to runc v1.0.0-rc8 * Update to match updated runtime-tools API * bump github.com/opencontainers/runtime-tools to v0.9.0 * Build e2e tests using the proper build tags * Add unparam linter and apply fixes * Run: correct a typo in the --cap-add help text * unshare: add a --mount flag * fix push check image name is not empty * add: fix slow copy with no excludes * Add errcheck linter and fix missing error check * Improve tests/tools/Makefile parallelism and abstraction * Fix response body not closed resource leak * Switch to golangci-lint * Add gomod instructions and mailing list links * On Masked path, check if /dev/null already mounted before mounting * Update to containers/storage v1.12.13 * Refactor code in package imagebuildah * Add rootless podman with NFS issue in documentation * Add --mount for buildah run * import method ValidateVolumeOpts from libpod * Fix typo * Makefile: set GO111MODULE=off * rootless: add the built-in slirp DNS server * Update docker/libnetwork to get rid of outdated sctp package * Update buildah-login.md * migrate to go modules * install.md: mention go modules * tests/tools: go module for test binaries * fix --volume splits comma delimited option * Add bud test for RUN with a priv'd command * vendor logrus v1.4.2 * pkg/cli: panic when flags can't be hidden * pkg/unshare: check all errors * pull: check error during report write * run_linux.go: ignore unchecked errors * conformance test: catch copy error * chroot/run_test.go: export funcs to actually be executed * tests/imgtype: ignore error when shutting down the store * testreport: check json error * bind/util.go: remove unused func * rm chroot/util.go * imagebuildah: remove unused dedupeStringSlice * StageExecutor: EnsureContainerPath: catch error from SecureJoin() * imagebuildah/build.go: return instead of branching * rmi: avoid redundant branching * conformance tests: nilness: allocate map * imagebuildah/build.go: avoid redundant filepath.Join() * imagebuildah/build.go: avoid redundant os.Stat() * imagebuildah: omit comparison to bool * fix 'ineffectual assignment' lint errors * docker: ignore 'repeats json tag' lint error * pkg/unshare: use ... instead of iterating a slice * conformance: bud test: use raw strings for regexes * conformance suite: remove unused func/var * buildah test suite: remove unused vars/funcs * testreport: fix golangci-lint errors * util: remove redundant return statement * chroot: only log clean-up errors * images_test: ignore golangci-lint error * blobcache: log error when draining the pipe * imagebuildah: check errors in deferred calls * chroot: fix error handling in deferred funcs * cmd: check all errors * chroot/run_test.go: check errors * chroot/run.go: check errors in deferred calls * imagebuildah.Executor: remove unused onbuild field * docker/types.go: remove unused struct fields * util: use strings.ContainsRune instead of index check * Cirrus: Initial implementation * buildah-run: fix-out-of-range panic (2) * Update containers/image to v2.0.0 * run: fix hang with run and --isolation=chroot * run: fix hang when using run * chroot: drop unused function call * remove --> before imgageID on build * Always close stdin pipe * Write deny to setgroups when doing single user mapping * Avoid including linux/memfd.h * Add a test for the symlink pointing to a directory * Add missing continue * Fix the handling of symlinks to absolute paths * Only set default network sysctls if not rootless * Support --dns=none like podman * fix bug --cpu-shares parsing typo * Fix validate complaint * Update vendor on containers/storage to v1.12.10 * Create directory paths for COPY thereby ensuring correct perms * imagebuildah: use a stable sort for comparing build args * imagebuildah: tighten up cache checking * bud.bats: add a test verying the order of --build-args * add -t to podman run * imagebuildah: simplify screening by top layers * imagebuildah: handle ID mappings for COPY --from * imagebuildah: apply additionalTags ourselves * bud.bats: test additional tags with cached images * bud.bats: add a test for WORKDIR and COPY with absolute destinations * Cleanup Overlay Mounts content * Add support for file secret mounts * Add ability to skip secrets in mounts file * allow 32bit builds * fix tutorial instructions * imagebuilder: pass the right contextDir to Add() * add: use fileutils.PatternMatcher for .dockerignore * bud.bats: add another .dockerignore test * unshare: fallback to single usermapping * addHelperSymlink: clear the destination on os.IsExist errors * bud.bats: test replacing symbolic links * imagebuildah: fix handling of destinations that end with '/' * bud.bats: test COPY with a final '/' in the destination * linux: add check for sysctl before using it * unshare: set _CONTAINERS_ROOTLESS_GID * Rework buildahimamges * build context: support https git repos * Add a test for ENV special chars behaviour * Check in new Dockerfiles * Apply custom SHELL during build time * config: expand variables only at the command line * SetEnv: we only need to expand v once * Add default /root if empty on chroot iso * Add support for Overlay volumes into the container. * Export buildah validate volume functions so it can share code with libpod * Bump baseline test to F30 * Fix rootless handling of /dev/shm size * Avoid fmt.Printf() in the library * imagebuildah: tighten cache checking back up * Handle WORKDIR with dangling target * Default Authfile to proper path * Make buildah run --isolation follow BUILDAH_ISOLATION environment * Vendor in latest containers/storage and containers/image * getParent/getChildren: handle layerless images * imagebuildah: recognize cache images for layerless images * bud.bats: test scratch images with --layers caching * Get CHANGELOG.md updates * Add some symlinks to test our .dockerignore logic * imagebuildah: addHelper: handle symbolic links * commit/push: use an everything-allowed policy * Correct manpage formatting in files section * Remove must be root statement from buildah doc * Change image names to stable, testing and upstream * Don't create directory on container * Replace kubernetes/pause in tests with k8s.gcr.io/pause * imagebuildah: don't remove intermediate images if we need them * Rework buildahimagegit to buildahimageupstream * Fix Transient Mounts * Handle WORKDIRs that are symlinks * allow podman to build a client for windows * Touch up 1.9-dev to 1.9.0-dev * Resolve symlink when checking container path * commit: commit on every instruction, but not always with layers * CommitOptions: drop the unused OnBuild field * makeImageRef: pass in the whole CommitOptions structure * cmd: API cleanup: stores before images * run: check if SELinux is enabled * Fix buildahimages Dockerfiles to include support for additionalimages mounted from host. * Detect changes in rootdir * Fix typo in buildah-pull(1) * Vendor in latest containers/storage * Keep track of any build-args used during buildah bud --layers * commit: always set a parent ID * imagebuildah: rework unused-argument detection * fix bug dest path when COPY .dockerignore * Move Host IDMAppings code from util to unshare * Add BUILDAH_ISOLATION rootless back * Travis CI: fail fast, upon error in any step * imagebuildah: only commit images for intermediate stages if we have to * Use errors.Cause() when checking for IsNotExist errors * auto pass http_proxy to container * imagebuildah: don't leak image structs * Add Dockerfiles for buildahimages * Bump to Replace golang 1.10 with 1.12 * add --dns* flags to buildah bud * Add hack/build_speed.sh test speeds on building container images * Create buildahimage Dockerfile for Quay * rename 'is' to 'expect_output' * squash.bats: test squashing in multi-layered builds * bud.bats: test COPY --from in a Dockerfile while using the cache * commit: make target image names optional * Fix bud-args to allow comma separation * oops, missed some tests in commit.bats * new helper: expect_line_count * New tests for #1467 (string slices in cmdline opts) * Workarounds for dealing with travis; review feedback * BATS tests - extensive but minor cleanup * imagebuildah: defer pulling images for COPY --from * imagebuildah: centralize COMMIT and image ID output * Travis: do not use traviswait * imagebuildah: only initialize imagebuilder configuration once per stage * Make cleaner error on Dockerfile build errors * unshare: move to pkg/ * unshare: move some code from cmd/buildah/unshare * Fix handling of Slices versus Arrays * imagebuildah: reorganize stage and per-stage logic * imagebuildah: add empty layers for instructions * Add missing step in installing into Ubuntu * fix bug in .dockerignore support * imagebuildah: deduplicate prepended 'FROM' instructions * Touch up intro * commit: set created-by to the shell if it isn't set * commit: check that we always set a 'created-by' * docs/buildah.md: add 'containers-' prefixes under 'SEE ALSO' Update to v1.7.2 * Updates vendored containers/storage to latest version * rootless: by default use the host network namespace - Full changelog: https://github.com/containers/buildah/releases/tag/v1.6 ----------------------------------------- Patch: SUSE-2020-3450 Released: Thu Nov 19 17:39:23 2020 Summary: Recommended update for hawk-apiserver Severity: moderate References: 1178228 Description: This update for hawk-apiserver fixes the following issues: - Update from version 0.0.2 to version 0.0.4: - various enhancement security https related (bsc#1178228) - update go modules to 1.13 - add -version flag to show build version ----------------------------------------- Patch: SUSE-2020-3452 Released: Thu Nov 19 19:42:47 2020 Summary: Recommended update for tomcat Severity: moderate References: 1178396 Description: This update for tomcat fixes the following issues: - Fixes an issue when after removing package rest remained in 'examples'. - Remove 'tomcat-9.0.init' and '/usr/lib/tmpfiles.d/tomcat.conf' because of using systemd. (bsc#1178396) ----------------------------------------- Patch: SUSE-2020-3458 Released: Fri Nov 20 11:09:46 2020 Summary: Security update for MozillaFirefox Severity: important References: 1178824,CVE-2020-15999,CVE-2020-16012,CVE-2020-26951,CVE-2020-26953,CVE-2020-26956,CVE-2020-26958,CVE-2020-26959,CVE-2020-26960,CVE-2020-26961,CVE-2020-26965,CVE-2020-26966,CVE-2020-26968 Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.5.0 ESR (bsc#1178824) * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI * CVE-2020-26956: XSS through paste (manual and clipboard API) * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959: Use-after-free in WebRequestService * CVE-2020-26960: Potential use-after-free in uses of nsTArray * CVE-2020-15999: Heap buffer overflow in freetype * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965: Software keyboards may have remembered typed passwords * CVE-2020-26966: Single-word search queries were also broadcast to local network * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 ----------------------------------------- Patch: SUSE-2020-3460 Released: Fri Nov 20 12:41:23 2020 Summary: Security update for java-1_8_0-openjdk Severity: moderate References: 1174157,1177943,CVE-2020-14556,CVE-2020-14577,CVE-2020-14578,CVE-2020-14579,CVE-2020-14581,CVE-2020-14583,CVE-2020-14593,CVE-2020-14621,CVE-2020-14779,CVE-2020-14781,CVE-2020-14782,CVE-2020-14792,CVE-2020-14796,CVE-2020-14797,CVE-2020-14798,CVE-2020-14803 Description: This update for java-1_8_0-openjdk fixes the following issues: - Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)', introduced in October 2020 CPU. - Update to version jdk8u272 (icedtea 3.17.0) (July 2020 CPU, bsc#1174157, and October 2020 CPU, bsc#1177943) * New features + JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 + PR3796: Allow the number of curves supported to be specified * Security fixes + JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue) + JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString() + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233255: Better Swing Buttons + JDK-8233624: Enhance JNI linkage + JDK-8234032: Improve basic calendar services + JDK-8234042: Better factory production of certificates + JDK-8234418: Better parsing with CertificateFactory + JDK-8234836: Improve serialization handling + JDK-8236191: Enhance OID processing + JDK-8236196: Improve string pooling + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior + JDK-8237592, CVE-2020-14577: Enhance certificate verification + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8238002, CVE-2020-14581: Better matrix operations + JDK-8238804: Enhance key handling process + JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable + JDK-8238843: Enhanced font handing + JDK-8238920, CVE-2020-14583: Better Buffer support + JDK-8238925: Enhance WAV file playback + JDK-8240119, CVE-2020-14593: Less Affine Transformations + JDK-8240124: Better VM Interning + JDK-8240482: Improved WAV file playback + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8241379: Update JCEKS support + JDK-8241522: Manifest improved jar headers redux + JDK-8242136, CVE-2020-14621: Better XML namespace handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Import of OpenJDK 8 u262 build 01 + JDK-4949105: Access Bridge lacks html tags parsing + JDK-8003209: JFR events for network utilization + JDK-8030680: 292 cleanup from default method code assessment + JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently + JDK-8041626: Shutdown tracing event + JDK-8141056: Erroneous assignment in HeapRegionSet.cpp + JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates + JDK-8151582: (ch) test java/nio/channels/ /AsyncCloseAndInterrupt.java failing due to 'Connection succeeded' + JDK-8165675: Trace event for thread park has incorrect unit for timeout + JDK-8176182: 4 security tests are not run + JDK-8178910: Problemlist sample tests + JDK-8183925: Decouple crash protection from watcher thread + JDK-8191393: Random crashes during cfree+0x1c + JDK-8195817: JFR.stop should require name of recording + JDK-8195818: JFR.start should increase autogenerated name by one + JDK-8195819: Remove recording=x from jcmd JFR.check output + JDK-8199712: Flight Recorder + JDK-8202578: Revisit location for class unload events + JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events + JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder) + JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant + JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording + JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552 + JDK-8203929: Limit amount of data for JFR.dump + JDK-8205516: JFR tool + JDK-8207392: [PPC64] Implement JFR profiling + JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it + JDK-8209960: -Xlog:jfr* doesn't work with the JFR + JDK-8210024: JFR calls virtual is_Java_thread from ~Thread() + JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7 + JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch + JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events + JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions + JDK-8213421: Line number information for execution samples always 0 + JDK-8213617: JFR should record the PID of the recorded process + JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs. + JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests + JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test + JDK-8213966: The ZGC JFR events should be marked as experimental + JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds + JDK-8214750: Unnecessary

tags in jfr classes + JDK-8214896: JFR Tool left files behind + JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError + JDK-8214925: JFR tool fails to execute + JDK-8215175: Inconsistencies in JFR event metadata + JDK-8215237: jdk.jfr.Recording javadoc does not compile + JDK-8215284: Reduce noise induced by periodic task getFileSize() + JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1) + JDK-8215362: JFR GTest JfrTestNetworkUtilization fails + JDK-8215771: The jfr tool should pretty print reference chains + JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly + JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run() + JDK-8216528: test/jdk/java/rmi/transport/ /runtimeThreadInheritanceLeak/ /RuntimeThreadInheritanceLeak.java failing with Xcomp + JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps + JDK-8216578: Remove unused/obsolete method in JFR code + JDK-8216995: Clean up JFR command line processing + JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT + JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent + JDK-8218935: Make jfr strncpy uses GCC 8.x friendly + JDK-8223147: JFR Backport + JDK-8223689: Add JFR Thread Sampling Support + JDK-8223690: Add JFR BiasedLock Event Support + JDK-8223691: Add JFR G1 Region Type Change Event Support + JDK-8223692: Add JFR G1 Heap Summary Event Support + JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant + JDK-8224475: JTextPane does not show images in HTML rendering + JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden. + JDK-8226779: [TESTBUG] Test JFR API from Java agent + JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys + JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory + JDK-8227605: Kitchensink fails 'assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant' + JDK-8229366: JFR backport allows unchecked writing to memory + JDK-8229401: Fix JFR code cache test failures + JDK-8229708: JFR backport code does not initialize + JDK-8229873: 8229401 broke jdk8u-jfr-incubator + JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows + JDK-8230707: JFR related tests are failing + JDK-8230782: Robot.createScreenCapture() fails if 'awt.robot.gtk' is set to false + JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return + JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707 + JDK-8231995: two jtreg tests failed after 8229366 is fixed + JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file + JDK-8236002: CSR for JFR backport suggests not leaving out the package-info + JDK-8236008: Some backup files were accidentally left in the hotspot tree + JDK-8236074: Missed package-info + JDK-8236174: Should update javadoc since tags + JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport + JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01 + JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB + JDK-8238589: Necessary code cleanup in JFR for JDK8u + JDK-8238590: Enable JFR by default during compilation in 8u + JDK-8239055: Wrong implementation of VMState.hasListener + JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair + JDK-8239479: minimal1 and zero builds are failing + JDK-8239867: correct over use of INCLUDE_JFR macro + JDK-8240375: Disable JFR by default for July 2020 release + JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled + JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport) + JDK-8242788: Non-PCH build is broken after JDK-8191393 * Import of OpenJDK 8 u262 build 02 + JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset + JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java + JDK-8230926: [macosx] Two apostrophes are entered instead of one with 'U.S. International - PC' layout + JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges + JDK-8242883: Incomplete backport of JDK-8078268: backport test part * Import of OpenJDK 8 u262 build 03 + JDK-8037866: Replace the Fun class in tests with lambdas + JDK-8146612: C2: Precedence edges specification violated + JDK-8150986: serviceability/sa/jmap-hprof/ /JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format + JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions + JDK-8230597: Update GIFlib library to the 5.2.1 + JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return + JDK-8233880, PR3798: Support compilers with multi-digit major version numbers + JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed + JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set + JDK-8243059: Build fails when --with-vendor-name contains a comma + JDK-8243474: [TESTBUG] removed three tests of 0 bytes + JDK-8244461: [JDK 8u] Build fails with glibc 2.32 + JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result * Import of OpenJDK 8 u262 build 04 + JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null + JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering + JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM + JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE + JDK-8243539: Copyright info (Year) should be updated for fix of 8241638 + JDK-8244777: ClassLoaderStats VM Op uses constant hash value * Import of OpenJDK 8 u262 build 05 + JDK-7147060: com/sun/org/apache/xml/internal/security/ /transforms/ClassLoaderTest.java doesn't run in agentvm mode + JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method + JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds + JDK-8227269: Slow class loading when running with JDWP + JDK-8229899: Make java.io.File.isInvalid() less racy + JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing + JDK-8241750: x86_32 build failure after JDK-8227269 + JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in + JDK-8244843: JapanEraNameCompatTest fails * Import of OpenJDK 8 u262 build 06 + JDK-8246223: Windows build fails after JDK-8227269 * Import of OpenJDK 8 u262 build 07 + JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing + JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a + JDK-8245167: Top package in method profiling shows null in JMC + JDK-8246703: [TESTBUG] Add test for JDK-8233197 * Import of OpenJDK 8 u262 build 08 + JDK-8220293: Deadlock in JFR string pool + JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020 + JDK-8225069: Remove Comodo root certificate that is expiring in May 2020 * Import of OpenJDK 8 u262 build 09 + JDK-8248399: Build installs jfr binary when JFR is disabled * Import of OpenJDK 8 u262 build 10 + JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package * Import of OpenJDK 8 u265 build 01 + JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior + JDK-8250546: Expect changed behaviour reported in JDK-8249846 * Import of OpenJDK 8 u272 build 01 + JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java + JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals + JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c + JDK-8039082: [TEST_BUG] Test java/awt/dnd/ /BadSerializationTest/BadSerializationTest.java fails + JDK-8075774: Small readability and performance improvements for zipfs + JDK-8132206: move ScanTest.java into OpenJDK + JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API + JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java + JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/ /appletviewer/IOExceptionIfEncodedURLTest/ /IOExceptionIfEncodedURLTest.sh + JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/ /MTGraphicsAccessTest.java hangs on Win. 8 + JDK-8151788: NullPointerException from ntlm.Client.type3 + JDK-8151834: Test SmallPrimeExponentP.java times out intermittently + JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout + JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public + JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization + JDK-8165936: Potential Heap buffer overflow when seaching timezone info files + JDK-8166148: Fix for JDK-8165936 broke solaris builds + JDK-8167300: Scheduling failures during gcm should be fatal + JDK-8167615: Opensource unit/regression tests for JavaSound + JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java + JDK-8177628: Opensource unit/regression tests for ImageIO + JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java + JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/ /AppletContextTest/BadPluginConfigurationTest.sh + JDK-8193137: Nashorn crashes when given an empty script file + JDK-8194298: Add support for per Socket configuration of TCP keepalive + JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error + JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails + JDK-8210147: adjust some WSAGetLastError usages in windows network coding + JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions + JDK-8214862: assert(proj != __null) at compile.cpp:3251 + JDK-8217606: LdapContext#reconnect always opens a new connection + JDK-8217647: JFR: recordings on 32-bit systems unreadable + JDK-8226697: Several tests which need the @key headful keyword are missing it. + JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow + JDK-8230303: JDB hangs when running monitor command + JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG + JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion + JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version + JDK-8235325: build failure on Linux after 8235243 + JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink + JDK-8237951: CTW: C2 compilation fails with 'malformed control flow' + JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary + JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD + JDK-8239819: XToolkit: Misread of screen information memory + JDK-8240295: hs_err elapsed time in seconds is not accurate enough + JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one + JDK-8242498: Invalid 'sun.awt.TimedWindowEvent' object leads to JVM crash + JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions + JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor + JDK-8246310: Clean commented-out code about ModuleEntry and PackageEntry in JFR + JDK-8246384: Enable JFR by default on supported architectures for October 2020 release + JDK-8248643: Remove extra leading space in JDK-8240295 8u backport + JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public * Import of OpenJDK 8 u272 build 02 + JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times + JDK-8025886: replace [[ and == bash extensions in regtest + JDK-8046274: Removing dependency on jakarta-regexp + JDK-8048933: -XX:+TraceExceptions output should include the message + JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/ /fileaccess/FontFile.java fails + JDK-8148854: Class names 'SomeClass' and 'LSomeClass;' treated by JVM as an equivalent + JDK-8154313: Generated javadoc scattered all over the place + JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k + JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled + JDK-8183349: Better cleanup for jdk/test/javax/imageio/ /plugins/shared/CanWriteSequence.java and WriteAfterAbort.java + JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test. + JDK-8201633: Problems with AES-GCM native acceleration + JDK-8211049: Second parameter of 'initialize' method is not used + JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero + JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound + JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file + JDK-8224217: RecordingInfo should use textual representation of path + JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate + JDK-8238380, PR3798: java.base/unix/native/libjava/childproc.c 'multiple definition' link errors with GCC10 + JDK-8238386, PR3798: (sctp) jdk.sctp/unix/native/libsctp/ /SctpNet.c 'multiple definition' link errors with GCC10 + JDK-8238388, PR3798: libj2gss/NativeFunc.o 'multiple definition' link errors with GCC10 + JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array + JDK-8250755: Better cleanup for jdk/test/javax/imageio/ /plugins/shared/CanWriteSequence.java * Import of OpenJDK 8 u272 build 03 + JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes + JDK-8148754: C2 loop unrolling fails due to unexpected graph shape + JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied + JDK-8203357: Container Metrics + JDK-8209113: Use WeakReference for lastFontStrike for created Fonts + JDK-8216283: Allow shorter method sampling interval than 10 ms + JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified + JDK-8233097: Fontmetrics for large Fonts has zero width + JDK-8248851: CMS: Missing memory fences between free chunk check and klass read + JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update * Import of OpenJDK 8 u272 build 04 + JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double + JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1 + JDK-8217878: ENVELOPING XML signature no longer works in JDK 11 + JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10 + JDK-8243138: Enhance BaseLdapServer to support starttls extended request * Import of OpenJDK 8 u272 build 05 + JDK-8026236: Add PrimeTest for BigInteger + JDK-8057003: Large reference arrays cause extremely long synchronization times + JDK-8060721: Test runtime/SharedArchiveFile/ /LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler + JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings + JDK-8168517: java/lang/ProcessBuilder/Basic.java failed + JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean + JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs + JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo + JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages + JDK-8240676: Meet not symmetric failure when running lucene on jdk8 + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program + JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase + JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics + JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds + JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled * Import of OpenJDK 8 u272 build 06 + JDK-8064319: Need to enable -XX:+TraceExceptions in release builds + JDK-8080462, PR3801: Update SunPKCS11 provider with PKCS11 v2.40 support + JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider + JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working + JDK-8169925, PR3801: PKCS #11 Cryptographic Token Interface license + JDK-8184762: ZapStackSegments should use optimized memset + JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak + JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly + JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6 + JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp + JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support) + JDK-8226575: OperatingSystemMXBean should be made container aware + JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous + JDK-8228835: Memory leak in PKCS11 provider when using AES GCM + JDK-8233621: Mismatch in jsse.enableMFLNExtension property name + JDK-8238898, PR3801: Missing hash characters for header on license file + JDK-8243320: Add SSL root certificates to Oracle Root CA program + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 + JDK-8245467: Remove 8u TLSv1.2 implementation files + JDK-8245469: Remove DTLS protocol implementation + JDK-8245470: Fix JDK8 compatibility issues + JDK-8245471: Revert JDK-8148188 + JDK-8245472: Backport JDK-8038893 to JDK8 + JDK-8245473: OCSP stapling support + JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712 + JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default + JDK-8245477: Adjust TLS tests location + JDK-8245653: Remove 8u TLS tests + JDK-8245681: Add TLSv1.3 regression test from 11.0.7 + JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher + JDK-8251120, PR3793: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false + JDK-8251341: Minimal Java specification change + JDK-8251478: Backport TLSv1.3 regression tests to JDK8u * Import of OpenJDK 8 u272 build 07 + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ * Import of OpenJDK 8 u272 build 08 + JDK-8062947: Fix exception message to correctly represent LDAP connection failure + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect + JDK-8252573: 8u: Windows build failed after 8222079 backport * Import of OpenJDK 8 u272 build 09 + JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed * Import of OpenJDK 8 u272 build 10 + JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158 + JDK-8254937: Revert JDK-8148854 for 8u272 * Backports + JDK-8038723, PR3806: Openup some PrinterJob tests + JDK-8041480, PR3806: ArrayIndexOutOfBoundsException when JTable contains certain string + JDK-8058779, PR3805: Faster implementation of String.replace(CharSequence, CharSequence) + JDK-8130125, PR3806: [TEST_BUG] add @modules to the several client tests unaffected by the automated bulk update + JDK-8144015, PR3806: [PIT] failures of text layout font tests + JDK-8144023, PR3806: [PIT] failure of text measurements in javax/swing/text/html/parser/Parser/6836089/bug6836089.java + JDK-8144240, PR3806: [macosx][PIT] AIOOB in closed/javax/swing/text/GlyphPainter2/6427244/bug6427244.java + JDK-8145542, PR3806: The case failed automatically and thrown java.lang.ArrayIndexOutOfBoundsException exception + JDK-8151725, PR3806: [macosx] ArrayIndexOOB exception when displaying Devanagari text in JEditorPane + JDK-8152358, PR3800: code and comment cleanups found during the hunt for 8077392 + JDK-8152545, PR3804: Use preprocessor instead of compiling a program to generate native nio constants + JDK-8152680, PR3806: Regression in GlyphVector.getGlyphCharIndex behaviour + JDK-8158924, PR3806: Incorrect i18n text document layout + JDK-8166003, PR3806: [PIT][TEST_BUG] missing helper for javax/swing/text/GlyphPainter2/6427244/bug6427244.java + JDK-8166068, PR3806: test/java/awt/font/GlyphVector/ /GetGlyphCharIndexTest.java does not compile + JDK-8169879, PR3806: [TEST_BUG] javax/swing/text/ /GlyphPainter2/6427244/bug6427244.java - compilation failed + JDK-8191512, PR3806: T2K font rasterizer code removal + JDK-8191522, PR3806: Remove Bigelow&Holmes Lucida fonts from JDK sources + JDK-8236512, PR3801: PKCS11 Connection closed after Cipher.doFinal and NoPadding + JDK-8254177, PR3809: (tz) Upgrade time-zone data to tzdata2020b * Bug fixes + PR3798: Fix format-overflow error on GCC 10, caused by passing NULL to a '%s' directive + PR3795: ECDSAUtils for XML digital signatures should support the same curve set as the rest of the JDK + PR3799: Adapt elliptic curve patches to JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 + PR3808: IcedTea does not install the JFR *.jfc files + PR3810: Enable JFR on x86 (32-bit) now that JDK-8252096 has fixed its use with Shenandoah + PR3811: Don't attempt to install JFR files when JFR is disabled * Shenandoah + [backport] 8221435: Shenandoah should not mark through weak roots + [backport] 8221629: Shenandoah: Cleanup class unloading logic + [backport] 8222992: Shenandoah: Pre-evacuate all roots + [backport] 8223215: Shenandoah: Support verifying subset of roots + [backport] 8223774: Shenandoah: Refactor ShenandoahRootProcessor and family + [backport] 8224210: Shenandoah: Refactor ShenandoahRootScanner to support scanning CSet codecache roots + [backport] 8224508: Shenandoah: Need to update thread roots in final mark for piggyback ref update cycle + [backport] 8224579: ResourceMark not declared in shenandoahRootProcessor.inline.hpp with --disable-precompiled-headers + [backport] 8224679: Shenandoah: Make ShenandoahParallelCodeCacheIterator noncopyable + [backport] 8224751: Shenandoah: Shenandoah Verifier should select proper roots according to current GC cycle + [backport] 8225014: Separate ShenandoahRootScanner method for object_iterate + [backport] 8225216: gc/logging/TestMetaSpaceLog.java doesn't work for Shenandoah + [backport] 8225573: Shenandoah: Enhance ShenandoahVerifier to ensure roots to-space invariant + [backport] 8225590: Shenandoah: Refactor ShenandoahClassLoaderDataRoots API + [backport] 8226413: Shenandoah: Separate root scanner for SH::object_iterate() + [backport] 8230853: Shenandoah: replace leftover assert(is_in(...)) with rich asserts + [backport] 8231198: Shenandoah: heap walking should visit all roots most of the time + [backport] 8231244: Shenandoah: all-roots heap walking misses some weak roots + [backport] 8237632: Shenandoah: accept NULL fwdptr to cooperate with JVMTI and JFR + [backport] 8239786: Shenandoah: print per-cycle statistics + [backport] 8239926: Shenandoah: Shenandoah needs to mark nmethod's metadata + [backport] 8240671: Shenandoah: refactor ShenandoahPhaseTimings + [backport] 8240749: Shenandoah: refactor ShenandoahUtils + [backport] 8240750: Shenandoah: remove leftover files and mentions of ShenandoahAllocTracker + [backport] 8240868: Shenandoah: remove CM-with-UR piggybacking cycles + [backport] 8240872: Shenandoah: Avoid updating new regions from start of evacuation + [backport] 8240873: Shenandoah: Short-cut arraycopy barriers + [backport] 8240915: Shenandoah: Remove unused fields in init mark tasks + [backport] 8240948: Shenandoah: cleanup not-forwarded-objects paths after JDK-8240868 + [backport] 8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support + [backport] 8241062: Shenandoah: rich asserts trigger 'empty statement' inspection + [backport] 8241081: Shenandoah: Do not modify update-watermark concurrently + [backport] 8241093: Shenandoah: editorial changes in flag descriptions + [backport] 8241139: Shenandoah: distribute mark-compact work exactly to minimize fragmentation + [backport] 8241142: Shenandoah: should not use parallel reference processing with single GC thread + [backport] 8241351: Shenandoah: fragmentation metrics overhaul + [backport] 8241435: Shenandoah: avoid disabling pacing with 'aggressive' + [backport] 8241520: Shenandoah: simplify region sequence numbers handling + [backport] 8241534: Shenandoah: region status should include update watermark + [backport] 8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure + [backport] 8241583: Shenandoah: turn heap lock asserts into macros + [backport] 8241668: Shenandoah: make ShenandoahHeapRegion not derive from ContiguousSpace + [backport] 8241673: Shenandoah: refactor anti-false-sharing padding + [backport] 8241675: Shenandoah: assert(n->outcnt() > 0) at shenandoahSupport.cpp:2858 with java/util/Collections/FindSubList.java + [backport] 8241692: Shenandoah: remove ShenandoahHeapRegion::_reserved + [backport] 8241700: Shenandoah: Fold ShenandoahKeepAliveBarrier flag into ShenandoahSATBBarrier + [backport] 8241740: Shenandoah: remove ShenandoahHeapRegion::_heap + [backport] 8241743: Shenandoah: refactor and inline ShenandoahHeap::heap() + [backport] 8241748: Shenandoah: inline MarkingContext TAMS methods + [backport] 8241838: Shenandoah: no need to trash cset during final mark + [backport] 8241841: Shenandoah: ditch one of allocation type counters in ShenandoahHeapRegion + [backport] 8241842: Shenandoah: inline ShenandoahHeapRegion::region_number + [backport] 8241844: Shenandoah: rename ShenandoahHeapRegion::region_number + [backport] 8241845: Shenandoah: align ShenandoahHeapRegions to cache lines + [backport] 8241926: Shenandoah: only print heap changes for operations that directly affect it + [backport] 8241983: Shenandoah: simplify FreeSet logging + [backport] 8241985: Shenandoah: simplify collectable garbage logging + [backport] 8242040: Shenandoah: print allocation failure type + [backport] 8242041: Shenandoah: adaptive heuristics should account evac reserve in free target + [backport] 8242042: Shenandoah: tune down ShenandoahGarbageThreshold + [backport] 8242054: Shenandoah: New incremental-update mode + [backport] 8242075: Shenandoah: rename ShenandoahHeapRegionSize flag + [backport] 8242082: Shenandoah: Purge Traversal mode + [backport] 8242083: Shenandoah: split 'Prepare Evacuation' tracking into cset/freeset counters + [backport] 8242089: Shenandoah: per-worker stats should be summed up, not averaged + [backport] 8242101: Shenandoah: coalesce and parallelise heap region walks during the pauses + [backport] 8242114: Shenandoah: remove ShenandoahHeapRegion::reset_alloc_metadata_to_shared + [backport] 8242130: Shenandoah: Simplify arraycopy-barrier dispatching + [backport] 8242211: Shenandoah: remove ShenandoahHeuristics::RegionData::_seqnum_last_alloc + [backport] 8242212: Shenandoah: initialize ShenandoahHeuristics::_region_data eagerly + [backport] 8242213: Shenandoah: remove ShenandoahHeuristics::_bytes_in_cset + [backport] 8242217: Shenandoah: Enable GC mode to be diagnostic/experimental and have a name + [backport] 8242227: Shenandoah: transit regions to cset state when adding to collection set + [backport] 8242228: Shenandoah: remove unused ShenandoahCollectionSet methods + [backport] 8242229: Shenandoah: inline ShenandoahHeapRegion liveness-related methods + [backport] 8242267: Shenandoah: regions space needs to be aligned by os::vm_allocation_granularity() + [backport] 8242271: Shenandoah: add test to verify GC mode unlock + [backport] 8242273: Shenandoah: accept either SATB or IU barriers, but not both + [backport] 8242301: Shenandoah: Inline LRB runtime call + [backport] 8242316: Shenandoah: Turn NULL-check into assert in SATB slow-path entry + [backport] 8242353: Shenandoah: micro-optimize region liveness handling + [backport] 8242365: Shenandoah: use uint16_t instead of jushort for liveness cache + [backport] 8242375: Shenandoah: Remove ShenandoahHeuristic::record_gc_start/end methods + [backport] 8242641: Shenandoah: clear live data and update TAMS optimistically + [backport] 8243238: Shenandoah: explicit GC request should wait for a complete GC cycle + [backport] 8243301: Shenandoah: ditch ShenandoahAllowMixedAllocs + [backport] 8243307: Shenandoah: remove ShCollectionSet::live_data + [backport] 8243395: Shenandoah: demote guarantee in ShenandoahPhaseTimings::record_workers_end + [backport] 8243463: Shenandoah: ditch total_pause counters + [backport] 8243464: Shenandoah: print statistic counters in time order + [backport] 8243465: Shenandoah: ditch unused pause_other, conc_other counters + [backport] 8243487: Shenandoah: make _num_phases illegal phase type + [backport] 8243494: Shenandoah: set counters once per cycle + [backport] 8243573: Shenandoah: rename GCParPhases and related code + [backport] 8243848: Shenandoah: Windows build fails after JDK-8239786 + [backport] 8244180: Shenandoah: carry Phase to ShWorkerTimingsTracker explicitly + [backport] 8244200: Shenandoah: build breakages after JDK-8241743 + [backport] 8244226: Shenandoah: per-cycle statistics contain worker data from previous cycles + [backport] 8244326: Shenandoah: global statistics should not accept bogus samples + [backport] 8244509: Shenandoah: refactor ShenandoahBarrierC2Support::test_* methods + [backport] 8244551: Shenandoah: Fix racy update of update_watermark + [backport] 8244667: Shenandoah: SBC2Support::test_gc_state takes loop for wrong control + [backport] 8244730: Shenandoah: gc/shenandoah/options/ /TestHeuristicsUnlock.java should only verify the heuristics + [backport] 8244732: Shenandoah: move heuristics code to gc/shenandoah/heuristics + [backport] 8244737: Shenandoah: move mode code to gc/shenandoah/mode + [backport] 8244739: Shenandoah: break superclass dependency on ShenandoahNormalMode + [backport] 8244740: Shenandoah: rename ShenandoahNormalMode to ShenandoahSATBMode + [backport] 8245461: Shenandoah: refine mode name()-s + [backport] 8245463: Shenandoah: refine ShenandoahPhaseTimings constructor arguments + [backport] 8245464: Shenandoah: allocate collection set bitmap at lower addresses + [backport] 8245465: Shenandoah: test_in_cset can use more efficient encoding + [backport] 8245726: Shenandoah: lift/cleanup ShenandoahHeuristics names and properties + [backport] 8245754: Shenandoah: ditch ShenandoahAlwaysPreTouch + [backport] 8245757: Shenandoah: AlwaysPreTouch should not disable heap resizing or uncommits + [backport] 8245773: Shenandoah: Windows assertion failure after JDK-8245464 + [backport] 8245812: Shenandoah: compute root phase parallelism + [backport] 8245814: Shenandoah: reconsider format specifiers for stats + [backport] 8245825: Shenandoah: Remove diagnostic flag ShenandoahConcurrentScanCodeRoots + [backport] 8246162: Shenandoah: full GC does not mark code roots when class unloading is off + [backport] 8247310: Shenandoah: pacer should not affect interrupt status + [backport] 8247358: Shenandoah: reconsider free budget slice for marking + [backport] 8247367: Shenandoah: pacer should wait on lock instead of exponential backoff + [backport] 8247474: Shenandoah: Windows build warning after JDK-8247310 + [backport] 8247560: Shenandoah: heap iteration holds root locks all the time + [backport] 8247593: Shenandoah: should not block pacing reporters + [backport] 8247751: Shenandoah: options tests should run with smaller heaps + [backport] 8247754: Shenandoah: mxbeans tests can be shorter + [backport] 8247757: Shenandoah: split heavy tests by heuristics to improve parallelism + [backport] 8247860: Shenandoah: add update watermark line in rich assert failure message + [backport] 8248041: Shenandoah: pre-Full GC root updates may miss some roots + [backport] 8248652: Shenandoah: SATB buffer handling may assume no forwarded objects + [backport] 8249560: Shenandoah: Fix racy GC request handling + [backport] 8249649: Shenandoah: provide per-cycle pacing stats + [backport] 8249801: Shenandoah: Clear soft-refs on requested GC cycle + [backport] 8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases + Fix slowdebug build after JDK-8230853 backport + JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR + JDK-8252366: Shenandoah: revert/cleanup changes in graphKit.cpp + Shenandoah: add JFR roots to root processor after JFR integration + Shenandoah: add root statistics for string dedup table/queues + Shenandoah: enable low-frequency STW class unloading + Shenandoah: fix build failures after JDK-8244737 backport + Shenandoah: Fix build failure with +JFR -PCH + Shenandoah: fix forceful pacer claim + Shenandoah: fix formats in ShenandoahStringSymbolTableUnlinkTask + Shenandoah: fix runtime linking failure due to non-compiled shenandoahBarrierSetC1 + Shenandoah: hook statistics printing to PrintGCDetails, not PrintGC + Shenandoah: JNI weak roots are always cleared before Full GC mark + Shenandoah: missing SystemDictionary roots in ShenandoahHeapIterationRootScanner + Shenandoah: move barrier sets to their proper locations + Shenandoah: move parallelCleaning.* to shenandoah/ + Shenandoah: pacer should use proper Atomics for intptr_t + Shenandoah: properly deallocates class loader metadata + Shenandoah: specialize String Table scans for better pause performance + Shenandoah: Zero build fails after recent Atomic cleanup in Pacer * AArch64 port + JDK-8161072, PR3797: AArch64: jtreg compiler/uncommontrap/TestDeoptOOM failure + JDK-8171537, PR3797: aarch64: compiler/c1/Test6849574.java generates guarantee failure in C1 + JDK-8183925, PR3797: [AArch64] Decouple crash protection from watcher thread + JDK-8199712, PR3797: [AArch64] Flight Recorder + JDK-8203481, PR3797: Incorrect constraint for unextended_sp in frame:safe_for_sender + JDK-8203699, PR3797: java/lang/invoke/SpecialInterfaceCall fails with SIGILL on aarch64 + JDK-8209413, PR3797: AArch64: NPE in clhsdb jstack command + JDK-8215961, PR3797: jdk/jfr/event/os/TestCPUInformation.java fails on AArch64 + JDK-8216989, PR3797: CardTableBarrierSetAssembler::gen_write_ref_array_post_barrier() does not check for zero length on AARCH64 + JDK-8217368, PR3797: AArch64: C2 recursive stack locking optimisation not triggered + JDK-8221658, PR3797: aarch64: add necessary predicate for ubfx patterns + JDK-8237512, PR3797: AArch64: aarch64TestHook leaks a BufferBlob + JDK-8246482, PR3797: Build failures with +JFR -PCH + JDK-8247979, PR3797: aarch64: missing side effect of killing flags for clearArray_reg_reg + JDK-8248219, PR3797: aarch64: missing memory barrier in fast_storefield and fast_accessfield ----------------------------------------- Patch: SUSE-2020-3462 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Severity: moderate References: 1174593,1177858,1178727 Description: This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------- Patch: SUSE-2020-3463 Released: Fri Nov 20 13:49:58 2020 Summary: Security update for postgresql12 Severity: important References: 1178666,1178667,1178668,CVE-2020-25694,CVE-2020-25695,CVE-2020-25696 Description: This update for postgresql12 fixes the following issues: - Upgrade to version 12.5: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/12/release-12-5.html - Stop building the mini and lib packages as they are now coming from postgresql13. ----------------------------------------- Patch: SUSE-2020-3468 Released: Fri Nov 20 15:11:00 2020 Summary: Recommended update for brltty Severity: moderate References: 1177656 Description: This update for brltty fixes the following issues: - Add coreutils and util-linux to post requires to fix package installation. (bsc#1177656) ----------------------------------------- Patch: SUSE-2020-3470 Released: Fri Nov 20 17:42:57 2020 Summary: Recommended update for monitoring-plugins Severity: moderate References: 1175828 Description: This update for monitoring-plugins fixes the following issues: - Fixed a bug for hosts, that ran out of swap memory and reported 'ok' when running monitoring-plugins with '-n ok'. (bsc#1175828) ----------------------------------------- Patch: SUSE-2020-3471 Released: Fri Nov 20 17:43:45 2020 Summary: Optional update for brp-check-suse Severity: low References: 1074711 Description: This update for brp-check-suse doesn't fix any runtime specific errors, but improves the packaging related build procedure (bsc#1074711) ----------------------------------------- Patch: SUSE-2020-3473 Released: Fri Nov 20 19:08:33 2020 Summary: Security update for ceph Severity: moderate References: 1163764,1170200,1170498,1173079,1174466,1174529,1174644,1175120,1175161,1175169,1176451,1176499,1176638,1177078,1177151,1177319,1177344,1177450,1177643,1177676,1177843,1177933,1178073,1178531,CVE-2020-25660 Description: This update for ceph fixes the following issues: - CVE-2020-25660: Bring back CEPHX_V2 authorizer challenges (bsc#1177843). - Added --container-init feature (bsc#1177319, bsc#1163764) - Made journald as the logdriver again (bsc#1177933) - Fixes a condition check for copy_tree, copy_files, and move_files in cephadm (bsc#1177676) - Fixed a bug where device_health_metrics pool gets created even without any OSDs in the cluster (bsc#1173079) - Log cephadm output /var/log/ceph/cephadm.log (bsc#1174644) - Fixed a bug where the orchestrator didn't come up anymore after the deletion of OSDs (bsc#1176499) - Fixed a bug where cephadm fails to deploy all OSDs and gets stuck (bsc#1177450) - python-common will no longer skip unavailable disks (bsc#1177151) - Added snap-schedule module (jsc#SES-704) - Updated the SES7 downstream branding (bsc#1175120, bsc#1175161, bsc#1175169, bsc#1170498) ----------------------------------------- Patch: SUSE-2020-3476 Released: Fri Nov 20 19:59:54 2020 Summary: Security update for postgresql10 Severity: important References: 1178666,1178667,1178668,CVE-2020-25694,CVE-2020-25695,CVE-2020-25696 Description: This update for postgresql10 fixes the following issues: - Upgrade to version 10.15: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/10/release-10-15.html ----------------------------------------- Patch: SUSE-2020-3478 Released: Mon Nov 23 09:33:17 2020 Summary: Security update for c-ares Severity: moderate References: 1178882,CVE-2020-8277 Description: This update for c-ares fixes the following issues: - Version update to 1.17.0 * CVE-2020-8277: Fixed a Denial of Service through DNS request (bsc#1178882) * For further details see https://c-ares.haxx.se/changelog.html ----------------------------------------- Patch: SUSE-2020-3480 Released: Mon Nov 23 10:34:36 2020 Summary: Security update for dash Severity: moderate References: 1178978 Description: This update for dash fixes the following issues: - Fixed an issue where code was executed even if noexec ('-n') was specified (bsc#1178978). ----------------------------------------- Patch: SUSE-2020-3481 Released: Mon Nov 23 11:17:09 2020 Summary: Optional update for vim Severity: low References: 1166602,1173256,1174564,1176549 Description: This update for vim doesn't fix any user visible issues and it is optional to install. - Introduce vim-small package with reduced requirements for small installations (bsc#1166602). - Stop owning /etc/vimrc so the old, distro provided config actually gets removed. - Own some dirs in vim-data-common so installation of vim-small doesn't leave not owned directories. (bsc#1173256) - Add vi as slave to update-alternatives so that every package has a matching 'vi' symlink. (bsc#1174564, bsc#1176549) ----------------------------------------- Patch: SUSE-2020-3484 Released: Mon Nov 23 12:49:47 2020 Summary: Security update for the Linux Kernel Severity: important References: 1055014,1058115,1061843,1065600,1065729,1066382,1077428,1112178,1131277,1134760,1140683,1163592,1167030,1168468,1170415,1170446,1170630,1171558,1171675,1172538,1172873,1173432,1174748,1175306,1175520,1175721,1176354,1176381,1176382,1176400,1176485,1176560,1176713,1176723,1176855,1176907,1176946,1176983,1177027,1177086,1177101,1177258,1177271,1177281,1177340,1177410,1177411,1177470,1177511,1177513,1177685,1177687,1177703,1177719,1177724,1177725,1177740,1177749,1177750,1177753,1177754,1177755,1177766,1177819,1177820,1177855,1177856,1177861,1178003,1178027,1178123,1178166,1178182,1178185,1178187,1178188,1178202,1178234,1178330,1178393,1178589,1178591,1178622,1178686,1178700,1178765,1178782,1178838,1178878,927455,CVE-2020-0430,CVE-2020-12351,CVE-2020-12352,CVE-2020-14351,CVE-2020-16120,CVE-2020-25212,CVE-2020-25285,CVE-2020-25645,CVE-2020-25656,CVE-2020-25668,CVE-2020-25669,CVE-2020-25704,CVE-2020-25705,CVE-2020-8694 Description: The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bug fixes. The following security bugs were fixed: - CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782). - CVE-2020-8694: Insufficient access control for some Intel(R) Processors may have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1170415). - CVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123). - CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766). - CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485). - CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bnc#1176723). - CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086). - CVE-2020-16120: Fixed a permissions issue in ovl_path_open() (bsc#1177470). - CVE-2020-12351: Implemented a kABI workaround for bluetooth l2cap_ops filter addition (bsc#1177724). - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725). - CVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code (bnc#1176381). - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177511). The following non-security bugs were fixed: - 9P: Cast to loff_t before multiplying (git-fixes). - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes). - ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes). - ACPI: dock: fix enum-conversion warning (git-fixes). - ACPI / extlog: Check for RDMSR failure (git-fixes). - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes). - ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes). - ALSA: bebob: potential info leak in hwdep_read() (git-fixes). - ALSA: compress_offload: remove redundant initialization (git-fixes). - ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes). - ALSA: core: pcm: simplify locking for timers (git-fixes). - ALSA: core: timer: clarify operator precedence (git-fixes). - ALSA: core: timer: remove redundant assignment (git-fixes). - ALSA: ctl: Workaround for lockdep warning wrt card->ctl_files_rwlock (git-fixes). - ALSA: hda: auto_parser: remove shadowed variable declaration (git-fixes). - ALSA: hda - Do not register a cb func if it is registered already (git-fixes). - ALSA: hda - Fix the return value if cb func is already registered (git-fixes). - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes). - ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7 (git-fixes). - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 (git-fixes). - ALSA: hda/realtek - The front Mic on a HP machine does not work (git-fixes). - ALSA: hda: use semicolons rather than commas to separate statements (git-fixes). - ALSA: mixart: Correct comment wrt obsoleted tasklet usage (git-fixes). - ALSA: rawmidi: (cosmetic) align function parameters (git-fixes). - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl (git-fixes). - ALSA: usb-audio: Add mixer support for Pioneer DJ DJM-250MK2 (git-fixes). - ALSA: usb-audio: endpoint.c: fix repeated word 'there' (git-fixes). - ALSA: usb-audio: fix spelling mistake 'Frequence' -> 'Frequency' (git-fixes). - amd-xgbe: Add a check for an skb in the timestamp path (git-fixes). - amd-xgbe: Add additional dynamic debug messages (git-fixes). - amd-xgbe: Add additional ethtool statistics (git-fixes). - amd-xgbe: Add ethtool show/set channels support (git-fixes). - amd-xgbe: Add ethtool show/set ring parameter support (git-fixes). - amd-xgbe: Add ethtool support to retrieve SFP module info (git-fixes). - amd-xgbe: Add hardware features debug output (git-fixes). - amd-xgbe: Add NUMA affinity support for IRQ hints (git-fixes). - amd-xgbe: Add NUMA affinity support for memory allocations (git-fixes). - amd-xgbe: Add per queue Tx and Rx statistics (git-fixes). - amd-xgbe: Advertise FEC support with the KR re-driver (git-fixes). - amd-xgbe: Always attempt link training in KR mode (git-fixes). - amd-xgbe: Be sure driver shuts down cleanly on module removal (git-fixes). - amd-xgbe: Convert to generic power management (git-fixes). - amd-xgbe: Fix debug output of max channel counts (git-fixes). - amd-xgbe: Fix error path in xgbe_mod_init() (git-fixes). - amd-xgbe: Fixes for working with PHYs that support 2.5GbE (git-fixes). - amd-xgbe: Fix SFP PHY supported/advertised settings (git-fixes). - amd-xgbe: fix spelling mistake: 'avialable' -> 'available' (git-fixes). - amd-xgbe: Handle return code from software reset function (git-fixes). - amd-xgbe: Improve SFP 100Mbps auto-negotiation (git-fixes). - amd-xgbe: Interrupt summary bits are h/w version dependent (git-fixes). - amd-xgbe: Limit the I2C error messages that are output (git-fixes). - amd-xgbe: Mark expected switch fall-throughs (git-fixes). - amd-xgbe: Optimize DMA channel interrupt enablement (git-fixes). - amd-xgbe: Prepare for ethtool set-channel support (git-fixes). - amd-xgbe: Read and save the port property registers during probe (git-fixes). - amd-xgbe: Remove field that indicates SFP diagnostic support (git-fixes). - amd-xgbe: remove unnecessary conversion to bool (git-fixes). - amd-xgbe: Remove use of comm_owned field (git-fixes). - amd-xgbe: Set the MDIO mode for 10000Base-T configuration (git-fixes). - amd-xgbe: Simplify the burst length settings (git-fixes). - amd-xgbe: use devm_platform_ioremap_resource() to simplify code (git-fixes). - amd-xgbe: use dma_mapping_error to check map errors (git-fixes). - amd-xgbe: Use __napi_schedule() in BH context (git-fixes). - amd-xgbe: Use the proper register during PTP initialization (git-fixes). - ASoC: qcom: lpass-cpu: fix concurrency issue (git-fixes). - ASoC: qcom: lpass-platform: fix memory leak (git-fixes). - ata: sata_rcar: Fix DMA boundary mask (git-fixes). - ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() (git-fixes). - ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path (git-fixes). - ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes). - ath10k: provide survey info as accumulated data (git-fixes). - ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes). - ath6kl: prevent potential array overflow in ath6kl_add_new_sta() (git-fixes). - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() (git-fixes). - ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() (git-fixes). - backlight: sky81452-backlight: Fix refcount imbalance on error (git-fixes). - blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART (bsc#1177750). - block: ensure bdi->io_pages is always initialized (bsc#1177749). - Bluetooth: MGMT: Fix not checking if BT_HS is enabled (git-fixes). - Bluetooth: Only mark socket zapped after unlocking (git-fixes). - bnxt: do not enable NAPI until rings are ready (networking-stable-20_09_11). - bnxt_en: Check for zero dir entries in NVRAM (networking-stable-20_09_11). - bpf: Zero-fill re-used per-cpu map element (git-fixes). - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach (git-fixes). - brcmfmac: check ndev pointer (git-fixes). - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy (git-fixes). - btrfs: check the right error variable in btrfs_del_dir_entries_in_log (bsc#1177687). - btrfs: do not force read-only after error in drop snapshot (bsc#1176354). - btrfs: do not set the full sync flag on the inode during page release (bsc#1177687). - btrfs: fix incorrect updating of log root tree (bsc#1177687). - btrfs: fix race between page release and a fast fsync (bsc#1177687). - btrfs: only commit delayed items at fsync if we are logging a directory (bsc#1177687). - btrfs: only commit the delayed inode when doing a full fsync (bsc#1177687). - btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations (bsc#1177856). - btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode (bsc#1177855). - btrfs: reduce contention on log trees when logging checksums (bsc#1177687). - btrfs: release old extent maps during page release (bsc#1177687). - btrfs: remove no longer needed use of log_writers for the log root tree (bsc#1177687). - btrfs: remove root usage from can_overcommit (bsc#1131277). - btrfs: stop incremening log_batch for the log root tree when syncing log (bsc#1177687). - btrfs: take overcommit into account in inc_block_group_ro (bsc#1176560). - btrfs: tree-checker: fix false alert caused by legacy btrfs root item (bsc#1177861). - bus/fsl_mc: Do not rely on caller to provide non NULL mc_io (git-fixes). - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes). - can: c_can: reg_map_{c,d}_can: mark as __maybe_unused (git-fixes). - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes). - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes). - can: flexcan: flexcan_chip_stop(): add error handling and propagate error value (git-fixes). - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes). - can: peak_usb: add range checking in decode operations (git-fixes). - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes). - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes). - can: softing: softing_card_shutdown(): add braces around empty body in an 'if' statement (git-fixes). - ceph: fix memory leak in ceph_cleanup_snapid_map() (bsc#1178234). - ceph: map snapid to anonymous bdev ID (bsc#1178234). - ceph: promote to unsigned long long before shifting (bsc#1178187). - clk: at91: clk-main: update key before writing AT91_CKGR_MOR (git-fixes). - clk: at91: remove the checking of parent_name (git-fixes). - clk: bcm2835: add missing release if devm_clk_hw_register fails (git-fixes). - clk: imx8mq: Fix usdhc parents order (git-fixes). - clk: ti: clockdomain: fix static checker warning (git-fixes). - coredump: fix crash when umh is disabled (bsc#1177753). - crypto: algif_skcipher - EBUSY on aio should be an error (git-fixes). - crypto: bcm - Verify GCM/CCM key length in setkey (git-fixes). - crypto: ccp - fix error handling (git-fixes). - crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call (git-fixes). - crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc() (git-fixes). - crypto: omap-sham - fix digcnt register handling with export/import (git-fixes). - cxl: Rework error message for incompatible slots (bsc#1055014 git-fixes). - cypto: mediatek - fix leaks in mtk_desc_ring_alloc (git-fixes). - device property: Do not clear secondary pointer for shared primary firmware node (git-fixes). - device property: Keep secondary firmware node secondary by type (git-fixes). - Disable ipa-clones dump for KMP builds (bsc#1178330) The feature is not really useful for KMP, and rather confusing, so let's disable it at building out-of-tree codes - dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (git-fixes). - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes). - drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873). - drivers: net: add missing interrupt.h include (git-fixes). - drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case (git-fixes). - drm/amd/display: Do not invoke kgdb_breakpoint() unconditionally (git-fixes). - drm/amd/display: HDMI remote sink need mode validation for Linux (git-fixes). - drm/amdgpu: do not map BO in reserved region (git-fixes). - drm/amdgpu: prevent double kfree ttm->sg (git-fixes). - drm/bridge/synopsys: dsi: add support for non-continuous HS clock (git-fixes). - drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (git-fixes). - drm/gma500: fix error check (git-fixes). - drm/i915: Break up error capture compression loops with cond_resched() (git-fixes). - drm/i915: Force VT'd workarounds when running as a guest OS (git-fixes). - drm/imx: tve remove extraneous type qualifier (git-fixes). - drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds() (git-fixes). - drm/nouveau/mem: guard against NULL pointer access in mem_del (git-fixes). - drm/sun4i: mixer: Extend regmap max_register (git-fixes). - drm/ttm: fix eviction valuable range check (git-fixes). - drm/vc4: drv: Add error handding for bind (git-fixes). - Drop sysctl files for dropped archs, add ppc64le and arm64 (bsc#1178838). - ea43d9709f72 ('nvme: fix identify error status silent ignore') - EDAC/i5100: Fix error handling order in i5100_init_one() (bsc#1112178). - eeprom: at25: set minimum read/write access stride to 1 (git-fixes). - efivarfs: Replace invalid slashes with exclamation marks in dentries (git-fixes). - Fix use after free in get_capset_info callback (git-fixes). - ftrace: Fix recursion check for NMI test (git-fixes). - ftrace: Handle tracing when switching between context (git-fixes). - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY (networking-stable-20_08_24). - gtp: add GTPA_LINK info to msg sent to userspace (networking-stable-20_09_11). - HID: roccat: add bounds checking in kone_sysfs_write_settings() (git-fixes). - HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery (git-fixes). - hv_netvsc: Add XDP support (bsc#1177819, bsc#1177820). - hv_netvsc: deal with bpf API differences in 4.12 (bsc#1177819, bsc#1177820). - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177819, bsc#1177820). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - i2c: imx: Fix external abort on interrupt in exit paths (git-fixes). - i2c: meson: fix clock setting overwrite (git-fixes). - ibmveth: Identify ingress large send packets (bsc#1178185 ltc#188897). - ibmveth: Switch order of ibmveth_helper calls (bsc#1061843 git-fixes). - ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943 git-fixes). - ibmvnic: save changed mac address to adapter->mac_addr (bsc#1134760 ltc#177449 git-fixes). - icmp: randomize the global rate limiter (git-fixes). - iio:accel:bma180: Fix use of true when should be iio_shared_by enum (git-fixes). - iio:adc:max1118 Fix alignment of timestamp and data leak issues (git-fixes). - iio:adc:ti-adc0832 Fix alignment issue with timestamp (git-fixes). - iio:adc:ti-adc12138 Fix alignment issue with timestamp (git-fixes). - iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE (git-fixes). - iio:gyro:itg3200: Fix timestamp alignment and prevent data leak (git-fixes). - iio:light:si1145: Fix timestamp alignment and prevent data leak (git-fixes). - iio:magn:hmc5843: Fix passing true where iio_shared_by enum required (git-fixes). - ima: Remove semicolon at the end of ima_get_binary_runtime_size() (git-fixes). - include/linux/swapops.h: correct guards for non_swap_entry() (git-fixes (mm/swap)). - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes). - Input: ep93xx_keypad - fix handling of platform_get_irq() error (git-fixes). - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 (git-fixes). - Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() (git-fixes). - Input: omap4-keypad - fix handling of platform_get_irq() error (git-fixes). - Input: sun4i-ps2 - fix handling of platform_get_irq() error (git-fixes). - Input: twl4030_keypad - fix handling of platform_get_irq() error (git-fixes). - iomap: Make sure iomap_end is called after iomap_begin (bsc#1177754). - iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400). - ip: fix tos reflection in ack and reset packets (networking-stable-20_09_24). - ipv4: Restore flowi4_oif update before call to xfrm_lookup_route (git-fixes). - iwlwifi: mvm: split a print to avoid a WARNING in ROC (git-fixes). - kbuild: enforce -Werror=return-type (bsc#1177281). - kernel-binary.spec.in: Package the obj_install_dir as explicit filelist. - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes). - leds: bcm6328, bcm6358: use devres LED registering function (git-fixes). - leds: mt6323: move period calculation (git-fixes). - libceph: clear con->out_msg on Policy::stateful_server faults (bsc#1178188). - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873). - lib/crc32.c: fix trivial typo in preprocessor condition (git-fixes). - livepatch: Test if -fdump-ipa-clones is really available - mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes). - mac80211: handle lack of sband->bitrates in rates (git-fixes). - macsec: avoid use-after-free in macsec_handle_frame() (git-fixes). - mailbox: avoid timer start from callback (git-fixes). - media: ati_remote: sanity check for both endpoints (git-fixes). - media: bdisp: Fix runtime PM imbalance on error (git-fixes). - media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync (git-fixes). - media: exynos4-is: Fix a reference count leak (git-fixes). - media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync (git-fixes). - media: firewire: fix memory leak (git-fixes). - media: m5mols: Check function pointer in m5mols_sensor_power (git-fixes). - media: media/pci: prevent memory leak in bttv_probe (git-fixes). - media: omap3isp: Fix memleak in isp_probe (git-fixes). - media: platform: fcp: Fix a reference count leak (git-fixes). - media: platform: Improve queue set up flow for bug fixing (git-fixes). - media: platform: s3c-camif: Fix runtime PM imbalance on error (git-fixes). - media: platform: sti: hva: Fix runtime PM imbalance on error (git-fixes). - media: Revert 'media: exynos4-is: Add missed check for pinctrl_lookup_state()' (git-fixes). - media: s5p-mfc: Fix a reference count leak (git-fixes). - media: saa7134: avoid a shift overflow (git-fixes). - media: st-delta: Fix reference count leak in delta_run_work (git-fixes). - media: sti: Fix reference count leaks (git-fixes). - media: tc358743: initialize variable (git-fixes). - media: ti-vpe: Fix a missing check and reference count leak (git-fixes). - media: tuner-simple: fix regression in simple_set_radio_freq (git-fixes). - media: tw5864: check status of tw5864_frameinterval_get (git-fixes). - media: usbtv: Fix refcounting mixup (git-fixes). - media: uvcvideo: Ensure all probed info is returned to v4l2 (git-fixes). - media: vsp1: Fix runtime PM imbalance on error (git-fixes). - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703). - memory: fsl-corenet-cf: Fix handling of platform_get_irq() error (git-fixes). - memory: omap-gpmc: Fix a couple off by ones (git-fixes). - mfd: sm501: Fix leaks in probe() (git-fixes). - mic: vop: copy data to kernel space then write to io memory (git-fixes). - misc: mic: scif: Fix error handling path (git-fixes). - misc: rtsx: Fix memory leak in rtsx_pci_probe (git-fixes). - misc: vop: add round_up(x,4) for vring_size to avoid kernel panic (git-fixes). - mlx5 PPC ringsize workaround (bsc#1173432). - mlx5: remove support for ib_get_vector_affinity (bsc#1174748). - mmc: core: do not set limits.discard_granularity as 0 (git-fixes). - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes). - mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes). - mmc: sdio: Check for CISTPL_VERS_1 buffer size (git-fixes). - mm/huge_memory.c: use head to check huge zero page (git-fixes (mm/thp)). - mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup() (git-fixes (mm/hugetlb)). - mm/ksm.c: do not WARN if page is still mapped in remove_stable_node() (git-fixes (mm/hugetlb)). - mm/memcg: fix refcount error while moving and swapping (bsc#1178686). - mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() (bsc#1177685). - mm/mempolicy.c: fix out of bounds write in mpol_parse_str() (git-fixes (mm/mempolicy)). - mm/mempolicy.c: use match_string() helper to simplify the code (git-fixes (mm/mempolicy)). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (git-fixes (mm/numa)). - mm/page_owner.c: remove drain_all_pages from init_early_allocated_pages (git-fixes (mm/debug)). - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() (git-fixes (mm/writeback)). - mm/page-writeback.c: improve arithmetic divisions (git-fixes (mm/writeback)). - mm/page-writeback.c: use div64_ul() for u64-by-unsigned-long divide (git-fixes (mm/writeback)). - mm/rmap: fixup copying of soft dirty and uffd ptes (git-fixes (mm/rmap)). - mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n (git-fixes (mm/zsmalloc)). - mm/zsmalloc.c: fix race condition in zs_destroy_pool (git-fixes (mm/zsmalloc)). - mm/zsmalloc.c: fix the migrated zspage statistics (git-fixes (mm/zsmalloc)). - mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely (git-fixes (mm/zsmalloc)). - Move the upstreamed bluetooth fix into sorted section - Move the upstreamed powercap fix into sorted sectio - mtd: lpddr: Fix bad logic in print_drs_error (git-fixes). - mtd: lpddr: fix excessive stack usage with clang (git-fixes). - mtd: mtdoops: Do not write panic data twice (git-fixes). - mwifiex: do not call del_timer_sync() on uninitialized timer (git-fixes). - mwifiex: Do not use GFP_KERNEL in atomic context (git-fixes). - mwifiex: fix double free (git-fixes). - mwifiex: remove function pointer check (git-fixes). - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (git-fixes). - net: 8390: Fix manufacturer name in Kconfig help text (git-fixes). - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873). - net: amd: fix return type of ndo_start_xmit function (git-fixes). - net/amd: Remove useless driver version (git-fixes). - net: amd-xgbe: fix comparison to bitshift when dealing with a mask (git-fixes). - net: amd-xgbe: Get rid of custom hex_dump_to_buffer() (git-fixes). - net: apple: Fix manufacturer name in Kconfig help text (git-fixes). - net: broadcom: Fix manufacturer name in Kconfig help text (git-fixes). - net: disable netpoll on fresh napis (networking-stable-20_09_11). - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes). - netfilter: nat: can't use dst_hold on noref dst (bsc#1178878). - net: Fix potential wrong skb->protocol in skb_vlan_untag() (networking-stable-20_08_24). - net: hns: Fix memleak in hns_nic_dev_probe (networking-stable-20_09_11). - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). - net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC (networking-stable-20_09_24). - netlabel: fix problems with mapping removal (networking-stable-20_09_11). - net/mlx5e: Take common TIR context settings into a function (bsc#1177740). - net/mlx5e: Turn on HW tunnel offload in all TIRs (bsc#1177740). - net: mvmdio: defer probe of orion-mdio if a clock is not ready (git-fixes). - net: phy: Avoid NPD upon phy_detach() when driver is unbound (networking-stable-20_09_24). - net: qrtr: fix usage of idr in port assignment to socket (networking-stable-20_08_24). - net: systemport: Fix memleak in bcm_sysport_probe (networking-stable-20_09_11). - net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx (git-fixes). - net: usb: dm9601: Add USB ID of Keenetic Plus DSL (networking-stable-20_09_11). - net: usb: qmi_wwan: add Cellient MPL200 card (git-fixes). - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes). - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails (git-fixes). - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() (git-fixes). - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() (git-fixes). - NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340). - NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340). - NFSv4.1: fix handling of backchannel binding in BIND_CONN_TO_SESSION (bsc#1170630). - nl80211: fix non-split wiphy information (git-fixes). - NTB: hw: amd: fix an issue about leak system resources (git-fixes). - nvme: 59c7c3caaaf8 ('fix possible hang when ns scanning fails during error recovery') - nvme: add a Identify Namespace Identification Descriptor list quirk (bsc#1174748). - nvme: do not update disk info for multipathed device (bsc#1171558). - nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1174748). - nvme: fix deadlock caused by ANA update wrong locking (bsc#1174748). - nvme: fix possible io failures when removing multipathed ns (bsc#1174748). - nvme: make nvme_identify_ns propagate errors back (bsc#1174748). - nvme: make nvme_report_ns_ids propagate error back (bsc#1174748). - nvme-multipath: do not reset on unknown status (bsc#1174748). - nvme: Namepace identification descriptor list is optional (bsc#1174748). - nvme: pass status to nvme_error_status (bsc#1174748). - nvme-rdma: Avoid double freeing of async event data (bsc#1174748). - nvme-rdma: fix crash due to incorrect cqe (bsc#1174748). - nvme-rdma: fix crash when connect rejected (bsc#1174748). - nvme: return error from nvme_alloc_ns() (bsc#1174748). - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873). - p54: avoid accessing the data mapped to streaming DMA (git-fixes). - pinctrl: intel: Set default bias in case no particular value given (git-fixes). - platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM configuration (git-fixes). - platform/x86: thinkpad_acpi: initialize tp_nvram_state variable (git-fixes). - platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse (git-fixes). - powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729). - powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation (bsc#1065729). - powerpc/hwirq: Remove stale forward irq_chip declaration (bsc#1065729). - powerpc/icp-hv: Fix missing of_node_put() in success path (bsc#1065729). - powerpc/irq: Drop forward declaration of struct irqaction (bsc#1065729). - powerpc/perf/hv-gpci: Fix starting index value (bsc#1065729). - powerpc/powernv/dump: Fix race while processing OPAL dump (bsc#1065729). - powerpc/powernv/elog: Fix race while processing OPAL error log event (bsc#1065729). - powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#1178765 ltc#188968). - powerpc/pseries: explicitly reschedule during drmem_lmb list traversal (bsc#1077428 ltc#163882 git-fixes). - powerpc/pseries: Fix missing of_node_put() in rng_init() (bsc#1065729). - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293). - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293). - power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes). - pty: do tty_flip_buffer_push without port->lock in pty_write (git-fixes). - pwm: lpss: Add range limit check for the base_unit register value (git-fixes). - pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() (git-fixes). - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes). - regulator: resolve supply after creating regulator (git-fixes). - Revert 'cdc-acm: hardening against malicious devices' (git-fixes). - ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes). - ring-buffer: Return 0 on success from ring_buffer_resize() (git-fixes). - rpm/kernel-binary.spec.in: Fix compressed module handling for in-tree KMP (jsc#SLE-10886) - rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592) - rtl8xxxu: prevent potential memory leak (git-fixes). - scsi: fnic: Do not call 'scsi_done()' for unhandled commands (bsc#1168468, bsc#1171675). - scsi: hisi_sas: Add debugfs ITCT file and add file operations (bsc#1140683). - scsi: hisi_sas: Add manual trigger for debugfs dump (bsc#1140683). - scsi: hisi_sas: Add missing seq_printf() call in hisi_sas_show_row_32() (bsc#1140683). - scsi: hisi_sas: Change return variable type in phy_up_v3_hw() (bsc#1140683). - scsi: hisi_sas: Correct memory allocation size for DQ debugfs (bsc#1140683). - scsi: hisi_sas: Do some more tidy-up (bsc#1140683). - scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO (bsc#1140683). - scsi: hisi_sas: Fix type casting and missing static qualifier in debugfs code (bsc#1140683). Refresh: - scsi: hisi_sas: No need to check return value of debugfs_create functions (bsc#1140683). Update: - scsi: hisi_sas: Some misc tidy-up (bsc#1140683). - scsi: ibmvfc: Fix error return in ibmvfc_probe() (bsc#1065729). - scsi: ibmvscsi: Fix potential race after loss of transport (bsc#1178166 ltc#188226). - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258). - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873). - scsi: qla2xxx: Add IOCB resource tracking (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Add rport fields in debugfs (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Add SLER and PI control support (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix memory size truncation (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix MPI reset needed message (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Performance tweak (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1176946 bsc#1175520 bsc#1172538). - sctp: not disable bh in the whole sctp_get_port_local() (networking-stable-20_09_11). - spi: fsl-espi: Only process interrupts for expected events (git-fixes). - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes). - staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes). - staging: octeon: repair 'fixed-link' support (git-fixes). - tg3: Fix soft lockup when tg3_reset_task() fails (networking-stable-20_09_11). - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes). - time: Prevent undefined behaviour in timespec64_to_ns() (git-fixes). - tipc: fix memory leak caused by tipc_buf_append() (git-fixes). - tipc: fix shutdown() of connectionless socket (networking-stable-20_09_11). - tipc: fix shutdown() of connection oriented socket (networking-stable-20_09_24). - tipc: fix the skb_unshare() in tipc_buf_append() (git-fixes). - tipc: fix uninit skb->data in tipc_nl_compat_dumpit() (networking-stable-20_08_24). - tipc: use skb_unshare() instead in tipc_buf_append() (networking-stable-20_09_24). - tty: ipwireless: fix error handling (git-fixes). - tty: serial: earlycon dependency (git-fixes). - tty: serial: fsl_lpuart: fix lpuart32_poll_get_char (git-fixes). - Update patches.suse/vfs-add-super_operations-get_inode_dev (bsc#927455 bsc#1176983). - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes). - USB: adutux: fix debugging (git-fixes). - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices (git-fixes). - USB: cdc-acm: fix cooldown mechanism (git-fixes). - usb: cdc-acm: handle broken union descriptors (git-fixes). - usb: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync() (git-fixes). - USB: core: driver: fix stray tabs in error messages (git-fixes). - usb: core: Solve race condition in anchor cleanup functions (git-fixes). - usb: dwc2: Fix INTR OUT transfers in DDMA mode (git-fixes). - usb: dwc2: Fix parameter type in function pointer prototype (git-fixes). - usb: dwc3: core: add phy cleanup for probe error handling (git-fixes). - usb: dwc3: core: do not trigger runtime pm when remove driver (git-fixes). - usb: dwc3: ep0: Fix ZLP for OUT ep0 requests (git-fixes). - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets (git-fixes). - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above (git-fixes). - usb: gadget: function: printer: fix use-after-free in __lock_acquire (git-fixes). - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well (git-fixes). - USB: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes). - USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes). - usb: ohci: Default to per-port over-current protection (git-fixes). - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes). - USB: serial: option: add Cellient MPL200 card (git-fixes). - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes). - USB: serial: option: add Quectel EC200T module support (git-fixes). - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes). - USB: serial: option: Add Telit FT980-KS composition (git-fixes). - USB: serial: pl2303: add device-id for HP GC device (git-fixes). - usb: serial: qcserial: fix altsetting probing (git-fixes). - USB: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes). - USB: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes). - vfs: fix FIGETBSZ ioctl on an overlayfs file (bsc#1178202). - video: fbdev: pvr2fb: initialize variables (git-fixes). - video: fbdev: sis: fix null ptr dereference (git-fixes). - video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error (git-fixes). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - VMCI: check return value of get_user_pages_fast() for errors (git-fixes). - vmxnet3: fix cksum offload issues for non-udp tunnels (git-fixes). - vt: Disable KD_FONT_OP_COPY (bsc#1178589). - w1: mxc_w1: Fix timeout resolution problem leading to bus error (git-fixes). - watchdog: iTCO_wdt: Export vendorsupport (bsc#1177101). - watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional (bsc#1177101). - wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 (git-fixes). - writeback: Avoid skipping inode writeback (bsc#1177755). - writeback: Fix sync livelock due to b_dirty_time processing (bsc#1177755). - writeback: Protect inode->i_io_list with inode->i_lock (bsc#1177755). - x86/apic: Unify duplicated local apic timer clockevent initialization (bsc#1112178). - x86, fakenuma: Fix invalid starting node ID (git-fixes (mm/x86/fakenuma)). - x86/fpu: Allow multiple bits in clearcpuid= parameter (bsc#1112178). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (bsc#1058115 bsc#1176907). - x86/xen: disable Firmware First mode for correctable memory errors (bsc#1176713). - xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411). - xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411). - xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410). - xen/events: block rogue events for some time (XSA-332 bsc#1177411). - xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411). - xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600). - xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411). - xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411). - xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411). - xen/gntdev.c: Mark pages as dirty (bsc#1065600). - xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen: XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (XSA-332 bsc#1065600). - xfs: avoid infinite loop when cancelling CoW blocks after writeback failure (bsc#1178027). - xfs: do not update mtime on COW faults (bsc#1167030). - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes). - xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes). - xfs: fix rmap key and record comparison functions (git-fixes). - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes). - xfs: limit entries returned when counting fsmap records (git-fixes). - xgbe: no need to check return value of debugfs_create functions (git-fixes). - xgbe: switch to more generic VxLAN detection (git-fixes). ----------------------------------------- Patch: SUSE-2020-3488 Released: Mon Nov 23 13:11:15 2020 Summary: Recommended update for libdlm Severity: moderate References: 1098449,1144793,1168771,1177658 Description: This update for libdlm fixes the following issues: - Add require libdlm3. (bsc#1177658) - Fixes an issue when cluster rolling update is broken and can result an unexpected corosync ring ID. (bsc#1168771) - Include fixes for DLM stonith devices. (bsc#1144793) - Fixed an issue when in a 2 node cluster after fencing the active node do not start properly. (bsc#1098449) ----------------------------------------- Patch: SUSE-2020-3495 Released: Tue Nov 24 06:22:06 2020 Summary: Optional update for ec2-instance-connect Severity: low References: 1131916,1152806 Description: This patch ships the package ec2-instance-connect for the first time. It enables support for the AWS EC2 instance connect. ----------------------------------------- Patch: SUSE-2020-3498 Released: Tue Nov 24 13:07:16 2020 Summary: Recommended update for dracut Severity: moderate References: 1164076,1177811,1178217 Description: This update for dracut fixes the following issues: - Update from version 049.1+suse.156.g7d852636 to version 049.1+suse.171.g65b2addf: - dracut.sh: FIPS workaround for openssl-libs (bsc#1178217) - 01fips: turn info calls into fips_info calls (bsc#1164076) - 00systemd: add missing cryptsetup-related targets (bsc#1177811) ----------------------------------------- Patch: SUSE-2020-3500 Released: Tue Nov 24 13:49:59 2020 Summary: Security update for mariadb Severity: moderate References: 1175596,1177472,1178428,CVE-2020-14765,CVE-2020-14776,CVE-2020-14789,CVE-2020-14812,CVE-2020-15180 Description: This update for mariadb and mariadb-connector-c fixes the following issues: - Update mariadb to 10.2.36 GA [bsc#1177472, bsc#1178428] fixing for the following security vulnerabilities: CVE-2020-14812, CVE-2020-14765, CVE-2020-14776, CVE-2020-14789 CVE-2020-15180 - Update mariadb-connector-c to 3.1.11 [bsc#1177472 and bsc#1178428] ----------------------------------------- Patch: SUSE-2020-3515 Released: Wed Nov 25 13:14:43 2020 Summary: Security update for LibVNCServer Severity: important References: 1178682,CVE-2020-25708 Description: This update for LibVNCServer fixes the following issues: - CVE-2020-25708 [bsc#1178682], libvncserver/rfbserver.c has a divide by zero which could result in DoS ----------------------------------------- Patch: SUSE-2020-3521 Released: Wed Nov 25 13:54:21 2020 Summary: Recommended update for gnome-shell-extensions Severity: moderate References: 1176911 Description: This update for gnome-shell-extensions fixes the following issues: - Change metadata shell-version to 3.34. (bsc#1176911). ----------------------------------------- Patch: SUSE-2020-3525 Released: Wed Nov 25 17:00:31 2020 Summary: Recommended update for ucode-intel Severity: important References: 1178971 Description: This update for ucode-intel fixes the following issues: - Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971) - Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms. ----------------------------------------- Patch: SUSE-2020-3533 Released: Thu Nov 26 13:50:41 2020 Summary: Recommended update for nodejs14 Severity: moderate References: Description: This update for nodejs14 fixes the following issues: NodeJS is shipped in version 14.15.0 (jsc#SLE-15774) ----------------------------------------- Patch: SUSE-2020-3535 Released: Thu Nov 26 15:14:08 2020 Summary: Recommended update for python-kiwi Severity: moderate References: 1170863,1175729,1176129,1176134,1176977 Description: This update for python-kiwi fixes the following issues: Update from version 9.21.7 to version 9.21.23 - Do not exclude filesystem folders in OCI images. (bsc#1176129) This commit does not exclude filesystem folders during the rsync call in OCI images. It has been noted that including an empty /dev folder does not hurt and it can eventually help to work around some limitations of container related tools such as buildah. - Fix/Refactor s390 support (bsc#1170863, bsc#1176977, bsc#1170863,bsc#1175729, bsc#1176134) - On s390 the boot process is based on zipl which boots into an initrd from which a userspace grub process is started to support the grub capabilities. The implementation of this concept is provided via the grub2-s390x-emu package. Once installed the setup of the bootloader is done via the grub2-mkconfig and grub2-install commands and therefore from a caller perspective the same as with any other grub2 setup process. For kiwi this means no extra zipl bootloader target code is needed. Therefore this commit deletes the zipl setup from kiwi and puts on the standard grub2 process. - To support different targettypes the grub2-s390x-emu provided zipl template must be adapted. Parts of the former zipl bootloader setup therefore now applies to an update of the zipl2grub template file - Support for CDL/LDL DASD targets has been disabled in the schema When testing 4k devices and a respective zipl2grub template setup for CDL/LDL targettype it has turned out that grub2-install is not able to run on such a device. My assumption is that the device code in grub2-install does not work for 4k devices with an fdasd created partition table. As this needs further investigations and most probably adaptions on the grub toolchain for s390, we disabled the setup of these modes for now. emulated DASD (FBA) and SCSI targets stays supported. - Fix compat link for rpmdb location Fix the symlink creation for `/var/lib/rpm`. More specific or derived container images in which the base root tree already included the `/var/lib/rpm` the link, the `ln` command was creating a symlink inside the `/var/lib/rpm` folder given that it was following the already existing symlink. Adding the `--no-target-directory` force `ln` command to treat `/var/lib/rpm` path as the fully qualified symlink name. - Fixed s390/sle15 Virtual disk integration test The integration test used FBA mode as target. As the target is expected to be KVM this is the wrong setting. SCSI should be used instead. - Support dynamic linux/linuxefi in any case Instead of restricting the dynamic linux vs. linuxefi setup to a specific grub version, support this setup for any version of grub. ----------------------------------------- Patch: SUSE-2020-3547 Released: Fri Nov 27 11:21:56 2020 Summary: Recommended update for xrdp Severity: moderate References: Description: This update for xrdp fixes the following issues: - Introduce more buffer protection fixes (jsc#SLE-11518): - Address memory allocation overflow security issues - Remove unnecessary g_malloc() call - Add checks to prevent buffer overruns during data chunk re-assembly ----------------------------------------- Patch: SUSE-2020-3551 Released: Fri Nov 27 14:54:37 2020 Summary: Security update for libssh2_org Severity: moderate References: 1130103,1178083,CVE-2019-17498,CVE-2019-3855,CVE-2019-3856,CVE-2019-3857,CVE-2019-3858,CVE-2019-3859,CVE-2019-3860,CVE-2019-3861,CVE-2019-3862,CVE-2019-3863 Description: This update for libssh2_org fixes the following issues: - Version update to 1.9.0: [bsc#1178083, jsc#SLE-16922] Enhancements and bugfixes: * adds ECDSA keys and host key support when using OpenSSL * adds ED25519 key and host key support when using OpenSSL 1.1.1 * adds OpenSSH style key file reading * adds AES CTR mode support when using WinCNG * adds PEM passphrase protected file support for Libgcrypt and WinCNG * adds SHA256 hostkey fingerprint * adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path() * adds explicit zeroing of sensitive data in memory * adds additional bounds checks to network buffer reads * adds the ability to use the server default permissions when creating sftp directories * adds support for building with OpenSSL no engine flag * adds support for building with LibreSSL * increased sftp packet size to 256k * fixed oversized packet handling in sftp * fixed building with OpenSSL 1.1 * fixed a possible crash if sftp stat gets an unexpected response * fixed incorrect parsing of the KEX preference string value * fixed conditional RSA and AES-CTR support * fixed a small memory leak during the key exchange process * fixed a possible memory leak of the ssh banner string * fixed various small memory leaks in the backends * fixed possible out of bounds read when parsing public keys from the server * fixed possible out of bounds read when parsing invalid PEM files * no longer null terminates the scp remote exec command * now handle errors when diffie hellman key pair generation fails * improved building instructions * improved unit tests - Version update to 1.8.2: [bsc#1130103] Bug fixes: * Fixed the misapplied userauth patch that broke 1.8.1 * moved the MAX size declarations from the public header ----------------------------------------- Patch: SUSE-2020-3557 Released: Fri Nov 27 21:39:24 2020 Summary: Recommended update for gnome-shell-extension-desktop-icons Severity: moderate References: 1176911 Description: This update for gnome-shell-extension-desktop-icons fixes the following issues: - Adds a fix to match the gnome-shell-extensions version even under strict version checking (bsc#1176911) ----------------------------------------- Patch: SUSE-2020-3561 Released: Mon Nov 30 13:18:20 2020 Summary: Optional update for kubernetes1.18 Severity: low References: Description: This patch provides the Kubernetes client at version 1.18.10. ----------------------------------------- Patch: SUSE-2020-3565 Released: Mon Nov 30 16:55:44 2020 Summary: Security update for python-pip Severity: important References: 1176262,CVE-2019-20916 Description: This update for python-pip fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------- Patch: SUSE-2020-3566 Released: Mon Nov 30 16:56:52 2020 Summary: Security update for python-setuptools Severity: important References: 1176262,CVE-2019-20916 Description: This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------- Patch: SUSE-2020-3568 Released: Mon Nov 30 16:58:38 2020 Summary: Security update for mutt Severity: important References: 1179035,1179113,CVE-2020-28896 Description: This update for mutt fixes the following issues: - CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections (bsc#1179035) - Avoid that message with a million tiny parts can freeze MUA for several minutes (bsc#1179113) ----------------------------------------- Patch: SUSE-2020-3570 Released: Mon Nov 30 17:14:35 2020 Summary: Recommended update for rsyslog Severity: moderate References: 1178288 Description: This update for rsyslog fixes the following issue: - Fix location and naming of journald dropin. (bsc#1178288) ----------------------------------------- Patch: SUSE-2020-3574 Released: Mon Nov 30 18:13:31 2020 Summary: Recommended update for libqt5-qtbase Severity: low References: 1176130 Description: This update for libqt5-qtbase fixes the following issues: - Fixed an issue when /usr/include/qt5/QtGui/qopenglext.h and /usr/include/GLES3/gl3.h are included. Those header files have different defintions of GLintptr, GLsizeiptr, etc. at least for i586 (bsc#1176130) ----------------------------------------- Patch: SUSE-2020-3576 Released: Tue Dec 1 09:34:12 2020 Summary: Recommended update for lifecycle-data-sle-module-live-patching Severity: moderate References: 1020320 Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: - Added data for the live patches 4_12_14-197_61, 4_12_14-197_64, 4_12_14-197_67, 5_3_18-24_24, 5_3_18-24_29, 5_3_18-24_34, 5_3_18-24_37. (bsc#1020320) ----------------------------------------- Patch: SUSE-2020-3578 Released: Tue Dec 1 10:33:36 2020 Summary: Recommended update for bcache-tools Severity: moderate References: 1178725 Description: This update for bcache-tools fixes the following issues: - Install *bcache-status*. (jsc#SLE-9807, bsc#1178725) - Add *_sbindir/bcache-status* for the new added *bcache-status* python script. (jsc#SLE-9807, bsc#1178725) ----------------------------------------- Patch: SUSE-2020-3580 Released: Tue Dec 1 14:25:38 2020 Summary: Recommended update for tboot Severity: moderate References: 1175114 Description: This update for tboot fixes the following issues: - Do not generate 'tboot' menu entries in grub when the system is running with UEFI Secure Boot. (bsc#1175114) The tboot bootloader is not an EFI compatible binary and therefore not digitally signed appropriately to be part of a Secure Boot trust chain. ----------------------------------------- Patch: SUSE-2020-3581 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Severity: moderate References: 1178376 Description: This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------- Patch: SUSE-2020-3588 Released: Tue Dec 1 16:31:58 2020 Summary: Security update for xorg-x11-server Severity: important References: 1174908,1177596,CVE-2020-14360,CVE-2020-25712 Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596). - CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908). ----------------------------------------- Patch: SUSE-2020-3590 Released: Tue Dec 1 18:09:24 2020 Summary: Recommended update for hawk2 Severity: moderate References: 1163381 Description: This update for hawk2 fixes the following issues: - Update from version 2.1.2+git.1594886920.d00b94aa to version 2.2.0+git.1603969748.10468582: - Fix server error after authentication if a resource has the same name as a node (bsc#1163381) - Allow also users in haclient to view history explorer (jsc#SLE-7358) ----------------------------------------- Patch: SUSE-2020-3591 Released: Wed Dec 2 09:58:31 2020 Summary: Security update for java-1_8_0-openjdk Severity: important References: 1179441 Description: This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u275 (icedtea 3.17.1) * JDK-8214440, bsc#1179441: Fix StartTLS functionality that was broken in openjdk272. (bsc#1179441) * JDK-8223940: Private key not supported by chosen signature algorithm * JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding * JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool) * PR3815: Fix new s390 size_t issue in g1ConcurrentMarkObjArrayProcessor.cpp ----------------------------------------- Patch: SUSE-2020-3592 Released: Wed Dec 2 10:31:34 2020 Summary: Security update for python-cryptography Severity: moderate References: 1178168,CVE-2020-25659 Description: This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168). ----------------------------------------- Patch: SUSE-2020-3593 Released: Wed Dec 2 10:33:49 2020 Summary: Security update for python3 Severity: important References: 1176262,1179193,CVE-2019-20916 Description: This update for python3 fixes the following issues: Update to 3.6.12 (bsc#1179193), including: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------- Patch: SUSE-2020-3597 Released: Wed Dec 2 10:45:20 2020 Summary: Security update for python Severity: important References: 1176262,CVE-2019-20916 Description: This update for python fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------- Patch: SUSE-2020-3603 Released: Wed Dec 2 15:11:46 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Severity: moderate References: Description: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for the GCC 9 yearly update for the Toolchain/Development modules. (jsc#ECO-2373, jsc#SLE-10950, jsc#SLE-10951) ----------------------------------------- Patch: SUSE-2020-3608 Released: Wed Dec 2 18:16:12 2020 Summary: Recommended update for cloud-init Severity: important References: 1177526,1179150,1179151 Description: This update for cloud-init contains the following fixes: - Add cloud-init-azure-def-usr-pass.patch (bsc#1179150, bsc#1179151) + Properly set the password for the default user in all circumstances - Patch the full package version into the cloud-init version file - Update cloud-init-write-routes.patch (bsc#1177526) + Fix missing default route when dual stack network setup is used. Once a default route was configured for Ipv6 or IPv4 the default route configuration for the othre protocol was skipped. ----------------------------------------- Patch: SUSE-2020-3613 Released: Thu Dec 3 09:34:21 2020 Summary: Security update for rpmlint Severity: moderate References: 1169614 Description: This update for rpmlint fixes the following issues: - Whitelist PAM modules and DBUS rules for cockpit (bsc#1169614) ----------------------------------------- Patch: SUSE-2020-3616 Released: Thu Dec 3 10:56:12 2020 Summary: Recommended update for c-ares Severity: moderate References: 1178882 Description: - Fixed incomplete c-ares-devel dependencies introduced by the privous update (bsc#1178882). ----------------------------------------- Patch: SUSE-2020-3620 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Severity: moderate References: Description: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------- Patch: SUSE-2020-3633 Released: Mon Dec 7 11:51:47 2020 Summary: Recommended update for mutt Severity: important References: 1179461 Description: This update for mutt fixes the following issue: - Find and display the content of messages properly. (bsc#1179461) ----------------------------------------- Patch: SUSE-2020-3640 Released: Mon Dec 7 13:24:41 2020 Summary: Recommended update for binutils Severity: important References: 1179036,1179341 Description: This update for binutils fixes the following issues: Update binutils 2.35 branch to commit 1c5243df: * Fixes PR26520, aka [bsc#1179036], a problem in addr2line with certain DWARF variable descriptions. * Also fixes PR26711, PR26656, PR26655, PR26929, PR26808, PR25878, PR26740, PR26778, PR26763, PR26685, PR26699, PR26902, PR26869, PR26711 * The above includes fixes for dwo files produced by modern dwp, fixing several problems in the DWARF reader. Update binutils to 2.35.1 and rebased branch diff: * This is a point release over the previous 2.35 version, containing bug fixes, and as an exception to the usual rule, one new feature. The new feature is the support for a new directive in the assembler: '.nop'. This directive creates a single no-op instruction in whatever encoding is correct for the target architecture. Unlike the .space or .fill this is a real instruction, and it does affect the generation of DWARF line number tables, should they be enabled. This fixes an incompatibility introduced in the latest update that broke the install scripts of the Oracle server. [bsc#1179341] ----------------------------------------- Patch: SUSE-2020-3701 Released: Mon Dec 7 20:15:49 2020 Summary: Recommended update for libical Severity: important References: 1178412 Description: This update for libical fixes the following issue: - Correctly read `slim` timezone data. (bsc#1178412) ----------------------------------------- Patch: SUSE-2020-3703 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1179431 Description: This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------- Patch: SUSE-2020-3708 Released: Tue Dec 8 10:22:36 2020 Summary: Recommended update for python-shaptools, salt-shaptools Severity: moderate References: Description: This update for python-shaptools, salt-shaptools fixes the following issues: python-shaptools: Update from version 0.3.10+git.1600699158.46fca28 to version 0.3.11+git.1605798399.b036435 - Retrieve the currently installed ENSA version for Netweaver (only for ASCS and ERS instances). (jsc#SLE-4047) salt-shaptools: Update from version 0.3.10+git.1600699854.f5950bc to version 0.3.11+git.1605797958.ae2f08a - Improve extract_pydbapi to check recursively in subfolders (jsc#SLE-4047) - Implement a new state to set the ENSA version grains data ----------------------------------------- Patch: SUSE-2020-3714 Released: Tue Dec 8 18:35:03 2020 Summary: Security update for the Linux Kernel Severity: important References: 1050549,1067665,1111666,1112178,1170139,1172542,1174726,1175916,1176109,1177304,1177397,1177805,1177808,1178589,1178635,1178669,1178853,1178854,1178886,1178897,1178940,1178962,1179107,1179140,1179211,1179213,1179259,1179424,1179426,1179427,CVE-2020-15437,CVE-2020-27777,CVE-2020-28915,CVE-2020-28974 Description: The SUSE Linux Enterprise 15 SP1 Azure kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). The following non-security bugs were fixed: - ACPI: GED: fix -Wformat (git-fixes). - ALSA: ctl: fix error path at adding user-defined element set (git-fixes). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes). - ALSA: mixart: Fix mutex deadlock (git-fixes). - arm64: KVM: Fix system register enumeration (bsc#1174726). - arm/arm64: KVM: Add PSCI version selection API (bsc#1174726). - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes). - ath10k: Acquire tx_lock in tx error paths (git-fixes). - batman-adv: set .owner to THIS_MODULE (git-fixes). - Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes). - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes). - btrfs: account ticket size at add/delete time (bsc#1178897). - btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897). - btrfs: check rw_devices, not num_devices for balance (bsc#1178897). - btrfs: do not delete mismatched root refs (bsc#1178962). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897). - btrfs: fix force usage in inc_block_group_ro (bsc#1178897). - btrfs: fix invalid removal of root ref (bsc#1178962). - btrfs: fix reclaim counter leak of space_info objects (bsc#1178897). - btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897). - btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897). - btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962). - btrfs: split dev-replace locking helpers for read and write (bsc#1178897). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes). - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - ceph: add check_session_state() helper and make it global (bsc#1179259). - ceph: check session state after bumping session->s_seq (bsc#1179259). - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: remove bogus debug code (bsc#1179427). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - Convert trailing spaces and periods in path components (bsc#1179424). - Drivers: hv: vmbus: Remove the unused 'tsc_page' from struct hv_context (git-fixes). - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes). - efi: cper: Fix possible out-of-bounds access (git-fixes). - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes). - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes). - efi: provide empty efi_enter_virtual_mode implementation (git-fixes). - efivarfs: fix memory leak in efivarfs_create() (git-fixes). - efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes). - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes). - efi/x86: Free efi_pgd with free_pages() (bsc#1112178). - efi/x86: Ignore the memory attributes table on i386 (git-fixes). - efi/x86: Map the entire EFI vendor string before copying it (git-fixes). - fs/proc/array.c: allow reporting eip/esp for all coredumping threads (bsc#1050549). - fuse: fix page dereference after free (bsc#1179213). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1067665). - futex: Handle transient 'ownerless' rtmutex state correctly (bsc#1067665). - hv_balloon: disable warning when floor reached (git-fixes). - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1178853, bsc#1178854). - hv_netvsc: record hardware hash in skb (bsc#1178853, bsc#1178854). - IB/core: Set qp->real_qp before it may be accessed (bsc#1111666) - IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666) - IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666) - IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666) - IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666) - IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666) - IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666) - IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666) - IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666) - IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666) - IB/hfi1: Handle port down properly in pio (bsc#1111666) - IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666) - IB/hfi1: Insure freeze_work work_struct is canceled on shutdown (bsc#1111666) - IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666) - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bsc#1111666) - IB/hfi1: Remove unused define (bsc#1111666) - IB/hfi1: Silence txreq allocation warnings (bsc#1111666) - IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666) - IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666) - IB/ipoib: drop useless LIST_HEAD (bsc#1111666) - IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666) - IB/iser: Fix dma_nents type definition (bsc#1111666) - IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666) - IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666) - IB/mlx4: Fix leak in id_map_find_del (bsc#1111666) - IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666) - IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666) - IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666) - IB/mlx4: Remove unneeded NULL check (bsc#1111666) - IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666) - IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666) - IB/mlx5: Do not override existing ip_protocol (bsc#1111666) - IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666) - IB/mlx5: Fix implicit MR release flow (bsc#1111666) - IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666) - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666) - IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666) - IB/mlx5: Improve ODP debugging messages (bsc#1111666) - IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666) - IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666) - IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666) - IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666) - IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666) - IB/mlx5: Use fragmented QP's buffer for in-kernel users (bsc#1111666) - IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666) - IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666) - IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value (bsc#1111666) - IB/qib: Remove a set-but-not-used variable (bsc#1111666) - IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666) - IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666) - IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666) - IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666) - IB/rxe: Make counters thread safe (bsc#1111666) - IB/umad: Avoid additional device reference during open()/close() (bsc#1111666) - IB/umad: Avoid destroying device while it is accessed (bsc#1111666) - IB/umad: Do not check status of nonseekable_open() (bsc#1111666) - IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666) - IB/umad: Refactor code to use cdev_device_add() (bsc#1111666) - IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666) - IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666) - IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666) - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes). - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() (git-fixes). - iw_cxgb4: fix ECN check on the passive accept (bsc#1111666) - iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666) - kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - KVM: arm64: Add missing #include of in guest.c (bsc#1174726). - KVM: arm64: Factor out core register ID enumeration (bsc#1174726). - KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (bsc#1174726). - KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance (bsc#1174726). - KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726). - KVM host: kabi fixes for psci_version (bsc#1174726). - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - locking/lockdep: Add debug_locks check in __lock_downgrade() (bsc#1050549). - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1050549). - locktorture: Print ratio of acquisitions, not failures (bsc#1050549). - mac80211: always wind down STA state (git-fixes). - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (bsc#1112178). - net: ena: Capitalize all log strings and improve code readability (bsc#1177397). - net: ena: Change license into format to SPDX in all files (bsc#1177397). - net: ena: Change log message to netif/dev function (bsc#1177397). - net: ena: Change RSS related macros and variables names (bsc#1177397). - net: ena: ethtool: Add new device statistics (bsc#1177397). - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397). - net: ena: Fix all static chekers' warnings (bsc#1177397). - net: ena: Remove redundant print of placement policy (bsc#1177397). - net: ena: xdp: add queue counters for xdp actions (bsc#1177397). - net/mlx4_core: Fix init_hca fields offset (git-fixes). - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes). - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes). - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes). - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes). - pinctrl: aspeed: Fix GPI only function problem (git-fixes). - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes). - powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: reuse PPC32 static inline flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc: Chunk calls to flush_dcache_range in arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes). - powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666) - RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bsc#1111666) - RDMA/cma: add missed unregister_pernet_subsys in init failure (bsc#1111666) - RDMA/cma: Fix false error message (bsc#1111666) - RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666) - RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666) - RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666) - RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666) - RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666) - RDMA/core: Fix race when resolving IP address (bsc#1111666) - RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666) - RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666) - RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666) - RDMA/hns: Remove unsupported modify_port callback (bsc#1111666) - RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666) - RDMA/i40iw: Set queue pair state when being queried (bsc#1111666) - RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666) - RDMA/iwcm: Fix a lock inversion issue (bsc#1111666) - RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666) - RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666) - RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666) - RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666) - RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666) - RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666) - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666) - RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR (bsc#1111666) - RDMA/mlx5: Fix function name typo 'fileds' -> 'fields' (bsc#1111666) - RDMA/mlx5: Return proper error value (bsc#1111666) - RDMA/nes: Remove second wait queue initialization call (bsc#1111666) - RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666) - RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666) - RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666) - RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666) - RDMA/qedr: Fix reported firmware version (bsc#1111666) - RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666) - RDMA/qib: Delete extra line (bsc#1111666) - RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666) - RDMA/qib: Validate ->show()/store() callbacks before calling them (bsc#1111666) - RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666) - RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666) - RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666) - RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666) - RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666) - RDMA/srp: Rework SCSI device reset handling (bsc#1111666) - RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666) - RDMA/ucma: Add missing locking around rdma_leave_multicast() (bsc#1111666) - RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666) - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666) - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666) - RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666) - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bsc#1111666) - rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666) - rxe: fix error completion wr_id and qp_num (bsc#1111666) - s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177805 LTC#188737). - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916 LTC#187937). - s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739). - s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323). - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178). - sched/x86: SaveFLAGS on context switch (bsc#1112178). - scripts/git_sort/git_sort.py: add ceph maintainers git tree - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (git-fixes). - scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666) - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes). - tty: serial: imx: keep console clocks always on (git-fixes). - Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes). - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes). - USB: core: Fix regression in Hercules audio card (git-fixes). - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes). - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes). - USB: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - USB: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes). - x86/hyperv: Clarify comment on x2apic mode (git-fixes). - x86/hyperv: Make vapic support x2apic mode (git-fixes). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178). - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes). - x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled (git-fixes). - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178). - x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes). - xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes). ----------------------------------------- Patch: SUSE-2020-3721 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Severity: important References: 1179491,CVE-2020-1971 Description: This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------- Patch: SUSE-2020-3723 Released: Wed Dec 9 13:37:55 2020 Summary: Security update for python-urllib3 Severity: moderate References: 1177120,CVE-2020-26137 Description: This update for python-urllib3 fixes the following issues: - CVE-2020-26137: Fixed a CRLF injection via HTTP request method (bsc#1177120). ----------------------------------------- Patch: SUSE-2020-3731 Released: Wed Dec 9 15:52:32 2020 Summary: Recommended update for realmd Severity: moderate References: 1175617 Description: This update for realmd fixes the following issues: - Fix the `Name Service Switch` (`nsswitch`) handling when joining and leaving a domain. (bsc#1175617) ----------------------------------------- Patch: SUSE-2020-3735 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 Description: This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------- Patch: SUSE-2020-3737 Released: Wed Dec 9 18:21:04 2020 Summary: Security update for python-pip, python-scripttest Severity: moderate References: 1175297,1176262,CVE-2019-20916 Description: This update for python-pip, python-scripttest fixes the following issues: - Update in SLE-15 (bsc#1175297, jsc#ECO-3035, jsc#PM-2318) python-pip was updated to 20.0.2: * Fix a regression in generation of compatibility tags * Rename an internal module, to avoid ImportErrors due to improper uninstallation * Switch to a dedicated CLI tool for vendoring dependencies. * Remove wheel tag calculation from pip and use packaging.tags. This should provide more tags ordered better than in prior releases. * Deprecate setup.py-based builds that do not generate an .egg-info directory. * The pip>=20 wheel cache is not retro-compatible with previous versions. Until pip 21.0, pip will continue to take advantage of existing legacy cache entries. * Deprecate undocumented --skip-requirements-regex option. * Deprecate passing install-location-related options via --install-option. * Use literal 'abi3' for wheel tag on CPython 3.x, to align with PEP 384 which only defines it for this platform. * Remove interpreter-specific major version tag e.g. cp3-none-any from consideration. This behavior was not documented strictly, and this tag in particular is not useful. Anyone with a use case can create an issue with pypa/packaging. * Wheel processing no longer permits wheels containing more than one top-level .dist-info directory. * Support for the git+git@ form of VCS requirement is being deprecated and will be removed in pip 21.0. Switch to git+https:// or git+ssh://. git+git:// also works but its use is discouraged as it is insecure. * Default to doing a user install (as if --user was passed) when the main site-packages directory is not writeable and user site-packages are enabled. * Warn if a path in PATH starts with tilde during pip install. * Cache wheels built from Git requirements that are considered immutable, because they point to a commit hash. * Add option --no-python-version-warning to silence warnings related to deprecation of Python versions. * Cache wheels that pip wheel built locally, matching what pip install does. This particularly helps performance in workflows where pip wheel is used for building before installing. Users desiring the original behavior can use pip wheel --no-cache-dir * Display CA information in pip debug. * Show only the filename (instead of full URL), when downloading from PyPI. * Suggest a more robust command to upgrade pip itself to avoid confusion when the current pip command is not available as pip. * Define all old pip console script entrypoints to prevent import issues in stale wrapper scripts. * The build step of pip wheel now builds all wheels to a cache first, then copies them to the wheel directory all at once. Before, it built them to a temporary directory and moved them to the wheel directory one by one. * Expand ~ prefix to user directory in path options, configs, and environment variables. Values that may be either URL or path are not currently supported, to avoid ambiguity: --find-links --constraint, -c --requirement, -r --editable, -e * Correctly handle system site-packages, in virtual environments created with venv (PEP 405). * Fix case sensitive comparison of pip freeze when used with -r option. * Enforce PEP 508 requirement format in pyproject.toml build-system.requires. * Make ensure_dir() also ignore ENOTEMPTY as seen on Windows. * Fix building packages which specify backend-path in pyproject.toml. * Do not attempt to run setup.py clean after a pep517 build error, since a setup.py may not exist in that case. * Fix passwords being visible in the index-url in 'Downloading ' message. * Change method from shutil.remove to shutil.rmtree in noxfile.py. * Skip running tests which require subversion, when svn isn't installed * Fix not sending client certificates when using --trusted-host. * Make sure pip wheel never outputs pure python wheels with a python implementation tag. Better fix/workaround for #3025 by using a per-implementation wheel cache instead of caching pure python wheels with an implementation tag in their name. * Include subdirectory URL fragments in cache keys. * Fix typo in warning message when any of --build-option, --global-option and --install-option is used in requirements.txt * Fix the logging of cached HTTP response shown as downloading. * Effectively disable the wheel cache when it is not writable, as is the case with the http cache. * Correctly handle relative cache directory provided via --cache-dir. ----------------------------------------- Patch: SUSE-2020-3741 Released: Thu Dec 10 09:32:43 2020 Summary: Recommended update for ceph Severity: moderate References: 1179452,1179526 Description: This update for ceph fixes the following issues: - Fixed an issue when reading a large 'RGW' object takes too long and can cause data loss. (bsc#1179526) - Fixed a build issue caused by missing nautilus module named 'six'. (bsc#1179452) ----------------------------------------- Patch: SUSE-2020-3744 Released: Thu Dec 10 11:32:41 2020 Summary: Recommended update for enigmail Severity: moderate References: 1179505 Description: This update for enigmail fixes the following issues: Update from version 2.1.5 to version 2.2.4 - Enigmail version 2.2.x is a specially modified version, which only works with Thunderbird 78 and later version. Enigmail 2.2.x doesn't provide the traditional functionality, rather it exists to help you migrate your keys and settings to Thunderbird 78. Fixes included from version 2.1.5 to 2.1.8: - 'Encrypt to key' action destroys PGP/MIME signature. - Filter fails silently on Enigmail's 'Encrypt to key' action. - Disable autocrypt header on custom sender address. - `VKS` keyserver with custom port cannot be accessed. - Thunderbird dies immediately when sending a signed empty-bodied mail. - Decrypted mail has empty `Content-Type` in the `MIME` part. - Improper `Content-Type` setting for keyserver upload. - Display information about Thunderbird 78. - Minor rendering problem with `Deep Dark` theme. - Setup Wizard gets Stuck if Keys in GnuPG available. - Cannot confirm publish GnuPG key on `WKS` server. - Automatic Key Refresh doesn't work with `keys.openpgp.org`. - Per-recipients rule `set enigmail rules for` field unable to edit. - File names of attachments are not encrypted. ----------------------------------------- Patch: SUSE-2020-3749 Released: Thu Dec 10 14:39:28 2020 Summary: Security update for gcc7 Severity: moderate References: 1150164,1161913,1167939,1172798,1178577,1178614,1178624,1178675,CVE-2020-13844 Description: This update for gcc7 fixes the following issues: - CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation issue (bsc#1172798) - Enable fortran for the nvptx offload compiler. - Update README.First-for.SuSE.packagers - avoid assembler errors with AVX512 gather and scatter instructions when using -masm=intel. - Backport the aarch64 -moutline-atomics feature and accumulated fixes but not its default enabling. [jsc#SLE-12209, bsc#1167939] - Fixed 32bit libgnat.so link. [bsc#1178675] - Fixed memcpy miscompilation on aarch64. [bsc#1178624, bsc#1178577] - Fixed debug line info for try/catch. [bsc#1178614] - Remove -mbranch-protection=standard (aarch64 flag) when gcc7 is used to build gcc7 (ie when ada is enabled) - Fixed corruption of pass private ->aux via DF. [gcc#94148] - Fixed debug information issue with inlined functions and passed by reference arguments. [gcc#93888] - Fixed binutils release date detection issue. - Fixed register allocation issue with exception handling code on s390x. [bsc#1161913] - Fixed miscompilation of some atomic code on aarch64. [bsc#1150164] ----------------------------------------- Patch: SUSE-2020-3752 Released: Fri Dec 11 08:53:50 2020 Summary: Recommended update for gnome-menus-branding-SLE Severity: moderate References: 1178842 Description: This update for gnome-menus-branding-SLE fixes the following issue: - Update the GNOME menu `.desktop` names to the latest version. (bsc#1178842) ----------------------------------------- Patch: SUSE-2020-3758 Released: Fri Dec 11 11:53:58 2020 Summary: Recommended update for go1.14 Severity: moderate References: 1164903 Description: This update for go1.14 fixes the following issues: -Includes fixes to the compiler, runtime, and the go command. * go#42755 cmd/compile: ICE due to bad ORL constant. (bsc#1164903) * go#42635 runtime: infinite loop in lockextra on linux/amd64. (bsc#1164903) * go#42566 cmd/go: allow flags in CGO_LDFLAGS environment variable not in security allowlist. (bsc#1164903) ----------------------------------------- Patch: SUSE-2020-3762 Released: Fri Dec 11 14:12:48 2020 Summary: Security update for openssl-1_0_0 Severity: important References: 1155346,1176029,1177479,1177575,1177673,1177793,1179491,CVE-2020-1971 Description: This update for openssl-1_0_0 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). - Initialized dh->nid to NID_undef in DH_new_method() (bsc#1177673). - Fixed a test failure in apache_ssl in fips mode (bsc#1177793). - Renamed BN_get_rfc3526_prime_* functions back to get_rfc3526_prime_* (bsc#1177575). - Restored private key check in EC_KEY_check_key (bsc#1177479). - Added shared secret KAT to FIPS DH selftest (bsc#1176029). - Included ECDH/DH Requirements from SP800-56Arev3 (bsc#1176029). - Used SHA-2 in the RSA pairwise consistency check (bsc#1155346) ----------------------------------------- Patch: SUSE-2020-3772 Released: Mon Dec 14 11:11:29 2020 Summary: Recommended update for hamcrest Severity: moderate References: 1174544 Description: This update for hamcrest fixes the following issue: - Add obsoletes in the core API to solve conflicts during updates. (bsc#1174544) ----------------------------------------- Patch: SUSE-2020-3773 Released: Mon Dec 14 11:12:18 2020 Summary: Recommended update for cdrtools and schily-libs Severity: moderate References: 1178692 Description: This update for cdrtools and schily-libs fixes the following issues: cdrtools: - Initialize memory that created the partition table instead of writing random bytes to it. (bsc#1178692) schily-libs: - Initialize memory that created the partition table instead of writing random bytes to it. (bsc#1178692) ----------------------------------------- Patch: SUSE-2020-3790 Released: Mon Dec 14 15:01:22 2020 Summary: Security update for clamav Severity: moderate References: 1104457,1118459,1130721,1144504,1149458,1157763,CVE-2019-12625,CVE-2019-12900,CVE-2019-15961,CVE-2019-1785,CVE-2019-1786,CVE-2019-1787,CVE-2019-1788,CVE-2019-1789,CVE-2019-1798,CVE-2020-3123,CVE-2020-3327,CVE-2020-3341,CVE-2020-3350,CVE-2020-3481 Description: This update for clamav fixes the following issues: clamav was updated to the new major release 0.103.0. (jsc#ECO-3010,bsc#1118459) Note that libclamav was changed incompatible, if you have a 3rd party application that uses libclamav, it needs to be rebuilt. Update to 0.103.0 * clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort. - Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads as it will temporarily consume two times as much memory. We added a new clamd config option ConcurrentDatabaseReload, which may be set to no. * Fix clamav-milter.service (requires clamd.service to run) Update to 0.102.4 * CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. Update to 0.102.3 * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. * Fix 'Attempt to allocate 0 bytes' error when parsing some PDF documents. * Fix a couple of minor memory leaks. * Updated libclamunrar to UnRAR 5.9.2. Update to 0.102.2: * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. * Significantly improved the scan speed of PDF files on Windows. * Re-applied a fix to alleviate file access issues when scanning RAR files in downstream projects that use libclamav where the scanning engine is operating in a low-privilege process. This bug was originally fixed in 0.101.2 and the fix was mistakenly omitted from 0.102.0. * Fixed an issue where freshclam failed to update if the database version downloaded is one version older than advertised. This situation may occur after a new database version is published. The issue affected users downloading the whole CVD database file. * Changed the default freshclam ReceiveTimeout setting to 0 (infinite). The ReceiveTimeout had caused needless database update failures for users with slower internet connections. * Correctly display the number of kilobytes (KiB) in progress bar and reduced the size of the progress bar to accommodate 80-character width terminals. * Fixed an issue where running freshclam manually causes a daemonized freshclam process to fail when it updates because the manual instance deletes the temporary download directory. The freshclam temporary files will now download to a unique directory created at the time of an update instead of using a hardcoded directory created/destroyed at the program start/exit. * Fix for freshclam's OnOutdatedExecute config option. * Fixes a memory leak in the error condition handling for the email parser. * Improved bound checking and error handling in ARJ archive parser. * Improved error handling in PDF parser. * Fix for memory leak in byte-compare signature handler. - The freshclam.service should not be started before the network is online (it checks for updates immediately upon service start) Update to 0.102.1: * CVE-2019-15961, bsc#1157763: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. * Build system fixes to build clamav-milter, to correctly link with libxml2 when detected, and to correctly detect fanotify for on-access scanning feature support. * Signature load time is significantly reduced by changing to a more efficient algorithm for loading signature patterns and allocating the AC trie. Patch courtesy of Alberto Wu. * Introduced a new configure option to statically link libjson-c with libclamav. Static linking with libjson is highly recommended to prevent crashes in applications that use libclamav alongside another JSON parsing library. * Null-dereference fix in email parser when using the --gen-json metadata option. * Fixes for Authenticode parsing and certificate signature (.crb database) bugs. Update to 0.102.0: * The On-Access Scanning feature has been migrated out of clamd and into a brand new utility named clamonacc. This utility is similar to clamdscan and clamav-milter in that it acts as a client to clamd. This separation from clamd means that clamd no longer needs to run with root privileges while scanning potentially malicious files. Instead, clamd may drop privileges to run under an account that does not have super-user. In addition to improving the security posture of running clamd with On-Access enabled, this update fixed a few outstanding defects: - On-Access scanning for created and moved files (Extra-Scanning) is fixed. - VirusEvent for On-Access scans is fixed. - With clamonacc, it is now possible to copy, move, or remove a file if the scan triggered an alert, just like with clamdscan. * The freshclam database update utility has undergone a significant update. This includes: - Added support for HTTPS. - Support for database mirrors hosted on ports other than 80. - Removal of the mirror management feature (mirrors.dat). - An all new libfreshclam library API. - created new subpackage libfreshclam2 Update to 0.101.4: * CVE-2019-12900: An out of bounds write in the NSIS bzip2 (bsc#1149458) * CVE-2019-12625: Introduce a configurable time limit to mitigate zip bomb vulnerability completely. Default is 2 minutes, configurable useing the clamscan --max-scantime and for clamd using the MaxScanTime config option (bsc#1144504) Update to version 0.101.3: * bsc#1144504: ZIP bomb causes extreme CPU spikes Update to version 0.101.2 (bsc#1130721) * CVE-2019-1787: An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data. * CVE-2019-1789: An out-of-bounds heap read condition may occur when scanning PE files (i.e. Windows EXE and DLL files) that have been packed using Aspack as a result of inadequate bound-checking. * CVE-2019-1788: An out-of-bounds heap write condition may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. The invalid write happens when an invalid pointer is mistakenly used to initialize a 32bit integer to zero. This is likely to crash the application. * CVE-2019-1786: An out-of-bounds heap read condition may occur when scanning malformed PDF documents as a result of improper bounds-checking. * CVE-2019-1785: A path-traversal write condition may occur as a result of improper input validation when scanning RAR archives. * CVE-2019-1798: A use-after-free condition may occur as a result of improper error handling when scanning nested RAR archives. ----------------------------------------- Patch: SUSE-2020-3791 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Severity: moderate References: Description: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------- Patch: SUSE-2020-3793 Released: Mon Dec 14 17:39:29 2020 Summary: Recommended update for sblim-sfcb Severity: moderate References: 1178415 Description: This update for sblim-sfcb fixes the following issues: - Allow older SSL protocols to be disabled. - Add a configuration option `sslNoTLSv1_1` to optionally disable `TLSv1.1.` (bsc#1178415) When the protocol version is disabled, the connection will fail and the error will be recorded in the logs. ----------------------------------------- Patch: SUSE-2020-3795 Released: Mon Dec 14 17:43:26 2020 Summary: Optional update for systemd-rpm-macros Severity: low References: 1059627,1178481,1179020 Description: This update for systemd-rpm-macros fixes the following issues: - Deprecate '-f'/'-n' options When used with %service_del_preun, support for these options will be dropped as DISABLE_STOP_ON_REMOVAL support will be removed on the next version of SLE (jsc#SLE-8968) When used with %service_del_postun, they should be replaced with their counterpart %service_del_postun_with_restart/%service_del_postun_without_restart - Introduced %service_del_postun_with_restart() It's the counterpart of %service_del_postun_without_restart() and replaces the '-f' option of %service_del_postun(). - Does no longer apply presets when migrating from a disabled initscript (bsc#1178481) - Fix importing of %{_unitdir} ----------------------------------------- Patch: SUSE-2020-3805 Released: Tue Dec 15 13:40:31 2020 Summary: Recommended update for crmsh Severity: moderate References: 1175976,1178333,1178373,1178701 Description: This update for crmsh fixes the following issues: - Fix for bootstrap using class 'JoinLock' to manage lock in parallel join. (bsc#1175976) - Fix for utils improving disable and enable functionalities. (bsc#1178701) - Fix for bootstrap disabling 'corosync-qdevice' if not configured. (bsc#1178701) - Fix for bootstrap including '/etc/sysconfig/nfs' into 'csync2.cfg'. (bsc#1178373) - Fix for bootstrap changing for '_get_sbd_device_interactive' function to avoid possible crash when configure sbd.(bsc#1178333) ----------------------------------------- Patch: SUSE-2020-3619 Released: Tue Dec 15 13:41:16 2020 Summary: Recommended update for cloud-netconfig, google-guest-agent Severity: moderate References: 1159460,1178486,1179031,1179032 Description: This update for cloud-netconfig, google-guest-agent fixes the following issues: cloud-netconfig: - Update to version 1.5: + Add support for GCE (bsc#1159460, bsc#1178486, jsc#ECO-2800) + Improve default gateway determination google-guest-agent: - Update to version 20201026.00 * remove old unused workflow files * fallback to IP for metadata * getPasswd: Check full prefix of line for username - dont_overwrite_ifcfg.patch: Do not overwrite existing ifcfg files to allow manual configuration and compatibility with cloud-netconfig. (bsc#1159460, bsc#1178486) - Update to version 20200929.00 * correct varname * don't call dhclient -x on network setup * add instance id dir override * update agent systemd service file * typo, change to noadjfile * add gaohannk to OWNERS * remove illfelder from OWNERS * Add all license files to packages ----------------------------------------- Patch: SUSE-2020-3809 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Severity: moderate References: 1178346 Description: This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------- Patch: SUSE-2020-3812 Released: Tue Dec 15 15:23:59 2020 Summary: Recommended update for grafana-ha-cluster-dashboards Severity: moderate References: Description: This update for grafana-ha-cluster-dashboards fixes the following issue: - Update from version 1.0.3+git.1600360477.8b8f9ce to version 1.1.0+git.1605027022.a84d536 - Split the provider file to the sub-package grafana-sleha-provider ----------------------------------------- Patch: SUSE-2020-3837 Released: Wed Dec 16 10:31:29 2020 Summary: Recommended update for gnome-tweaks Severity: low References: Description: This update for gnome-tweaks fixes the following issues: - Add upstream fix to the patch fixing titlebar layout when buttons are placed left. (glgo#GNOME/gnome-tweaks!63) ----------------------------------------- Patch: SUSE-2020-3840 Released: Wed Dec 16 10:32:03 2020 Summary: Recommended update for llvm7 Severity: moderate References: 1176964,1179155 Description: This update for llvm7 fixes the following issues: - Fix dsymutil crash on ELF file. (bsc#1176964) - Add Conflicts: clang-tools to clang7 and llvm7 packages to properly handle newer llvm versions. (bsc#1179155) ----------------------------------------- Patch: SUSE-2020-3856 Released: Wed Dec 16 17:56:03 2020 Summary: Recommended update for ucode-intel Severity: important References: 1179224 Description: This update for ucode-intel fixes the following issues: - Reverted 3 CPU microcodes back to 20200616 release level after regression reports. (bsc#1179224) - SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | Xeon Scalable - SKX-D | M1 | 06-55-04/b7 | 02006906 | Xeon D-21xx - CLX-SP | B0 | 06-55-06/bf | 04002f01 | Xeon Scalable Gen2 - CLX-SP | B1 | 06-55-07/bf | 05002f01 | Xeon Scalable Gen2 ----------------------------------------- Patch: SUSE-2020-3857 Released: Wed Dec 16 17:56:47 2020 Summary: Recommended update for postgresql10 Severity: moderate References: 1178961 Description: This update for postgresql10 fixes the following issues: - Tag as %ghost the symlinks to pg_config and ecpg. (bsc#1178961) ----------------------------------------- Patch: SUSE-2020-3860 Released: Thu Dec 17 10:47:37 2020 Summary: Recommended update for tcl Severity: moderate References: 1179615 Description: This update for tcl fixes the following issue: - `TCL_LIBS` in `tclConfig.sh` possibly breaks build on newer service packs. (bsc#1179615) It is not needed for linking to a dynamic `libtcl` anyway and now it is empty. ----------------------------------------- Patch: SUSE-2020-3862 Released: Thu Dec 17 11:04:19 2020 Summary: Recommended update for libqt5-qtbase Severity: moderate References: 1175278,1179165 Description: This update for libqt5-qtbase fixes the following issues: - Add patch to avoid crash in certain screen setups (bsc#1179165, kde#425188, QTBUG-88288) - Disable '-reduce-relocations' for now. (bsc#1175278, QTBUG-86173) ----------------------------------------- Patch: SUSE-2020-3867 Released: Thu Dec 17 12:39:31 2020 Summary: Security update for webkit2gtk3 Severity: important References: 1171531,1177087,1179122,1179451,CVE-2020-13543,CVE-2020-13584,CVE-2020-9948,CVE-2020-9951,CVE-2020-9983 Description: This update for webkit2gtk3 fixes the following issues: -webkit2gtk3 was updated to version 2.30.3 (bsc#1179122 bsc#1179451): - CVE-2021-13543: Fixed a use after free which could have led to arbitrary code execution. - CVE-2021-13584: Fixed a use after free which could have led to arbitrary code execution. - CVE-2021-9948: Fixed a type confusion which could have led to arbitrary code execution. - CVE-2021-9951: Fixed a use after free which could have led to arbitrary code execution. - CVE-2021-9983: Fixed an out of bounds write which could have led to arbitrary code execution. - Have the libwebkit2gtk package require libjavascriptcoregtk of the same version (bsc#1171531). - Enable c_loop on aarch64: currently needed for compilation to succeed with JIT disabled. Also disable sampling profiler, since it conflicts with c_loop (bsc#1177087). ----------------------------------------- Patch: SUSE-2020-3868 Released: Thu Dec 17 12:44:47 2020 Summary: Recommended update for perl-Test-Warnings Severity: moderate References: Description: This update for perl-Test-Warnings fixes the following issues: Update from version 0.026 to version 0.030 - Fix tests that can fail when there is already an installed module named `Foo::Bar::Baz` - `report_warnings` feature, for printing all of the (unexpected) warning content when `had_no_warnings()` is called - Allow for calling `warnings->import` being called after importing the 'warnings' sub - `fail_on_warning` feature, for more easily seeing where the surprising warning appeared during testing ----------------------------------------- Patch: SUSE-2020-3895 Released: Mon Dec 21 12:56:25 2020 Summary: Security update for ceph Severity: important References: 1178860,1179016,1179802,1180107,1180155,CVE-2020-27781 Description: This update for ceph fixes the following issues: Security issue fixed: - CVE-2020-27781: Fixed a privilege escalation via the ceph_volume_client Python interface (bsc#1180155, bsc#1179802). Non-security issues fixed: - Update to 15.2.8-80-g1f4b6229ca: + Rebase on tip of upstream 'octopus' branch, SHA1 bdf3eebcd22d7d0b3dd4d5501bee5bac354d5b55 * upstream Octopus v15.2.8 release, see https://ceph.io/releases/v15-2-8-octopus-released/ - Update to 15.2.7-776-g343cd10fe5: + Rebase on tip of upstream 'octopus' branch, SHA1 1b8a634fdcd94dfb3ba650793fb1b6d09af65e05 * (bsc#1178860) mgr/dashboard: Disable TLS 1.0 and 1.1 + (bsc#1179016) rpm: require smartmontools on SUSE + (bsc#1180107) ceph-volume: pass --filter-for-batch from drive-group subcommand ----------------------------------------- Patch: SUSE-2020-3901 Released: Mon Dec 21 20:07:56 2020 Summary: Security update for MozillaFirefox Severity: critical References: 1180039,CVE-2020-16042,CVE-2020-26971,CVE-2020-26973,CVE-2020-26974,CVE-2020-26978,CVE-2020-35111,CVE-2020-35112,CVE-2020-35113 Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-55 (bsc#1180039) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 ----------------------------------------- Patch: SUSE-2020-3911 Released: Tue Dec 22 10:57:08 2020 Summary: Security update for PackageKit Severity: low References: 1104313,1176930,CVE-2020-16121 Description: This update for PackageKit fixes the following issue: - CVE-2020-16121: Fixed an Information disclosure in InstallFiles, GetFilesLocal and GetDetailsLocal (bsc#1176930). - Update summary and description of gstreamer-plugin and gtk3-module. (bsc#1104313) ----------------------------------------- Patch: SUSE-2020-3912 Released: Tue Dec 22 12:13:36 2020 Summary: Recommended update for python3-ec2imgutils Severity: moderate References: 1179890 Description: This update for python3-ec2imgutils contains the following fix: - Update to version 9.0.1 (bsc#1179890) + Support gp3 as option to create EBS root volume. This allows image creation with the new storage class and save 20% of cost. ----------------------------------------- Patch: SUSE-2020-3917 Released: Tue Dec 22 14:16:53 2020 Summary: Security update for groovy Severity: moderate References: 1179729,CVE-2020-17521 Description: This update for groovy fixes the following issues: - groovy was updated to 2.4.21 - CVE-2020-17521: Fixed an information disclosure vulnerability (bsc#1179729). ----------------------------------------- Patch: SUSE-2020-3920 Released: Tue Dec 22 15:16:47 2020 Summary: Recommended update for mutt Severity: moderate References: 1179461 Description: This update for mutt fixes the following issues: - Add a further correction in for external bodies as well. (bsc#1179461) ----------------------------------------- Patch: SUSE-2020-3921 Released: Tue Dec 22 15:19:17 2020 Summary: Recommended update for libpwquality Severity: low References: Description: This update for libpwquality fixes the following issues: - Implement alignment with 'pam_cracklib'. (jsc#SLE-16720) ----------------------------------------- Patch: SUSE-2020-3922 Released: Tue Dec 22 15:20:46 2020 Summary: Security update for jetty-minimal Severity: moderate References: 1179727,CVE-2020-27218 Description: This update for jetty-minimal fixes the following issues: - jetty-minimal was upgraded to version 9.4.35.v20201120 - CVE-2020-27218: Fixed an issue where buffer not correctly recycled in Gzip Request inflation (bsc#1179727). ----------------------------------------- Patch: SUSE-2020-3929 Released: Wed Dec 23 10:06:31 2020 Summary: Recommended update for lifecycle-data-sle-module-live-patching Severity: moderate References: 1020320 Description: This update for lifecycle-data-sle-module-live-patching fixes the following issue: - Added data for 4_12_14-150_63, 4_12_14-197_72, 4_12_14-197_75, 5_3_18-24_43. (bsc#1020320) ----------------------------------------- Patch: SUSE-2020-3930 Released: Wed Dec 23 18:19:39 2020 Summary: Security update for python3 Severity: important References: 1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492 Description: This update for python3 fixes the following issues: - Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - add triplets for mips-r6 and riscv - RISC-V needs CTYPES_PASS_BY_REF_HACK Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(…). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091). Update to 3.6.11: - Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094) - CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. ----------------------------------------- Patch: SUSE-2020-3932 Released: Wed Dec 23 18:21:59 2020 Summary: Security update for java-1_8_0-ibm Severity: moderate References: 1177943,1180063,CVE-2020-14779,CVE-2020-14781,CVE-2020-14792,CVE-2020-14796,CVE-2020-14797,CVE-2020-14798,CVE-2020-14803 Description: This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 20 [bsc#1180063,bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 * Class libraries: - SOCKETADAPTOR$SOCKETINPUTSTREAM.READ is blocking for more time that the set timeout - Z/OS specific C function send_file is changing the file pointer position * Java Virtual Machine: - Crash on iterate java stack - Java process hang on SIGTERM * JIT Compiler: - JMS performance regression from JDK8 SR5 FP40 TO FP41 * Class Libraries: - z15 high utilization following Z/VM and Linux migration from z14 To z15 * Java Virtual Machine: - Assertion failed when trying to write a class file - Assertion failure at modronapi.cpp - Improve the performance of defining and finding classes * JIT Compiler: - An assert in ppcbinaryencoding.cpp may trigger when running with traps disabled on power - AOT field offset off by n bytes - Segmentation fault in jit module on ibm z platform ----------------------------------------- Patch: SUSE-2020-3933 Released: Thu Dec 24 12:35:40 2020 Summary: Security update for flac Severity: moderate References: 1180099,1180112,CVE-2020-0487,CVE-2020-0499 Description: This update for flac fixes the following issues: - CVE-2020-0487: Fixed a memory leak (bsc#1180112). - CVE-2020-0499: Fixed an out-of-bounds access (bsc#1180099). ----------------------------------------- Patch: SUSE-2020-3934 Released: Thu Dec 24 12:37:11 2020 Summary: Security update for openexr Severity: moderate References: 1179879,CVE-2020-16587,CVE-2020-16588,CVE-2020-16589 Description: This update for openexr fixes the following issues: Security issues fixed: - CVE-2020-16587: Fixed a heap-based buffer overflow in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp (bsc#1179879). - CVE-2020-16588: Fixed a null pointer deference in generatePreview (bsc#1179879). - CVE-2020-16589: Fixed a heap-based buffer overflow in writeTileData in ImfTiledOutputFile.cpp (bsc#1179879). ----------------------------------------- Patch: SUSE-2020-3935 Released: Fri Dec 25 09:26:54 2020 Summary: Security update for MozillaThunderbird Severity: critical References: 1179530,1180039,CVE-2020-16042,CVE-2020-26970,CVE-2020-26971,CVE-2020-26973,CVE-2020-26974,CVE-2020-26978,CVE-2020-35111,CVE-2020-35112,CVE-2020-35113 Description: This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.6 * new: MailExtensions: Added browser.windows.openDefaultBrowser() (bmo#1664708) * changed: Thunderbird now only shows quota exceeded indications on the main window (bmo#1671748) * changed: MailExtensions: menus API enabled in messages being composed (bmo#1670832) * changed: MailExtensions: Honor allowScriptsToClose argument in windows.create API function (bmo#1675940) * changed: MailExtensions: APIs that returned an accountId will reflect the account the message belongs to, not what is stored in message headers (bmo#1644032) * fixed: Keyboard shortcut for toggling message 'read' status not shown in menus (bmo#1619248) * fixed: OpenPGP: After importing a secret key, Key Manager displayed properties of the wrong key (bmo#1667054) * fixed: OpenPGP: Inline PGP parsing improvements (bmo#1660041) * fixed: OpenPGP: Discovering keys online via Key Manager sometimes failed on Linux (bmo#1634053) * fixed: OpenPGP: Encrypted attachment 'Decrypt and Open/Save As' did not work (bmo#1663169) * fixed: OpenPGP: Importing keys failed on macOS (bmo#1680757) * fixed: OpenPGP: Verification of clear signed UTF-8 text failed (bmo#1679756) * fixed: Address book: Some columns incorrectly displayed no data (bmo#1631201) * fixed: Address book: The address book view did not update after changing the name format in the menu (bmo#1678555) * fixed: Calendar: Could not import an ICS file into a CalDAV calendar (bmo#1652984) * fixed: Calendar: Two 'Home' calendars were visible on a new profile (bmo#1656782) * fixed: Calendar: Dark theme was incomplete on Linux (bmo#1655543) * fixed: Dark theme did not apply to new mail notification popups (bmo#1681083) * fixed: Folder icon, message list, and contact side bar visual improvements (bmo#1679436) * fixed: MailExtensions: HTTP refresh in browser content tabs did not work (bmo#1667774) * fixed: MailExtensions: messageDisplayScripts failed to run in main window (bmo#1674932) * fixed: Various security fixes MFSA 2020-56 (bsc#1180039) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Thunderbird 78.6 Mozilla Thunderbird 78.5.1 * new: OpenPGP: Added option to disable email subject encryption (bmo#1666073) * changed: OpenPGP public key import now supports multi-file selection and bulk accepting imported keys (bmo#1665145) * changed: MailExtensions: getComposeDetails will wait for 'compose-editor-ready' event (bmo#1675012) * fixed: New mail icon was not removed from the system tray at shutdown (bmo#1664586) * fixed: 'Place replies in the folder of the message being replied to' did not work when using 'Reply to List' (bmo#522450) * fixed: Thunderbird did not honor the 'Run search on server' option when searching messages (bmo#546925) * fixed: Highlight color for folders with unread messages wasn't visible in dark theme (bmo#1676697) * fixed: OpenPGP: Key were missing from Key Manager (bmo#1674521) * fixed: OpenPGP: Option to import keys from clipboard always disabled (bmo#1676842) * fixed: The 'Link' button on the large attachments info bar failed to open up Filelink section in Options if the user had not yet configured Filelink (bmo#1677647) * fixed: Address book: Printing members of a mailing list resulted in incorrect output (bmo#1676859) * fixed: Unable to connect to LDAP servers configured with a self-signed SSL certificate (bmo#1659947) * fixed: Autoconfig via LDAP did not work as expected (bmo#1662433) * fixed: Calendar: Pressing Ctrl-Enter in the new event dialog would create duplicate events (bmo#1668478) * fixed: Various security fixes MFSA 2020-53 (bsc#1179530) * CVE-2020-26970 (bmo#1677338) Stack overflow due to incorrect parsing of SMTP server response codes ----------------------------------------- Patch: SUSE-2020-3936 Released: Fri Dec 25 09:27:40 2020 Summary: Recommended update for gdb Severity: moderate References: Description: This update for gdb fixes the following issues: * gdb powerpc remove 512 bytes region limit if 2nd dawr is avaliable (jsc#SLE-13656) Rebase to 10.1 release (as in fedora 33 @ 6c8ccd6). * Debuginfod support. * Multi-target debugging support. * Multithreaded symbol loading enabled by default. * New command set exec-file-mismatch. * New command tui new-layout. * Alias command can now specify default args for an alias. - Update libipt to v2.0.2. - Enable CTF support also for riscv64 - Add BuildRequire babeltrace-devel. On Factory this adds bdeps babeltrace-devel, libuuid-devel, babeltrace, libglib-2_0-0, and libgmodule-2_0-0. - Fix internal error on aarch64 [swo#26316]. Rebase to 9.2 release. Rebase to 9.1 release. * Breakpoints on nested functions and subroutines in Fortran. * Multithreaded symbol loading, disabled by default. Enable using 'maint set worker-threads unlimited'. * Multi-target debugging support. * New command pipe. * New command set logging debugredirect [on|off]. * New fortran commands info modules, info module functions, info module variables. ----------------------------------------- Patch: SUSE-2020-3942 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Severity: moderate References: 1180138 Description: This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------- Patch: SUSE-2020-3943 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Severity: moderate References: 1178823 Description: This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------- Patch: SUSE-2020-3946 Released: Tue Dec 29 17:39:54 2020 Summary: Recommended update for python3 Severity: important References: 1180377 Description: This update for python3 fixes the following issues: - A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3, which caused regressions in several applications. (bsc#1180377) ----------------------------------------- Patch: SUSE-2020-3950 Released: Thu Dec 31 15:29:31 2020 Summary: Recommended update for openscap Severity: moderate References: 1154380,1155258,1178301,1180456 Description: This update for openscap fixes the following issues: OpenSCAP was updated to 1.3.4. - add CPE dict entries for openSUSE Leap 15.1 and 15.2 - add dbus-1-devel buildrequires to enable systemd tests (bsc#1178301) openscap 1.3.4: * New features - Add support for FreeBSD - Make use of HTTP header content-encoding: gzip if available - Improved yamlfilecontent: updated yaml-filter, extend the schema and probe to be able to work with a set of values in maps * Maintenance, bug fixes - A lot of memory leaks have been plugged - Refactored rpmverifyfile probe and fixed memory leak - Fixed SEGFAULT caused by recursive and circular dependencies between OVAL definitions - Fixed DOM representation of the profile platform - Test suit: better portability, more granularity in results, inclusion of memory-related tests - Compatibility with uClibc - Local and remote file system detection method was improved - Make the report a valid HTML5 document - openscap: DISA STIG Viewer URL reference changed (bsc#1180456) openscap 1.3.3: Notable improvements in this release: - a Python script that can be used for CLI tailoring (autotailor) (thank you, Matěj Týč); - timezone for XCCDF TestResult start and end time (thank you, Jan Černý); - new yamlfilecontent independent probe (draft implementation), see the proposal https://github.com/OVAL-Community/OVAL/issues/91 for additional information. There are other changes as well, here is the list: - Introduced `urn:xccdf:fix:script:kubernetes` fix type in XCCDF; - Added ability to generate `machineconfig` fix; - Detect ambiguous scan target (utils/oscap-podman); - Fixed #170: The rpmverifyfile probe can't verify files from '/bin' directory; - The data system_info probe return for offline and online modes is consistent and actual; - Prevent crashes when complicated regexes are executed in textfilecontent58 probe; - Fixed #1512: Severity refinement lost in generated guide; - Fixed #1453: Pointer lost in Swig API; - Evaluation Characteristics of the XCCDF report are now consistent with OVAL entities; from system_info probe; - Fixed filepath pattern matching in offline mode in textfilecontent58 probe; - Fixed infinite recursion in systemdunitdependency probe; - Fixed the case when CMake couldn't find libacl or xattr.h. ----------------------------------------- Patch: SUSE-2021-6 Released: Mon Jan 4 07:05:06 2021 Summary: Recommended update for libdlm Severity: moderate References: 1098449,1144793,1168771,1177533,1177658 Description: This update for libdlm fixes the following issues: - Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449) - Add support for type 'uint64_t' to corosync ringid. (bsc#1168771) - Include some fixes/enhancements for dlm_controld. (bsc#1144793) - Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533) ----------------------------------------- Patch: SUSE-2021-7 Released: Mon Jan 4 09:28:36 2021 Summary: Recommended update for enchant Severity: moderate References: 1178489 Description: This update for enchant fixes the following issue: - _Voikko_ and _Zemberek's_ APIs assume a NUL-terminated string. Provide one in Enchant. (bsc#1178489) ----------------------------------------- Patch: SUSE-2021-10 Released: Mon Jan 4 10:01:52 2021 Summary: Recommended update for dmidecode Severity: moderate References: 1174257 Description: This update for dmidecode fixes the following issue: - Two missing commas in the data arrays cause 'OUT OF SPEC' messages during the index resolution. (bnc#1174257) ----------------------------------------- Patch: SUSE-2021-11 Released: Mon Jan 4 10:21:13 2021 Summary: Recommended update for SupportConfig Analysis suite Severity: moderate References: 1017160,1096254,1115654,1124793,1155181,1177249,1178086,1178088,1178092,1178093,1178094,1178099,1178151,1178152,1178229,1178523,1178524,1178528 Description: This update for SupportConfig Analysis suite fixes the following issues: Changes in sca-patterns-base: - Additions to version 1.3.1 + `SUSE.getHostInfo` doesn't use `/etc/os-release`. (bsc#1178523) + `SUSE.py` missing initial kernel version constants. (bsc#1178524) Changes in sca-patterns-hae: - Updates to version 1.3.1 + Fixed false positive for stonith-00002.pl (bsc#1124793) Changes in sca-patterns-sle11: - New Security Announcement Patterns for Version 1.3.1 + SUSE-SU-2020:14546-1 SUSE-SU-2020:14549-1 SUSE-SU-2020:14548-1 SUSE-SU-2020:14551-1 SUSE-SU-2020:14550-1 SUSE-SU-2020:14399-1 SUSE-SU-2020:14266-1 SUSE-SU-2020:14400-1 SUSE-SU-2020:14341-1 SUSE-SU-2020:14409-1 SUSE-SU-2020:14440-1 SUSE-SU-2020:14461-1 SUSE-SU-2020:14313-1 SUSE-SU-2020:14263-1 SUSE-SU-2020:14287-1 SUSE-SU-2020:14484-1 SUSE-SU-2020:14354-1 SUSE-SU-2020:14393-1 SUSE-SU-2020:14442-1 SUSE-SU-2020:14337-1 SUSE-SU-2020:14342-1 SUSE-SU-2020:14398-1 SUSE-SU-2020:14396-1 SUSE-SU-2020:14294-1 SUSE-SU-2020:14355-1 SUSE-SU-2020:14424-1 SUSE-SU-2020:14267-1 SUSE-SU-2020:14356-1 SUSE-SU-2020:14423-1 SUSE-SU-2020:14418-1 SUSE-SU-2020:14268-1 SUSE-SU-2020:14290-1 SUSE-SU-2020:14312-1 SUSE-SU-2020:14339-1 SUSE-SU-2020:14359-1 SUSE-SU-2020:14389-1 SUSE-SU-2020:14421-1 SUSE-SU-2020:14456-1 SUSE-SU-2020:14489-1 SUSE-SU-2020:14502-1 SUSE-SU-2020:14522-1 SUSE-SU-2020:14542-1 SUSE-SU-2020:14414-1 SUSE-SU-2020:14415-1 SUSE-SU-2020:14358-1 SUSE-SU-2020:14419-1 SUSE-SU-2020:14541-1 SUSE-SU-2020:14295-1 SUSE-SU-2020:14491-1 SUSE-SU-2020:14493-1 SUSE-SU-2020:14510-1 SUSE-SU-2020:14304-1 SUSE-SU-2020:14289-1 SUSE-SU-2020:14516-1 SUSE-SU-2020:14292-1 SUSE-SU-2020:14306-1 SUSE-SU-2020:14437-1 SUSE-SU-2020:14525-1 SUSE-SU-2020:14490-1 SUSE-SU-2020:14460-1 SUSE-SU-2020:14369-1 SUSE-SU-2020:14334-1 SUSE-SU-2020:14375-1 SUSE-SU-2020:14385-1 SUSE-SU-2020:14444-1 SUSE-SU-2020:14521-1 SUSE-SU-2020:14445-1 SUSE-SU-2020:14447-1 SUSE-SU-2020:14463-1 SUSE-SU-2020:14475-1 SUSE-SU-2018:1172-1 SUSE-SU-2018:1162-1 SUSE-SU-2018:1203-1 SUSE-SU-2018:1171-1 SUSE-SU-2018:1162-1 SUSE-SU-2018:1181-1 SUSE-SU-2018:0863-1 SUSE-SU-2018:0565-1 SUSE-SU-2018:0645-1 SUSE-SU-2018:0660-1 SUSE-SU-2018:0705-1 SUSE-SU-2018:0806-1 SUSE-SU-2018:0678-1 SUSE-SU-2018:0863-1 SUSE-SU-2018:0866-1 SUSE-SU-2018:0565-1 SUSE-SU-2018:0630-1 SUSE-SU-2018:0555-1 SUSE-SU-2018:1080-1 SUSE-SU-2018:1077-1 SUSE-SU-2018:0838-1 SUSE-SU-2018:0705-1 SUSE-SU-2018:0975-1 SUSE-SU-2018:0806-1 SUSE-SU-2018:0638-1 - Detects missing shim that fails upgrade (sle11all/shim-upgrade-7022915.py) Changes in sca-patterns-sle12: - New Security Announcement Patterns for Version 1.0.1 + SUSE-SU-2020:3516-1 SUSE-SU-2020:3354-1 SUSE-SU-2020:3501-1 SUSE-SU-2020:3433-1 SUSE-SU-2020:3379-1 SUSE-SU-2020:3550-1 SUSE-SU-2020:3548-1 SUSE-SU-2020:3464-1 SUSE-SU-2020:3477-1 SUSE-SU-2020:3514-1 SUSE-SU-2020:3367-1 SUSE-SU-2020:3516-1 SUSE-SU-2020:3354-1 SUSE-SU-2020:3503-1 SUSE-SU-2020:3433-1 SUSE-SU-2020:3379-1 SUSE-SU-2020:3550-1 SUSE-SU-2020:3548-1 SUSE-SU-2020:3464-1 SUSE-SU-2020:3477-1 SUSE-SU-2020:3474-1 SUSE-SU-2020:3514-1 SUSE-SU-2020:3516-1 SUSE-SU-2020:3353-1 SUSE-SU-2020:3544-1 SUSE-SU-2020:3379-1 SUSE-SU-2020:3550-1 SUSE-SU-2020:3497-1 SUSE-SU-2020:3548-1 SUSE-SU-2020:3464-1 SUSE-SU-2020:3514-1 SUSE-SU-2020:3415-1 SUSE-SU-2020:3516-1 SUSE-SU-2020:3353-1 SUSE-SU-2020:3379-1 SUSE-SU-2020:3550-1 SUSE-SU-2020:3497-1 SUSE-SU-2020:3548-1 SUSE-SU-2020:3464-1 SUSE-SU-2020:3563-1 SUSE-SU-2020:3360-1 SUSE-SU-2020:3457-1 SUSE-SU-2020:3424-1 SUSE-SU-2020:3414-1 SUSE-SU-2020:0576-1 SUSE-SU-2020:2634-1 SUSE-SU-2020:3263-1 SUSE-SU-2020:0394-1 SUSE-SU-2020:1210-1 SUSE-SU-2020:1855-1 SUSE-SU-2020:3315-1 SUSE-SU-2020:1285-1 SUSE-SU-2020:0555-1 SUSE-SU-2020:1792-1 SUSE-SU-2020:0497-1 SUSE-SU-2020:0854-1 SUSE-SU-2020:2699-1 SUSE-SU-2020:3262-1 SUSE-SU-2020:1221-1 SUSE-SU-2020:1111-1 SUSE-SU-2020:1045-1 SUSE-SU-2020:0394-1 SUSE-SU-2020:1212-1 SUSE-SU-2020:0992-1 SUSE-SU-2020:1295-1 SUSE-SU-2020:1180-1 SUSE-SU-2020:0024-1 SUSE-SU-2020:0051-1 SUSE-SU-2020:0261-1 SUSE-SU-2020:0456-1 SUSE-SU-2020:0528-1 SUSE-SU-2020:0628-1 SUSE-SU-2020:0204-1 SUSE-SU-2020:0868-1 SUSE-SU-2020:1475-1 SUSE-SU-2020:0457-1 SUSE-SU-2020:1534-1 SUSE-SU-2019:3060-2 SUSE-SU-2020:0319-1 SUSE-SU-2020:1165-1 SUSE-SU-2020:0054-1 SUSE-SU-2020:1301-1 SUSE-SU-2020:0050-1 SUSE-SU-2020:0088-1 SUSE-SU-2020:0068-1 SUSE-SU-2020:0384-1 SUSE-SU-2020:0717-1 SUSE-SU-2020:0928-1 SUSE-SU-2020:0978-1 SUSE-SU-2020:1218-1 SUSE-SU-2020:1210-1 SUSE-SU-2020:0516-1 radius:SUSE-SU-2020 SUSE-SU-2020:0715-1 SUSE-SU-2020:0586-1 SUSE-SU-2020:0490-1 SUSE-SU-2020:0555-1 SUSE-SU-2020:0790-1 SUSE-SU-2020:0497-1 SUSE-SU-2020:0854-1 SUSE-SU-2020:1524-1 SUSE-SU-2020:1514-1 SUSE-SU-2020:0424-1 SUSE-SU-2020:0115-1 SUSE-SU-2020:0810-1 SUSE-SU-2020:0390-1 SUSE-SU-2020:0266-1 SUSE-SU-2020:0806-1 SUSE-SU-2020:1497-1 SUSE-SU-2020:0358-1 SUSE-SU-2020:0388-1 SUSE-SU-2020:1612-1 SUSE-SU-2020:1272-1 SUSE-SU-2020:2450-1 SUSE-SU-2020:3149-1 SUSE-SU-2020:1914-1 SUSE-SU-2020:1045-1 SUSE-SU-2020:1732-1 SUSE-SU-2020:2274-1 SUSE-SU-2020:2391-1 SUSE-SU-2020:2998-1 SUSE-SU-2020:3263-1 SUSE-SU-2020:0394-1 SUSE-SU-2020:1212-1 SUSE-SU-2020:2097-1 SUSE-SU-2020:0992-1 SUSE-SU-2020:1295-1 SUSE-SU-2020:3024-1 SUSE-SU-2020:2076-1 SUSE-SU-2020:2308-1 SUSE-SU-2020:1180-1 SUSE-SU-2020:0024-1 SUSE-SU-2020:0051-1 SUSE-SU-2020:0261-1 SUSE-SU-2020:0456-1 SUSE-SU-2020:0528-1 SUSE-SU-2020:0628-1 SUSE-SU-2020:1571-1 SUSE-SU-2020:1683-1 SUSE-SU-2020:1685-1 SUSE-SU-2020:1686-1 SUSE-SU-2020:2461-1 SUSE-SU-2020:2482-1 SUSE-SU-2020:2861-1 SUSE-SU-2020:3310-1 SUSE-SU-2020:1255-1 SUSE-SU-2020:1597-1 SUSE-SU-2020:2134-1 SUSE-SU-2020:2576-1 SUSE-SU-2020:0159-1 SUSE-SU-2020:0204-1 SUSE-SU-2020:0868-1 SUSE-SU-2020:1475-1 SUSE-SU-2020:1486-1 SUSE-SU-2020:1764-1 SUSE-SU-2020:1767-1 SUSE-SU-2020:2491-1 SUSE-SU-2020:2492-1 SUSE-SU-2020:2499-1 SUSE-SU-2020:2502-1 SUSE-SU-2020:2544-1 SUSE-SU-2020:3191-1 SUSE-SU-2020:3219-1 SUSE-SU-2020:3225-1 SUSE-SU-2020:1533-1 SUSE-SU-2020:0457-1 SUSE-SU-2020:1534-1 SUSE-SU-2019:3060-2 SUSE-SU-2020:2900-1 SUSE-SU-2020:0318-1 SUSE-SU-2020:2760-1 SUSE-SU-2020:3143-1 SUSE-SU-2020:1165-1 SUSE-SU-2020:2167-1 SUSE-SU-2020:2117-1 SUSE-SU-2020:2196-1 SUSE-SU-2020:0920-2 SUSE-SU-2020:0054-1 SUSE-SU-2020:1301-1 SUSE-SU-2020:2048-1 SUSE-SU-2020:0050-1 SUSE-SU-2020:0088-1 SUSE-SU-2020:1839-1 SUSE-SU-2020:0068-1 SUSE-SU-2020:0384-1 SUSE-SU-2020:0717-1 SUSE-SU-2020:0928-1 SUSE-SU-2020:0978-1 SUSE-SU-2020:1218-1 SUSE-SU-2020:1563-1 SUSE-SU-2020:1899-1 SUSE-SU-2020:2100-1 SUSE-SU-2020:2759-1 SUSE-SU-2020:3053-1 SUSE-SU-2020:3331-1 SUSE-SU-2020:1794-1 SUSE-SU-2020:1805-1 SUSE-SU-2020:1193-1 SUSE-SU-2020:1859-1 SUSE-SU-2020:3314-1 SUSE-SU-2020:0474-1 SUSE-SU-2020:0495-1 SUSE-SU-2020:3126-1 radius:SUSE-SU-2020 SUSE-SU-2020:2661-1 SUSE-SU-2020:2856-1 SUSE-SU-2020:1662-1 SUSE-SU-2020:0545-1 SUSE-SU-2020:0715-1 SUSE-SU-2020:3343-1 SUSE-SU-2020:0586-1 SUSE-SU-2020:0490-1 SUSE-SU-2020:0792-1 SUSE-SU-2020:2157-1 SUSE-SU-2020:0555-1 SUSE-SU-2020:1792-1 SUSE-SU-2020:0497-1 SUSE-SU-2020:0854-1 SUSE-SU-2020:2699-1 SUSE-SU-2020:1524-1 SUSE-SU-2020:1526-1 SUSE-SU-2020:3351-1 SUSE-SU-2020:0512-1 SUSE-SU-2020:1570-1 SUSE-SU-2020:2312-1 SUSE-SU-2020:2724-1 SUSE-SU-2020:3083-1 SUSE-SU-2020:3125-1 SUSE-SU-2020:0115-1 SUSE-SU-2020:2628-1 SUSE-SU-2020:0810-1 SUSE-SU-2020:0661-1 SUSE-SU-2020:1227-1 SUSE-SU-2020:1803-1 SUSE-SU-2020:1946-1 SUSE-SU-2020:2471-1 SUSE-SU-2020:0407-1 SUSE-SU-2020:0331-1 SUSE-SU-2020:2898-1 SUSE-SU-2020:0725-1 SUSE-SU-2020:1498-1 SUSE-SU-2020:1791-1 SUSE-SU-2020:2611-1 SUSE-SU-2020:1595-1 SUSE-SU-2020:3279-1 SUSE-SU-2020:1550-1 SUSE-SU-2020:0016-1 SUSE-SU-2020:1135-1 SUSE-SU-2020:1211-1 SUSE-SU-2020:2069-1 SUSE-SU-2020:2232-1 SUSE-SU-2020:0410-1 SUSE-SU-2020:0334-1 SUSE-SU-2020:2234-1 SUSE-SU-2020:2822-1 SUSE-SU-2020:2225-1 SUSE-SU-2020:2331-1 SUSE-SU-2020:2401-1 SUSE-SU-2020:1943-1 SUSE-SU-2020:1612-1 SUSE-SU-2020:1272-1 SUSE-SU-2020:2450-1 SUSE-SU-2020:3149-1 SUSE-SU-2020:1914-1 SUSE-SU-2020:1158-1 SUSE-SU-2020:1748-1 SUSE-SU-2020:1045-1 SUSE-SU-2020:1732-1 SUSE-SU-2020:2274-1 SUSE-SU-2020:2194-1 SUSE-SU-2020:1018-1 SUSE-SU-2020:2998-1 SUSE-SU-2020:3263-1 SUSE-SU-2020:0394-1 SUSE-SU-2020:1212-1 SUSE-SU-2020:2097-1 SUSE-SU-2020:0992-1 SUSE-SU-2020:1295-1 SUSE-SU-2020:3024-1 SUSE-SU-2020:2079-1 SUSE-SU-2020:2304-1 SUSE-SU-2020:1180-1 SUSE-SU-2020:0630-1 SUSE-SU-2020:0024-1 SUSE-SU-2020:0051-1 SUSE-SU-2020:0261-1 SUSE-SU-2020:0456-1 SUSE-SU-2020:0528-1 SUSE-SU-2020:0628-1 SUSE-SU-2020:1571-1 SUSE-SU-2020:1683-1 SUSE-SU-2020:1685-1 SUSE-SU-2020:1686-1 SUSE-SU-2020:2461-1 SUSE-SU-2020:2482-1 SUSE-SU-2020:2861-1 SUSE-SU-2020:3310-1 SUSE-SU-2020:1275-1 SUSE-SU-2020:1596-1 SUSE-SU-2020:1713-1 SUSE-SU-2020:2152-1 SUSE-SU-2020:2582-1 SUSE-SU-2020:0159-1 SUSE-SU-2020:0204-1 SUSE-SU-2020:0868-1 SUSE-SU-2020:1475-1 SUSE-SU-2020:1779-1 SUSE-SU-2020:1781-1 SUSE-SU-2020:1784-1 SUSE-SU-2020:2491-1 SUSE-SU-2020:2497-1 SUSE-SU-2020:2498-1 SUSE-SU-2020:2499-1 SUSE-SU-2020:2502-1 SUSE-SU-2020:2544-1 SUSE-SU-2020:3191-1 SUSE-SU-2020:3219-1 SUSE-SU-2020:3225-1 SUSE-SU-2020:1533-1 SUSE-SU-2020:0457-1 SUSE-SU-2020:1534-1 SUSE-SU-2019:3060-2 SUSE-SU-2020:2900-1 SUSE-SU-2020:0317-1 SUSE-SU-2020:2751-1 SUSE-SU-2020:2660-1 SUSE-SU-2020:3095-1 SUSE-SU-2020:1165-1 SUSE-SU-2020:2167-1 SUSE-SU-2020:2117-1 SUSE-SU-2020:2196-1 SUSE-SU-2020:0920-2 SUSE-SU-2020:0079-2 SUSE-SU-2020:0054-1 SUSE-SU-2020:1301-1 SUSE-SU-2020:2048-1 SUSE-SU-2020:0050-1 SUSE-SU-2020:0088-1 SUSE-SU-2020:1839-1 SUSE-SU-2020:0068-1 SUSE-SU-2020:0384-1 SUSE-SU-2020:0717-1 SUSE-SU-2020:0928-1 SUSE-SU-2020:0978-1 SUSE-SU-2020:1218-1 SUSE-SU-2020:1563-1 SUSE-SU-2020:1899-1 SUSE-SU-2020:2100-1 SUSE-SU-2020:2759-1 SUSE-SU-2020:3053-1 SUSE-SU-2020:3331-1 SUSE-SU-2020:1794-1 SUSE-SU-2020:1805-1 SUSE-SU-2020:1193-1 SUSE-SU-2020:1859-1 SUSE-SU-2020:3314-1 SUSE-SU-2020:0474-1 radius:SUSE-SU-2020 SUSE-SU-2020:2661-1 SUSE-SU-2020:2856-1 SUSE-SU-2020:1662-1 SUSE-SU-2020:0545-1 SUSE-SU-2020:0715-1 SUSE-SU-2020:3343-1 SUSE-SU-2020:0586-1 SUSE-SU-2020:0490-1 SUSE-SU-2020:0792-1 SUSE-SU-2020:2157-1 SUSE-SU-2020:1285-1 SUSE-SU-2020:0555-1 SUSE-SU-2020:1792-1 SUSE-SU-2020:0497-1 SUSE-SU-2020:0854-1 SUSE-SU-2020:2699-1 SUSE-SU-2020:1524-1 SUSE-SU-2020:1538-1 SUSE-SU-2020:3351-1 SUSE-SU-2020:1570-1 SUSE-SU-2020:0233-1 SUSE-SU-2020:2066-1 SUSE-SU-2020:2721-1 SUSE-SU-2020:3093-1 SUSE-SU-2020:3125-1 SUSE-SU-2020:0115-1 SUSE-SU-2020:2627-1 SUSE-SU-2020:0810-1 SUSE-SU-2020:3085-1 SUSE-SU-2020:3084-1 SUSE-SU-2020:0661-1 SUSE-SU-2020:1227-1 SUSE-SU-2020:1803-1 SUSE-SU-2020:1946-1 SUSE-SU-2020:2471-1 SUSE-SU-2020:0406-1 SUSE-SU-2020:0331-1 SUSE-SU-2020:2898-1 SUSE-SU-2020:0725-1 SUSE-SU-2020:1498-1 SUSE-SU-2020:1791-1 SUSE-SU-2020:2611-1 SUSE-SU-2020:1970-1 SUSE-SU-2020:1595-1 SUSE-SU-2020:3279-1 SUSE-SU-2020:1550-1 SUSE-SU-2020:0016-1 SUSE-SU-2020:1135-1 SUSE-SU-2020:1211-1 SUSE-SU-2020:2069-1 SUSE-SU-2020:2232-1 SUSE-SU-2020:0410-1 SUSE-SU-2020:1630-1 SUSE-SU-2020:1886-1 SUSE-SU-2020:2171-1 SUSE-SU-2020:2787-1 SUSE-SU-2020:2225-1 SUSE-SU-2020:2331-1 SUSE-SU-2020:2401-1 SUSE-SU-2020:1991-1 SUSE-SU-2018_1221-1 SUSE-SU-2018_1222-1 SUSE-SU-2018_1224-1 SUSE-SU-2018_1226-1 SUSE-SU-2018_1233-1 SUSE-SU-2018_1234-1 SUSE-SU-2018_1235-1 SUSE-SU-2018_1243-1 SUSE-SU-2018_1244-1 SUSE-SU-2018_1247-1 SUSE-SU-2018_1257-1 SUSE-SU-2018_1261-1 SUSE-SU-2018_1267-1 SUSE-SU-2018_1273-1 SUSE-SU-2018_1177-1 SUSE-SU-2018_1220-1 SUSE-SU-2018_1220-1 SUSE-SU-2018_1227-1 SUSE-SU-2018_1227-1 SUSE-SU-2018_1229-1 SUSE-SU-2018_1229-1 SUSE-SU-2018_1231-1 SUSE-SU-2018_1231-1 SUSE-SU-2018_1232-1 SUSE-SU-2018_1232-1 SUSE-SU-2018_1237-1 SUSE-SU-2018_1237-1 SUSE-SU-2018_1251-1 SUSE-SU-2018_1251-1 SUSE-SU-2018_1254-1 SUSE-SU-2018_1254-1 SUSE-SU-2018_1255-1 SUSE-SU-2018_1255-1 SUSE-SU-2018_1259-1 SUSE-SU-2018_1259-1 SUSE-SU-2018_1264-1 SUSE-SU-2018_1264-1 SUSE-SU-2018_1266-1 SUSE-SU-2018_1266-1 SUSE-SU-2018_1269-1 SUSE-SU-2018_1269-1 SUSE-SU-2018_1202-1 SUSE-SU-2018_1202-1 SUSE-SU-2018_1173-1 SUSE-SU-2018_1173-1 SUSE-SU-2018_1223-1 SUSE-SU-2018_1223-1 SUSE-SU-2018_1230-1 SUSE-SU-2018_1230-1 SUSE-SU-2018_1236-1 SUSE-SU-2018_1236-1 SUSE-SU-2018_1239-1 SUSE-SU-2018_1239-1 SUSE-SU-2018_1241-1 SUSE-SU-2018_1241-1 SUSE-SU-2018_1242-1 SUSE-SU-2018_1242-1 SUSE-SU-2018_1245-1 SUSE-SU-2018_1245-1 SUSE-SU-2018_1250-1 SUSE-SU-2018_1250-1 SUSE-SU-2018_1253-1 SUSE-SU-2018_1253-1 SUSE-SU-2018_1256-1 SUSE-SU-2018_1256-1 SUSE-SU-2018_1258-1 SUSE-SU-2018_1258-1 SUSE-SU-2018_1262-1 SUSE-SU-2018_1262-1 SUSE-SU-2018_1268-1 SUSE-SU-2018_1268-1 SUSE-SU-2018_1272-1 SUSE-SU-2018_1272-1 SUSE-SU-2018_1216-1 SUSE-SU-2018_1216-1 SUSE-SU-2018_1128-1 SUSE-SU-2018_1184-1 SUSE-SU-2018_0901-1 SUSE-SU-2018_0604-1 SUSE-SU-2018_0743-1 SUSE-SU-2018_0834-1 SUSE-SU-2018_0562-1 SUSE-SU-2018_0664-1 SUSE-SU-2018_0994-1 SUSE-SU-2018_0995-1 SUSE-SU-2018_0996-1 SUSE-SU-2018_0999-1 SUSE-SU-2018_1000-1 SUSE-SU-2018_1001-1 SUSE-SU-2018_1006-1 SUSE-SU-2018_1009-1 SUSE-SU-2018_1010-1 SUSE-SU-2018_1016-1 SUSE-SU-2018_1029-1 SUSE-SU-2018_1030-1 SUSE-SU-2018_1035-1 SUSE-SU-2018_0828-1 SUSE-SU-2018_0698-1 SUSE-SU-2018_0906-1 SUSE-SU-2018_0708-1 SUSE-SU-2018_0601-1 SUSE-SU-2018_0879-1 SUSE-SU-2018_0879-1 SUSE-SU-2018_0604-1 SUSE-SU-2018_0604-1 SUSE-SU-2018_0663-1 SUSE-SU-2018_0663-1 SUSE-SU-2018_0665-1 SUSE-SU-2018_0665-1 SUSE-SU-2018_0743-1 SUSE-SU-2018_0743-1 SUSE-SU-2018_0525-1 SUSE-SU-2018_0525-1 SUSE-SU-2018_0848-1 SUSE-SU-2018_0848-1 SUSE-SU-2018_0988-1 SUSE-SU-2018_0988-1 SUSE-SU-2018_0991-1 SUSE-SU-2018_0991-1 SUSE-SU-2018_0992-1 SUSE-SU-2018_0992-1 SUSE-SU-2018_1005-1 SUSE-SU-2018_1005-1 SUSE-SU-2018_1008-1 SUSE-SU-2018_1008-1 SUSE-SU-2018_1014-1 SUSE-SU-2018_1014-1 SUSE-SU-2018_1015-1 SUSE-SU-2018_1015-1 SUSE-SU-2018_1018-1 SUSE-SU-2018_1018-1 SUSE-SU-2018_1025-1 SUSE-SU-2018_1025-1 SUSE-SU-2018_1026-1 SUSE-SU-2018_1026-1 SUSE-SU-2018_1032-1 SUSE-SU-2018_1032-1 SUSE-SU-2018_1034-1 SUSE-SU-2018_1034-1 SUSE-SU-2018_0828-1 SUSE-SU-2018_0828-1 SUSE-SU-2018_0697-1 SUSE-SU-2018_0697-1 SUSE-SU-2018_0902-1 SUSE-SU-2018_0902-1 SUSE-SU-2018_0708-1 SUSE-SU-2018_0708-1 SUSE-SU-2018_0609-1 SUSE-SU-2018_0609-1 SUSE-SU-2018_0809-1 SUSE-SU-2018_0604-1 SUSE-SU-2018_0661-1 SUSE-SU-2018_0663-1 SUSE-SU-2018_0665-1 SUSE-SU-2018_0694-1 SUSE-SU-2018_0743-1 SUSE-SU-2018_0785-1 SUSE-SU-2018_0989-1 SUSE-SU-2018_0989-1 SUSE-SU-2018_0990-1 SUSE-SU-2018_0990-1 SUSE-SU-2018_0993-1 SUSE-SU-2018_0993-1 SUSE-SU-2018_1003-1 SUSE-SU-2018_1003-1 SUSE-SU-2018_1004-1 SUSE-SU-2018_1004-1 SUSE-SU-2018_1007-1 SUSE-SU-2018_1007-1 SUSE-SU-2018_1011-1 SUSE-SU-2018_1011-1 SUSE-SU-2018_1012-1 SUSE-SU-2018_1012-1 SUSE-SU-2018_1019-1 SUSE-SU-2018_1019-1 SUSE-SU-2018_1021-1 SUSE-SU-2018_1021-1 SUSE-SU-2018_1023-1 SUSE-SU-2018_1023-1 SUSE-SU-2018_1031-1 SUSE-SU-2018_1031-1 SUSE-SU-2018_1033-1 SUSE-SU-2018_1033-1 SUSE-SU-2018_0828-1 SUSE-SU-2018_0861-1 SUSE-SU-2018_0830-1 SUSE-SU-2018_0697-1 SUSE-SU-2018_0839-1 SUSE-SU-2018_0831-1 SUSE-SU-2018_0708-1 SUSE-SU-2018_0909-1 SUSE-SU-2018_0809-1 SUSE-SU-2018_0604-1 SUSE-SU-2018_0661-1 SUSE-SU-2018_0663-1 SUSE-SU-2018_0665-1 SUSE-SU-2018_0694-1 SUSE-SU-2018_0743-1 SUSE-SU-2018_0786-1 SUSE-SU-2018_1048-1 SUSE-SU-2018_0822-1 SUSE-SU-2018_0920-1 SUSE-SU-2018_0830-1 SUSE-SU-2018_0697-1 SUSE-SU-2018_0839-1 SUSE-SU-2018_1047-1 SUSE-SU-2018_0762-1 SUSE-SU-2018_0708-1 SUSE-SU-2018_1072-1 - Removed unnecessary README from SP4-5 - Added SLE12SP5 directory to spec file - System panic in `update_group_capacity()` due to a divide error (bsc#1096254) - Expected cron daemon behavior change from SLES11 to SLES12 (bsc#1017160) Changes in sca-patterns-sle15: - New Security Announcement Patterns for version 1.0.1 + SUSE-SU-2020:3565-1 SUSE-SU-2020:3568-1 SUSE-SU-2020:3380-1 SUSE-SU-2020:3565-1 SUSE-SU-2020:3568-1 SUSE-SU-2020:3500-1 SUSE-SU-2020:3551-1 SUSE-SU-2020:3460-1 SUSE-SU-2020:3478-1 SUSE-SU-2020:3380-1 SUSE-SU-2020:3565-1 SUSE-SU-2020:3568-1 SUSE-SU-2020:3500-1 SUSE-SU-2020:3551-1 SUSE-SU-2020:3460-1 SUSE-SU-2020:3478-1 SUSE-SU-2020:3380-1 SUSE-SU-2020:3565-1 SUSE-SU-2020:3455-1 SUSE-SU-2020:3568-1 SUSE-SU-2020:3500-1 SUSE-SU-2020:2474-2 SUSE-SU-2020:3551-1 SUSE-SU-2020:3375-1 SUSE-SU-2020:3532-1 SUSE-SU-2020:3532-1 SUSE-SU-2020:3460-1 SUSE-SU-2020:3478-1 SUSE-SU-2020:3552-1 SUSE-SU-2020:1126-1 SUSE-SU-2020:2344-1 SUSE-SU-2020:3067-1 SUSE-SU-2020:3151-1 SUSE-SU-2020:2583-1 SUSE-SU-2020:2914-1 SUSE-SU-2020:1083-1 SUSE-SU-2020:1773-1 SUSE-SU-2020:1379-1 SUSE-SU-2020:2266-1 SUSE-SU-2020:1334-1 SUSE-SU-2020:2767-1 SUSE-SU-2020:1023-1 SUSE-SU-2020:2995-1 SUSE-SU-2020:1220-1 SUSE-SU-2020:2095-1 SUSE-SU-2020:0991-1 SUSE-SU-2020:0820-1 SUSE-SU-2020:1584-1 SUSE-SU-2020:2988-1 SUSE-SU-2020:2073-1 SUSE-SU-2020:2303-1 SUSE-SU-2020:1300-1 SUSE-SU-2020:0819-1 SUSE-SU-2020:0617-1 SUSE-SU-2020:0231-1 SUSE-SU-2020:0231-1 SUSE-SU-2020:0466-1 SUSE-SU-2020:0466-1 SUSE-SU-2020:1511-1 SUSE-SU-2020:1569-1 SUSE-SU-2020:1684-1 SUSE-SU-2020:2143-1 SUSE-SU-2020:2453-1 SUSE-SU-2020:3349-1 SUSE-SU-2020:1663-1 SUSE-SU-2020:1663-1 SUSE-SU-2020:2106-1 SUSE-SU-2020:2106-1 SUSE-SU-2020:2610-1 SUSE-SU-2020:2610-1 SUSE-SU-2020:0204-1 SUSE-SU-2020:0213-1 SUSE-SU-2020:0213-1 SUSE-SU-2020:0868-1 SUSE-SU-2020:1475-1 SUSE-SU-2020:1663-1 SUSE-SU-2020:1769-1 SUSE-SU-2020:1771-1 SUSE-SU-2020:1789-1 SUSE-SU-2020:3244-1 SUSE-SU-2020:0948-1 SUSE-SU-2020:2901-1 SUSE-SU-2020:0349-1 SUSE-SU-2020:0349-1 SUSE-SU-2020:2748-1 org:SUSE-SU-2019 SUSE-SU-2020:0130-1 SUSE-SU-2020:0130-1 SUSE-SU-2020:1250-1 SUSE-SU-2020:2969-1 SUSE-SU-2020:0143-1 SUSE-SU-2020:0143-1 SUSE-SU-2020:2116-1 SUSE-SU-2020:2197-1 SUSE-SU-2020:1423-1 SUSE-SU-2020:1677-1 SUSE-SU-2020:1850-1 SUSE-SU-2020:1171-1 SUSE-SU-2020:0455-1 SUSE-SU-2020:0455-1 SUSE-SU-2020:1568-1 SUSE-SU-2020:2829-1 SUSE-SU-2020:0454-1 SUSE-SU-2020:0454-1 SUSE-SU-2020:1576-1 SUSE-SU-2020:1823-1 SUSE-SU-2020:2947-1 SUSE-SU-2020:1219-1 SUSE-SU-2020:1856-1 SUSE-SU-2020:2712-2 SUSE-SU-2020:3313-1 SUSE-SU-2020:2713-1 SUSE-SU-2020:0357-1 SUSE-SU-2020:0357-1 SUSE-SU-2020:2645-1 SUSE-SU-2020:2827-1 SUSE-SU-2020:1682-1 SUSE-SU-2020:1163-1 SUSE-SU-2020:1858-1 SUSE-SU-2020:2814-1 SUSE-SU-2020:0622-1 SUSE-SU-2020:2997-1 SUSE-SU-2020:0589-1 SUSE-SU-2020:0589-1 SUSE-SU-2020:2264-1 SUSE-SU-2020:2149-1 SUSE-SU-2020:1920-1 SUSE-SU-2020:2784-1 SUSE-SU-2020:3269-1 SUSE-SU-2020:1822-1 SUSE-SU-2020:1523-1 SUSE-SU-2020:0260-1 SUSE-SU-2020:0260-1 SUSE-SU-2020:1179-1 SUSE-SU-2020:3147-1 SUSE-SU-2020:1177-1 SUSE-SU-2020:0737-1 SUSE-SU-2020:1151-1 SUSE-SU-2020:1973-1 SUSE-SU-2020:0224-1 SUSE-SU-2020:0224-1 SUSE-SU-2020:1132-1 SUSE-SU-2020:2065-1 SUSE-SU-2020:2719-1 SUSE-SU-2020:3087-1 SUSE-SU-2020:0813-1 SUSE-SU-2020:1156-1 SUSE-SU-2020:2442-1 SUSE-SU-2020:0408-1 SUSE-SU-2020:0408-1 SUSE-SU-2020:0335-1 SUSE-SU-2020:0335-1 SUSE-SU-2020:2882-1 SUSE-SU-2020:0598-1 SUSE-SU-2020:1364-1 SUSE-SU-2020:1841-1 SUSE-SU-2020:2045-1 SUSE-SU-2020:3283-1 SUSE-SU-2020:1819-1 SUSE-SU-2020:1551-1 SUSE-SU-2020:0468-1 SUSE-SU-2020:0468-1 SUSE-SU-2020:1109-1 SUSE-SU-2020:1198-1 SUSE-SU-2020:1990-1 SUSE-SU-2020:2198-1 SUSE-SU-2020:0263-1 SUSE-SU-2020:0263-1 SUSE-SU-2020:0370-1 SUSE-SU-2020:0370-1 SUSE-SU-2020:0693-1 SUSE-SU-2020:2326-1 SUSE-SU-2020:2398-1 SUSE-SU-2020:1933-1 SUSE-SU-2020:3264-1 SUSE-SU-2020:1396-2 SUSE-SU-2020:1126-1 SUSE-SU-2020:2344-1 SUSE-SU-2020:3067-1 SUSE-SU-2020:3151-1 SUSE-SU-2020:2914-1 SUSE-SU-2020:1083-1 SUSE-SU-2020:1773-1 SUSE-SU-2020:1023-1 SUSE-SU-2020:2995-1 SUSE-SU-2020:1220-1 SUSE-SU-2020:2095-1 SUSE-SU-2020:0991-1 SUSE-SU-2020:0820-1 SUSE-SU-2020:1584-1 SUSE-SU-2020:2988-1 SUSE-SU-2020:1300-1 SUSE-SU-2020:0819-1 SUSE-SU-2020:0231-1 SUSE-SU-2020:0466-1 SUSE-SU-2020:1511-1 SUSE-SU-2020:1569-1 SUSE-SU-2020:1684-1 SUSE-SU-2020:2143-1 SUSE-SU-2020:2453-1 SUSE-SU-2020:0204-1 SUSE-SU-2020:0213-1 SUSE-SU-2020:0868-1 SUSE-SU-2020:1475-1 SUSE-SU-2020:1769-1 SUSE-SU-2020:1771-1 SUSE-SU-2020:0948-1 SUSE-SU-2020:2901-1 SUSE-SU-2020:0143-1 SUSE-SU-2020:2116-1 SUSE-SU-2020:2197-1 SUSE-SU-2020:1423-1 SUSE-SU-2020:1677-1 SUSE-SU-2020:1850-1 SUSE-SU-2020:0455-1 SUSE-SU-2020:1568-1 SUSE-SU-2020:2829-1 SUSE-SU-2020:0454-1 SUSE-SU-2020:1576-1 SUSE-SU-2020:1823-1 SUSE-SU-2020:2947-1 SUSE-SU-2020:1219-1 SUSE-SU-2020:1856-1 SUSE-SU-2020:3313-1 SUSE-SU-2020:2713-1 SUSE-SU-2020:0357-1 SUSE-SU-2020:2645-1 SUSE-SU-2020:2827-1 SUSE-SU-2020:1682-1 SUSE-SU-2020:0622-1 SUSE-SU-2020:2997-1 SUSE-SU-2020:2149-1 SUSE-SU-2020:1920-1 SUSE-SU-2020:2784-1 SUSE-SU-2020:3269-1 SUSE-SU-2020:1822-1 SUSE-SU-2020:1177-1 SUSE-SU-2020:0737-1 SUSE-SU-2020:1156-1 SUSE-SU-2020:2442-1 SUSE-SU-2020:0408-1 SUSE-SU-2020:0335-1 SUSE-SU-2020:1551-1 SUSE-SU-2020:0468-1 SUSE-SU-2020:1109-1 SUSE-SU-2020:1198-1 SUSE-SU-2020:1990-1 SUSE-SU-2020:2198-1 SUSE-SU-2020:0693-1 SUSE-SU-2020:1933-1 SUSE-SU-2020:3264-1 SUSE-SU-2020:2914-1 SUSE-SU-2020:1083-1 SUSE-SU-2020:2995-1 SUSE-SU-2020:2095-1 SUSE-SU-2020:1584-1 SUSE-SU-2020:1300-1 SUSE-SU-2020:1511-1 SUSE-SU-2020:1684-1 SUSE-SU-2020:2143-1 SUSE-SU-2020:2453-1 SUSE-SU-2020:1769-1 SUSE-SU-2020:1771-1 SUSE-SU-2020:0948-1 SUSE-SU-2020:2901-1 SUSE-SU-2020:2116-1 SUSE-SU-2020:2197-1 SUSE-SU-2020:1423-1 SUSE-SU-2020:1677-1 SUSE-SU-2020:1850-1 SUSE-SU-2020:1568-1 SUSE-SU-2020:2829-1 SUSE-SU-2020:1576-1 SUSE-SU-2020:1823-1 SUSE-SU-2020:2947-1 SUSE-SU-2020:1856-1 SUSE-SU-2020:3313-1 SUSE-SU-2020:1682-1 SUSE-SU-2020:1920-1 SUSE-SU-2020:2784-1 SUSE-SU-2020:3269-1 SUSE-SU-2020:1822-1 SUSE-SU-2020:1177-1 SUSE-SU-2020:1156-1 SUSE-SU-2020:2442-1 SUSE-SU-2020:1551-1 SUSE-SU-2020:3264-1 SUSE-SU-2020:1396-2 - Removed obsolete README place holders in SP0-2 - Added openssh-7023532.py to detect (bsc#1115654) Changes in sca-server-report: - Additional to version 1.0.1 + Updated the man pages with `-r` + `-k` is retained for compatibility, but keeping the archive is default + Fixed service pack version when GA + Print actual hostname instead of localhost with `-s` + `scatool` trys to run README file (bsc#1178528) + Updated man pages for `scatool(8)` and `scatool.conf(5)` + Removed `CONSOLE_MODE` from `scatool.conf` + should support archive or server argument and not require `-a` (bsc#1178229) + `scatool` copies remote `scc_*` supportconfigs (bsc#1178151) + Exits gracefully when attempting to process damaged files (bsc#1178152) + scatool correctly cleans up and saves archives (bsc#1178094) + Arg with `/` treated as files, not remote servers (bsc#1178099) + Optimized tar ball extraction (bsc#1178093) + Added `/etc/os-release` support (bsc#1178092) + scatool correctly process `-s` for local server (bsc#1178088) + Fixed progress bar timing (bsc#1178086) + Fixed scatool fails with no module named readline (bsc#1177249) + If run against path `'.'` use cwd name (issue#1) + Added support for _xz_ compression (bsc#1155181) ----------------------------------------- Patch: SUSE-2021-28 Released: Tue Jan 5 15:57:44 2021 Summary: Security update for dovecot23 Severity: important References: 1174920,1174922,1174923,1180405,1180406,CVE-2020-12100,CVE-2020-12673,CVE-2020-12674,CVE-2020-24386,CVE-2020-25275 Description: This update for dovecot23 fixes the following issues: Security issues fixed: - CVE-2020-12100: Fixed a resource exhaustion caused by deeply nested MIME parts (bsc#1174920). - CVE-2020-12673: Fixed an improper implementation of NTLM that did not check the message buffer size (bsc#1174922). - CVE-2020-12674: Fixed an improper implementation of the RPA mechanism (bsc#1174923). - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails (bsc#1180405). - CVE-2020-25275: Fixed a crash when the 10000th MIME part was message/rfc822 (bsc#1180406). Non-security issues fixed: - Pigeonhole was updated to version 0.5.11. - Dovecot was updated to version 2.3.11.3. ----------------------------------------- Patch: SUSE-2021-35 Released: Wed Jan 6 12:31:37 2021 Summary: Recommended update for taglib Severity: moderate References: 1179817 Description: This update for taglib fixes the following issues: - Fixed a possible file corruption of ogg files (bsc#1179817, gh#taglib/taglib#864): ----------------------------------------- Patch: SUSE-2021-41 Released: Thu Jan 7 11:51:31 2021 Summary: Security update for tomcat Severity: moderate References: 1179602,CVE-2020-17527 Description: This update for tomcat fixes the following issue: - CVE-2020-17527: Fixed a HTTP/2 request header mix-up (bsc#1179602). ----------------------------------------- Patch: SUSE-2021-61 Released: Mon Jan 11 15:01:26 2021 Summary: Security update for nodejs14 Severity: moderate References: 1178882,1180553,1180554,CVE-2020-8265,CVE-2020-8277,CVE-2020-8287 Description: This update for nodejs14 fixes the following issues: - New upstream LTS version 14.15.4: * CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits (bsc#1180553) * CVE-2020-8287: HTTP Request Smuggling allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html). (bsc#1180554) - New upstream LTS version 14.15.3: * deps: + upgrade npm to 6.14.9 + update acorn to v8.0.4 * http2: check write not scheduled in scope destructor * stream: fix regression on duplex end - New upstream LTS version 14.15.1: * deps: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to resolve a DNS record with a larger number of responses (bsc#1178882, CVE-2020-8277) ----------------------------------------- Patch: SUSE-2021-62 Released: Mon Jan 11 15:01:42 2021 Summary: Security update for nodejs12 Severity: moderate References: 1178882,1179491,1180553,1180554,CVE-2020-1971,CVE-2020-8265,CVE-2020-8277,CVE-2020-8287 Description: This update for nodejs12 fixes the following issues: - New upstream LTS version 12.20.1: * CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits (bsc#1180553) * CVE-2020-8287: HTTP Request Smuggling allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html). (bsc#1180554) * CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. (bsc#1179491) - New upstream LTS version 12.20.0: * deps: + update llhttp '2.1.2' -> '2.1.3' + update uv '1.39.0' -> '1.40.0' + update uvwasi '0.0.10' -> '0.0.11' * fs: add .ref() and .unref() methods to watcher classes * http: added scheduling option to http agent * module: + exports pattern support + named exports for CJS via static analysis * n-api: add more property defaults (gh#35214) - New upstream LTS version 12.19.1: * deps: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to resolve a DNS record with a larger number of responses (bsc#1178882, CVE-2020-8277) - New upstream LTS version 12.19.0: * crypto: add randomInt function * deps: + upgrade to libuv 1.39.0 + deps: upgrade npm to 6.14.7 + deps: upgrade to libuv 1.38.1 * doc: deprecate process.umask() with no arguments * module: + package 'imports' field + module: deprecate module.parent * n-api: create N-API version 7 * zlib: switch to lazy init for zlib streams ----------------------------------------- Patch: SUSE-2021-65 Released: Mon Jan 11 15:11:49 2021 Summary: Recommended update for hamcrest Severity: low References: 1120493,1179994 Description: This update for hamcrest fixes the following issues: - Make hamcrest build reproducibly. (bsc#1120493) - Fix typo in hamcrest-core description. (bsc#1179994) ----------------------------------------- Patch: SUSE-2021-71 Released: Tue Jan 12 08:30:53 2021 Summary: Security update for MozillaFirefox Severity: important References: 1180623,CVE-2020-16044 Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.1 ESR * Fixed: Critical security issue MFSA 2021-01 (bsc#1180623) * CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk ----------------------------------------- Patch: SUSE-2021-73 Released: Tue Jan 12 10:24:50 2021 Summary: Recommended update for SUSEConnect Severity: low References: Description: This update for SUSEConnect fixes the following issue: Update to version 0.3.29 - Replace the Ruby path with the native one during build phase. ----------------------------------------- Patch: SUSE-2021-79 Released: Tue Jan 12 10:49:34 2021 Summary: Recommended update for gcc7 Severity: moderate References: 1167939 Description: This update for gcc7 fixes the following issues: - Amend the gcc7 aarch64 atomics for glibc namespace violation with getauxval. [bsc#1167939] ----------------------------------------- Patch: SUSE-2021-81 Released: Tue Jan 12 13:46:13 2021 Summary: Security update for ImageMagick Severity: moderate References: 1179103,CVE-2020-19667 Description: This update for ImageMagick fixes the following issues: - CVE-2020-19667 [bsc#1179103]: Stack buffer overflow in XPM coder could result in a crash ----------------------------------------- Patch: SUSE-2021-86 Released: Tue Jan 12 14:32:46 2021 Summary: Security update for crmsh Severity: important References: 1179999,CVE-2020-35459 Description: This update for crmsh fixes the following issue: - CVE-2020-35459: Fixed a privilege escalation in hawk_invoke (bsc#1179999). ----------------------------------------- Patch: SUSE-2021-88 Released: Tue Jan 12 14:33:31 2021 Summary: Security update for hawk2 Severity: important References: 1179998,CVE-2020-35458 Description: This update for hawk2 fixes the following security issue: - CVE-2020-35458: Fixed an insufficient input handler that could have led to remote code execution (bsc#1179998). ----------------------------------------- Patch: SUSE-2021-97 Released: Tue Jan 12 19:16:15 2021 Summary: Security update for the Linux Kernel Severity: moderate References: 1040855,1044120,1044767,1050242,1050536,1050545,1055117,1056653,1056657,1056787,1064802,1065729,1066129,1094840,1103990,1103992,1104389,1104393,1109695,1109837,1110096,1111666,1112178,1112374,1115431,1118657,1122971,1136460,1136461,1138374,1139944,1144912,1152457,1158775,1164780,1168952,1171078,1172145,1172538,1172694,1173834,1174784,1174852,1176558,1176559,1176956,1177666,1178270,1178401,1178590,1178634,1178762,1179014,1179015,1179045,1179082,1179107,1179141,1179142,1179204,1179403,1179406,1179418,1179419,1179421,1179429,1179444,1179520,1179578,1179601,1179663,1179670,1179671,1179672,1179673,1179711,1179713,1179714,1179715,1179716,1179722,1179723,1179724,1179745,1179810,1179888,1179895,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180086,1180117,1180258,1180506,CVE-2018-20669,CVE-2019-20934,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-15436,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-29371,CVE-2020-29660,CVE-2020-29661,CVE-2020-4788 Description: The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). - CVE-2020-11668: Fixed an out of bounds write to the heap in drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) caused by mishandling invalid descriptors (bsc#1168952). - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). The following non-security bugs were fixed: - ACPI: PNP: compare the string length in the matching_id() (git-fixes). - ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1 (git-fixes). - ACPICA: Do not increment operation_region reference counts for field units (git-fixes). - ALSA: ca0106: fix error code handling (git-fixes). - ALSA: ctl: allow TLV read operation for callback type of element in locked case (git-fixes). - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes). - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes). - ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes). - ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes). - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes). - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes). - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes). - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes). - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes). - ALSA: hda: Fix potential race in unsol event handler (git-fixes). - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes). - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes). - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes). - ALSA: line6: Perform sanity check for each URB creation (git-fixes). - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes). - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes). - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes). - ALSA: timer: Limit max amount of slave instances (git-fixes). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes). - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes). - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes). - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes). - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes). - ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes). - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes). - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes). - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes). - ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes). - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes). - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes). - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes). - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes). - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes). - ASoC: pcm3168a: The codec does not support S32_LE (git-fixes). - ASoC: pcm: DRAIN support reactivation (git-fixes). - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile (git-fixes). - ASoC: sti: fix possible sleep-in-atomic (git-fixes). - ASoC: wm8904: fix regcache handling (git-fixes). - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes). - ASoC: wm_adsp: Do not generate kcontrols without READ flags (git-fixes). - ASoC: wm_adsp: remove 'ctl' from list on error in wm_adsp_create_control() (git-fixes). - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes). - ath10k: Fix an error handling path (git-fixes). - ath10k: fix backtrace on coredump (git-fixes). - ath10k: fix get invalid tx rate for Mesh metric (git-fixes). - ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq (git-fixes). - ath10k: Release some resources in an error handling path (git-fixes). - ath10k: Remove msdu from idr when management pkt send fails (git-fixes). - ath6kl: fix enum-conversion warning (git-fixes). - ath9k_htc: Discard undersized packets (git-fixes). - ath9k_htc: Modify byte order for an error message (git-fixes). - ath9k_htc: Silence undersized packet warnings (git-fixes). - ath9k_htc: Use appropriate rs_datalen type (git-fixes). - backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes). - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes). - Bluetooth: btusb: Fix detection of some fake CSR controllers with a bcdDevice val of 0x0134 (git-fixes). - Bluetooth: Fix advertising duplicated flags (git-fixes). - Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes). - bnxt_en: Fix race when modifying pause settings (bsc#1050242 ). - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (bsc#1050242). - btmrvl: Fix firmware filename for sd8997 chipset (bsc#1172694). - btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963). - btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634). - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784). - bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes). - can: mcp251x: add error check when wq alloc failed (git-fixes). - can: softing: softing_netdev_open(): fix error handling (git-fixes). - cfg80211: initialize rekey_data (git-fixes). - cfg80211: regulatory: Fix inconsistent format argument (git-fixes). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes). - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes). - clk: at91: usb: continue if clk_hw_round_rate() return zero (git-fixes). - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes). - clk: qcom: Allow constant ratio freq tables for rcg (git-fixes). - clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes). - clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes). - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes). - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes). - clk: tegra: Fix duplicated SE clock entry (git-fixes). - clk: tegra: Fix Tegra PMC clock out parents (git-fixes). - clk: ti: composite: fix memory leak (git-fixes). - clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call (git-fixes). - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes). - clocksource/drivers/asm9260: Add a check for of_clk_get (git-fixes). - coredump: fix core_pattern parse error (git-fixes). - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes). - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes). - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes). - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes). - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes). - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes). - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes). - cxgb4: Fix offset when clearing filter byte counters (bsc#1064802 bsc#1066129). - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish (git-fixes). - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes). - drm/amd/display: remove useless if/else (git-fixes). - drm/amdgpu: fix build_coefficients() argument (git-fixes). - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes). - drm/gma500: fix double free of gma_connector (git-fixes). - drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes). - drm/msm/dpu: Add newline to printks (git-fixes). - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes). - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes). - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes). - epoll: Keep a reference on files added to the check list (bsc#1180031). - ext4: correctly report 'not supported' for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1179672). - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716). - ext4: fix error handling code in add_new_gdb (bsc#1179722). - ext4: fix invalid inode checksum (bsc#1179723). - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670). - ext4: limit entries returned when counting fsmap records (bsc#1179671). - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673). - extcon: max77693: Fix modalias string (git-fixes). - firmware: qcom: scm: Ensure 'a0' status code is treated as signed (git-fixes). - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes). - forcedeth: use per cpu to collect xmit/recv statistics (git-fixes). - fs: Do not invalidate page buffers in block_write_full_page() (bsc#1179711). - geneve: change from tx_error to tx_dropped on missing metadata (git-fixes). - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729). - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes). - gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap() (git-fixes). - gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP (git-fixes). - gpio: max77620: Fixup debounce delays (git-fixes). - gpio: max77620: Use correct unit for debounce times (git-fixes). - gpio: mpc8xxx: Add platform device to gpiochip->parent (git-fixes). - gpio: mvebu: fix potential user-after-free on probe (git-fixes). - gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model (git-fixes). - gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk (git-fixes). - gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option (git-fixes). - gpiolib: acpi: Turn dmi_system_id table into a generic quirk table (git-fixes). - gpiolib: fix up emulated open drain outputs (git-fixes). - HID: Add another Primax PIXART OEM mouse quirk (git-fixes). - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes). - HID: core: check whether Usage Page item is after Usage ID items (git-fixes). - HID: core: Correctly handle ReportSize being zero (git-fixes). - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes). - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes). - HID: Improve Windows Precision Touchpad detection (git-fixes). - HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() (git-fixes). - HID: logitech-hidpp: Silence intermittent get_battery_capacity errors (git-fixes). - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes). - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes). - hwmon: (jc42) Fix name to have no illegal characters (git-fixes). - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes). - i2c: i801: Fix resume bug (git-fixes). - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes). - i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes). - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes). - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (git-fixes). - i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666) - i40iw: fix null pointer dereference on a null wqe pointer (bsc#1111666) - i40iw: Report correct firmware version (bsc#1111666) - IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666) - IB/hfi1: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666) - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (bsc#1111666) - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (bsc#1111666) - IB/mlx4: Add and improve logging (bsc#1111666) - IB/mlx4: Add support for MRA (bsc#1111666) - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666) - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666) - IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666) - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1111666) - IB/qib: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666) - IB/rdmavt: Fix sizeof mismatch (bsc#1111666) - IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666) - ibmvnic: add some debugs (bsc#1179896 ltc#190255). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - igc: Fix returning wrong statistics (bsc#1118657). - iio: adc: max1027: Reset the device at probe time (git-fixes). - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes). - iio: bmp280: fix compensation of humidity (git-fixes). - iio: buffer: Fix demux update (git-fixes). - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes). - iio: fix center temperature of bmc150-accel-core (git-fixes). - iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting (git-fixes). - iio: light: bh1750: Resolve compiler warning and make code more readable (git-fixes). - iio: srf04: fix wrong limitation in distance measuring (git-fixes). - iio:imu:bmi160: Fix too large a buffer (git-fixes). - iio:pressure:mpl3115: Force alignment of buffer (git-fixes). - inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes). - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes). - Input: ads7846 - fix race that causes missing releases (git-fixes). - Input: ads7846 - fix unaligned access on 7845 (git-fixes). - Input: atmel_mxt_ts - disable IRQ across suspend (git-fixes). - Input: cm109 - do not stomp on control URB (git-fixes). - Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes). - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes). - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes). - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes). - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes). - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes). - Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes). - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes). - Input: omap4-keypad - fix runtime PM error handling (git-fixes). - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes). - Input: trackpoint - add new trackpoint variant IDs (git-fixes). - Input: trackpoint - enable Synaptics trackpoints (git-fixes). - Input: xpad - support Ardwiino Controllers (git-fixes). - ipw2x00: Fix -Wcast-function-type (git-fixes). - irqchip/alpine-msi: Fix freeing of interrupts on allocation error path (git-fixes). - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes). - iwlwifi: mvm: fix unaligned read of rx_pkt_status (git-fixes). - iwlwifi: pcie: limit memory read spin time (git-fixes). - kABI fix for g2d (git-fixes). - kABI workaround for dsa/b53 changes (git-fixes). - kABI workaround for HD-audio generic parser (git-fixes). - kABI workaround for net/ipvlan changes (git-fixes). - kABI workaround for usermodehelper changes (bsc#1179406). - kABI: ath10k: move a new structure member to the end (git-fixes). - kABI: genirq: add back irq_create_mapping (bsc#1065729). - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kgdb: Fix spurious true from in_dbg_master() (git-fixes). - KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits (bsc#1112178). - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes). - mac80211: Check port authorization in the ieee80211_tx_dequeue() case (git-fixes). - mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes). - mac80211: fix authentication with iwlwifi/mvm (git-fixes). - mac80211: fix use of skb payload instead of header (git-fixes). - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes). - matroxfb: avoid -Warray-bounds warning (git-fixes). - md/raid5: fix oops during stripe resizing (git-fixes). - media: am437x-vpfe: Setting STD to current value is not an error (git-fixes). - media: cec-funcs.h: add status_req checks (git-fixes). - media: cx88: Fix some error handling path in 'cx8800_initdev()' (git-fixes). - media: gspca: Fix memory leak in probe (git-fixes). - media: i2c: mt9v032: fix enum mbus codes and frame sizes (git-fixes). - media: i2c: ov2659: Fix missing 720p register config (git-fixes). - media: i2c: ov2659: fix s_stream return value (git-fixes). - media: msi2500: assign SPI bus number dynamically (git-fixes). - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-patches). - media: pvrusb2: Fix oops on tear-down when radio support is not present (git-fixes). - media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes). - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes). - media: si470x-i2c: add missed operations in remove (git-fixes). - media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes). - media: solo6x10: fix missing snd_card_free in error handling case (git-fixes). - media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run() (git-fixes). - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes). - media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort cases (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid sizeimage (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format (git-fixes). - media: ti-vpe: vpe: Make sure YUYV is set as default format (git-fixes). - media: uvcvideo: Set media controller entity functions (git-fixes). - media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes). - media: v4l2-async: Fix trivial documentation typo (git-fixes). - media: v4l2-core: fix touch support in v4l_g_fmt (git-fixes). - media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros (git-fixes). - mei: bus: do not clean driver pointer (git-fixes). - mei: protect mei_cl_mtu from null dereference (git-fixes). - memstick: fix a double-free bug in memstick_check (git-fixes). - memstick: r592: Fix error return in r592_probe() (git-fixes). - mfd: rt5033: Fix errorneous defines (git-fixes). - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes). - mlxsw: core: Fix memory leak on module removal (bsc#1112374). - mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). - Move upstreamed bt fixes into sorted section - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes). - net/smc: fix valid DMBE buffer sizes (git-fixes). - net/tls: Fix kmap usage (bsc#1109837). - net/tls: missing received data after fast remote close (bsc#1109837). - net/x25: prevent a couple of overflows (bsc#1178590). - net: aquantia: Fix aq_vec_isr_legacy() return value (git-fixes). - net: aquantia: fix LRO with FCS error (git-fixes). - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (bsc#1103990 ). - net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan() (git-fixes). - net: dsa: b53: Ensure the default VID is untagged (git-fixes). - net: dsa: b53: Fix default VLAN ID (git-fixes). - net: dsa: b53: Properly account for VLAN filtering (git-fixes). - net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes). - net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend() (git-fixes). - net: dsa: qca8k: remove leftover phy accessors (git-fixes). - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852). - net: ena: handle bad request id in ena_netdev (git-fixes). - net: ethernet: ti: cpsw: clear all entries when delete vid (git-fixes). - net: ethernet: ti: cpsw: fix runtime_pm while add/kill vlan (git-fixes). - net: hisilicon: Fix signedness bug in hix5hd2_dev_probe() (git-fixes). - net: macb: add missing barriers when reading descriptors (git-fixes). - net: macb: fix dropped RX frames due to a race (git-fixes). - net: macb: fix error format in dev_err() (git-fixes). - net: macb: fix random memory corruption on RX with 64-bit DMA (git-fixes). - net: pasemi: fix an use-after-free in pasemi_mac_phy_init() (git-fixes). - net: phy: Avoid multiple suspends (git-fixes). - net: qed: fix 'maybe uninitialized' warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: qed: fix async event callbacks unregistering (bsc#1104393 bsc#1104389). - net: qede: fix PTP initialization on recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: qede: fix use-after-free on recovery and AER handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: seeq: Fix the function used to release some memory in an error handling path (git-fixes). - net: sh_eth: fix a missing check of of_get_phy_mode (git-fixes). - net: sonic: replace dev_kfree_skb in sonic_send_packet (git-fixes). - net: sonic: return NETDEV_TX_OK if failed to map buffer (git-fixes). - net: stmmac: fix csr_clk can't be zero issue (git-fixes). - net: stmmac: Fix reception of Broadcom switches tags (git-fixes). - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (bsc#1110096). - net: usb: sr9800: fix uninitialized local variable (git-fixes). - net:ethernet:aquantia: Extra spinlocks removed (git-fixes). - net_sched: fix a memory leak in atm_tc_init() (bsc#1056657 bsc#1056653 bsc#1056787). - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes). - nfc: s3fwrn5: Release the nfc firmware (git-fixes). - nfc: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes). - nfp: use correct define to return NONE fec (bsc#1109837). - NFS: fix nfs_path in case of a rename retry (git-fixes). - NFSD: Add missing NFSv2 .pc_func methods (git-fixes). - NFSv4.2: fix client's attribute cache management for copy_file_range (git-fixes). - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes). - ocfs2: fix unbalanced locking (bsc#1180506). - ocfs2: initialize ip_next_orphan (bsc#1179724). - orinoco: Move context allocation after processing the skb (git-fixes). - parport: load lowlevel driver if ports not found (git-fixes). - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes). - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes). - PCI: Do not disable decoding when mmio_always_on is set (git-fixes). - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes). - phy: Revert toggling reset changes (git-fixes). - pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler() (git-fixes). - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes). - pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes). - pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes). - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes). - pinctrl: merrifield: Set default bias in case no particular value given (git-fixes). - pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B (git-fixes). - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes). - platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes). - platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes). - platform/x86: mlx-platform: remove an unused variable (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes). - PM / hibernate: memory_bm_find_bit(): Tighten node optimisation (git-fixes). - PM: ACPI: Output correct message on target power state (git-fixes). - PM: hibernate: Freeze kernel threads in software_resume() (git-fixes). - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes). - pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes). - power: supply: bq24190_charger: fix reference leak (git-fixes). - power: supply: bq27xxx_battery: Silence deferred-probe error (git-fixes). - powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729). - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253). - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630). - powerpc/pci: Remove legacy debug code (bsc#1172145 ltc#184630 git-fixes). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630). - powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630). - powerpc/perf: Fix crash with is_sier_available when pmu is not set (bsc#1179578 ltc#189313). - powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes). - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729). - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes). - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729). - powerpc: Convert to using %pOF instead of full_name (bsc#1172145 ltc#184630). - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at (bsc#1065729). - ppp: remove the PPPIOCDETACH ioctl (git-fixes). - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes). - qed: fix error return code in qed_iwarp_ll2_start() (bsc#1050536 bsc#1050545). - qed: suppress 'do not support RoCE & iWARP' flooding on HW init (bsc#1050536 bsc#1050545). - qed: suppress false-positives interrupt error messages on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714). - radeon: insert 10ms sleep in dce5_crtc_load_lut (git-fixes). - ravb: Fix use-after-free ravb_tstamp_skb (git-fixes). - RDMA/bnxt_re: Fix lifetimes in bnxt_re_task (bsc#1111666) - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1111666) - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (bsc#1111666) - RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666) - RDMA/cm: Remove a race freeing timewait_info (bsc#1111666) - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (bsc#1111666) - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (bsc#1111666) - RDMA/core: Fix race between destroy and release FD object (bsc#1111666) - RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666) - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1111666) - RDMA/hns: Set the unsupported wr opcode (bsc#1111666) - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (bsc#1111666) - RDMA/ipoib: Return void from ipoib_ib_dev_stop() (bsc#1111666) - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1111666) - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (bsc#1111666) - RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666) - RDMA/mlx4: Read pkey table length instead of hardcoded value (bsc#1111666) - RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666) - RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666) - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (bsc#1111666) - RDMA/qedr: Endianness warnings cleanup (bsc#1111666) - RDMA/qedr: Fix doorbell setting (bsc#1111666) - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (bsc#1050545). - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ). - RDMA/qedr: Fix use of uninitialized field (bsc#1111666) - RDMA/qedr: SRQ's bug fixes (bsc#1111666) - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1111666) - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1111666) - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1111666) - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666) - RDMA/rxe: Remove useless rxe_init_device_param assignments (bsc#1111666) - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1111666) - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1111666) - RDMA/rxe: Set default vendor ID (bsc#1111666) - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (bsc#1111666) - RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666) - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1111666) - reboot: fix overflow parsing reboot cpu number (bsc#1179421). - regmap: debugfs: check count when read regmap file (git-fixes). - regmap: dev_get_regmap_match(): fix string comparison (git-fixes). - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes). - regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe() (git-fixes). - regulator: pfuze100-regulator: Variable 'val' in pfuze100_regulator_probe() could be uninitialized (git-fixes). - regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone (git-fixes). - reiserfs: Fix oops during mount (bsc#1179715). - reiserfs: Initialize inode keys properly (bsc#1179713). - remoteproc: Fix wrong rvring index computation (git-fixes). - rfkill: Fix incorrect check to avoid NULL pointer dereference (git-fixes). - rtc: 88pm860x: fix possible race condition (git-fixes). - rtc: hym8563: enable wakeup when applicable (git-fixes). - rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot (git-fixes). - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() (git-fixes). - s390/bpf: Fix multiple tail calls (git-fixes). - s390/cpuinfo: show processor physical address (git-fixes). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes). - s390/dasd: fix hanging device offline processing (bsc#1144912). - s390/dasd: fix null pointer dereference for ERP requests (git-fixes). - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes). - s390/qeth: fix af_iucv notification race (git-fixes). - s390/qeth: fix tear down of async TX buffers (git-fixes). - s390/qeth: make af_iucv TX notification call more robust (git-fixes). - s390/stp: add locking to sysfs functions (git-fixes). - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (git-fixes). - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1164780). - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1164780). - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1164780). - scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1164780). - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1164780). - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1164780). - scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1164780). - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1164780). - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1164780). - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1164780). - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1164780). - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1164780). - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1164780). - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1164780). - scsi: lpfc: Fix memory leak on lcb_context (bsc#1164780). - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1164780). - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1164780). - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1164780). - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1164780). - scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1164780). - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1164780). - scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1164780). - scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1164780). - scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1164780). - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1164780). - scsi: lpfc: Fix spelling mistake 'Cant' -> 'Can't' (bsc#1164780). - scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1164780). - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1164780). - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1164780). - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1164780). - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1164780). - scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1164780). - scsi: lpfc: Reject CT request for MIB commands (bsc#1164780). - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1164780). - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1164780). - scsi: lpfc: Remove set but not used 'qp' (bsc#1164780). - scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1164780). - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1164780). - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1164780). - scsi: lpfc: Rework remote port lock handling (bsc#1164780). - scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1164780). - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1164780). - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1164780). - scsi: lpfc: Use generic power management (bsc#1164780). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Do not consume srb greedily (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Use constant when it is known (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: Remove unneeded break statements (bsc#1164780). - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1172538 bsc#1179142 bsc#1179810). - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes). - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes). - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes). - serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE (git-fixes). - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes). - serial_core: Check for port state when tty is in error state (git-fixes). - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - SMB3: Honor lease disabling for multiuser mounts (git-fixes). - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes). - soc: imx: gpc: fix power up sequencing (git-fixes). - soc: mediatek: Check if power domains can be powered on at boot time (git-fixes). - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes). - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes). - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes). - spi: Add call to spi_slave_abort() function when spidev driver is released (git-fixes). - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes). - spi: davinci: Fix use-after-free on unbind (git-fixes). - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes). - spi: dw: Fix Rx-only DMA transfers (git-fixes). - spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes). - spi: Fix memory leak on splited transfers (git-fixes). - spi: img-spfi: fix potential double release (git-fixes). - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes). - spi: pic32: Do not leak DMA channels in probe error path (git-fixes). - spi: pxa2xx: Add missed security checks (git-fixes). - spi: spi-cavium-thunderx: Add missing pci_release_regions() (git-fixes). - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes). - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes). - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes). - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes). - spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes). - spi: st-ssc4: add missed pm_runtime_disable (git-fixes). - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes). - spi: tegra114: fix reference leak in tegra spi ops (git-fixes). - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes). - spi: tegra20-slink: add missed clk_unprepare (git-fixes). - spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes). - splice: only read in as much information as there is pipe buffer space (bsc#1179520). - staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes). - staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value (git-fixes). - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes). - staging: olpc_dcon: add a missing dependency (git-fixes). - staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes). - staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21 (git-fixes). - staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 (git-fixes). - staging: rtl8188eu: fix possible null dereference (git-fixes). - staging: rtl8192u: fix multiple memory leaks on error path (git-fixes). - staging: vt6656: set usb_set_intfdata on driver fail (git-fixes). - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() (git-fixes). - staging: wlan-ng: properly check endpoint types (git-fixes). - sunrpc: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1103992). - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes). - sunrpc: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes). - sunrpc: The RDMA back channel mustn't disappear while requests are outstanding (git-fixes). - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (bsc#1103992). - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (bsc#1103992). - tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (bsc#1109837). - thunderbolt: Use 32-bit writes when writing ring producer/consumer (git-fixes). - timer: Fix wheel index calculation on last level (git fixes) - timer: Prevent base->clk from moving backward (git-fixes) - tracing: Fix out of bounds write in get_trace_buf (bsc#1179403). - tty: always relink the port (git-fixes). - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes). - tty: link tty and port before configuring it as console (git-fixes). - tty: synclink_gt: Adjust indentation in several functions (git-fixes). - tty: synclinkmp: Adjust indentation in several functions (git-fixes). - tty:serial:mvebu-uart:fix a wrong return (git-fixes). - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (git-fixes). - uapi/if_ether.h: prevent redefinition of struct ethhdr (git-fixes). - usb: add RESET_RESUME quirk for Snapscan 1212 (git-fixes). - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes). - usb: dummy-hcd: Fix uninitialized array use in init() (git-fixes). - usb: dwc2: Fix IN FIFO allocation (git-fixes). - usb: dwc3: remove the call trace of USBx_GFLADJ (git-fixes). - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes). - usb: Fix: Do not skip endpoint descriptors with maxpacket=0 (git-fixes). - usb: fsl: Check memory resource before releasing it (git-fixes). - usb: gadget: composite: Fix possible double free memory bug (git-fixes). - usb: gadget: configfs: fix concurrent issue between composite APIs (git-fixes). - usb: gadget: configfs: Fix missing spin_lock_init() (git-fixes). - usb: gadget: f_acm: add support for SuperSpeed Plus (git-fixes). - usb: gadget: f_fs: Use local copy of descriptors for userspace copy (git-fixes). - usb: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes). - usb: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes). - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (git-fixes). - usb: gadget: fix wrong endpoint desc (git-fixes). - usb: gadget: goku_udc: fix potential crashes in probe (git-fixes). - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes). - usb: gadget: serial: fix Tx stall after buffer overflow (git-fixes). - usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe() (git-fixes). - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes). - usb: hso: Fix debug compile warning on sparc32 (git-fixes). - usb: ldusb: use unsigned size format specifiers (git-fixes). - usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue (git-fixes). - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes). - usb: serial: ch341: add new Product ID for CH341A (git-fixes). - usb: serial: ch341: sort device-id entries (git-fixes). - usb: serial: digi_acceleport: clean up modem-control handling (git-fixes). - usb: serial: digi_acceleport: clean up set_termios (git-fixes). - usb: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes). - usb: serial: digi_acceleport: remove in_interrupt() usage. - usb: serial: digi_acceleport: remove redundant assignment to pointer priv (git-fixes). - usb: serial: digi_acceleport: rename tty flag variable (git-fixes). - usb: serial: digi_acceleport: use irqsave() in USB's complete callback (git-fixes). - usb: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes). - usb: serial: keyspan_pda: fix stalled writes (git-fixes). - usb: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes). - usb: serial: keyspan_pda: fix write deadlock (git-fixes). - usb: serial: keyspan_pda: fix write unthrottling (git-fixes). - usb: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes). - usb: serial: kl5kusb105: fix memleak on open (git-fixes). - usb: serial: mos7720: fix parallel-port state restore (git-fixes). - usb: serial: option: add Fibocom NL668 variants (git-fixes). - usb: serial: option: add interface-number sanity check to flag handling (git-fixes). - usb: serial: option: add support for Thales Cinterion EXS82 (git-fixes). - usb: serial: option: fix Quectel BG96 matching (git-fixes). - usb: Skip endpoints with 0 maxpacket length (git-fixes). - usb: UAS: introduce a quirk to set no_write_same (git-fixes). - usb: usbfs: Suppress problematic bind and unbind uevents (git-fixes). - usblp: poison URBs upon disconnect (git-fixes). - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes). - usermodehelper: reset umask to default before executing user process (bsc#1179406). - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes). - vt: do not hardcode the mem allocation upper bound (git-fixes). - vt: Reject zero-sized screen buffer size (git-fixes). - watchdog: coh901327: add COMMON_CLK dependency (git-fixes). - watchdog: da9062: do not ping the hw during stop() (git-fixes). - watchdog: da9062: No need to ping manually before setting timeout (git-fixes). - watchdog: qcom: Avoid context switch in restart handler (git-fixes). - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes). - wimax: fix duplicate initializer warning (git-fixes). - wireless: Use linux/stddef.h instead of stddef.h (git-fixes). - wireless: Use offsetof instead of custom macro (git-fixes). - x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz (bsc#1112178). - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1112178). - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1112178). - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1112178). - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (bsc#1112178). - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1112178). - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (bsc#1112178). - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1112178). - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb (bsc#1112178). - x86/tracing: Introduce a static key for exception tracing (bsc#1179895). - x86/traps: Simplify pagefault tracing logic (bsc#1179895). - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1112178). - xfrm: Fix memleak on xfrm state destroy (bsc#1158775). - xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes). - xprtrdma: fix incorrect header size calculations (git-fixes). ----------------------------------------- Patch: SUSE-2021-105 Released: Tue Jan 12 19:50:06 2021 Summary: Recommended update for postgresql12 Severity: low References: 1178961 Description: This update for postgresql12 fixes the following issues: - Marked symlinks to pg_config and ecpg as ghost files, so that rpm doesn't complain when they are not there (bsc#1178961) ----------------------------------------- Patch: SUSE-2021-109 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 Description: This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------- Patch: SUSE-2021-111 Released: Wed Jan 13 11:47:54 2021 Summary: Recommended update for prometheus-ha_cluster_exporter Severity: moderate References: Description: This update for prometheus-ha_cluster_exporter fixes the following issue: Update to version 1.2.1 - Remove Pacemaker dependency from systemd unit (jsc#TEAM-2169) ----------------------------------------- Patch: SUSE-2021-113 Released: Wed Jan 13 14:47:57 2021 Summary: Recommended update for gdm Severity: moderate References: 1174533,1179968 Description: This update for gdm fixes the following issues: - Fix for the issue with user switch with enabled autologin. (bsc#1179968, bsc#1174533) ----------------------------------------- Patch: SUSE-2021-93 Released: Wed Jan 13 16:45:40 2021 Summary: Security update for tcmu-runner Severity: important References: 1180676,CVE-2021-3139 Description: This update for tcmu-runner fixes the following issues: - CVE-2021-3139: Fixed a LIO security issue (bsc#1180676). ----------------------------------------- Patch: SUSE-2021-119 Released: Thu Jan 14 10:13:15 2021 Summary: Recommended update for bcache-tools Severity: moderate References: Description: This update for bcache-tools fixes the following issues: - Fix typo from `SUUP` to `SUPP` (jsc#SLE-9807) - change from `BCH_FEATURE_COMPAT_SUUP` to `BCH_FEATURE_COMPAT_SUPP` - change from `BCH_FEATURE_INCOMPAT_SUUP` to `BCH_FEATURE_INCOMPAT_SUPP` - change from `BCH_FEATURE_INCOMPAT_SUUP` to `BCH_FEATURE_RO_COMPAT_SUPP` - Call `set_bucket_size()` only for cache device (jsc#SLE-9807) - Add `BCH_FEATURE_INCOMPAT_LARGE_BUCKET` to `BCH_FEATURE_INCOMPAT_SUPP` (jsc#SLE-9807) - `BCH_FEATURE_INCOMPAT_LARGE_BUCKET` is a feature to support 32bits bucket size, which is incompatible feature for existing on-disk layout. This fix adds this feature bit to `BCH_FEATURE_INCOMPAT_SUPP` feature set. - Check for incompatible feature set (jsc#SLE-9807) - Introduce `BCH_FEATURE_INCOMPAT_LOG_LARGE_BUCKET_SIZE` for large bucket (jsc#SLE-9807) - Display obsoleted bucket size configuration (jsc#SLE-9807) - Recover the missing `sb.csum` for showing `bcache` device super block (jsc#SLE-9807) - Call `to_cache_sb()` only for `bcache` device in `may_add_item()` (jsc#SLE-9807) - Improve column alignment for `bcache show -m` output (jsc#SLE-9807) ----------------------------------------- Patch: SUSE-2021-120 Released: Thu Jan 14 10:13:19 2021 Summary: Recommended update for gnome-packagekit Severity: important References: 1180247 Description: This update for gnome-packagekit fixes the following issue: - Fix the logout support after an update. (bsc#1180247) ----------------------------------------- Patch: SUSE-2021-123 Released: Thu Jan 14 10:28:40 2021 Summary: Security update for MozillaThunderbird Severity: important References: 1180623,CVE-2020-16044 Description: This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.6.1 * changed: MailExtensions: browserAction, composeAction, and messageDisplayAction toolbar buttons now support label and default_label properties (bmo#1583478) * fixed: Running a quicksearch that returned no results did not offer to re-run as a global search (bmo#1663153) * fixed: Message search toolbar fixes (bmo#1681010) * fixed: Very long subject lines distorted the message compose and display windows, making them unusable (bmo#77806) * fixed: Compose window: Recipient addresses that had not yet been autocompleted were lost when clicking Send button (bmo#1674054) * fixed: Compose window: New message is no longer marked as 'changed' just from tabbing out of the recipient field without editing anything (bmo#1681389) * fixed: Account autodiscover fixes when using MS Exchange servers (bmo#1679759) * fixed: LDAP address book stability fix (bmo#1680914) * fixed: Messages with invalid vcard attachments were not marked as read when viewed in the preview window (bmo#1680468) * fixed: Chat: Could not add TLS certificate exceptions for XMPP connections (bmo#1590471) * fixed: Calendar: System timezone was not always properly detected (bmo#1678839) * fixed: Calendar: Descriptions were sometimes blank when editing a single occurrence of a repeating event (bmo#1664731) * fixed: Various printing bugfixes (bmo#1676166) * fixed: Visual consistency and theme improvements (bmo#1682808) MFSA 2021-02 (bsc#1180623) * CVE-2020-16044 (bmo#1683964) Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk ----------------------------------------- Patch: SUSE-2021-124 Released: Thu Jan 14 10:29:02 2021 Summary: Security update for php7 Severity: moderate References: 1180706,CVE-2020-7071 Description: This update for php7 fixes the following issue: - CVE-2020-7071: Fixed an insufficient filter in parse_url() that accepted URLs with invalid userinfo (bsc#1180706). ----------------------------------------- Patch: SUSE-2021-129 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 Description: This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------- Patch: SUSE-2021-130 Released: Thu Jan 14 13:08:01 2021 Summary: Recommended update for aide Severity: moderate References: 1180165 Description: This update for aide fixes the following issue: - Add a `syslog_format` to Advanced Intrusion Detection Environment (AIDE). (bsc#1180165) ----------------------------------------- Patch: SUSE-2021-134 Released: Fri Jan 15 10:30:56 2021 Summary: Recommended update for gnu-compilers-hpc Severity: important References: 1174439 Description: This update for gnu-compilers-hpc fixes the following issues: - Add build support for gcc10 to HPC build. (bsc#1174439) - Fix version parsing for gcc10 and up. ----------------------------------------- Patch: SUSE-2021-141 Released: Fri Jan 15 11:11:20 2021 Summary: Recommended update for gnome-software Severity: moderate References: 1161095,1174849,1178768 Description: This update for gnome-software fixes the following issue: - plugin-loader: Handle offline update errors properly. (bsc#1161095) - Add missing devel headers referenced by gnome-software.h. (bsc#1174849) - added gnome-packagekit as recommended dependency (bsc#1178768) ----------------------------------------- Patch: SUSE-2021-144 Released: Fri Jan 15 16:17:39 2021 Summary: Recommended update for emacs Severity: important References: 1175028 Description: This update for emacs fixes the following issues: - Fix SIGSEGV introduced by a security fix for libX11 (bsc#1175028). ----------------------------------------- Patch: SUSE-2021-152 Released: Fri Jan 15 17:04:47 2021 Summary: Recommended update for lvm2 Severity: moderate References: 1179691,1179738 Description: This update for lvm2 fixes the following issues: - Fix for lvm2 to use udev as external device by default. (bsc#1179691) - Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738) ----------------------------------------- Patch: SUSE-2021-153 Released: Fri Jan 15 18:01:33 2021 Summary: Security update for ImageMagick Severity: moderate References: 1179202,1179208,1179212,1179221,1179223,1179240,1179244,1179260,1179268,1179269,1179276,1179278,1179281,1179285,1179311,1179312,1179313,1179315,1179317,1179321,1179322,1179327,1179333,1179336,1179338,1179339,1179343,1179345,1179346,1179347,1179361,1179362,1179397,1179753,CVE-2020-25664,CVE-2020-25665,CVE-2020-25666,CVE-2020-25674,CVE-2020-25675,CVE-2020-25676,CVE-2020-27750,CVE-2020-27751,CVE-2020-27752,CVE-2020-27753,CVE-2020-27754,CVE-2020-27755,CVE-2020-27756,CVE-2020-27757,CVE-2020-27758,CVE-2020-27759,CVE-2020-27760,CVE-2020-27761,CVE-2020-27762,CVE-2020-27763,CVE-2020-27764,CVE-2020-27765,CVE-2020-27766,CVE-2020-27767,CVE-2020-27768,CVE-2020-27769,CVE-2020-27770,CVE-2020-27771,CVE-2020-27772,CVE-2020-27773,CVE-2020-27774,CVE-2020-27775,CVE-2020-27776,CVE-2020-29599 Description: This update for ImageMagick fixes the following issues: - CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202). - CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage (bsc#1179208). - CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212). - CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage (bsc#1179223). - CVE-2020-25675: Fixed an outside the range of representable values of type 'long' and integer overflow (bsc#1179240). - CVE-2020-25676: Fixed an outside the range of representable values of type 'long' and integer overflow at MagickCore/pixel.c (bsc#1179244). - CVE-2020-27750: Fixed a division by zero in MagickCore/colorspace-private.h (bsc#1179260). - CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269). - CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346). - CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346). - CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397). - CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345). - CVE-2020-27756: Fixed a division by zero at MagickCore/geometry.c (bsc#1179221). - CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268). - CVE-2020-27758: Fixed an outside the range of representable values of type 'unsigned long long' (bsc#1179276). - CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313). - CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281). - CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315). - CVE-2020-27762: Fixed an outside the range of representable values of type 'unsigned char' (bsc#1179278). - CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312). - CVE-2020-27764: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179317). - CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311). - CVE-2020-27766: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179361). - CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322). - CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339). - CVE-2020-27770: Fixed an unsigned offset overflowed at MagickCore/string.c (bsc#1179343). - CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327). - CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347). - CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h (bsc#1179285). - CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c (bsc#1179333). - CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338). - CVE-2020-27776: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179362). - CVE-2020-29599: Fixed a shell command injection in -authenticate (bsc#1179753). ----------------------------------------- Patch: SUSE-2021-163 Released: Tue Jan 19 12:11:10 2021 Summary: Security update for dnsmasq Severity: important References: 1176076,1177077,CVE-2020-25681,CVE-2020-25682,CVE-2020-25683,CVE-2020-25684,CVE-2020-25685,CVE-2020-25686,CVE-2020-25687 Description: This update for dnsmasq fixes the following issues: - bsc#1177077: Fixed DNSpooq vulnerabilities - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when DNSSEC is enabled. - Retry query to other servers on receipt of SERVFAIL rcode (bsc#1176076) ----------------------------------------- Patch: SUSE-2021-169 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Severity: moderate References: 1179816,1180077,1180663,1180721 Description: This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------- Patch: SUSE-2021-174 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Severity: moderate References: 1172695 Description: This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------- Patch: SUSE-2021-175 Released: Wed Jan 20 09:23:50 2021 Summary: Security update for postgresql, postgresql13 Severity: moderate References: 1178666,1178667,1178668,1178961,CVE-2020-25694,CVE-2020-25695,CVE-2020-25696 Description: This update for postgresql, postgresql13 fixes the following issues: This update ships postgresql13. Upgrade to version 13.1: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch) * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/13/release-13-1.html Initial packaging of PostgreSQL 13: * https://www.postgresql.org/about/news/2077/ * https://www.postgresql.org/docs/13/release-13.html - bsc#1178961: %ghost the symlinks to pg_config and ecpg. Changes in postgresql wrapper package: - Bump major version to 13. - We also transfer PostgreSQL 9.4.26 to the new package layout in SLE12-SP2 and newer. Reflect this in the conflict with postgresql94. - Also conflict with PostgreSQL versions before 9. - Conflicting with older versions is not limited to SLE. ----------------------------------------- Patch: SUSE-2021-176 Released: Wed Jan 20 09:49:05 2021 Summary: Security update for xstream Severity: important References: 1180145,1180146,1180994,CVE-2020-26217,CVE-2020-26258,CVE-2020-26259 Description: This update for xstream fixes the following issues: xstream was updated to version 1.4.15. - CVE-2020-26217: Fixed a remote code execution due to insecure XML deserialization when relying on blocklists (bsc#1180994). - CVE-2020-26258: Fixed a server-side request forgery vulnerability (bsc#1180146). - CVE-2020-26259: Fixed an arbitrary file deletion vulnerability (bsc#1180145). ----------------------------------------- Patch: SUSE-2021-179 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Severity: moderate References: 1177460 Description: This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------- Patch: SUSE-2021-183 Released: Thu Jan 21 11:35:36 2021 Summary: Security update for perl-Convert-ASN1 Severity: moderate References: 1168934,CVE-2013-7488 Description: This update for perl-Convert-ASN1 fixes the following issue: - CVE-2013-7488: Fixed an infinite loop via unexpected input (bsc#1168934). ----------------------------------------- Patch: SUSE-2021-184 Released: Thu Jan 21 11:35:56 2021 Summary: Security update for gdk-pixbuf Severity: moderate References: 1174307,1180393,CVE-2020-29385 Description: This update for gdk-pixbuf fixes the following issues: - CVE-2020-29385: Fixed an infinite loop in lzw.c in the function write_indexes (bsc#1180393). - Fixed an integer underflow in the GIF loader (bsc#1174307). ----------------------------------------- Patch: SUSE-2021-186 Released: Thu Jan 21 14:55:16 2021 Summary: Security update for wavpack Severity: moderate References: 1091340,1091341,1091342,1091343,1091344,1180414,CVE-2018-10536,CVE-2018-10537,CVE-2018-10538,CVE-2018-10539,CVE-2018-10540,CVE-2018-19840,CVE-2018-19841,CVE-2018-6767,CVE-2018-7253,CVE-2018-7254,CVE-2019-1010319,CVE-2019-11498,CVE-2020-35738 Description: This update for wavpack fixes the following issues: - Update to version 5.4.0 * CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414) * fixed: disable A32 asm code when building for Apple silicon * fixed: issues with Adobe-style floating-point WAV files * added: --normalize-floats option to wvunpack for correctly exporting un-normalized floating-point files - Update to version 5.3.0 * fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448 * fixed: trailing garbage characters on imported ID3v2 TXXX tags * fixed: various minor undefined behavior and memory access issues * fixed: sanitize tag extraction names for length and path inclusion * improved: reformat wvunpack 'help' and split into long + short versions * added: regression testing to Travis CI for OSS-Fuzz crashers - Updated to version 5.2.0 *fixed: potential security issues including the following CVEs: CVE-2018-19840, CVE-2018-19841, CVE-2018-10536 (bsc#1091344), CVE-2018-10537 (bsc#1091343) CVE-2018-10538 (bsc#1091342), CVE-2018-10539 (bsc#1091341), CVE-2018-10540 (bsc#1091340), CVE-2018-7254, CVE-2018-7253, CVE-2018-6767, CVE-2019-11498 and CVE-2019-1010319 * added: support for CMake, Travis CI, and Google's OSS-fuzz * fixed: use correction file for encode verify (pipe input, Windows) * fixed: correct WAV header with actual length (pipe input, -i option) * fixed: thumb interworking and not needing v6 architecture (ARM asm) * added: handle more ID3v2.3 tag items and from all file types * fixed: coredump on Sparc64 (changed MD5 implementation) * fixed: handle invalid ID3v2.3 tags from sacd-ripper * fixed: several corner-case memory leaks ----------------------------------------- Patch: SUSE-2021-191 Released: Fri Jan 22 10:14:02 2021 Summary: Recommended update for groff Severity: moderate References: 1180276 Description: This update for groff fixes the following issues: - include adjustments for reproducible builds (bsc#1180276) ----------------------------------------- Patch: SUSE-2021-194 Released: Fri Jan 22 13:31:01 2021 Summary: Security update for stunnel Severity: moderate References: 1177580,1178533 Description: This update for stunnel fixes the following issues: Security issue fixed: - The 'redirect' option was fixed to properly handle 'verifyChain = yes' (bsc#1177580). Non-security issues fixed: - Fix startup problem of the stunnel daemon (bsc#1178533) - update to 5.57: * Security bugfixes * New features - New securityLevel configuration file option. - Support for modern PostgreSQL clients - TLS 1.3 configuration updated for better compatibility. * Bugfixes - Fixed a transfer() loop bug. - Fixed memory leaks on configuration reloading errors. - DH/ECDH initialization restored for client sections. - Delay startup with systemd until network is online. - A number of testing framework fixes and improvements. - update to 5.56: - Various text files converted to Markdown format. - Support for realpath(3) implementations incompatible with POSIX.1-2008, such as 4.4BSD or Solaris. - Support for engines without PRNG seeding methods (thx to Petr Mikhalitsyn). - Retry unsuccessful port binding on configuration file reload. - Thread safety fixes in SSL_SESSION object handling. - Terminate clients on exit in the FORK threading model. - Fixup stunnel.conf handling: * Remove old static openSUSE provided stunnel.conf. * Use upstream stunnel.conf and tailor it for openSUSE using sed. * Don't show README.openSUSE when installing. - enable /etc/stunnel/conf.d - re-enable openssl.cnf ----------------------------------------- Patch: SUSE-2021-195 Released: Fri Jan 22 15:17:17 2021 Summary: Security update for mutt Severity: moderate References: 1181221,CVE-2021-3181 Description: This update for mutt fixes the following issue: - CVE-2021-3181: Fixed a memory leak in recipient parsing (bsc#1181221). ----------------------------------------- Patch: SUSE-2021-197 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Severity: moderate References: 1171883,CVE-2020-8025 Description: This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------- Patch: SUSE-2021-200 Released: Fri Jan 22 15:39:33 2021 Summary: Security update for hawk2 Severity: critical References: 1179998,CVE-2020-35458 Description: This update for hawk2 fixes the following issues: hawk2 was updated to version 2.4.0+git.1611141202.2fe6369e. Security issue fixed: - Fixed another possible code execution vulnerability in the controller code (bsc#1179998). ----------------------------------------- Patch: SUSE-2021-201 Released: Mon Jan 25 13:33:09 2021 Summary: Recommended update for crmsh Severity: moderate References: 1177023,1180149,1180421,1180424 Description: This update for crmsh fixes the following issues: - Fix for an issue when 'cluster-init' fails due to wrong declaration of netmask. (bsc#1180421) - Fix for crmsh and yast2-cluster by adding '/etc/modules-load.d/watchdog.conf' into corosync config. (bsc#1180424) - Fix for bootstrap to return more specific error messages. (bsc#1177023) - Fix for a bootstrap isue when cluster init process not protected by lock and exclude other not joinging. (bsc#1180149) - Implement to use ping to test host is reachable before joining. - Check cluster was running on init node ----------------------------------------- Patch: SUSE-2021-207 Released: Mon Jan 25 16:16:05 2021 Summary: Recommended update for python-websockify Severity: moderate References: 1163513 Description: This update for python-websockify fixes the following issues: - Add 'python-numpy' as requirement. (bsc#1163513) ----------------------------------------- Patch: SUSE-2021-211 Released: Mon Jan 25 18:21:13 2021 Summary: Recommended maintenance update for libyui-qt-pkg Severity: important References: 1181257 Description: This update for libyui-qt-pkg fixes the following issue: - Provide the missing package libyui-qt-pkg11 to the Basesystem module in SLE-15-SP2 (bsc#1181257) ----------------------------------------- Patch: SUSE-2021-220 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Severity: moderate References: 1180603 Description: This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------- Patch: SUSE-2021-222 Released: Tue Jan 26 15:04:57 2021 Summary: Security update for go1.14 Severity: moderate References: 1164903,1181145,1181146,CVE-2021-3114,CVE-2021-3115 Description: This update for go1.14 fixes the following issues: Go was updated to version 1.14.14 (bsc#1164903). Security issues fixed: - CVE-2021-3114: Fixed incorrect operations on the P-224 curve in crypto/elliptic (bsc#1181145). - CVE-2021-3115: Fixed a potential arbitrary code execution in the build process (bsc#1181146). ----------------------------------------- Patch: SUSE-2021-228 Released: Tue Jan 26 23:05:38 2021 Summary: Recommended update for python-kiwi Severity: moderate References: 1179562,1180781 Description: This update for python-kiwi fixes the following issues: - Azure generated images are not bootable. (bsc#1180781) - Fixed validation of bool value in dracut module. - The `oem-multipath-scan` setup results in a bool variable inside of the initrd code. The variable `kiwi_oemmultipath_scan` is therefore either set to `true` or `false`. This update fixes the validation to make use of the `bool()` method provided for these type of variables. - Azure `LI/VLI` Production image boot process drops to dracut rescue shell during boot randomly (bsc#1179562) - Omit multipath module by default - The plain installation of the multipath toolkit activates the dracut multipath code. The setup if the target image runs in a multipath environment or not should however be decided explicitly in the image description via `` and not implicitly by the presence of tools - Fixed multipath disk device assignment in kiwi lib - The former lookup of the multipath mapped disk device contained a race condition. If the lookup of the device mapper files happened before multipathd has finished the initialization, kiwi continues with the unix node name and fails when the device mapper keeps a busy state on it. Now, in case of an explicit request to use multipath the lookup of the mapped device becomes a mandatory process that runs until the `DEVICE_TIMEOUT` is reached. Default timeout is set to 60 sec. ----------------------------------------- Patch: SUSE-2021-231 Released: Wed Jan 27 10:11:13 2021 Summary: Recommended update for apache2 Severity: moderate References: 1180530 Description: This update for apache2 fixes the following issues: - Fix for an issue when 'gensslcert' does not set CA:True. (bsc#1180530) ----------------------------------------- Patch: SUSE-2021-233 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 Description: This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------- Patch: SUSE-2021-237 Released: Thu Jan 28 18:22:24 2021 Summary: Recommended update for habootstrap-formula Severity: moderate References: 1177860 Description: This update for drbd-formula, habootstrap-formula, iscsi-formula, saphanabootstrap-formula, sapnwbootstrap-formula fixes the following issues: drbd-formula: - Version 0.4.0 - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860) habootstrap-formula: - Version 0.4.0 - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860) - Remove lock states as this is done in `crmsh` now - Fix ssh keys management to run them once the first node is initialized - Remove `--no-overwrite-sshkey` option from the formula - `qdevice` support: it can be created when initializing a cluster when multiple nodes are joining in parallel iscsi-formula: - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860) saphanabootstrap-formula: - Version 0.7.0 - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860) - Start the `saptune` daemon service - Add requisite of HANA installation to subsequent salt states - Add support to extract and install HANA Client `sar` packages - Set the native fence mechanism usage for `CSP` as optional (jsc#SLE-4047) - Fix the HANA media extraction and installation logics when using `exe` archives - Update the SUSE Manager HANA form metadata, to show HANA form under SAP deployment group - Update SUSe Manager `form.yml` file and prevalidation state with latest changes in formula sapnwbootstrap-formula: - Version 0.6.0 - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860) - Add requisites of `netweaver` installation to subsequent salt states - Start the `saptune` systemd service - Fix `additional_dvds` variable usage when salt uses python 2. - The variable is filtered by `tojson` option to avoid `u` prefix in lists - Set the native fence mechanism usage for `CSP` as optional - Add instance name suffix to `socat` resources - Remove meta `resource-stickness` to the `ERS` resources group - Update the db installation template to use correctly the schema names for S/4HANA - Update the default `nw_extract_dir` `SWPM` media extraction location ----------------------------------------- Patch: SUSE-2021-243 Released: Fri Jan 29 09:37:29 2021 Summary: Security update for jackson-databind Severity: moderate References: 1177616,1180391,1181118,CVE-2020-25649,CVE-2020-35728,CVE-2021-20190 Description: This update for jackson-databind fixes the following issues: jackson-databind was updated to 2.10.5.1: * #2589: `DOMDeserializer`: setExpandEntityReferences(false) may not prevent external entity expansion in all cases (CVE-2020-25649, bsc#1177616) * #2787 (partial fix): NPE after add mixin for enum * #2679: 'ObjectMapper.readValue('123', Void.TYPE)' throws 'should never occur' ----------------------------------------- Patch: SUSE-2021-251 Released: Mon Feb 1 11:19:48 2021 Summary: Security update for rubygem-nokogiri Severity: important References: 1146578,1156722,1180507,CVE-2019-5477,CVE-2020-26247 Description: This update for rubygem-nokogiri fixes the following issues: rubygem-nokogiri was updated to 1.8.5 (bsc#1156722). Security issues fixed: - CVE-2019-5477: Fixed a command injection vulnerability (bsc#1146578). - CVE-2020-26247: Fixed an XXE vulnerability in Nokogiri::XML::Schema (bsc#1180507). ----------------------------------------- Patch: SUSE-2021-257 Released: Mon Feb 1 14:46:06 2021 Summary: Security update for MozillaThunderbird Severity: important References: 1181414,CVE-2020-15685,CVE-2020-26976,CVE-2021-23953,CVE-2021-23954,CVE-2021-23960,CVE-2021-23964 Description: This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird was updated to 78.7.0 ESR (MFSA 2021-05, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs * CVE-2020-15685: Fixed an IMAP Response Injection when using STARTTLS ----------------------------------------- Patch: SUSE-2021-259 Released: Mon Feb 1 14:50:33 2021 Summary: Security update for MozillaFirefox Severity: important References: 1181414,CVE-2020-26976,CVE-2021-23953,CVE-2021-23954,CVE-2021-23960,CVE-2021-23964 Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs ----------------------------------------- Patch: SUSE-2021-263 Released: Mon Feb 1 15:01:07 2021 Summary: Security update for terraform Severity: moderate References: 1168921,1170264,1177421,CVE-2020-14039 Description: This update for terraform fixes the following issues: - Updated terraform to version 0.13.4 (bsc#1177421) * Many features, bug fixes, and enhancements were made during this update. Please refer to the terraform rpm changelog, for a full list of all changes. - The following terraform providers were updated: * terraform-provider-aws * terraform-provider-azurerm * terraform-provider-external * terraform-provider-google * terraform-provider-helm * terraform-provider-kubernetes * terraform-provider-local * terraform-provider-null * terraform-provider-random * terraform-provider-tls ----------------------------------------- Patch: SUSE-2021-264 Released: Mon Feb 1 15:04:00 2021 Summary: Recommended update for dracut Severity: important References: 1142248,1177870,1180119 Description: This update for dracut fixes the following issues: - As of v246 of systemd 'syslog' and 'syslog-console' switches have been deprecated. (bsc#1180119) - Make collect optional. (bsc#1177870) - Inclusion of dracut modifications to enable 'nvme-fc boo't support. (bsc#1142248) - Add nvmf module. (jsc#ECO-3063) * Implement 'fc,auto' commandline syntax. * Add nvmf-autoconnect script. * Fixup FC connections. * Rework parameter handling. * Fix typo in the example documentation. * Add 'NVMe over TCP' support. * Add module for 'NVMe-oF'. ----------------------------------------- Patch: SUSE-2021-265 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Severity: important References: 1178775,1180885 Description: This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------- Patch: SUSE-2021-271 Released: Mon Feb 1 21:04:13 2021 Summary: Recommended update for lshw Severity: moderate References: 1181411 Description: This update for lshw fixes the following issues: - Display UUID on Power VM LPAR. (bsc#1181411, ltc#191040) ----------------------------------------- Patch: SUSE-2021-272 Released: Mon Feb 1 21:04:44 2021 Summary: Recommended update for subversion Severity: low References: Description: This update for subversion fixes the following issue: - Enable the KDE integration from SUSE Linux Enterprise 15-SP3 and newer releases (jsc#SLE-11654) ----------------------------------------- Patch: SUSE-2021-273 Released: Mon Feb 1 21:05:17 2021 Summary: Recommended update for gnome-packagekit Severity: moderate References: 1134544 Description: This update for gnome-packagekit fixes the following issues: - Fixes an issue when 'gnome-packagekit' is unable to trigger a reboot with systemd by updating. (glgo#GNOME/gnome-packagekit!3, bsc#1134544) ----------------------------------------- Patch: SUSE-2021-278 Released: Tue Feb 2 09:43:08 2021 Summary: Recommended update for lvm2 Severity: moderate References: 1181319 Description: This update for lvm2 fixes the following issues: - Backport 'lvmlockd' to adopt orphan locks feature. (bsc#1181319) ----------------------------------------- Patch: SUSE-2021-280 Released: Tue Feb 2 11:33:49 2021 Summary: Recommended update for strongswan Severity: moderate References: 1167880,1180801 Description: This update for strongswan fixes the following issues: - Fix trailing quotation mark missing from example in README. (bsc#1167880) - Fixes an error in 'libgcrypt' causing problems by generating CA keys with 'pki create'. (bsc#1180801) ----------------------------------------- Patch: SUSE-2021-281 Released: Tue Feb 2 11:34:11 2021 Summary: Recommended update for colord Severity: moderate References: 1180898 Description: This update for colord fixes the following issues: - Fixes an issue with a missing 'AppArmor' configration for 'colord'.(bsc#1180898) ----------------------------------------- Patch: SUSE-2021-282 Released: Tue Feb 2 11:34:49 2021 Summary: Recommended update for gdm Severity: moderate References: 1178292 Description: This update for gdm fixes the following issues: - Fixes an issue when 'gdm' fails to get display and does not set it to 'NULL' when using with 'Xvfb' and it leads to a crash. (bsc#1178292, glgo#GNOME/gdm!118) ----------------------------------------- Patch: SUSE-2021-283 Released: Tue Feb 2 12:21:47 2021 Summary: Recommended maintenacne update for papi Severity: low References: 1181485 Description: This update for papi fixes the following issue: - Provide the missing `papi-devel`package. (bsc#1181485) ----------------------------------------- Patch: SUSE-2021-285 Released: Tue Feb 2 13:08:54 2021 Summary: Security update for cups Severity: moderate References: 1170671,1180520,CVE-2019-8842,CVE-2020-10001 Description: This update for cups fixes the following issues: - CVE-2020-10001: Fixed an out-of-bounds read in the ippReadIO function (bsc#1180520). - CVE-2019-8842: Fixed an out-of-bounds read in an extension field (bsc#1170671). ----------------------------------------- Patch: SUSE-2021-289 Released: Tue Feb 2 15:20:09 2021 Summary: Recommended update for arpwatch Severity: low References: Description: This update for arpwatch fixes the following issues: - Included arp2ethers script (jsc#SLE-17224) ----------------------------------------- Patch: SUSE-2021-292 Released: Wed Feb 3 11:46:32 2021 Summary: Recommended update for python-azure-agent Severity: moderate References: 1180719,1181600,1181601 Description: This update for python-azure-agent contains the following fix: - Added sysvinit-tools as dependency (bsc#1181600, bsc#1181601) - Recognise SLE_HPC as SLES and use the proper RDMA handler and distro specific initialization code (bsc#1180719) ----------------------------------------- Patch: SUSE-2021-293 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Severity: moderate References: 1180603 Description: This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------- Patch: SUSE-2021-294 Released: Wed Feb 3 12:54:28 2021 Summary: Recommended update for libprotobuf Severity: moderate References: Description: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911) ----------------------------------------- Patch: SUSE-2021-301 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Severity: moderate References: 1177460 Description: This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------- Patch: SUSE-2021-302 Released: Thu Feb 4 13:18:35 2021 Summary: Recommended update for lvm2 Severity: important References: 1179691 Description: This update for lvm2 fixes the following issues: - lvm2 will no longer use external_device_info_source='udev' as default because it introduced a regression (bsc#1179691). If this behavior is still wanted, please change this manually in the lvm.conf ----------------------------------------- Patch: SUSE-2021-337 Released: Mon Feb 8 13:14:24 2021 Summary: Recommended update for build Severity: low References: 1181646 Description: This update for build fixes the following issues: Features: - initial flatpak build support added - ccache support added - debtransform: Add Debian revision if not present - allow nodirindex filesystems via BuildFlags: vmfsoptions:nodirindex - rich dep handling for PreReqs - kiwi image: configure ndb database if we install the rpm-ndb package - Implement alternative method to specify build-ignores A lot of fixes came with this update, please refer to this rpm's changelog to obtain a full list of all changes. ----------------------------------------- Patch: SUSE-2021-339 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Severity: low References: Description: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------- Patch: SUSE-2021-352 Released: Tue Feb 9 15:02:05 2021 Summary: Security update for java-11-openjdk Severity: important References: 1181239 Description: This update for java-11-openjdk fixes the following issues: java-11-openjdk was upgraded to include January 2021 CPU (bsc#1181239) - Enable Sheandoah GC for x86_64 (jsc#ECO-3171) ----------------------------------------- Patch: SUSE-2021-355 Released: Tue Feb 9 18:07:49 2021 Summary: Security update for python Severity: important References: 1176262,1180686,1181126,CVE-2019-20916,CVE-2021-3177 Description: This update for python fixes the following issues: - buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126, CVE-2021-3177). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). ----------------------------------------- Patch: SUSE-2021-357 Released: Wed Feb 10 09:14:06 2021 Summary: Recommended update for PackageKit Severity: moderate References: 1180150 Description: This update for PackageKit fixes the following issues: - Reset update mode after getting updates. (bsc#1180150) ----------------------------------------- Patch: SUSE-2021-417 Released: Wed Feb 10 12:02:41 2021 Summary: Recommended update for osc Severity: moderate References: 235071 Description: This update for osc fixes the following issues: - support --lastsucceeded/--last-succeeded in 'osc buildlog', 'osc remotebuildlog' + friends (perform the corresponding operation on the build log of the last successful build) - several fixes in request related code paths (no double html_escape of a request's description etc.) - fix potential TypeErrors+UnicodeEncodeErrors in the util.cpio and util.ar modules - support local flatpak builds (requires a recent build version) - 'osc init ' works for a non-existent (server-side) project - .old dir support for source services so that some services have access to the results of a previous service run - maintainer search: lookup via package name by default and binary as fallback - fix crash on console resize when downloading files during build - add proper repourls to osc reporuls - new command osc releaserequest: This command is used to transfer sources and binaries without rebuilding them. - It requires defined release targets set to trigger='manual'. - some improvements on output of help and error messages - Fix path and permissions for fish completion file to /usr/share/fish/vendor_completions.d ----------------------------------------- Patch: SUSE-2021-418 Released: Wed Feb 10 12:02:55 2021 Summary: Recommended update for lftp Severity: moderate References: 1179669 Description: This update for lftp fixes the following issue: - Fixed an issue with the SSH prompt recognition (bsc#1179669) ----------------------------------------- Patch: SUSE-2021-421 Released: Wed Feb 10 12:05:23 2021 Summary: Recommended update for hwdata Severity: low References: 1180422,1180482 Description: This update for hwdata fixes the following issues: - Added merge-pciids.pl to fully duplicate behavior of pciutils-ids (bsc#1180422, bsc#1180482) - Updated pci, usb and vendor ids. ----------------------------------------- Patch: SUSE-2021-422 Released: Wed Feb 10 12:15:13 2021 Summary: Recommended update for tk Severity: low References: 1179615 Description: This update for tk fixes the following issues: - Fix for package building on newer service packs (bsc#1179615) This fix is optional to install. ----------------------------------------- Patch: SUSE-2021-425 Released: Wed Feb 10 15:55:11 2021 Summary: Security update for subversion Severity: important References: 1181687,CVE-2020-17525 Description: This update for subversion fixes the following issues: - CVE-2020-17525: A null-pointer-dereference has been found in mod_authz_svn that results in a remote unauthenticated Denial-of-Service in some server configurations (bsc#1181687). ----------------------------------------- Patch: SUSE-2021-430 Released: Wed Feb 10 19:21:55 2021 Summary: Security update for MozillaFirefox Severity: low References: 1181848 Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.7.1 ESR (bsc#1181848) - Fixed: Prevent access to NTFS special paths that could lead to filesystem corruption. - Buffer overflow in depth pitch calculations for compressed textures ----------------------------------------- Patch: SUSE-2021-435 Released: Thu Feb 11 14:47:25 2021 Summary: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Severity: important References: 1174075,1176708,1178801,1178969,1180243,1180401,1181730,1181732,CVE-2020-15257,CVE-2021-21284,CVE-2021-21285 Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Security issues fixed: - CVE-2020-15257: Fixed a privilege escalation in containerd (bsc#1178969). - CVE-2021-21284: potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) - CVE-2021-21285: pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730) Non-security issues fixed: - Update Docker to 19.03.15-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285). - Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE. It appears that SLES doesn't like the patch. (bsc#1180401) - Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and fixes CVE-2020-15257. bsc#1180243 - Update to containerd v1.3.7, which is required for Docker 19.03.13-ce. bsc#1176708 - Update to Docker 19.03.14-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257 bsc#1180243 https://github.com/docker/docker-ce/releases/tag/v19.03.14 - Enable fish-completion - Add a patch which makes Docker compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460) - Update to Docker 19.03.13-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708 - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Emergency fix: %requires_eq does not work with provide symbols, only effective package names. Convert back to regular Requires. - Update to Docker 19.03.12-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Use Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of spurrious errors due to Go returning -EINTR from I/O syscalls much more often (due to Go 1.14's pre-emptive goroutine support). - Add BuildRequires for all -git dependencies so that we catch missing dependencies much more quickly. - Update to libnetwork 55e924b8a842, which is required for Docker 19.03.14-ce. bsc#1180243 - Add patch which makes libnetwork compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460) ----------------------------------------- Patch: SUSE-2021-441 Released: Thu Feb 11 16:35:04 2021 Summary: Optional update for python3-jsonschema Severity: low References: 1180403 Description: This update provides the python3 variant of the jsonschema module to the SUSE Linux Enterprise 15 SP2 Basesystem module. ----------------------------------------- Patch: SUSE-2021-442 Released: Thu Feb 11 16:35:37 2021 Summary: Recommended update for gimp Severity: moderate References: 1178726,1180770 Description: This update for gimp fixes the following issues: - Fixed a crash when importing ps files (bsc#1180770, bsc#1178726) ----------------------------------------- Patch: SUSE-2021-443 Released: Thu Feb 11 16:36:24 2021 Summary: Security update for wpa_supplicant Severity: important References: 1181777,CVE-2021-0326 Description: This update for wpa_supplicant fixes the following issues: - CVE-2021-0326: P2P group information processing vulnerability (bsc#1181777). ----------------------------------------- Patch: SUSE-2021-450 Released: Fri Feb 12 11:38:29 2021 Summary: Recommended update for drbd-formula, habootstrap-formula, saphanabootstrap-formula, sapnwbootstrap-formula Severity: moderate References: 1177860,1181453 Description: This update for drbd-formula, habootstrap-formula, saphanabootstrap-formula, sapnwbootstrap-formula fixes the following issues: habootstrap-formula: - Version 0.4.1 - Improved handling of sshkeys entry in pillar file (bsc#1181453) - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860) - Remove lock states as this is done in `crmsh` now - Fix ssh keys management to run them once the first node is initialized - Remove `--no-overwrite-sshkey` option from the formula - `qdevice` support: it can be created when initializing a cluster when multiple nodes are joining in parallel saphanabootstrap-formula: - Version 0.7.0 - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860) - Start the `saptune` daemon service - Add requisite of HANA installation to subsequent salt states - Add support to extract and install HANA Client `sar` packages - Set the native fence mechanism usage for `CSP` as optional (jsc#SLE-4047) - Fix the HANA media extraction and installation logics when using `exe` archives - Update the SUSE Manager HANA form metadata, to show HANA form under SAP deployment group - Update SUSE Manager `form.yml` file and prevalidation state with latest changes in formula sapnwbootstrap-formula: - Version 0.6.0 - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860) - Add requisites of `netweaver` installation to subsequent salt states - Start the `saptune` systemd service - Fix `additional_dvds` variable usage when salt uses python 2. - The variable is filtered by `tojson` option to avoid `u` prefix in lists - Set the native fence mechanism usage for `CSP` as optional - Add instance name suffix to `socat` resources - Remove meta `resource-stickness` to the `ERS` resources group - Update the db installation template to use correctly the schema names for S/4HANA - Update the default `nw_extract_dir` `SWPM` media extraction location drbd-formula: - Version 0.4.0 - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860) ----------------------------------------- Patch: SUSE-2021-483 Released: Tue Feb 16 10:04:38 2021 Summary: Security update for python-bottle Severity: important References: 1182181,CVE-2020-28473 Description: This update for python-bottle fixes the following issues: - CVE-2020-28473: Fixed Web Cache Poisoning vulnerability using parameter cloaking (bsc#1182181). ----------------------------------------- Patch: SUSE-2021-487 Released: Tue Feb 16 11:52:25 2021 Summary: Optional update for ocr, openmpi4 Severity: low References: 1155120,1174439 Description: This update for ocr, openmpi4 fixes the following issues: This update is a codestream only needed for providing packages that are inherited by SLE15-SP3. openmpi4: Update to version 4.0.5 - Fixes compilation with UCX 1.8 - Fix 64bit portability issues - Link against libnuma (bsc#1155120) - Make reproducible builds. ocr: - Add build support for gcc10 to HPC build (bsc#1174439). - Add openmpi4 flavors (jsc#SLE-16462). - Fix `mpi_ver` -> `mpi_vers?`. ----------------------------------------- Patch: SUSE-2021-488 Released: Tue Feb 16 12:42:38 2021 Summary: Security update for jasper Severity: important References: 1179748,1181483,CVE-2020-27828,CVE-2021-3272 Description: This update for jasper fixes the following issues: - bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls - bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode ----------------------------------------- Patch: SUSE-2021-492 Released: Wed Feb 17 09:40:06 2021 Summary: Security update for screen Severity: important References: 1182092,CVE-2021-26937 Description: This update for screen fixes the following issues: - CVE-2021-26937: Fixed double width combining char handling that could lead to a denial of service or code execution (bsc#1182092). ----------------------------------------- Patch: SUSE-2021-493 Released: Wed Feb 17 11:25:46 2021 Summary: Recommended update for python-kiwi Severity: moderate References: 1170863,1175729,1176129,1176134,1176977,1179562,1180781 Description: This update for python-kiwi fixes the following issues: Update to version 9.21.23 - Azure generated images are not bootable. (bsc#1180781) - Fixed validation of bool value in dracut module. (bsc#1179562) - The `oem-multipath-scan` setup results in a bool variable inside of the initrd code. The variable `kiwi_oemmultipath_scan` is therefore either set to _true_ or _false_. This update fixes the validation to make use of the `bool()` method provided for these type of variables. - Omit multipath module by default (bsc#1179562) - The plain installation of the multipath toolkit activates the dracut multipath code. The setup if the target image runs in a multipath environment or not should however be decided explicitly in the image description via `` and not implicitly by the presence of tools. - Fixed multipath disk device assignment in kiwi lib (bsc#1179562) - The former lookup of the multipath mapped disk device contained a race condition. If the lookup of the device mapper files happened before multipathd has finished the initialization, kiwi continues with the unix node name and fails when the device mapper keeps a busy state on it. This update changes the code such that in case of an explicit request to use multipath the lookup of the mapped device becomes a mandatory process that runs until the `DEVICE_TIMEOUT` is reached. Default timeout is set to 60 sec. - Do not exclude filesystem folders in OCI images (bsc#1176129) - This update does not exclude filesystem folders during the rsync call in OCI images. It has been noted that including an empty `/dev` folder does not hurt and it can eventually help to workaround some limitations of container related tools such as `buildah`. - Fix/Refactor s390 support (bsc#1170863) - This changes the s390 support on several stages: - On s390 the boot process is based on zipl which boots into an initrd from which a userspace grub process is started to support the grub capabilities. The implementation of this concept is provided via the `grub2-s390x-emu` package. Once installed the setup of the bootloader is done via the `grub2-mkconfig` and `grub2-install` commands and therefore from a caller perspective the same as with any other grub2 setup process. For kiwi this means no extra zipl bootloader target code is needed. Therefore this update deletes the zipl setup from kiwi and puts on the standard grub2 process. - To support different targettypes the `grub2-s390x-emu` provided zipl template must be adapted. Parts of the former zipl bootloader setup therefore now applies to an update of the `zipl2grub` template file - Support for `CDL/LDL DASD` targets has been disabled in the schema. When testing 4k devices and a respective zipl2grub template setup for `CDL/LDL` targettype it has turned out that `grub2-install` is not able to run on such a device. Probably the device code in `grub2-install` does not work for 4k devices with an fdasd created partition table. As this needs further investigations and most probably adaptions on the grub toolchain for s390, we disabled the setup of these modes for now. Emulated DASD (FBA) and SCSI targets stays supported. - Fix compat link for rpmdb location. (bsc#1176977) - This update fixes the symbolic link creation for `/var/lib/rpm`. More specific for derived container images in which the base root tree already included the `/var/lib/rpm` the link, the `ln` command was creating a symbolic link inside the `/var/lib/rpm` folder givent that it was following the already existing symbolic link. Adding the `--no-target-directory` force `ln` command to treat `/var/lib/rpm` path as the fully qualified symlink name. - Fixed s390/sle15 Virtual disk integration test. (bsc#1170863) - The integration test used FBA mode as target. As the target is expected to be KVM this is the wrong setting. SCSI should be used instead. - Support dynamic `linux/linuxefi` in any case. (bsc#1175729, bsc#1176134) - Instead of restricting the dynamic linux vs. linuxefi setup to a specific grub version, support this setup for any version of grub. ----------------------------------------- Patch: SUSE-2021-494 Released: Wed Feb 17 13:05:51 2021 Summary: Security update for php7 Severity: important References: 1182049,CVE-2021-21702 Description: This update for php7 fixes the following issues: - CVE-2021-21702 [bsc#1182049]: NULL pointer dereference in SoapClient ----------------------------------------- Patch: SUSE-2021-499 Released: Wed Feb 17 19:07:44 2021 Summary: Recommended update for MozillaThunderbird Severity: moderate References: 1181848 Description: This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.7.1 (bsc#1181848) * changed: Building OpenPGP shared library linked to system libraries now supported * changed: MailExtension errors now shown in Developer Tools console by default * changed: MailExtensions: Dynamic registration of calendar providers now supported * fixed: OpenPGP improvements * fixed: Message preview was sometimes blank after upgrading from Thunderbird 68 * fixed: Email addresses whitelisted for remote content not displayed in preferences * fixed: Importing data from Seamonkey did not work * fixed: Renaming a mail list did not update the side bar * fixed: MailExtensions: messenger.* namespace was undefined ----------------------------------------- Patch: SUSE-2021-509 Released: Thu Feb 18 12:11:19 2021 Summary: Recommended update for ucode-intel Severity: important References: 1179224,1182347 Description: This update for ucode-intel fixes the following issues: Updated Intel CPU Microcode to 20210216 official release. (bsc#1182347 bsc#1179224) - | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products - |:---------------|:---------|:------------|:---------|:---------|:--------- - | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a08 | 02006a0a | Xeon Scalable - | SKX-D | M1 | 06-55-04/b7 | 02006a08 | 02006a0a | Xeon D-21xx - | CLX-SP | B0 | 06-55-06/bf | 04003003 | 04003006 | Xeon Scalable Gen2 - | CLX-SP | B1 | 06-55-07/bf | 05003003 | 05003006 | Xeon Scalable Gen2 ----------------------------------------- Patch: SUSE-2021-516 Released: Thu Feb 18 14:42:51 2021 Summary: Recommended update for docker, golang-github-docker-libnetwork Severity: moderate References: 1178801,1180401,1182168 Description: This update for docker, golang-github-docker-libnetwork fixes the following issues: - A libnetwork firewalld integration enhancement was broken, disable it (bsc#1178801,bsc#1180401,bsc#1182168) ----------------------------------------- Patch: SUSE-2021-518 Released: Thu Feb 18 17:57:56 2021 Summary: Recommended update for highlight Severity: moderate References: 1142155 Description: This update for highlight fixes the following issues: Update from version 3.42 to 3.59: - HTML output: Added `white-space: pre-wrap` to pre tag CSS. - Updated mark_lines.lua plug-in accept a line range as input parameter and output xterm256 terminal sequences. - Improved Ruby code folding of the outhtml_codefold plug-in. - Updated astyle lib to rev 672. - Added support for reStructured Text. - Added support for Rego (openpolicyagent.org). - Added `outhtml_copy_clipboard.lua` plugin. - CLI: Adapted default xterm256/truecolor theme to terminal background colour. - CLI: Adapted ANSI line numbers to terminal background colour. - CLI: Fixed segfault if the user home directory cannot be determined. - GUI: Initial font set to Monospace. - GUI: Replaced highlight.xpm by highlight.png icon. - Add hicolor-icon-themes as build requirement: Required since move of highlight-gui icon. - Improved `--force` fallback argument handling. - Added C++ attribute syntax support. - Added Lua fuction `StoreValue` to set and retrieve information across Lua states. - Added `extras/eclipse-themes/eclipse_color_themes.py` script to retrieve themes from eclipsecolorthemes.org. - Added support for Web Assembly Text. - Updated mark_lines.lua to output 16m terminal sequences - Fixed issues in bash.lang. - Fixed Bash heredoc highlighting in bash_functions.lua - CLI: `highlight --version -q` only prints the version number. * GUI: Added theme contrast indicator. - Added support for Haml. - Added support for Wren. * Added Lua function `OverrideParam`. - Fixed regression in xterm256 or truecolor output * Fixed `--list-scripts` with read-only language definitions - Improved several language definitions. * Added support for Sequence Alignment Maps (SAM files). * Added empty-file mode to --no-trailing-nl - Fixed issue with --syntax-by-name waiting for stdin - Fixed issue with --syntax reading matching files in the current working directory - Fixed string parsing in lisp.lang * Fixed output of UTF-8 text in xterm256 or truecolor output * Fixed regex in js.lang. * Fixed calculation of testcase markers with UTF-8 input. - Allowed number literals with underscores in Java, Scala, D, Julia, C#, Perl and Ada definitions. * Added Nord theme. - Improved handling of empty files in xterm256 and truecolor output - Added EncodingHint attributes to filetypes.conf and language definitions - CLI: Allowed file paths as --theme and --syntax argument * GUI: Removed deprecated QTime API call. - Fixed default colour output in BBCode - Fixed corner case in sh.lang. * Fixed syntax tests with UTF-8 input - Added support for Bash in outhtml_codefold.lua plug-in. * Added ballerina.lang. * Added block strings to java.lang. - Added author hints in themes and language definitions. * Added C++20 reserved words in c.lang. - Added editorconfig file and validated all files accordingly. * CLI: Fixed --list-scripts with -d or HIGHLIGHT_DATADIR env variable * GUI: Removed AsciiDoc instruction lines from the README popup window. - Use lang_package macro for highlight-gui-lang declaration. - Fixed out-of-range exception with repeated AddKeyword calls. - Added KeywordFormatHints, Priority and Constraints elements to syntax definitions. - Added Lua function AddPersistentState - Renamed md.lang to markdown.lang. - Added Fish syntax definition. - Makefile: added _FILE_OFFSET_BITS=64 flag. - CLI: added optional fallback syntax to --force - CLI: added option --max-size * GUI: added multibyte path trace window. * GUI: fixed superfluous creation of the same stylesheet file. - Fix build instability (bsc#1142155). - Added negation `~` to test state indicators - Added support for Hugo. * Added 5 duotone themes. - CLI: fixed segfault with `--force` * GUI: limited font selection to monospace fonts * SVG output: Added `white-space: pre` in styles. - HTML output: Replaced `'` by `'` - HTML output: Fixed index file format (missing close tags). - CLI: Moved syntax recognition functions to DataDir class. * CLI: Added regular expressions and default false values to --verbose output. - CLI: Fixed `--list-cat` without `--list-scripts` * CLI: Added optional argument to `--base16` * CLI: Added default base16 themes - CLI: Added `--isolate` option - Added lineno, column parameters to OnStateChange hook. - Added support for Crystal. - Added support for Slim. - Fixed several typos in documentaion and manpages. * CLI: Added `--syntax-by-name` option. * CLI: Removed deprecated `--list-langs` and`--list-themes` options. - GUI: Added terminal sequence output options - Added support for Meson, Solidity, TOML and Terraform. - Improved Perl and Yaml highlighting. - Added Categories field to all config files. - CLI: added category info in --list-scripts output. * CLI: added --list-cat option - CLI: added optional topic parameter to --help. * GUI: added theme category selection. - GUI: display categories of selected syntax or theme. - Fixed --list-scripts abortion with Fedora default compile options * Fixed a problem with syntax test indicators reporting wrong states after comments. - Improved Verilog syntax. - Improved quoted string highlighting for Perl and Ruby. - Detection of pkg-config's Lua version in src/makefile. - Fixed xterm256 and truecolor whitespace output #2 - Fixed LaTeX, TeX, SVG and ODT whitespace output (regression of version 3.45). * Added darkplus theme. * Converted ChangeLog to AsciiDoc. - Allowed state test indicators to match both whitespace (ws) and the enclosing state (others). - CLI: Default output changed to xterm256 or truecolor if run in a terminal with color support and only a single file is outputted. - GUI: Added checkbox in the clipboard tab to output selected lines only. - Fixed xterm256 and truecolor whitespace output - Converted manuals to AsciiDoc. - Added DocumentHeader and DocumentFooter plug-in hooks. - Added RemoveKeyword Lua function for syntax definitions. - Added syntax test indicators (see README_TESTCASES). - Added support for ISO and R10 variants of Modula2. - Fixed R identifiers. - Fixed ALAN IF identifiers. - Fixed issue with Bash string interpolation. - Added Swift keywords and types. - Added Gradle extension mapping. - Fixed Ruby string interpolation - Added support for ALAN IF. - Added 107 Base16 themes. * Updated Rust and Java reserved words lists. * Revised documentation. - Moved extras/css-themes into extras/themes-resources. * Added extras/themes-resources/base16. * GUI: added Base16 theme selection checkbox. * CLI: added --base16 option to enable the new themes. - CLI: accept - as argument to read from stdin - Make the build of gui subpackage conditional (built by default). - Updated astyle code to release 3.1 (Rev. 655). - Added webkit reformatting style. - Improved several language definitions. - Fixed Matlab string recognition - Fixed Autohotkey escape sequence recognition. - Added excel.lang - Improved Qt pro file - CLI: Added --reformat-option * CLI: Added --line-range - GUI: Added Bulgarian translation. ----------------------------------------- Patch: SUSE-2021-525 Released: Fri Feb 19 12:45:54 2021 Summary: Recommended update for go1.14 Severity: moderate References: 1164903 Description: This update for go1.14 fixes the following issues: - go1.14.15 (released 2021-02-04) includes fixes to the compiler, runtime, the go command, and the net/http package. * go#43859 cmd/go: handle space in path to C compiler * go#43796 cmd/go: TestScript/mod_get_fallback relies on x/tools not being tagged * go#43792 internal/execabs: disable tests on js-wasm * go#43574 cmd/compile: 32-bit random data corruption * go#43405 x/mobile/cmd/gomobile: gomobile build on simple program returns 'ld: error: duplicate symbol: x_cgo_inittls' * go#42586 net/http: race in http2Transport ----------------------------------------- Patch: SUSE-2021-526 Released: Fri Feb 19 12:46:27 2021 Summary: Recommended update for python-distro Severity: moderate References: Description: This update for python-distro fixes the following issues: Upgrade from version 1.2.0 to 1.5.0 (jsc#ECO-3212) - Backward compatibility: - Keep output as native string so we can compatible with python2 interface - Prefer the `VERSION_CODENAME` field of `os-release` to parsing it from `VERSION` - Bug Fixes: - Fix detection of RHEL 6 `ComputeNode` - Fix Oracle 4/5 `lsb_release` id and names - Ignore `/etc/plesk-release` file while parsing distribution - Return `_uname_info` from the `uname_info()` method - Fixed `CloudLinux` id discovery - Update Oracle matching - Warn about wrong locale. - Documentation: - Distro is the recommended replacement for `platform.linux_distribution` - Add Ansible reference implementation and fix arch-linux link - Add facter reference implementation ----------------------------------------- Patch: SUSE-2021-529 Released: Fri Feb 19 14:53:47 2021 Summary: Security update for python3 Severity: moderate References: 1176262,1179756,1180686,1181126,CVE-2019-20916,CVE-2021-3177 Description: This update for python3 fixes the following issues: - CVE-2021-3177: Fixed buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). ----------------------------------------- Patch: SUSE-2021-531 Released: Fri Feb 19 14:54:06 2021 Summary: Security update for tomcat Severity: moderate References: 1180947,CVE-2021-24122 Description: This update for tomcat fixes the following issues: - CVE-2021-24122: Fixed an information disclosure if resources are served from the NTFS file system (bsc#1180947). ----------------------------------------- Patch: SUSE-2021-536 Released: Mon Feb 22 11:16:45 2021 Summary: Security update for webkit2gtk3 Severity: important References: 1182286,CVE-2020-13558 Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.30.5 (bsc#1182286): + Bring back the WebKitPluginProcess installation that was removed by mistake. + Fix RunLoop objects leaked in worker threads. + Fix aarch64 llint build with JIT disabled. + Use Internet Explorer quirk for Google Docs. + Security fixes: CVE-2020-13558. ----------------------------------------- Patch: SUSE-2021-540 Released: Mon Feb 22 11:55:49 2021 Summary: Recommended update for postgresql10 Severity: moderate References: 1179765 Description: This update for postgresql10 fixes the following issues: - updated postgresql version to 10.16 Note: Reindexing might be needed after applying this update. ----------------------------------------- Patch: SUSE-2021-542 Released: Mon Feb 22 12:14:19 2021 Summary: Recommended update for poppler Severity: moderate References: 1181551 Description: This update for poppler fixes the following issues: - Fixed an issue where it was not possible to open signed DocuSign documents with poppler (bsc#1181551) ----------------------------------------- Patch: SUSE-2021-543 Released: Mon Feb 22 13:54:49 2021 Summary: Security update for postgresql13 Severity: moderate References: 1179765,1182039,1182040,CVE-2021-20229,CVE-2021-3393 Description: This update for postgresql13 fixes the following issues: Upgrade to version 13.2: * Updating stored views and reindexing might be needed after applying this update. * CVE-2021-3393, bsc#1182040: Fix information leakage in constraint-violation error messages. * CVE-2021-20229, bsc#1182039: Fix failure to check per-column SELECT privileges in some join queries. ----------------------------------------- Patch: SUSE-2021-544 Released: Mon Feb 22 13:55:04 2021 Summary: Security update for postgresql12 Severity: moderate References: 1179765,1182040,CVE-2021-3393 Description: This update for postgresql12 fixes the following issues: Upgrade to version 12.6: - Reindexing might be needed after applying this update. - CVE-2021-3393, bsc#1182040: Fix information leakage in constraint-violation error messages. ----------------------------------------- Patch: SUSE-2021-547 Released: Mon Feb 22 14:40:20 2021 Summary: Recommended update for tboot Severity: moderate References: 1180756 Description: This update for tboot fixes the following issues: - Backported some patches to fix boot issues in UEFI mode on some newer machines/firmwares (bsc#1180756) - Fixed boot issues in legacy mode on some machines when using grub2 multiboot(1) directive (bsc#1180756) ----------------------------------------- Patch: SUSE-2021-549 Released: Tue Feb 23 09:24:14 2021 Summary: Security update for gnuplot Severity: moderate References: 1176689,CVE-2020-25559 Description: This update for gnuplot fixes the following issues: - CVE-2020-25559: Fixed double free when executing print_set_output() (bsc#1176689). ----------------------------------------- Patch: SUSE-2021-551 Released: Tue Feb 23 09:31:53 2021 Summary: Security update for avahi Severity: moderate References: 1180827,CVE-2021-26720 Description: This update for avahi fixes the following issues: - CVE-2021-26720: drop privileges when invoking avahi-daemon-check-dns.sh (bsc#1180827) - Update avahi-daemon-check-dns.sh from Debian. Our previous version relied on ifconfig, route, and init.d. - Add sudo to requires: used to drop privileges. ----------------------------------------- Patch: SUSE-2021-554 Released: Tue Feb 23 11:14:46 2021 Summary: Recommended update for lifecycle-data-sle-module-live-patching Severity: moderate References: 1020320 Description: This update for lifecycle-data-sle-module-live-patching fixes the following issue: - Added data for 4_12_14-150_66, 4_12_14-197_78, 5_3_18-24_46, 5_3_18-24_49. (bsc#1020320) ----------------------------------------- Patch: SUSE-2021-570 Released: Tue Feb 23 13:46:45 2021 Summary: Recommended update for redis Severity: moderate References: 1178205,1181830 Description: This update for redis fixes the following issues: redis was updated to 6.0.10: TLS support was enabled. (bsc#1181830) Command behavior changes: * SWAPDB invalidates WATCHed keys (#8239) * SORT command behaves differently when used on a writable replica (#8283) * EXISTS should not alter LRU (#8016) In Redis 5.0 and 6.0 it would have touched the LRU/LFU of the key. * OBJECT should not reveal logically expired keys (#8016) Will now behave the same TYPE or any other non-DEBUG command. * GEORADIUS[BYMEMBER] can fail with -OOM if Redis is over the memory limit (#8107) Other behavior changes: * Sentinel: Fix missing updates to the config file after SENTINEL SET command (#8229) * CONFIG REWRITE is atomic and safer, but requires write access to the config file's folder (#7824, #8051) This change was already present in 6.0.9, but was missing from the release notes. Bug fixes with compatibility implications (bugs introduced in Redis 6.0): * Fix RDB CRC64 checksum on big-endian systems (#8270) If you're using big-endian please consider the compatibility implications with RESTORE, replication and persistence. * Fix wrong order of key/value in Lua's map response (#8266) If your scripts use redis.setresp() or return a map (new in Redis 6.0), please consider the implications. Bug fixes: * Fix an issue where a forked process deletes the parent's pidfile (#8231) * Fix crashes when enabling io-threads-do-reads (#8230) * Fix a crash in redis-cli after executing cluster backup (#8267) * Handle output buffer limits for module blocked clients (#8141) Could result in a module sending reply to a blocked client to go beyond the limit. * Fix setproctitle related crashes. (#8150, #8088) Caused various crashes on startup, mainly on Apple M1 chips or under instrumentation. * Backup/restore cluster mode keys to slots map for repl-diskless-load=swapdb (#8108) In cluster mode with repl-diskless-load, when loading failed, slot map wouldn't have been restored. * Fix oom-score-adj-values range, and bug when used in config file (#8046) Enabling setting this in the config file in a line after enabling it, would have been buggy. * Reset average ttl when empty databases (#8106) Just causing misleading metric in INFO * Disable rehash when Redis has child process (#8007) This could have caused excessive CoW during BGSAVE, replication or AOFRW. * Further improved ACL algorithm for picking categories (#7966) Output of ACL GETUSER is now more similar to the one provided by ACL SETUSER. * Fix bug with module GIL being released prematurely (#8061) Could in theory (and rarely) cause multi-threaded modules to corrupt memory. * Reduce effect of client tracking causing feedback loop in key eviction (#8100) * Fix cluster access to unaligned memory (SIGBUS on old ARM) (#7958) * Fix saving of strings larger than 2GB into RDB files (#8306) Additional improvements: * Avoid wasteful transient memory allocation in certain cases (#8286, #5954) Platform / toolchain support related improvements: * Fix crash log registers output on ARM. (#8020) * Add a check for an ARM64 Linux kernel bug (#8224) Due to the potential severity of this issue, Redis will print log warning on startup. * Raspberry build fix. (#8095) New configuration options: * oom-score-adj-values config can now take absolute values (besides relative ones) (#8046) Module related fixes: * Moved RMAPI_FUNC_SUPPORTED so that it's usable (#8037) * Improve timer accuracy (#7987) * Allow '\0' inside of result of RM_CreateStringPrintf (#6260) redis was updated to 6.0.9: * potential heap overflow when using a heap allocator other than jemalloc or glibc's malloc. Does not affect the openSUSE package - bsc#1178205 * Memory reporting of clients argv * Add redis-cli control on raw format line delimiter * Add redis-cli support for rediss:// -u prefix * WATCH no longer ignores keys which have expired for MULTI/EXEC * Correct OBJECT ENCODING response for stream type * Allow blocked XREAD on a cluster replica * TLS: Do not require CA config if not used * multiple bug fixes * Additions to modules API ----------------------------------------- Patch: SUSE-2021-571 Released: Tue Feb 23 16:11:33 2021 Summary: Recommended update for cloud-init Severity: moderate References: 1180176 Description: This update for cloud-init contains the following fixes: - Update cloud-init-write-routes.patch (bsc#1180176) + Follow up to previous changes. Fix order of operations error to make gateway comparison between subnet configuration and route configuration valuable rather than self-comparing. - Add cloud-init-sle12-compat.patch (jsc#PM-2335) - Python 3.4 compatibility in setup.py - Disable some test for mock version compatibility ----------------------------------------- Patch: SUSE-2021-573 Released: Wed Feb 24 09:58:38 2021 Summary: Recommended update for dracut Severity: moderate References: 1176171,1180336 Description: This update for dracut fixes the following issues: - arm/arm64: Add reset controllers (bsc#1180336) - Prevent creating unexpected files on the host when running dracut (bsc#1176171) ----------------------------------------- Patch: SUSE-2021-576 Released: Wed Feb 24 09:59:39 2021 Summary: Optional update for tk and tcl Severity: low References: 1181840 Description: This update for tk and tcl fixes the following issues: - Rebuilt tk and tcl with newer glibc (bsc#1181840) ----------------------------------------- Patch: SUSE-2021-577 Released: Wed Feb 24 10:00:26 2021 Summary: Recommended update for fio Severity: moderate References: Description: This update for fio fixes the following issues: - Fixes for several bug fixes and issues. - Added support for NBD and ZBD For a full list of changes, please refer to this rpm's changelog. ----------------------------------------- Patch: SUSE-2021-579 Released: Wed Feb 24 10:38:22 2021 Summary: Recommended update for arpwatch Severity: moderate References: 1181936 Description: This update for arpwatch fixes the following issues: - Fix arp2ethers script (bsc#1181936). ----------------------------------------- Patch: SUSE-2021-582 Released: Wed Feb 24 11:24:09 2021 Summary: Optional update for netpbm Severity: low References: 1181571 Description: This update for netpbm fixes the following issues: - Skips failing test cases for armv7hl (bsc#1181571) This patch is optional to install. It doesn't fix any issues for users. ----------------------------------------- Patch: SUSE-2021-589 Released: Thu Feb 25 06:11:06 2021 Summary: Recommended update for hawk2 Severity: moderate References: 1181436,1182163 Description: This update for hawk2 fixes the following issues: - Fixed an issue where the path to /usr/sbin/attrd_updater was wrong (bsc#1181436) - Removed the use of %x (bsc#1182163) ----------------------------------------- Patch: SUSE-2021-594 Released: Thu Feb 25 09:29:35 2021 Summary: Security update for python-cryptography Severity: important References: 1182066,CVE-2020-36242 Description: This update for python-cryptography fixes the following issues: - CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow (bsc#1182066). ----------------------------------------- Patch: SUSE-2021-596 Released: Thu Feb 25 10:26:30 2021 Summary: Recommended update for gcc7 Severity: moderate References: 1181618 Description: This update for gcc7 fixes the following issues: - Fixed webkit2gtk3 build (bsc#1181618) - Change GCC exception licenses to SPDX format - Remove include-fixed/pthread.h ----------------------------------------- Patch: SUSE-2021-604 Released: Thu Feb 25 13:58:04 2021 Summary: Recommended update for go1.16 Severity: moderate References: 1182345 Description: This update brings go1.16 to the Development Tools Module. go1.16 (released 2021-02-16) Go 1.16 is a major release of Go. go1.16.x minor releases will be provided through February 2022. See https://github.com/golang/go/wiki/Go-Release-Cycle Most changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. * See release notes https://golang.org/doc/go1.16. Excerpts relevant to OBS environment and for SUSE/openSUSE follow: * Module-aware mode is enabled by default, regardless of whether a go.mod file is present in the current working directory or a parent directory. More precisely, the GO111MODULE environment variable now defaults to on. To switch to the previous behavior, set GO111MODULE to auto. * Build commands like go build and go test no longer modify go.mod and go.sum by default. Instead, they report an error if a module requirement or checksum needs to be added or updated (as if the -mod=readonly flag were used). Module requirements and sums may be adjusted with go mod tidy or go get. * go install now accepts arguments with version suffixes (for example, go install example.com/cmd@v1.0.0). This causes go install to build and install packages in module-aware mode, ignoring the go.mod file in the current directory or any parent directory, if there is one. This is useful for installing executables without affecting the dependencies of the main module. * go install, with or without a version suffix (as described above), is now the recommended way to build and install packages in module mode. go get should be used with the -d flag to adjust the current module's dependencies without building packages, and use of go get to build and install packages is deprecated. In a future release, the -d flag will always be enabled. * retract directives may now be used in a go.mod file to indicate that certain published versions of the module should not be used by other modules. A module author may retract a version after a severe problem is discovered or if the version was published unintentionally. * The go mod vendor and go mod tidy subcommands now accept the -e flag, which instructs them to proceed despite errors in resolving missing packages. * The go command now ignores requirements on module versions excluded by exclude directives in the main module. Previously, the go command used the next version higher than an excluded version, but that version could change over time, resulting in non-reproducible builds. * In module mode, the go command now disallows import paths that include non-ASCII characters or path elements with a leading dot character (.). Module paths with these characters were already disallowed (see Module paths and versions), so this change affects only paths within module subdirectories. * The go command now supports including static files and file trees as part of the final executable, using the new //go:embed directive. See the documentation for the new embed package for details. * When using go test, a test that calls os.Exit(0) during execution of a test function will now be considered to fail. This will help catch cases in which a test calls code that calls os.Exit(0) and thereby stops running all future tests. If a TestMain function calls os.Exit(0) that is still considered to be a passing test. * go test reports an error when the -c or -i flags are used together with unknown flags. Normally, unknown flags are passed to tests, but when -c or -i are used, tests are not run. * The go get -insecure flag is deprecated and will be removed in a future version. This flag permits fetching from repositories and resolving custom domains using insecure schemes such as HTTP, and also bypasses module sum validation using the checksum database. To permit the use of insecure schemes, use the GOINSECURE environment variable instead. To bypass module sum validation, use GOPRIVATE or GONOSUMDB. See go help environment for details. * go get example.com/mod@patch now requires that some version of example.com/mod already be required by the main module. (However, go get -u=patch continues to patch even newly-added dependencies.) * GOVCS is a new environment variable that limits which version control tools the go command may use to download source code. This mitigates security issues with tools that are typically used in trusted, authenticated environments. By default, git and hg may be used to download code from any repository. svn, bzr, and fossil may only be used to download code from repositories with module paths or package paths matching patterns in the GOPRIVATE environment variable. See go help vcs for details. * When the main module's go.mod file declares go 1.16 or higher, the all package pattern now matches only those packages that are transitively imported by a package or test found in the main module. (Packages imported by tests of packages imported by the main module are no longer included.) This is the same set of packages retained by go mod vendor since Go 1.11. * When the -toolexec build flag is specified to use a program when invoking toolchain programs like compile or asm, the environment variable TOOLEXEC_IMPORTPATH is now set to the import path of the package being built. * The -i flag accepted by go build, go install, and go test is now deprecated. The -i flag instructs the go command to install packages imported by packages named on the command line. Since the build cache was introduced in Go 1.10, the -i flag no longer has a significant effect on build times, and it causes errors when the install directory is not writable. * When the -export flag is specified, the BuildID field is now set to the build ID of the compiled package. This is equivalent to running go tool buildid on go list -exported -f {{.Export}}, but without the extra step. * The -overlay flag specifies a JSON configuration file containing a set of file path replacements. The -overlay flag may be used with all build commands and go mod subcommands. It is primarily intended to be used by editor tooling such as gopls to understand the effects of unsaved changes to source files. The config file maps actual file paths to replacement file paths and the go command and its builds will run as if the actual file paths exist with the contents given by the replacement file paths, or don't exist if the replacement file paths are empty. * The cgo tool will no longer try to translate C struct bitfields into Go struct fields, even if their size can be represented in Go. The order in which C bitfields appear in memory is implementation dependent, so in some cases the cgo tool produced results that were silently incorrect. * The linux/riscv64 port now supports cgo and -buildmode=pie. This release also includes performance optimizations and code generation improvements for RISC-V. * The new runtime/metrics package introduces a stable interface for reading implementation-defined metrics from the Go runtime. It supersedes existing functions like runtime.ReadMemStats and debug.GCStats and is significantly more general and efficient. See the package documentation for more details. * Setting the GODEBUG environment variable to inittrace=1 now causes the runtime to emit a single line to standard error for each package init, summarizing its execution time and memory allocation. This trace can be used to find bottlenecks or regressions in Go startup performance. The GODEBUG documentation describes the format. * On Linux, the runtime now defaults to releasing memory to the operating system promptly (using MADV_DONTNEED), rather than lazily when the operating system is under memory pressure (using MADV_FREE). This means process-level memory statistics like RSS will more accurately reflect the amount of physical memory being used by Go processes. Systems that are currently using GODEBUG=madvdontneed=1 to improve memory monitoring behavior no longer need to set this environment variable. * Go 1.16 fixes a discrepancy between the race detector and the Go memory model. The race detector now more precisely follows the channel synchronization rules of the memory model. As a result, the detector may now report races it previously missed. * linker: This release includes additional improvements to the Go linker, reducing linker resource usage (both time and memory) and improving code robustness/maintainability. These changes form the second half of a two-release project to modernize the Go linker. * The linker changes in 1.16 extend the 1.15 improvements to all supported architecture/OS combinations (the 1.15 performance improvements were primarily focused on ELF-based OSes and amd64 architectures). For a representative set of large Go programs, linking is 20-25% faster than 1.15 and requires 5-15% less memory on average for linux/amd64, with larger improvements for other architectures and OSes. Most binaries are also smaller as a result of more aggressive symbol pruning. * The new embed package provides access to files embedded in the program during compilation using the new //go:embed directive. * The new io/fs package defines the fs.FS interface, an abstraction for read-only trees of files. The standard library packages have been adapted to make use of the interface as appropriate. * For testing code that implements fs.FS, the new testing/fstest package provides a TestFS function that checks for and reports common mistakes. It also provides a simple in-memory file system implementation, MapFS, which can be useful for testing code that accepts fs.FS implementations. * syscall: On Linux, Setgid, Setuid, and related calls are now implemented. Previously, they returned an syscall.EOPNOTSUPP error. On Linux, the new functions AllThreadsSyscall and AllThreadsSyscall6 may be used to make a system call on all Go threads in the process. These functions may only be used by programs that do not use cgo; if a program uses cgo, they will always return syscall.ENOTSUP. * time/tzdata: The slim timezone data format is now used for the timezone database in $GOROOT/lib/time/zoneinfo.zip and the embedded copy in this package. This reduces the size of the timezone database by about 350 KB. ----------------------------------------- Patch: SUSE-2021-605 Released: Thu Feb 25 14:05:28 2021 Summary: Security update for ImageMagick Severity: moderate References: 1182325,1182335,1182336,1182337,CVE-2021-20241,CVE-2021-20243,CVE-2021-20244,CVE-2021-20246 Description: This update for ImageMagick fixes the following issues: - CVE-2021-20241 [bsc#1182335]: Division by zero in WriteJP2Image() in coders/jp2.c - CVE-2021-20243 [bsc#1182336]: Division by zero in GetResizeFilterWeight in MagickCore/resize.c - CVE-2021-20244 [bsc#1182325]: Division by zero in ImplodeImage in MagickCore/visual-effects.c - CVE-2021-20246 [bsc#1182337]: Division by zero in ScaleResampleFilter in MagickCore/resample.c ----------------------------------------- Patch: SUSE-2021-612 Released: Fri Feb 26 04:55:47 2021 Summary: Optional update for m4 Severity: low References: 1181571 Description: This update for m4 fixes the following issues: - Fixed an issue in building against newer glibc versions (bsc#1181571) ----------------------------------------- Patch: SUSE-2021-648 Released: Fri Feb 26 16:36:18 2021 Summary: Security update for nodejs14 Severity: important References: 1182619,1182620,CVE-2021-22883,CVE-2021-22884 Description: This update for nodejs14 fixes the following issues: - New upstream LTS version 14.16.0: * CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion (bsc#1182619) * CVE-2021-22884: DNS rebinding in --inspect (bsc#1182620) ----------------------------------------- Patch: SUSE-2021-651 Released: Fri Feb 26 16:37:02 2021 Summary: Security update for nodejs12 Severity: important References: 1182333,1182619,1182620,CVE-2021-22883,CVE-2021-22884,CVE-2021-23840 Description: This update for nodejs12 fixes the following issues: New upstream LTS version 12.21.0: - CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion (bsc#1182619) - CVE-2021-22884: DNS rebinding in --inspect (bsc#1182620) - CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate (bsc#1182333) ----------------------------------------- Patch: SUSE-2021-654 Released: Fri Feb 26 20:01:10 2021 Summary: Security update for python-Jinja2 Severity: important References: 1181944,1182244,CVE-2020-28493 Description: This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Fixed a ReDOS vulnerability where urlize could have been called with untrusted user data (bsc#1181944). ----------------------------------------- Patch: SUSE-2021-656 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Severity: moderate References: 1177127 Description: This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------- Patch: SUSE-2021-659 Released: Mon Mar 1 13:41:20 2021 Summary: Security update for MozillaFirefox Severity: important References: 1182357,1182614,CVE-2021-23968,CVE-2021-23969,CVE-2021-23973,CVE-2021-23978 Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.8.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-08 (bsc#1182614) * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 ----------------------------------------- Patch: SUSE-2021-661 Released: Mon Mar 1 16:12:47 2021 Summary: Security update for MozillaThunderbird Severity: important References: 1182357,1182614,CVE-2021-23968,CVE-2021-23969,CVE-2021-23973,CVE-2021-23978 Description: This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.8 * fixed: Importing an address book from a CSV file always reported an error * fixed: Security information for S/MIME messages was not displayed correctly prior to a draft being saved * fixed: Calendar: FileLink UI fixes for Caldav calendars * fixed: Recurring tasks were always marked incomplete; unable to use filters * fixed: Various UI widgets not working * fixed: Dark theme improvements * fixed: Extension manager was missing link to addon support web page * fixed: Various security fixes MFSA 2021-09 (bsc#1182614) * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978: Memory safety bugs fixed in Thunderbird 78.8 ----------------------------------------- Patch: SUSE-2021-665 Released: Mon Mar 1 16:15:47 2021 Summary: Security update for java-1_8_0-openjdk Severity: moderate References: 1181239,CVE-2020-14803 Description: This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u282 (icedtea 3.18.0) * January 2021 CPU (bsc#1181239) * Security fixes + JDK-8247619: Improve Direct Buffering of Characters (CVE-2020-14803) * Import of OpenJDK 8 u282 build 01 + JDK-6962725: Regtest javax/swing/JFileChooser/6738668/ /bug6738668.java fails under Linux + JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup + JDK-8030350: Enable additional compiler warnings for GCC + JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/ /DisposeFrameOnDragTest.java fails by Timeout on Windows + JDK-8036122: Fix warning 'format not a string literal' + JDK-8051853: new URI('x/').resolve('..').getSchemeSpecificPart() returns null! + JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/ /DefaultNoDrop.java locks on Windows + JDK-8134632: Mark javax/sound/midi/Devices/ /InitializationHang.java as headful + JDK-8148854: Class names 'SomeClass' and 'LSomeClass;' treated by JVM as an equivalent + JDK-8148916: Mark bug6400879.java as intermittently failing + JDK-8148983: Fix extra comma in changes for JDK-8148916 + JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails + JDK-8165808: Add release barriers when allocating objects with concurrent collection + JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument + JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017 + JDK-8207766: [testbug] Adapt tests for Aix. + JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation + JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash + JDK-8215727: Restore JFR thread sampler loop to old / previous behavior + JDK-8220657: JFR.dump does not work when filename is set + JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing + JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread + JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes + JDK-8232114: JVM crashed at imjpapi.dll in native code + JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area + JDK-8234339: replace JLI_StrTok in java_md_solinux.c + JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes + JDK-8242335: Additional Tests for RSASSA-PSS + JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in + JDK-8245400: Upgrade to LittleCMS 2.11 + JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention + JDK-8249176: Update GlobalSignR6CA test certificates + JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY + JDK-8250928: JFR: Improve hash algorithm for stack traces + JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java + JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers + JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE + JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries + JDK-8252497: Incorrect numeric currency code for ROL + JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent + JDK-8252904: VM crashes when JFR is used and JFR event class is transformed + JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal + JDK-8253284: Zero OrderAccess barrier mappings are incorrect + JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip + JDK-8253752: test/sun/management/jmxremote/bootstrap/ /RmiBootstrapTest.java fails randomly + JDK-8254081: java/security/cert/PolicyNode/ /GetPolicyQualifiers.java fails due to an expired certificate + JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp + JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp + JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/ /WorkerDeadlockTest.java fails + JDK-8255003: Build failures on Solaris ----------------------------------------- Patch: SUSE-2021-670 Released: Mon Mar 1 17:35:51 2021 Summary: Security update for java-1_8_0-ibm Severity: important References: 1181239,1182186,CVE-2020-14803,CVE-2020-27221 Description: This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 25 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803] * CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. * CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE. ----------------------------------------- Patch: SUSE-2021-672 Released: Tue Mar 2 09:13:31 2021 Summary: Recommended update for bcache-tools Severity: moderate References: Description: This update for bcache-tools fixes the following issues: - Update super block version to fix the status tool reading 'sysfs' data properly. (jsc#SLE-9807) ----------------------------------------- Patch: SUSE-2021-687 Released: Tue Mar 2 19:06:37 2021 Summary: Security update for gnome-autoar Severity: moderate References: 1181930,CVE-2020-36241 Description: This update for gnome-autoar fixes the following issues: - CVE-2020-36241: Skip problematic files that might be extracted outside of the destination dir to prevent potential directory traversal (bsc#1181930). ----------------------------------------- Patch: SUSE-2021-690 Released: Wed Mar 3 17:14:42 2021 Summary: Recommended update for scap-security-guide Severity: moderate References: Description: This update for scap-security-guide fixes the following issues: This update ships the ComplianceAsCode build version 0.1.54, containing the following supported file: - SCAP STIG automation for SUSE Linux Enterprise 12 (SUSE supplied) - CIS automation for SUSE Linux Enterprise 15 (community supplied) It can be evaluated using 'oscap' from 'openscap-utils', e.g. by doing on SUSE Linux Enterprise 12: - oscap xccdf eval --profile stig /usr/share/xml/scap/ssg/content/ssg-sle12-ds.xml or the community supplied CIS on SUSE Linux Enterprise 15: - oscap xccdf eval --profile cis /suse/meissner/scap/usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml More content will be added in future updates. Also supplied are Red Hat, CentOS, Fedora, Debian, Ubuntu and related builds from ComplianceAsCode. ----------------------------------------- Patch: SUSE-2021-701 Released: Thu Mar 4 09:17:25 2021 Summary: Recommended update for sane-backends Severity: moderate References: 1179065 Description: This update for sane-backends fixes the following issues: - updated sane-backends to 1.0.32: * Fixed double height image with the avision backend (bsc#1179065) * Removed udev rules mangling for USB devices (ATTR vs ATTRS) * Does no longer add SCSI id twice for EPSON Perfection 1640SU Many more fixes came with this version bump. Please refer to the changelog file of this package. ----------------------------------------- Patch: SUSE-2021-707 Released: Thu Mar 4 09:19:36 2021 Summary: Recommended update for systemd-rpm-macros Severity: moderate References: 1177039 Description: This update for systemd-rpm-macros fixes the following issues: - Bump to version 6 - Make upstream '%systemd_{pre,post,preun,postun}' aliases to their SUSE counterparts. Packagers can now choose to use the upstream or the SUSE variants indifferently. For consistency the SUSE variants should be preferred since almost all SUSE packages already use them but the upstream versions might be usefull in certain cases where packages need to support multiple distros based on RPM. - Improve the logic used to apply the presets. (bsc#1177039) Before presests were applied at a) package installation b) new units introduced via a package update (but after making sure that it was not a SysV initscript being converted). The problem is that a) didn't handle package a renaming or split properly since the package with the new name is installed rather being updated and therefore the presets were applied even if they were already with the old name. We now cover this case (and the other ones) by applying presets only if the units are new and the services are not being migrated. This regardless of whether this happens during an install or an update. ----------------------------------------- Patch: SUSE-2021-714 Released: Thu Mar 4 17:12:05 2021 Summary: Security update for freeradius-server Severity: low References: 1180525 Description: This update for freeradius-server fixes the following issues: - move logrotate options into specific parts for each log as 'global' options will persist past and clobber global options in the main logrotate config (bsc#1180525) ----------------------------------------- Patch: SUSE-2021-717 Released: Fri Mar 5 17:22:41 2021 Summary: Recommended update for stunnel Severity: moderate References: 1182376 Description: This update for stunnel fixes the following issues: - Do not replace the active config file (bsc#1182376) ----------------------------------------- Patch: SUSE-2021-721 Released: Mon Mar 8 16:41:21 2021 Summary: Security update for wpa_supplicant Severity: important References: 1182805,CVE-2021-27803 Description: This update for wpa_supplicant fixes the following issues: - CVE-2021-27803: Fixed a P2P provision discovery processing vulnerability (bsc#1182805). ----------------------------------------- Patch: SUSE-2021-723 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 Description: This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------- Patch: SUSE-2021-726 Released: Mon Mar 8 17:16:33 2021 Summary: Recommended update for regionServiceClientConfigEC2 Severity: moderate References: 1176005,1176007 Description: This update for regionServiceClientConfigEC2 contains the following fixes: - Update to version 3.0.0: (bsc#1176005, bsc#1176007) + Reduce the number of region servers + Require python3-ec2metadata to support IMDSv2 only setups ----------------------------------------- Patch: SUSE-2021-734 Released: Tue Mar 9 14:40:17 2021 Summary: Recommended update for dehydrated Severity: moderate References: 1154167,1178927 Description: This update for dehydrated fixes the following issues: Update to dehydrated 0.7.0 (jsc#SLE-15909) - Added - Support for external account bindings - Special support for ZeroSSL - Support presets for some CAs instead of requiring URLs - Allow requesting preferred chain (--preferred-chain) - Added method to show CAs current terms of service (--display-terms) - Allow setting path to domains.txt using cli arguments (--domains-txt) - Added new cli command --cleanupdelete which deletes old files instead of archiving them - Fixed - No more silent failures on broken hook-scripts - Better error-handling with KEEP_GOING enabled - Check actual order status instead of assuming it's valid - Don't include keyAuthorization in challenge validation (RFC compliance) - Changed - Using EC secp384r1 as default certificate type - Use JSON.sh to parse JSON - Use account URL instead of account ID (RFC compliance) - Dehydrated now has a new home: https://github.com/dehydrated-io/dehydrated - Added OCSP_FETCH and OCSP_DAYS to per-certificate configurable options - dehydrated-apache2: Check for mod_compat (bsc#1178927) - Update maintainer file and package description, remove features that are better described in the (upstream maintained) man page. - Remove potentially harmful scriptlet (bsc#1154167). - Removed lighttpd 1.x integration package. If you still would like to use lighttpd with dehydrated, follow the instructions in the README.maintainers file. ----------------------------------------- Patch: SUSE-2021-746 Released: Tue Mar 9 16:57:49 2021 Summary: Recommended update for xorg-x11-server Severity: moderate References: 1182884 Description: This update for xorg-x11-server fixes the following issues: - Fix for build issues with armv7. (bsc#1182884) ----------------------------------------- Patch: SUSE-2021-754 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 Description: This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------- Patch: SUSE-2021-757 Released: Tue Mar 9 19:43:39 2021 Summary: Security update for git Severity: important References: 1183026,CVE-2021-21300 Description: This update for git fixes the following issues: - On case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could be fooled into running remote code during a clone. (bsc#1183026, CVE-2021-21300) ----------------------------------------- Patch: SUSE-2021-758 Released: Wed Mar 10 12:16:27 2021 Summary: Recommended update for dracut Severity: moderate References: 1182688 Description: This update for dracut fixes the following issues: - network-legacy: fix route parsing issues in ifup. (bsc#1182688) -0kernel-modules: arm/arm64: Add reset controllers - Prevent creating unexpected files on the host when running dracut - As of 'v246' of systemd 'syslog' and 'syslog-console' switches have been deprecated. ----------------------------------------- Patch: SUSE-2021-761 Released: Wed Mar 10 12:26:54 2021 Summary: Recommended update for libX11 Severity: moderate References: 1181963 Description: This update for libX11 fixes the following issues: - Fixes a race condition in 'libX11' that causes various applications to crash randomly. (bsc#1181963) ----------------------------------------- Patch: SUSE-2021-768 Released: Thu Mar 11 20:18:27 2021 Summary: Security update for python Severity: moderate References: 1182379,CVE-2021-23336 Description: This update for python fixes the following issues: - python27 was upgraded to 2.7.18 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). ----------------------------------------- Patch: SUSE-2021-769 Released: Thu Mar 11 20:22:29 2021 Summary: Security update for openssl-1_0_0 Severity: moderate References: 1182331,1182333,CVE-2021-23840,CVE-2021-23841 Description: This update for openssl-1_0_0 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) ----------------------------------------- Patch: SUSE-2021-772 Released: Fri Mar 12 11:56:21 2021 Summary: Security update for stunnel Severity: important References: 1177580,1182529,CVE-2021-20230 Description: This update for stunnel fixes the following issues: - Security fix: [bsc#1177580, bsc#1182529, CVE-2021-20230] * 'redirect' option does not properly handle 'verifyChain = yes' ----------------------------------------- Patch: SUSE-2021-778 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 Description: This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------- Patch: SUSE-2021-781 Released: Fri Mar 12 17:43:27 2021 Summary: Security update for crmsh Severity: important References: 1154927,1178454,1178869,1179999,1180126,1180137,1180571,1180688,1181415,CVE-2020-35459,CVE-2021-3020 Description: This update for crmsh fixes the following issues: - Update to version 4.3.0+20210305.9db5c9a8: * Fix: bootstrap: Adjust qdevice configure/remove process to avoid race condition due to quorum lost(bsc#1181415) * Dev: cibconfig: remove related code about detecting crm_diff support --no-verion * Fix: ui_configure: raise error when params not exist(bsc#1180126) * Dev: doc: remove doc for crm node status * Dev: ui_node: remove status subcommand - Update to version 4.3.0+20210219.5d1bf034: * Fix: hb_report: walk through hb_report process under hacluster(CVE-2020-35459, bsc#1179999; CVE-2021-3020, bsc#1180571) * Fix: bootstrap: setup authorized ssh access for hacluster(CVE-2020-35459, bsc#1179999; CVE-2021-3020, bsc#1180571) * Dev: analyze: Add analyze sublevel and put preflight_check in it(jsc#ECO-1658) * Dev: utils: change default file mod as 644 for str2file function * Dev: hb_report: Detect if any ocfs2 partitions exist * Dev: lock: give more specific error message when raise ClaimLockError * Fix: Replace mktemp() to mkstemp() for security * Fix: Remove the duplicate --cov-report html in tox. * Fix: fix some lint issues. * Fix: Replace utils.msg_info to task.info * Fix: Solve a circular import error of utils.py * Fix: hb_report: run lsof with specific ocfs2 device(bsc#1180688) * Dev: corosync: change the permission of corosync.conf to 644 * Fix: preflight_check: task: raise error when report_path isn't a directory * Fix: bootstrap: Use class Watchdog to simplify watchdog config(bsc#1154927, bsc#1178869) * Dev: Polish the sbd feature. * Dev: Replace -f with -c and run check when no parameter provide. * Fix: Fix the yes option not working * Fix: Remove useless import and show help when no input. * Dev: Correct SBD device id inconsistenc during ASR * Fix: completers: return complete start/stop resource id list correctly(bsc#1180137) * Dev: Makefile.am: change makefile to integrate preflight_check * Medium: integrate preflight_check into crmsh(jsc#ECO-1658) * Fix: bootstrap: make sure sbd device UUID was the same between nodes(bsc#1178454) ----------------------------------------- Patch: SUSE-2021-784 Released: Mon Mar 15 11:19:08 2021 Summary: Recommended update for efivar Severity: moderate References: 1181967 Description: This update for efivar fixes the following issues: - Fixed an issue with the NVME path parsing (bsc#1181967) ----------------------------------------- Patch: SUSE-2021-786 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Severity: moderate References: 1176201 Description: This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------- Patch: SUSE-2021-795 Released: Tue Mar 16 10:28:02 2021 Summary: Recommended update for systemd-rpm-macros Severity: low References: 1182661,1183012,1183051 Description: This update for systemd-rpm-macros fixes the following issues: - Added a %systemd_user_pre macro (bsc#1183051, bsc#1183012) - Fixed an issue with %systemd_user_post, where the --global parameter was treated like if it was another service (bsc#1183051, bsc#1182661) ----------------------------------------- Patch: SUSE-2021-800 Released: Tue Mar 16 12:53:08 2021 Summary: Security update for velocity Severity: important References: 1183360,CVE-2020-13936 Description: This update for velocity fixes the following issues: - CVE-2020-13936: Fixed an arbitrary code execution when attacker is able to modify templates (bsc#1183360). ----------------------------------------- Patch: SUSE-2021-873 Released: Thu Mar 18 09:40:58 2021 Summary: Recommended update for xorg-x11-server Severity: moderate References: 1182510 Description: This update for xorg-x11-server fixes the following issues: - Fix broken man page in 'autoconf' build. (bsc#1182510) ----------------------------------------- Patch: SUSE-2021-874 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Severity: moderate References: 1179847,1181328,1181622,1182629 Description: This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------- Patch: SUSE-2021-880 Released: Fri Mar 19 04:14:38 2021 Summary: Recommended update for hwdata Severity: low References: 1170160,1182482 Description: This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1182482, bsc#1170160, jsc#SLE-13791) ----------------------------------------- Patch: SUSE-2021-881 Released: Fri Mar 19 04:16:42 2021 Summary: Recommended update for yast2-adcommon-python, yast2-aduc, samba Severity: moderate References: 1084864,1132565,1133568,1135130,1135224,1138203,1138487,1145508,1146898,1150394,1150612,1151713,1152052,1154121,1170998 Description: This update for yast2-adcommon-python, yast2-aduc, samba fixes the following issues: - Update 'aduc' for 'realmd' customer. (jsc#SLE-5527) - Add ability to change/enable/unlock user's passwords. (bsc#1152052) - Fixes a Failure to authenticate on first try and throws a MemoryError on Ubuntu. (bsc#1151713) - Fixes an issue when unused 'xset' may cause exception in 'appimage'. (bsc#1150612) - Include other object creaiton options. (bsc#1138203) - Use the domain name stored in the samba credentials object. (bsc#1138487) - Display a backtrace if the connection fails. - Use new schema of desktop files. (bsc#1084864) - Move the module to Network Services. - Use common authentication from yast2-adcommon-python. - Switch to using a unified file/actions menu, instead of random buttons - Remove 'ad-dc' dependency. (jsc#ECO-2527) - Fix slow load of 'ADUC' caused by chatty ldap traffic. (bsc#1170998) - The domain label should be a text field, for manually entering the domain name. (bsc#1154121) - Fix to reconnect the 'ldap' session if it times out. (bsc#1150394) - 'AD' modules should connect to an AD-DC via the SamDB interface, instead of 'python-ldap'. (bsc#1146898) - Fix incorrectly placed domain in change domain dialog (bsc#1145508) - YaST 'aduc/adsi/gpmc' should not exit after entering empty password and explicitly state that an Active Directory administrator should sign in. (bsc#1132565) - Move schema parsing code from adsi to the common code. (bsc#1138203) - 'TypeError: Expected a string or unicode object' during auth. (bsc#1135224) - Authentication fails with 'Failed to initialize ldap connection'. (bsc#1135130) - Fix for an issue when 'yast2-adcommon-python' 'ldap' does not correctly parse 'ldap' urls. (bsc#1133568) - Initial version ----------------------------------------- Patch: SUSE-2021-906 Released: Fri Mar 19 16:18:34 2021 Summary: Recommended maintenance update for SUSE Manager 4.1: Server and Proxy Severity: moderate References: 1157711,1173893,1175660,1177508,1179579,1180145,1180146,1180224,1180439,1180547,1180558,1180757,1180994,1181048,1181165,1181228,1181290,1181416,1181423,1181635,1181807,1181814,1182001,1182006,1182008,1182071,1182200,1182492,1182685,CVE-2020-26217,CVE-2020-26258,CVE-2020-26259,CVE-2020-28477 Description: Maintenance update for SUSE Manager 4.1: Server and Proxy This is a codestream only patchinfo. ----------------------------------------- Patch: SUSE-2021-924 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 Description: This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------- Patch: SUSE-2021-925 Released: Tue Mar 23 10:39:19 2021 Summary: Recommended update for fetchmail Severity: moderate References: 1136538,1182807 Description: This update for fetchmail fixes the following issues: - Remove comment about not available FETCHMAIL_USER configuration variable in sysconfig.fetchmail. (bsc#1136538) - Set the hostname for SNI when using TLS (bsc#1182807) ----------------------------------------- Patch: SUSE-2021-926 Released: Tue Mar 23 13:20:24 2021 Summary: Recommended update for systemd-presets-common-SUSE Severity: moderate References: 1083473,1112500,1115408,1165780,1183012 Description: This update for systemd-presets-common-SUSE fixes the following issues: - Add default user preset containing: - enable `pulseaudio.socket` (bsc#1083473) - enable `pipewire.socket` (bsc#1183012) - enable `pipewire-pulse.socket` (bsc#1183012) - enable `pipewire-media-session.service` (used with pipewire >= 0.3.23) - Changes to the default preset: - enable `btrfsmaintenance-refresh.path`. - disable `btrfsmaintenance-refresh.service`. - enable `dnf-makecache.timer`. - enable `ignition-firstboot-complete.service`. - enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500) - enable `mlocate.timer`. Recent versions of mlocate don't use `updatedb.timer` any more. (bsc#1115408) - remove enable `updatedb.timer` - Avoid needless refresh on boot. (bsc#1165780) ----------------------------------------- Patch: SUSE-2021-927 Released: Tue Mar 23 14:07:06 2021 Summary: Recommended update for libreoffice Severity: moderate References: 1041090,1049382,1116658,1136234,1155141,1173404,1173409,1173410,1173471,1174465,1176547,1177955,1178807,1178943,1178944,1179025,1179203,1181122,1181644,1181872,1182790 Description: This update for libreoffice provides the upgrade from version 6.4.5.2 to 7.1.1.2 (jsc#ECO-3150, bsc#1182790) libreoffice: - Image shown with different aspect ratio (bsc#1176547) - Text changes are reproducibly lost on PPTX with SmartArt (bsc#1181644) - Adjust to new Box2D and enable KDE on SUSE Linux Enterprise 15-SP3 or newer (jsc#ECO-3375) - Wrong bullet points in Impress (bsc#1174465) - SmartArt: text wrongly aligned, background boxes not quite right (bsc#1177955) - Update the SUSE color palette to reflect the new SUSE branding. (bsc#1181122, bsc#1173471) - SUSE Mint - SUSE Midnight Blue - SUSE Waterhole Blue - SUSE Persimmon - Fix a crash opening a PPTX. (bsc#1179025) - Fix text box from PowerPoint renders vertically instead of horizontally (bsc#1178807) - Shadow effects for table completely missing (bsc#1178944, bsc#1178943) - Disable firebird integration for the time being (bsc#1179203) - Fixes hang on Writer on scrolling/saving of a document (bsc#1136234) - Wrong rendering of bulleted lists in PPTX document (bsc#1155141) - Sidebar: paragraph widget: numeric fields become inactive/unaccessible after saving (bsc#1173404) - Crash of Writer opening any document having 'invalid' python file in home directory (bsc#1116658) libixion: Update to 0.16.1: - fixed a build issue on 32-bit linux platforms, caused by slicing of integer string ID values. - worked around floating point rounding errors which prevented two theoretically-equal numeric values from being evaluated as equal in test code. - added new function to allow printing of single formula tokens. - added method for setting cached results on formula cells in model_context. - changed the model_context design to ensure that all sheets are of the same size. - added an accessor method to formula_model_access interface (and implicitly in model_context) that directly returns a string value from cell. - added cell_access class for querying of cell states without knowing its type ahead of time. - added document class which provides a layer on top of model_context, to abstract away the handling of formula calculations. - deprecated model_context::erase_cell() in favor of empty_cell(). - added support for 3D references - references that contain multiple sheets. - added support for the exponent (^) and concatenation (&) operators. - fixed incorrect handling of range references containing whole columns such as A:A. - added support for unordered range references - range references whose start row or column is greater than their end position counterparts, such as A3:A1. - fixed a bug that prevented nested formula functions from working properly. - implemented Calc A1 style reference resolver. - formula results now directly store the string values when the results are of string type. They previously stored string ID values after interning the original strings. - Removed build-time dependency on spdlog. libmwaw: Update to 0.3.17: - add a parser for Jazz(Lotus) writer and spreasheet files. The writer parser can only be called if the file still contains its resource fork - add a parser for Canvas 3 and 3.5 files - AppleWorks parser: try to retrieve more Windows presentation - add a parser for Drawing Table files - add a parser for Canvas 2 files - API: add new reserved enums in MWAWDocument.hxx `MWAW_T_RESERVED10..MWAW_T_RESERVED29` and add a new define in libmwaw.hxx `MWAW_INTERFACE_VERSION` to check if these enums are defined - remove the QuarkXPress parser (must be in libqxp) - retrieve the annotation in MsWord 5 document - try to better understand RagTime 5-6 document libnumbertext: Update to 1.0.6 liborcus: Update to 0.16.1 - Add upstream changes to fix build with GCC 11 (bsc#1181872) libstaroffice: Update to 0.0.7: - fix `text:sender-lastname` when creating meta-data libwps: Update to 0.4.11: - XYWrite: add a parser to .fil v2 and v4 files - wks,wk1: correct some problems when retrieving cell's reference. glfw: New package provided on version 3.3.2: - See also: https://www.glfw.org/changelog.html - Sort list of input files to geany for reproducible builds (bsc#1049382, bsc#1041090) * Require pkgconfig(gl) for the devel package to supply needed include GL/gl.h * glfwFocusWindow could terminate on older WMs or without a WM * Creating an undecorated window could fail with BadMatch * Querying a disconnected monitor could segfault * Video modes with a duplicate screen area were discarded * The CMake files did not check for the XInput headers * Key names were not updated when the keyboard layout changed * Decorations could not be enabled after window creation * Content scale fallback value could be inconsistent * Disabled cursor mode was interrupted by indicator windows * Monitor physical dimensions could be reported as zero mm * Window position events were not emitted during resizing * Added on-demand loading of Vulkan and context creation API libraries * [X11] Bugfix: Window size limits were ignored if the minimum or maximum size was set to `GLFW_DONT_CARE` * [X11] Bugfix: Input focus was set before window was visible, causing BadMatch on some non-reparenting WMs * [X11] Bugfix: glfwGetWindowPos and glfwSetWindowPos operated on the window frame instead of the client area * [WGL] Added reporting of errors from `WGL_ARB_create_context` extension * [EGL] Added lib prefix matching between EGL and OpenGL ES library binaries * [EGL] Bugfix: Dynamically loaded entry points were not verified - Made build of geany-tags optional. Box2D: New package provided on version 2.4.1: * Extended distance joint to have a minimum and maximum limit. * `B2_USER_SETTINGS` and `b2_user_settings.h` can control user data, length units, and maximum polygon vertices. * Default user data is now uintptr_t instead of void* * b2FixtureDef::restitutionThreshold lets you set the restitution velocity threshold per fixture. * Collision * Chain and edge shape must now be one-sided to eliminate ghost collisions * Broad-phase optimizations * Added b2ShapeCast for linear shape casting * Dynamics * Joint limits are now predictive and not stateful * Experimental 2D cloth (rope) * b2Body::SetActive -> b2Body::SetEnabled * Better support for running multiple worlds * Handle zero density better * The body behaves like a static body * The body is drawn with a red color * Added translation limit to wheel joint * World dump now writes to box2d_dump.inl * Static bodies are never awake * All joints with spring-dampers now use stiffness and damping * Added utility functions to convert frequency and damping ratio to stiffness and damping * Polygon creation now computes the convex hull. * The convex hull code will merge vertices closer than dm_linearSlop. ----------------------------------------- Patch: SUSE-2021-930 Released: Wed Mar 24 12:09:23 2021 Summary: Security update for nghttp2 Severity: important References: 1172442,1181358,CVE-2020-11080 Description: This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358) ----------------------------------------- Patch: SUSE-2021-933 Released: Wed Mar 24 12:16:14 2021 Summary: Security update for ruby2.5 Severity: important References: 1177125,1177222,CVE-2020-25613 Description: This update for ruby2.5 fixes the following issues: - CVE-2020-25613: Fixed a potential HTTP Request Smuggling in WEBrick (bsc#1177125). - Enable optimizations also on ARM64 (bsc#1177222) ----------------------------------------- Patch: SUSE-2021-935 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 Description: This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------- Patch: SUSE-2021-936 Released: Wed Mar 24 12:21:17 2021 Summary: Security update for libass Severity: important References: 1177862,CVE-2020-26682 Description: This update for libass fixes the following issues: - CVE-2020-26682: Fixed a signed integer overflow in the call to outline_stroke() (bsc#1177862). ----------------------------------------- Patch: SUSE-2021-937 Released: Wed Mar 24 12:22:21 2021 Summary: Security update for go1.16 Severity: moderate References: 1182345,1183333,1183334,CVE-2021-27918,CVE-2021-27919 Description: This update for go1.16 fixes the following issues: - go1.16.2 (released 2021-03-11) (bsc#1182345) - go1.16.1 (released 2021-03-10) (bsc#1182345) - CVE-2021-27918: Fixed an infinite loop when using xml.NewTokenDecoder with a custom TokenReader (bsc#1183333). - CVE-2021-27919: Fixed an issue where archive/zip: can panic when calling Reader.Open (bsc#1183334). ----------------------------------------- Patch: SUSE-2021-940 Released: Wed Mar 24 12:25:20 2021 Summary: Security update for jetty-minimal Severity: important References: 1182898,CVE-2020-27223 Description: This update for jetty-minimal fixes the following issues: - jetty-minimal was upgraded to version 9.4.38.v20210224 - CVE-2020-27223: Fixed an issue with Accept request header which might have led to Denial of Service (bsc#1182898). ----------------------------------------- Patch: SUSE-2021-941 Released: Wed Mar 24 12:25:53 2021 Summary: Security update for hawk2 Severity: important References: 1179999,1182165,1182166,CVE-2020-35459,CVE-2021-25314 Description: This update for hawk2 fixes the following issues: - Update to version 2.6.3: * Remove hawk_invoke and use capture3 instead of runas (bsc#1179999)(CVE-2020-35459) * Remove unnecessary chmod (bsc#1182166)(CVE-2021-25314) * Sanitize filename to contains whitelist of alphanumeric (bsc#1182165) ----------------------------------------- Patch: SUSE-2021-944 Released: Wed Mar 24 13:41:45 2021 Summary: Security update for ldb Severity: important References: 1183572,1183574,CVE-2020-27840,CVE-2021-20277 Description: This update for ldb fixes the following issues: - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572). - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574). ----------------------------------------- Patch: SUSE-2021-947 Released: Wed Mar 24 14:30:58 2021 Summary: Security update for python3 Severity: moderate References: 1182379,CVE-2021-23336 Description: This update for python3 fixes the following issues: - python36 was updated to 3.6.13 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). ----------------------------------------- Patch: SUSE-2021-948 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 Description: This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------- Patch: SUSE-2021-949 Released: Wed Mar 24 14:32:00 2021 Summary: Security update for evolution-data-server Severity: moderate References: 1173910,1174712,1182882,CVE-2020-14928,CVE-2020-16117 Description: This update for evolution-data-server fixes the following issues: - CVE-2020-16117: Fix crash on malformed server response with minimal capabilities (bsc#1174712). - CVE-2020-14928: Response injection via STARTTLS in SMTP and POP3 (bsc#1173910). - Fix buffer overrun when parsing base64 data (bsc#1182882). This update for evolution-ews fixes the following issue: - Fix buffer overrun when parsing base64 data (bsc#1182882). ----------------------------------------- Patch: SUSE-2021-952 Released: Thu Mar 25 14:36:56 2021 Summary: Recommended update for libunwind Severity: moderate References: 1160876,1171549 Description: This update for libunwind fixes the following issues: - Update to version 1.5.0. (jsc#ECO-3395) - Enable s390x for building. (jsc#ECO-3395) - Fix compilation with 'fno-common'. (bsc#1171549) - Fix build with 'GCC-10'. (bsc#1160876) ----------------------------------------- Patch: SUSE-2021-953 Released: Thu Mar 25 14:37:26 2021 Summary: Recommended update for psmisc Severity: moderate References: 1178407 Description: This update for psmisc fixes the following issues: - Fix for 'fuser' when it does not show open kvm storage image files such as 'qcow2' files. (bsc#1178407) ----------------------------------------- Patch: SUSE-2021-955 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Severity: important References: 1183852,CVE-2021-3449 Description: This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------- Patch: SUSE-2021-960 Released: Mon Mar 29 11:16:28 2021 Summary: Recommended update for cloud-init Severity: moderate References: 1181283 Description: This update for cloud-init fixes the following issues: - Does no longer include the sudoers.d directory twice (bsc#1181283) ----------------------------------------- Patch: SUSE-2021-961 Released: Mon Mar 29 11:19:46 2021 Summary: Feature providing sapstartsrv-resource-agents Severity: moderate References: Description: This update for sapstartsrv-resource-agents provides the following changes: Simplified Cluster FS architecture for S/4HANA and NetWeaver (jsc#ECO-3341): - This is a resource agent for the instance specific SAP start framework. It controls the instance specific sapstartsrv process which provides the API to start, stop and check an SAP instance. ----------------------------------------- Patch: SUSE-2021-962 Released: Mon Mar 29 11:20:27 2021 Summary: Recommended update for irqbalance Severity: moderate References: 1156315,1182254,1183157 Description: This update for irqbalance fixes the following issues: - Correctly detect the NUMA node of non-PCI devices. (bsc#1156315, bsc#1183157) - Fix ambiguous parsing of *node* entries in `/sys`. (bsc#1156315, bsc#1182254) Due to a bug in irqbalance's parsing of `/sys/devices/system/cpu/cpu*/node*` entries, all CPUs were considered to be on NUMA node 0. ----------------------------------------- Patch: SUSE-2021-964 Released: Mon Mar 29 11:31:30 2021 Summary: Recommended update for clamsap Severity: moderate References: 1181586 Description: This update for clamsap fixes the following issues: - updated the documentation about RAM allocation of anon memory segment for SAP worker processes (bsc#1181586) ----------------------------------------- Patch: SUSE-2021-965 Released: Mon Mar 29 11:31:47 2021 Summary: Recommended update for apache2-mod_security2 Severity: moderate References: 1180830 Description: This update for apache2-mod_security2 fixes the following issues: - Fixed a security issue with HTTP smuggling request. (bsc#1180830) ----------------------------------------- Patch: SUSE-2021-966 Released: Mon Mar 29 13:06:24 2021 Summary: Security update for MozillaFirefox Severity: important References: 1183942,CVE-2021-23981,CVE-2021-23982,CVE-2021-23984,CVE-2021-23987 Description: This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs ----------------------------------------- Patch: SUSE-2021-967 Released: Mon Mar 29 13:48:07 2021 Summary: Recommended update for scap-security-guide Severity: moderate References: Description: This update for scap-security-guide fixes the following issues: - Restore the Red Hat conflict when the package builds on Red Hat, Fedora or derivates. ----------------------------------------- Patch: SUSE-2021-974 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Severity: low References: 1181131,CVE-2021-20193 Description: This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) ----------------------------------------- Patch: SUSE-2021-981 Released: Tue Mar 30 10:59:43 2021 Summary: Recommended update for cloud-regionsrv Severity: moderate References: 1029162,1171232,1171233 Description: This update for cloud-regionsrv fixes the following issues: - Fix for region server that may return an incorrect region and during verification of the IP leads to a mismatch. (bsc#1171232, bsc#1171233) - Update to version 8.0.5 (bsc#1029162) - Improve region hint matching by forcing config settings and received 'regionHint' to lower case - IPv6 support ----------------------------------------- Patch: SUSE-2021-985 Released: Tue Mar 30 14:43:43 2021 Summary: Recommended update for the Azure SDK and CLI Severity: moderate References: 1125671,1140565,1154393,1174514,1175289,1176784,1176785,1178168,CVE-2020-14343,CVE-2020-25659 Description: This update for the Azure SDK and CLI adds support for the AHB (Azure Hybrid Benefit). (bsc#1176784, jsc#ECO=3105) ----------------------------------------- Patch: SUSE-2021-986 Released: Tue Mar 30 16:25:16 2021 Summary: Recommended update for PackageKit Severity: moderate References: 1180597 Description: This update for PackageKit fixes the following issues: - Make sure pool is initialized at the beginning of some methods. (bsc#1180597) ----------------------------------------- Patch: SUSE-2021-991 Released: Wed Mar 31 13:28:37 2021 Summary: Recommended update for vim Severity: moderate References: 1182324 Description: This update for vim provides the following fixes: - Install SUSE vimrc in /usr. (bsc#1182324) - Source correct suse.vimrc file. (bsc#1182324) ----------------------------------------- Patch: SUSE-2021-996 Released: Wed Mar 31 15:17:03 2021 Summary: Recommended update for mariadb-connector-c Severity: moderate References: 1182739 Description: This update for mariadb-connector-c fixes the following issues: - mariadb-connector-c was updated to 3.1.12 (bsc#1182739): * MDEV-24577: Fix warnings generated during compilation of plugin/auth_pam/testing/pam_mariadb_mtr.c on FreeBSD * CONC-521: Fixed warning on MacOS when including ucontext.h * CONC-518: Check if mysql->options.extension was allocated before checking async_context * CONC-517: C/C looks for plugins in wrong location on Windows ----------------------------------------- Patch: SUSE-2021-1002 Released: Thu Apr 1 13:59:48 2021 Summary: Recommended update for wireguard-tools Severity: low References: 1181334 Description: This update for wireguard-tools fixes the following issues: - Added tunnel config reload functionality (e.g. systemctl reload wg-quick@wg0.service) ----------------------------------------- Patch: SUSE-2021-1004 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Severity: moderate References: 1180073 Description: This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------- Patch: SUSE-2021-1006 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 Description: This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------- Patch: SUSE-2021-1007 Released: Thu Apr 1 17:47:20 2021 Summary: Security update for MozillaFirefox Severity: important References: 1183942,CVE-2021-23981,CVE-2021-23982,CVE-2021-23984,CVE-2021-23987 Description: This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs ----------------------------------------- Patch: SUSE-2021-1008 Released: Thu Apr 1 17:49:05 2021 Summary: Security update for tomcat Severity: important References: 1182909,1182912,CVE-2021-25122,CVE-2021-25329 Description: This update for tomcat fixes the following issues: CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912) CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909) ----------------------------------------- Patch: SUSE-2021-1010 Released: Thu Apr 1 17:51:39 2021 Summary: Security update for OpenIPMI Severity: moderate References: 1183178 Description: This update for OpenIPMI fixes the following issues: - Fixed an issue where OpenIPMI was creating non-position independent binaries (bsc#1183178). ----------------------------------------- Patch: SUSE-2021-1017 Released: Tue Apr 6 14:27:58 2021 Summary: Recommended update for dehydrated Severity: moderate References: Description: This update for dehydrated fixes the following issues: - Add directory where cleanup can archive unused certificates - Clarified new default settings. KEY_ALGO=secp384r1. Please consult README.maintainer for details and how to return to RSA-based certificate issuance. (jsc#ECO-3435, jsc#SLE-15909) - Added a note about ACMEv1 deprecation - Added a note on new ACME providers and the new non-URL provider syntax. See README.maintainer for details. ----------------------------------------- Patch: SUSE-2021-1018 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Severity: moderate References: 1180713 Description: This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------- Patch: SUSE-2021-1019 Released: Tue Apr 6 14:29:37 2021 Summary: Recommended update for gdb Severity: moderate References: 1180786 Description: This update for gdb fixes the following issues: - Fixed a heap-use-after-free issue in remote_async_inferior_event_handler - Changed the license back to 'GPL-3.0-or-later AND GPL-3.0-with-GCC-exception AND LGPL-2.1-or-later AND LGPL-3.0-or-later' - it was accidentally changed (bsc#1180786) ----------------------------------------- Patch: SUSE-2021-1021 Released: Tue Apr 6 14:30:30 2021 Summary: Recommended update for cups Severity: moderate References: 1175960 Description: This update for cups fixes the following issues: - Fixed the web UI kerberos authentication (bsc#1175960) ----------------------------------------- Patch: SUSE-2021-1022 Released: Tue Apr 6 14:31:04 2021 Summary: Recommended update for xdm Severity: low References: 1183698 Description: This update for xdm fixes the following issues: - Corrected the pid file path of display-manager.service (bsc#1183698) ----------------------------------------- Patch: SUSE-2021-1029 Released: Tue Apr 6 18:26:20 2021 Summary: Security update for gssproxy Severity: moderate References: 1180515,CVE-2020-12658 Description: This update for gssproxy fixes the following issues: - CVE-2020-12658: Fixed an issue where gssproxy was not unlocking cond_mutex before pthread exit in gp_worker_main() (bsc#1180515). ----------------------------------------- Patch: SUSE-2021-1094 Released: Wed Apr 7 14:11:34 2021 Summary: Security update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk Severity: important References: 1133120,1133124,1175899,1180996,CVE-2021-21261 Description: This update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk fixes the following issues: libostree: Update to version 2020.8 - Enable LTO. (bsc#1133120) - This update contains scalability improvements and bugfixes. - Caching-related HTTP headers are now supported on summaries and signatures, so that they do not have to be re-downloaded if not changed in the meanwhile. - Summaries and delta have been reworked to allow more fine-grained fetching. - Fixes several bugs related to atomic variables, HTTP timeouts, and 32-bit architectures. - Static deltas can now be signed to more easily support offline verification. - There's now support for multiple initramfs images; Is it possible to have a 'main' initramfs image and a secondary one which represents local configuration. - The documentation is now moved to https://ostreedev.github.io/ostree/ - Fix for an assertion failure when upgrading from systems before ostree supported devicetree. - ostree no longer hardlinks zero sized files to avoid hitting filesystem maximum link counts. - ostree now supports `/` and `/boot` being on the same filesystem. - Improvements to the GObject Introspection metadata, some (cosmetic) static analyzer fixes, a fix for the immutable bit on s390x, dropping a deprecated bit in the systemd unit file. - Fix a regression 2020.4 where the 'readonly sysroot' changes incorrectly left the sysroot read-only on systems that started out with a read-only `/` (most of them, e.g. Fedora Silverblue/IoT at least). - The default dracut config now enables reproducibility. - There is a new ostree admin unlock `--transient`. This should to be a foundation for further support for 'live' updates. - New `ed25519` signing support, powered by `libsodium`. - stree commit gained a new `--base` argument, which significantly simplifies constructing 'derived' commits, particularly for systems using SELinux. - Handling of the read-only sysroot was reimplemented to run in the initramfs and be more reliable. Enabling the `readonly=true` flag in the repo config is recommended. - Several fixes in locking for the temporary 'staging' directories OSTree creates, particularly on NFS. - A new `timestamp-check-from-rev` option was added for pulls, which makes downgrade protection more reliable and will be used by Fedora CoreOS. - Several fixes and enhancements made for 'collection' pulls including a new `--mirror` option. - The ostree commit command learned a new `--mode-ro-executables` which enforces `W^R` semantics on all executables. - Added a new commit metadata key `OSTREE_COMMIT_META_KEY_ARCHITECTURE` to help standardize the architecture of the OSTree commit. This could be used on the client side for example to sanity-check that the commit matches the architecture of the machine before deploying. - Stop invalid usage of `%_libexecdir`: + Use `%{_prefix}/lib` where appropriate. + Use `_systemdgeneratordir` for the systemd-generators. + Define `_dracutmodulesdir` based on `dracut.pc`. Add BuildRequires(dracut) for this to work. xdg-desktop-portal: Update to version 1.8.0: - Ensure systemd rpm macros are called at install/uninstall times for systemd user services. - Add BuildRequires on systemd-rpm-macros. - openuri: - Allow skipping the chooser for more URL tyles - Robustness fixes - filechooser: - Return the current filter - Add a 'directory' option - Document the 'writable' option - camera: - Make the client node visible - Don't leak pipewire proxy - Fix file descriptor leaks - Testsuite improvements - Updated translations. - document: - Reduce the use of open fds - Add more tests and fix issues they found - Expose directories with their proper name - Support exporting directories - New fuse implementation - background: Avoid a segfault - screencast: Require pipewire 0.3 - Better support for snap and toolbox - Require `/usr/bin/fusermount`: `xdg-document-portal` calls out to the binary. (bsc#1175899) Without it, files or dirs can be selected, but whatever is done with or in them, will not have any effect - Fixes for `%_libexecdir` changing to `/usr/libexec` xdg-desktop-portal-gtk: Update to version 1.8.0: - filechooser: - Return the current filter - Handle the 'directory' option to select directories - Only show preview when we have an image - screenshot: Fix cancellation - appchooser: Avoid a crash - wallpaper: - Properly preview placement settings - Drop the lockscreen option - printing: Improve the notification - Updated translations. - settings: Fall back to gsettings for enable-animations - screencast: Support Mutter version to 3 (New pipewire api ver 3). flatpak: - Update to version 1.10.2 (jsc#SLE-17238, ECO-3148) - This is a security update which fixes a potential attack where a flatpak application could use custom formated `.desktop` file to gain access to files on the host system. - Fix memory leaks - Documentation and translations updates - Spawn portal better handles non-utf8 filenames - Fix flatpak build on systems with setuid bwrap - Fix crash on updating apps with no deploy data - Remove deprecated texinfo packaging macros. - Support for the new repo format which should make updates faster and download less data. - The systemd generator snippets now call flatpak `--print-updated-env` in place of a bunch of shell for better login performance. - The `.profile` snippets now disable GVfs when calling flatpak to avoid spawning a gvfs daemon when logging in via ssh. - Flatpak now finds the pulseaudio sockets better in uncommon configurations. - Sandboxes with network access it now also has access to the `systemd-resolved` socket to do dns lookups. - Flatpak supports unsetting environment variables in the sandbox using `--unset-env`, and `--env=FOO=` now sets FOO to the empty string instead of unsetting it. - The spawn portal now has an option to share the pid namespace with the sub-sandbox. - This security update fixes a sandbox escape where a malicious application can execute code outside the sandbox by controlling the environment of the 'flatpak run' command when spawning a sub-sandbox (bsc#1180996, CVE-2021-21261) - Fix support for ppc64. - Move flatpak-bisect and flatpak-coredumpctl to devel subpackage, allow to remove python3 dependency on main package. - Enable LTO as gobject-introspection works fine with LTO. (bsc#1133124) - Fixed progress reporting for OCI and extra-data. - The in-memory summary cache is more efficient. - Fixed authentication getting stuck in a loop in some cases. - Fixed authentication error reporting. - Extract OCI info for runtimes as well as apps. - Fixed crash if anonymous authentication fails and `-y` is specified. - flatpak info now only looks at the specified installation if one is specified. - Better error reporting for server HTTP errors during download. - Uninstall now removes applications before the runtime it depends on. - Avoid updating metadata from the remote when uninstalling. - FlatpakTransaction now verifies all passed in refs to avoid. - Added validation of collection id settings for remotes. - Fix seccomp filters on s390. - Robustness fixes to the spawn portal. - Fix support for masking update in the system installation. - Better support for distros with uncommon models of merged `/usr`. - Cache responses from localed/AccountService. - Fix hangs in cases where `xdg-dbus-proxy` fails to start. - Fix double-free in cups socket detection. - OCI authenticator now doesn't ask for auth in case of http errors. - Fix invalid usage of `%{_libexecdir}` to reference systemd directories. - Fixes for `%_libexecdir` changing to `/usr/libexec` - Avoid calling authenticator in update if ref didn't change - Don't fail transaction if ref is already installed (after transaction start) - Fix flatpak run handling of userns in the `--device=all` case - Fix handling of extensions from different remotes - Fix flatpak run `--no-session-bus` - `FlatpakTransaction` has a new signal `install-authenticator` which clients can handle to install authenticators needed for the transaction. This is done in the CLI commands. - Now the host timezone data is always exposed, fixing several apps that had timezone issues. - There's a new systemd unit (not installed by default) to automatically detect plugged in usb sticks with sideload repos. - By default the `gdm env.d` file is no longer installed because the systemd generators work better. - `create-usb` now exports partial commits by default - Fix handling of docker media types in oci remotes - Fix subjects in `remote-info --log` output - This release is also able to host flatpak images on e.g. docker hub. ----------------------------------------- Patch: SUSE-2021-1097 Released: Wed Apr 7 18:06:54 2021 Summary: Security update for openexr Severity: moderate References: 1184172,1184173,1184174,CVE-2021-3474,CVE-2021-3475,CVE-2021-3476 Description: This update for openexr fixes the following issues: - CVE-2021-3474: Undefined-shift in Imf_2_5::FastHufDecoder::FastHufDecoder (bsc#1184174) - CVE-2021-3475: Integer-overflow in Imf_2_5::calculateNumTiles (bsc#1184173) - CVE-2021-3476: Undefined-shift in Imf_2_5::unpack14 (bsc#1184172) ----------------------------------------- Patch: SUSE-2021-1100 Released: Thu Apr 8 08:44:13 2021 Summary: Recommended update for sapconf Severity: moderate References: 1176061,1179524,1182314,1182906 Description: This update for sapconf fixes the following issues: - Added sapconf_check and supportconfig plugin for sapconf - Added change log message for 'MIN_PERF_PCT' parameter to reduce the spot light (bsc#1179524) - Added an additional check to detect an active saptune service to improve log messages (bsc#1182314) - sapconf.service starts now automatically during package update, if tuned is running with sapconf as profile (bsc#1176061) - sapconf.service will now only be disabled if saptune is active (bsc#1182906) ----------------------------------------- Patch: SUSE-2021-1104 Released: Thu Apr 8 10:32:42 2021 Summary: Security update for fwupdate Severity: important References: 1182057 Description: This update for fwupdate fixes the following issues: - Add SBAT section to EFI images (bsc#1182057) ----------------------------------------- Patch: SUSE-2021-1108 Released: Thu Apr 8 11:48:47 2021 Summary: Security update for ceph Severity: moderate References: 1172926,1176390,1176489,1176679,1176828,1177360,1177857,1178837,1178860,1178905,1178932,1179569,1179997,1182766,CVE-2020-25678,CVE-2020-27839 Description: This update for ceph fixes the following issues: - ceph was updated to to 15.2.9 - cephadm: fix 'inspect' and 'pull' (bsc#1182766) - CVE-2020-27839: mgr/dashboard: Use secure cookies to store JWT Token (bsc#1179997) - CVE-2020-25678: Do not add sensitive information in Ceph log files (bsc#1178905) - mgr/orchestrator: Sort 'ceph orch device ls' by host (bsc#1172926) - mgr/dashboard: enable different URL for users of browser to Grafana (bsc#1176390, bsc#1176679) - mgr/cephadm: lock multithreaded access to OSDRemovalQueue (bsc#1176489) - cephadm: command_unit: call systemctl with verbose=True (bsc#1176828) - cephadm: silence 'Failed to evict container' log msg (bsc#1177360) - mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails (bsc#1177857) - rgw: cls/user: set from_index for reset stats calls (bsc#1178837) - mgr/dashboard: Disable TLS 1.0 and 1.1 (bsc#1178860) - cephadm: reference the last local image by digest (bsc#1178932, bsc#1179569) ----------------------------------------- Patch: SUSE-2021-1113 Released: Thu Apr 8 17:14:51 2021 Summary: Security update for tpm2-tss-engine Severity: moderate References: 1183895 Description: This update for tpm2-tss-engine fixes the following issues: - Added support to disable fixed compilation flags - Added --disable-defaultflags during compilation to avoid breakage of our gcc-PIE profile (resulted in non-position-independent executable tpm2-tss-genkey, bsc#1183895) ----------------------------------------- Patch: SUSE-2021-1116 Released: Fri Apr 9 10:56:55 2021 Summary: Security update for umoci Severity: important References: 1184147,CVE-2021-29136 Description: This update for umoci fixes the following issues: - Update to umoci v0.4.6. - CVE-2021-29136: malicious layer allows overwriting of host files (bsc#1184147) ----------------------------------------- Patch: SUSE-2021-1127 Released: Fri Apr 9 19:26:46 2021 Summary: Recommended update for gnome-shell-extension-desktop-icons Severity: low References: 1183504 Description: This update for gnome-shell-extension-desktop-icons fixes the following issues: - Fixed ISO file icon (bsc#1183504) ----------------------------------------- Patch: SUSE-2021-1137 Released: Mon Apr 12 13:09:53 2021 Summary: Recommended update for lifecycle-data-sle-live-patching Severity: low References: 1020320 Description: This update for lifecycle-data-sle-live-patching fixes the following issues: - Added data for 4_12_14-122_63, 4_12_14-95_71, 4_4_121-92_152, 4_4_180-94_141 (bsc#1020320) ----------------------------------------- Patch: SUSE-2021-1138 Released: Mon Apr 12 13:11:08 2021 Summary: Recommended update for crmsh Severity: low References: 1180332,1181907 Description: This update for crmsh fixes the following issues: - Change exit code and error to warning for some unharmful actions (bsc#1180332) - Raise warning when configuring diskless SBD with node's count less than three (bsc#1181907) ----------------------------------------- Patch: SUSE-2021-1141 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Severity: low References: 1182791 Description: This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------- Patch: SUSE-2021-1155 Released: Tue Apr 13 04:42:54 2021 Summary: Recommended update for sblim-sfcb Severity: important References: 1180753 Description: This update for sblim-sfcb fixes the following issue: - Avoid a double free during a failed localhost client connection. (bsc#1180753) ----------------------------------------- Patch: SUSE-2021-1161 Released: Tue Apr 13 11:35:57 2021 Summary: Security update for cifs-utils Severity: moderate References: 1183239,CVE-2021-20208 Description: This update for cifs-utils fixes the following issues: - CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container (bsc#1183239) ----------------------------------------- Patch: SUSE-2021-1163 Released: Tue Apr 13 13:42:38 2021 Summary: Security update for spamassassin Severity: important References: 1159133,1184221,CVE-2019-12420,CVE-2020-1946 Description: This update for spamassassin fixes the following issues: - CVE-2019-12420: memory leak via crafted messages (bsc#1159133) - CVE-2020-1946: security update (bsc#1184221) ----------------------------------------- Patch: SUSE-2021-1166 Released: Tue Apr 13 14:03:51 2021 Summary: Security update for wpa_supplicant Severity: moderate References: 1184348,CVE-2021-30004 Description: This update for wpa_supplicant fixes the following issues: - CVE-2021-30004: Fixed an issue where forging attacks might have occured because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (bsc#1184348). ----------------------------------------- Patch: SUSE-2021-1167 Released: Tue Apr 13 14:04:14 2021 Summary: Security update for MozillaThunderbird Severity: important References: 1177542,1183942,1184536,CVE-2021-23981,CVE-2021-23982,CVE-2021-23984,CVE-2021-23987,CVE-2021-23991,CVE-2021-23992 Description: This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird was updated to version 78.9.1 (MFSA 2021-12,MFSA 2021-13, bsc#1183942, bsc#1184536) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs * CVE-2021-23991: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key * CVE-2021-23993: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key - cleaned up and fixed mozilla.sh.in for wayland (bsc#1177542) ----------------------------------------- Patch: SUSE-2021-1168 Released: Tue Apr 13 14:04:32 2021 Summary: Security update for opensc Severity: moderate References: 1149746,1149747,1158256,1158307,1170809,1177364,1177378,1177380,CVE-2019-15945,CVE-2019-15946,CVE-2019-19479,CVE-2019-19480,CVE-2019-20792,CVE-2020-26570,CVE-2020-26571,CVE-2020-26572 Description: This update for opensc fixes the following issues: - CVE-2019-15945: Fixed an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string (bsc#1149746). - CVE-2019-15946: Fixed an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry (bsc#1149747) - CVE-2019-19479: Fixed an incorrect read operation during parsing of a SETCOS file attribute (bsc#1158256) - CVE-2019-19480: Fixed an improper free operation in sc_pkcs15_decode_prkdf_entry (bsc#1158307). - CVE-2019-20792: Fixed a double free in coolkey_free_private_data (bsc#1170809). - CVE-2020-26570: Fixed a buffer overflow in sc_oberthur_read_file (bsc#1177364). - CVE-2020-26571: Fixed a stack-based buffer overflow in gemsafe GPK smart card software driver (bsc#1177380) - CVE-2020-26572: Fixed a stack-based buffer overflow in tcos_decipher (bsc#1177378). ----------------------------------------- Patch: SUSE-2021-1169 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Severity: low References: 1181976 Description: This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------- Patch: SUSE-2021-1182 Released: Tue Apr 13 18:38:05 2021 Summary: Security update for xorg-x11-server Severity: important References: 1180128,CVE-2021-3472 Description: This update for xorg-x11-server fixes the following issues: - CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege Escalation (bsc#1180128) ----------------------------------------- Patch: SUSE-2021-1186 Released: Wed Apr 14 12:12:07 2021 Summary: Recommended update for vsftpd Severity: moderate References: 1125951,1144062,1179553,1180314,1181512 Description: This update for vsftpd fixes the following issues: - Fix an issue when vsftpd crashes as 'seccomp' blocks new syscall. (bsc#1179553) - Fixed a crash while trying to list a directory on SUSE Linux Enterprise 15 with seccomp mode enabled. (bsc#1181512) - Users can now enable a specific version of TLS protocol. (jsc#SLE-4182) Add the options `ssl_tlsv1_1` and `ssl_tlsv1_2` to the configuration file. Both options are enabled. - Add `pam_keyinit.so` to PAM config file. (bsc#1144062) - Fix a memory error while trying to write to an invalid TLS context. (bsc#1125951) - Follow the system TLS cipher policy `DEFAULT_SUSE` by default. Run the command `openssl ciphers -v DEFAULT_SUSE` to see which ciphers this includes. ----------------------------------------- Patch: SUSE-2021-1190 Released: Wed Apr 14 14:08:13 2021 Summary: Security update for clamav Severity: important References: 1181256,1184532,1184533,1184534,CVE-2021-1252,CVE-2021-1404,CVE-2021-1405 Description: This update for clamav fixes the following issues: - CVE-2021-1252: Fix for Excel XLM parser infinite loop. (bsc#1184532) - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. (bsc#1184533) - CVE-2021-1405: Fix for mail parser NULL-dereference crash. (bsc#1184534) - Fix errors when scanning files > 4G (bsc#1181256) - Update clamav.keyring - Update to 0.103.2 ----------------------------------------- Patch: SUSE-2021-1191 Released: Wed Apr 14 18:57:23 2021 Summary: Recommended update for irqbalance Severity: important References: 1178477,1183405 Description: This update for irqbalance fixes the following issues: - Fixed a bug where irqbalance did not correctly balance interrupts in Xen guests (bsc#1178477, bsc#1183405) ----------------------------------------- Patch: SUSE-2021-1202 Released: Thu Apr 15 15:11:29 2021 Summary: Recommended update for go1.16 Severity: moderate References: 1182345 Description: This update for go1.16 fixes the following issues: - Updated to upstream version 1.16.3 to include fixes for the compiler, linker, runtime, the go command, and the testing and time packages (bsc#1182345) ----------------------------------------- Patch: SUSE-2021-1205 Released: Thu Apr 15 15:14:31 2021 Summary: Recommended update for rsyslog Severity: moderate References: 1178490 Description: This update for rsyslog fixes the following issues: - Fix groupname retrieval for large groups. (bsc#1178490) ----------------------------------------- Patch: SUSE-2021-1206 Released: Thu Apr 15 15:15:09 2021 Summary: Recommended update for kubevirt Severity: moderate References: 1183749 Description: This update for kubevirt fixes the following issues: - updated kubevirt to version 0.38.1 This update for provides a lot of bug fixes and smaller changes. Please refer to this package's rpm changelog to get a full list of all changes. ----------------------------------------- Patch: SUSE-2021-1230 Released: Thu Apr 15 17:09:58 2021 Summary: Recommended update for SUSE Manager Client Tools Severity: moderate References: 1131670,1178072,1181124,1181474,1182339,1182603,1183959 Description: This update fixes the following issues: golang-github-boynux-squid_exporter: - Build requires Go 1.15 - Add %license macro for LICENSE file golang-github-lusitaniae-apache_exporter: - Build with Go 1.15 golang-github-prometheus-prometheus: - Uyuni: `hostname` label is now set to FQDN instead of IP grafana: - Update to version 7.4.2: * Make Datetime local (No date if today) working (#31274) (#31275) * 'Release: Updated versions in package to 7.4.2' (#31272) * [v7.4.x] Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces (#31269) * Snapshots: Disallow anonymous user to create snapshots (#31263) (#31266) * only update usagestats every 30min (#31131) (#31262) * Prometheus: Fix enabling of disabled queries when editing in dashboard (#31055) (#31248) * CloudWatch: Ensure empty query row errors are not passed to the panel (#31172) (#31245) * StatPanels: Fixes to palette color scheme is not cleared when loading panel (#31126) (#31246) * QueryEditors: Fixes issue that happens after moving queries then editing would update other queries (#31193) (#31244) * LibraryPanels: Disconnect before connect during dashboard save (#31235) (#31238) * SqlDataSources: Fixes the Show Generated SQL button in query editors (#31236) (#31239) * Variables: Adds back default option for data source variable (#31208) (#31232) * IPv6: Support host address configured with enclosing square brackets (#31226) (#31228) * Postgres: Fix timeGroup macro converts long intervals to invalid numbers when TimescaleDB is enabled (#31179) (#31224) * Remove last synchronisation field from LDAP debug view (#30984) (#31221) * [v7.4.x]: Sync drone config from master to stable release branch (#31213) * DataSourceSrv: Filter out non queryable data sources by default (#31144) (#31214) * Alerting: Fix modal text for deleting obsolete notifier (#31171) (#31209) * Variables: Fixes missing empty elements from regex filters (#31156) (#31201) * DashboardLinks: Fixes links always cause full page reload (#31178) (#31181) * DashboardListPanel: Fixes issue with folder picker always showing All and using old form styles (#31160) (#31162) * Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132) (#31176) * Prometheus: Multiply exemplars timestamp to follow api change (#31143) (#31170) - Added add-gotest-module.patch to fix 'inconsistent vendoring' build failure - Update to version 7.4.1: * 'Release: Updated versions in package to 7.4.1' (#31128) * Transforms: Fixes Outer join issue with duplicate field names not getting the same unique field names as before (#31121) (#31127) * MuxWriter: Handle error for already closed file (#31119) (#31120) * Logging: sourcemap transform asset urls from CDN in logged stacktraces (#31115) (#31117) * Exemplars: Change CTA style (#30880) (#31105) * test: add support for timeout to be passed in for addDatasource (#30736) (#31090) * Influx: Make max series limit configurable and show the limiting message if applied (#31025) (#31100) * Elasticsearch: fix log row context erroring out (#31088) (#31094) * test: update addDashboard flow for v7.4.0 changes (#31059) (#31084) * Usage stats: Adds source/distributor setting (#31039) (#31076) * DashboardLinks: Fixes crash when link has no title (#31008) (#31050) * Make value mappings correctly interpret numeric-like strings (#30893) (#30912) * Elasticsearch: Fix alias field value not being shown in query editor (#30992) (#31037) * BarGauge: Improvements to value sizing and table inner width calculations (#30990) (#31032) * convert path to posix by default (#31045) (#31053) * Alerting: Fixes so notification channels are properly deleted (#31040) (#31046) * Drone: Fix deployment image (#31027) (#31029) * Graph: Fixes so graph is shown for non numeric time values (#30972) (#31014) * instrumentation: make the first database histogram bucket smaller (#30995) (#31001) * Build: Releases e2e and e2e-selectors too (#31006) (#31007) * TextPanel: Fixes so panel title is updated when variables change (#30884) (#31005) * StatPanel: Fixes issue formatting date values using unit option (#30979) (#30991) * Units: Fixes formatting of duration units (#30982) (#30986) * Elasticsearch: Show Size setting for raw_data metric (#30980) (#30983) * Logging: sourcemap support for frontend stacktraces (#30590) (#30976) * e2e: extends selector factory to plugins (#30932) (#30934) * Variables: Adds queryparam formatting option (#30858) (#30924) * Exemplars: change api to reflect latest changes (#30910) (#30915) * 'Release: Updated versions in package to 7.4.0' (#30898) * DataSourceSettings: Adds info box and link to Grafana Cloud (#30891) (#30896) * GrafanaUI: Add a way to persistently close InfoBox (#30716) (#30895) * [7.4.x] AlertingNG: List saved Alert definitions in Alert Rule list (30890)(30603) * Alerting: Fixes alert panel header icon not showing (#30840) (#30885) * Plugins: Requests validator (#30445) (#30877) * PanelLibrary: Adds library panel meta information to dashboard json (#30770) (#30883) * bump grabpl version to 0.5.36 (#30874) (#30878) * Chore: remove __debug_bin (#30725) (#30857) * Grafana-ui: fixes closing modals with escape key (#30745) (#30873) * DashboardLinks: Support variable expression in to tooltip - Issue #30409 (#30569) (#30852) * Add alt text to plugin logos (#30710) (#30872) * InfluxDB: Add http configuration when selecting InfluxDB v2 flavor (#30827) (#30870) * Prometheus: Set type of labels to string (#30831) (#30835) * AlertingNG: change API permissions (#30781) (#30814) * Grafana-ui: fixes no data message in Table component (#30821) (#30855) * Prometheus: Add tooltip to explain possibility to use patterns in text and title fields in annotations (#30825) (#30843) * Chore: add more docs annotations (#30847) (#30851) * BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806) (#30846) * Transforms: allow boolean in field calculations (#30802) (#30845) * CDN: Fixes cdn path when Grafana is under sub path (#30822) (#30823) * bump cypress to 6.3.0 (#30644) (#30819) * Expressions: Measure total transformation requests and elapsed time (#30514) (#30789) * Grafana-UI: Add story/docs for ErrorBoundary (#30304) (#30811) * [v7.4.x]: Menu: Mark menu components as internal (#30801) * Graph: Fixes auto decimals issue in legend and tooltip (#30628) (#30635) * GraphNG: Disable Plot logging by default (#30390) (#30500) * Storybook: Migrate card story to use controls (#30535) (#30549) * GraphNG: add bar alignment option (#30499) (#30790) * Variables: Clears drop down state when leaving dashboard (#30810) (#30812) * Add missing callback dependency (#30797) (#30809) * GraphNG: improve behavior when switching between solid/dash/dots (#30796) (#30799) * Add width for Variable Editors (#30791) (#30795) * Panels: Fixes so panels are refreshed when scrolling past them fast (#30784) (#30792) * PanelEdit: Trigger refresh when changing data source (#30744) (#30767) * AlertingNG: Enable UI to Save Alert Definitions (#30394) (#30548) * CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777) (#30779) * CDN: Adds support for serving assets over a CDN (#30691) (#30776) * Explore: Update styling of buttons (#30493) (#30508) * Loki: Append refId to logs uid (#30418) (#30537) * skip symlinks to directories when generating plugin manifest (#30721) (#30738) * Mobile: Fixes issue scrolling on mobile in chrome (#30746) (#30750) * BarChart: add alpha bar chart panel (#30323) (#30754) * Datasource: Use json-iterator configuration compatible with standard library (#30732) (#30739) * Variables: Fixes so text format will show All instead of custom all (#30730) (#30731) * AlertingNG: pause/unpause definitions via the API (#30627) (#30672) * PanelLibrary: better handling of deleted panels (#30709) (#30726) * Transform: improve the 'outer join' performance/behavior (#30407) (#30722) * DashboardPicker: switch to promise-based debounce, return dashboard UID (#30706) (#30714) * Use connected GraphNG in Explore (#30707) (#30708) * PanelLibrary: changes casing of responses and adds meta property (#30668) (#30711) * DeployImage: Switch base images to Debian (#30684) (#30699) * Trace: trace to logs design update (#30637) (#30702) * Influx: Show all datapoints for dynamically windowed flux query (#30688) (#30703) * ci(npm-publish): add missing github package token to env vars (#30665) (#30673) * Loki: Improve live tailing errors and fix Explore's logs container type errors (#30517) (#30681) * Grafana-UI: Fix setting default value for MultiSelect (#30671) (#30687) * Explore: Fix jumpy live tailing (#30650) (#30677) * Docs: Refer to product docs in whats new for alerting templating feature (#30652) (#30670) * Variables: Fixes display value when using capture groups in regex (#30636) (#30661) * Docs: Fix expressions enabled description (#30589) (#30651) * Licensing Docs: Adding license restrictions docs (#30216) (#30648) * DashboardSettings: fixes vertical scrolling (#30640) (#30643) * chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix (#30605) (#30631) * Explore: Fix loading visualisation on the top of the new time series panel (#30553) (#30557) * Footer: Fixes layout issue in footer (#30443) (#30494) * Variables: Fixes so queries work for numbers values too (#30602) (#30624) * Admin: Fixes so form values are filled in from backend (#30544) (#30623) * Docs: Update 7.4 What's New to use more correct description of alerting notification template feature (#30502) (#30614) * NodeGraph: Add docs (#30504) (#30613) * Cloud Monitoring: Fix legend naming with display name override (#30440) (#30503) * Expressions: Add option to disable feature (#30541) (#30558) * OldGraph: Fix height issue in Firefox (#30565) (#30582) * XY Chart: fix editor error with empty frame (no fields) (#30573) (#30577) * XY Chart: share legend config with timeseries (#30559) (#30566) * DataFrame: cache frame/field index in field state (#30529) (#30560) * Prometheus: Fix show query instead of Value if no __name__ and metric (#30511) (#30556) * Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1 (#30519) (#30550) * chore: update packages dependent on dot-prop to fix security vulnerability (#30432) (#30487) * GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523. (#30527) (#30528) * GraphNG: uPlot 1.6.2 (#30521) (#30522) * Chore: Upgrade grabpl version (#30486) (#30513) * grafana/ui: Fix internal import from grafana/data (#30439) (#30507) * prevent field config from being overwritten (#30437) (#30442) * Chore: upgrade NPM security vulnerabilities (#30397) (#30495) * TimeSeriesPanel: Fixed default value for gradientMode (#30484) (#30492) * Admin: Fixes so whole org drop down is visible when adding users to org (#30481) (#30497) * Chore: adds wait to e2e test (#30488) (#30490) * Graph: Fixes so only users with correct permissions can add annotations (#30419) (#30466) * Alerting: Hides threshold handle for percentual thresholds (#30431) (#30467) * Timeseries: only migrage point size when configured (#30461) (#30470) * Expressions: Fix button icon (#30444) (#30450) * PanelModel: Make sure the angular options are passed to react panel type changed handler (#30441) (#30451) * Docs: Fix img link for alert notification template (#30436) (#30447) * Chore: Upgrade build pipeline tool (#30456) (#30457) * PanelOptions: Refactoring applying panel and field options out of PanelModel and add property clean up for properties not in field config registry (#30389) (#30438) * 'Release: Updated versions in package to 7.4.0-beta.1' (#30427) * Chore: Update what's new URL (#30423) * GraphNG: assume uPlot's series stroke is always a function (#30416) * PanelLibrary: adding library panels to Dashboard Api (#30278) * Prettier: Fixes to files that came in after main upgrade (#30410) * Cloud Monitoring: Add curated dashboards for the most popular GCP services (#29930) * Mssql integrated security (#30369) * Prettier: Upgrade to 2 (#30387) * GraphNG: sort ascending if the values appear reversed (#30405) * Docs: Grafana whats new 7.4 (#30404) * Dashboards: Adds cheat sheet toggle to supported query editors (#28857) * Docs: Update timeseries-dimensions.md (#30403) * Alerting: Evaluate data templating in alert rule name and message (#29908) * Docs: Add links to 7.3 patch release notes (#30292) * Docs: Update _index.md (#29546) * Docs: Update jaeger.md (#30401) * Expressions: Remove feature toggle (#30316) * Docs: Update tempo.md (#30399) * Docs: Update zipkin.md (#30400) * services/provisioning: Various cleanup (#30396) * DashboardSchemas: OpenAPI Schema Generation (#30242) * AlertingNG: Enforce unique alert definition title (non empty)/UID per organisation (#30380) * Licensing: Document new v7.4 options and APIs (#30217) * Auth: add expired token error and update CreateToken function (#30203) * NodeGraph: Add node graph visualization (#29706) * Add jwtTokenAuth to plugin metadata schema (#30346) * Plugins: Force POSIX style path separators for manifest generation (#30287) * Add enterprise reporting fonts to gitignore (#30385) * Field overrides: skipping overrides for properties no longer existing in plugin (#30197) * NgAlerting: View query result (#30218) * Grafana-UI: Make Card story public (#30388) * Dashboard: migrate version history list (#29970) * Search: use Card component (#29892) * PanelEvents: Isolate more for old angular query editors (#30379) * Loki: Remove showing of unique labels with the empty string value (#30363) * Chore: Lint all files for no-only-tests (#30364) * Clears errors after running new query (#30367) * Prometheus: Change exemplars endpoint (#30378) * Explore: Fix a bug where Typeahead crashes when a large amount of ite… (#29637) * Circular vector: improve generics (#30375) * Update signing docs (#30296) * Email: change the year in templates (#30294) * grafana/ui: export TLS auth component (#30320) * Query Editor: avoid word wrap (#30373) * Transforms: add sort by transformer (#30370) * AlertingNG: Save alert instances (#30223) * GraphNG: Color series from by value scheme & change to fillGradient to gradientMode (#29893) * Chore: Remove not used PanelOptionsGrid component (#30358) * Zipkin: Remove browser access mode (#30360) * Jaeger: Remove browser access mode (#30349) * chore: bump lodash to 4.17.20 (#30359) * ToolbarButton: New emotion based component to replace all navbar, DashNavButton and scss styles (#30333) * Badge: Increase contrast, remove rocket icon for plugin beta/alpha state (#30357) * Licensing: Send map of environment variables to plugins (#30347) * Dashboards: Exit to dashboard when deleting panel from panel view / edit view (#29032) * Cloud Monitoring: MQL support (#26551) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30348) * Panel options UI: Allow collapsible categories (#30301) * Grafana-ui: Fix context menu item always using onClick instead of href (#30350) * Badge: Design improvement & reduce contrast (#30328) * make sure stats are added horizontally and not vertically (#30106) * Chore(deps): Bump google.golang.org/grpc from 1.33.1 to 1.35.0 (#30342) * Chore(deps): Bump github.com/stretchr/testify from 1.6.1 to 1.7.0 (#30341) * Chore(deps): Bump github.com/google/uuid from 1.1.2 to 1.1.5 (#30340) * Chore(deps): Bump github.com/hashicorp/go-version from 1.2.0 to 1.2.1 (#30339) * Fix HTML character entity error (#30334) * GraphNG: fix fillBelowTo regression (#30330) * GraphNG: implement softMin/softMax for auto-scaling stabilization. close #979. (#30326) * Legend: Fixes right y-axis legend from being pushed outside the bounds of the panel (#30327) * Grafana-toolkit: Update component generator templates (#30306) * Panels: remove beta flag from stat and bargauge panels (#30324) * GraphNG: support fill below to (bands) (#30268) * grafana-cli: Fix security issue (#28888) * AlertingNG: Modify queries and transform endpoint to get datasource UIDs (#30297) * Chore: Fix missing property from ExploreGraph (#30315) * Prometheus: Add support for Exemplars (#28057) * Grafana-UI: Enhances for TimeRangePicker and TimeRangeInput (#30102) * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30312) * Table: Fixes BarGauge cell display mode font size so that it is fixed to the default cell font size (#30303) * AngularGraph: Fixes issues with legend wrapping after legend refactoring (#30283) * Plugins: Add Open Distro to the list of data sources supported by sigv4 (#30308) * Chore: Moves common and response into separate packages (#30298) * GraphNG: remove y-axis position control from series color picker in the legend (#30302) * Table: migrate old-table config to new table config (#30142) * Elasticsearch: Support extended stats and percentiles in terms order by (#28910) * Docs: Update release notes index * GraphNG: stats in legend (#30251) * Grafana UI: EmptySearchResult docs (#30281) * Plugins: Use the includes.path (if exists) on sidebar includes links (#30291) * Fix spinner and broken buttons (#30286) * Graph: Consider reverse sorted data points on isOutsideRange check (#30289) * Update getting-started.md (#30257) * Backend: use sdk version (v0.81.0) without transform (gel) code (#29236) * Chore: update latest versions to 7.3.7 (#30282) * Loki: Fix hiding of series in table if labels have number values (#30185) * Loki: Lower min step to 1ms (#30135) * Prometheus: Improve autocomplete performance and remove disabling of dynamic label lookup (#30199) * Icons: Adds custom icon support ands new panel and interpolation icons (#30277) * ReleaseNotes: Updated changelog and release notes for 7.3.7 (#30280) * Grafana-ui: Allow context menu items to be open in new tab (#30141) * Cloud Monitoring: Convert datasource to use Dataframes (#29830) * GraphNG: added support to change series color from legend. (#30256) * AzureMonitor: rename labels for query type dropdown (#30143) * Decimals: Improving auto decimals logic for high numbers and scaled units (#30262) * Elasticsearch: Use minimum interval for alerts (#30049) * TimeSeriesPanel: The new graph panel now supports y-axis value mapping #30272 * CODEOWNERS: Make backend squad owners of backend style guidelines (#30266) * Auth: Add missing request headers to SigV4 middleware allowlist (#30115) * Grafana-UI: Add story/docs for FilterPill (#30252) * Grafana-UI: Add story/docs for Counter (#30253) * Backend style guide: Document JSON guidelines (#30267) * GraphNG: uPlot 1.6, hide 'Show points' in Points mode, enable 'dot' lineStyle (#30263) * Docs: Update prometheus.md (#30240) * Docs: Cloudwatch filter should be JSON format (#30243) * API: Add by UID routes for data sources (#29884) * Docs: Update datasource_permissions.md (#30255) * Cloudwatch: Move deep link creation to the backend (#30206) * Metrics API: Use jsoniter for JSON encoding (#30250) * Add option in database config to skip migrations for faster startup. (#30146) * Set signed in users email correctly (#30249) * Drone: Upgrade build pipeline tool (#30247) * runRequest: Fixes issue with request time range and time range returned to panels are off causing data points to be cut off (outside) (#30227) * Elasticsearch: fix handling of null values in query_builder (#30234) * Docs: help users connect to Prometheus using SigV4 (#30232) * Update documentation-markdown-guide.md (#30207) * Update documentation-markdown-guide.md (#30235) * Better logging of plugin scanning errors (#30231) * Print Node.js and Toolkit versions (#30230) * Chore: bump rollup across all packages (#29486) * Backend style guide: Document database patterns (#30219) * Chore: Bump plugin-ci-alpine Docker image version (#30225) * Legends: Refactoring and rewrites of legend components to simplify components & reuse (#30165) * Use Node.js 14.x in plugin CI (#30209) * Field overrides: extracting the field config factory into its own reusable module. (#30214) * LibraryPanels: adds connections (#30212) * PanelOptionsGroups: Only restore styles from PanelOptionsGroup (#30215) * Variables: Add deprecation warning for value group tags (#30160) * GraphNG: Hide grid for right-y axis if left x-axis exists (#30195) * Middleware: Add CSP support (#29740) * Updated image links to have newer format. (#30208) * Docs: Update usage-insights.md (#30150) * Share panel dashboard add images (#30201) * Update documentation-style-guide.md (#30202) * Docs: Fix links to transforms (#30194) * docs(badge): migrate story to use controls (#30180) * Chore(deps): Bump github.com/prometheus/common from 0.14.0 to 0.15.0 (#30188) * Fix alert definition routine stop (#30117) * Chore(deps): Bump gopkg.in/square/go-jose.v2 from 2.4.1 to 2.5.1 (#30189) * InlineSwitch: Minor story fix (#30186) * Chore(deps): Bump github.com/gosimple/slug from 1.4.2 to 1.9.0 (#30178) * Chore(deps): Bump github.com/fatih/color from 1.9.0 to 1.10.0 (#30183) * Chore(deps): Bump github.com/lib/pq from 1.3.0 to 1.9.0 (#30181) * Chore(deps): Bump github.com/hashicorp/go-plugin from 1.2.2 to 1.4.0 (#30175) * Chore(deps): Bump github.com/getsentry/sentry-go from 0.7.0 to 0.9.0 (#30171) * Gauge: Fixes issue with all null values cause min & max to be null (#30156) * Links: Add underline on hover for links in NewsPanel (#30166) * GraphNG: Update to test dashboards (#30153) * CleanUp: Removed old panel options group component (#30157) * AngularQueryEditors: Fixes to Graphite query editor and other who refer to other queries (#30154) * Chore(deps): Bump github.com/robfig/cron/v3 from 3.0.0 to 3.0.1 (#30172) * Chore(deps): Bump github.com/urfave/cli/v2 from 2.1.1 to 2.3.0 (#30173) * Chore: Fix spelling issue (#30168) * Revise README.md. (#30145) * Chore(deps): Bump github.com/mattn/go-sqlite3 from 1.11.0 to 1.14.6 (#30174) * InlineSwitch: Added missing InlineSwitch component and fixed two places that used unaligned inline switch (#30162) * GraphNG: add new alpha XY Chart (#30096) * Elastic: Support request cancellation properly (Uses new backendSrv.fetch Observable request API) (#30009) * OpenTSDB: Support request cancellation properly (#29992) * InfluxDB: Update Flux external link (#30158) * Allow dependabot to keep go packages up-to-date (#30170) * PluginState: Update comment * GraphNG: Minor polish & updates to new time series panel and move it from alpha to beta (#30163) * Share panel dashboard (#30147) * GraphNG: rename 'graph3' to 'timeseries' panel (#30123) * Add info about access mode (#30137) * Prometheus: Remove running of duplicated metrics query (#30108) * Prometheus: Fix autocomplete does not work on incomplete input (#29854) * GraphNG: remove graph2 panel (keep the parts needed for explore) (#30124) * Docs: Add metadata to activating licensing page (#30140) * MixedDataSource: Added missing variable support flag (#30110) * AngularPanels: Fixes issue with some panels not rendering when going into edit mode due to no height (#30113) * AngularPanels: Fixes issue with discrete panel that used the initialized event (#30133) * Explore: Make getFieldLinksForExplore more reusable (#30134) * Elasticsearch: Add Support for Serial Differencing Pipeline Aggregation (#28618) * Angular: Fixes issue with angular directive caused by angular upgrade in master (#30114) * Analytics: add data source type in data-request events (#30087) * GraphNG: 'Interpolation: Step after' test (#30127) * GraphNG: check cross-axis presence when auto-padding. close #30121. (#30126) * Alerting: improve alerting default datasource search when extracting alerts (#29993) * Loki: Timeseries should not produce 0-values for missing data (#30116) * GraphNG: support dashes (#30070) * GraphNG: fix spanGaps optimization in alignDataFrames(). see #30101. (#30118) * Alerting NG: update API to expect UIDs instead of IDs (#29896) * GraphNG: Overhaul of main test dashboard and update to null & gaps dashboard (#30101) * Chore: Fix intermittent time-related test failure in explore datasource instance update (#30109) * QueryEditorRow: Ability to change query name (#29779) * Frontend: Failed to load application files message improvement IE11 (#30011) * Drone: Upgrade build pipeline tool (#30104) * Fix phrasing. (#30075) * Chore: Add CloudWatch HTTP API tests (#29691) * Elastic: Fixes so templating queries work (#30003) * Chore: Rewrite elasticsearch client test to standard library (#30093) * Chore: Rewrite tsdb influxdb test to standard library (#30091) * Fix default maximum lifetime an authenticated user can be logged in (#30030) * Instrumentation: re-enable database wrapper feature to expose counter and histogram for database queries (#29662) * Docs: Update labels to fields transform (#30086) * GraphNG: adding possibility to toggle tooltip, graph and legend for series (#29575) * Chore: Rewrite tsdb cloudmonitoring test to standard library (#30090) * Chore: Rewrite tsdb azuremonitor time grain test to standard library (#30089) * Chore: Rewrite tsdb graphite test to standard library (#30088) * Chore: Upgrade Docker build image wrt. Go/golangci-lint/Node (#30077) * Usage Stats: Calculate concurrent users as a histogram (#30006) * Elasticsearch: Fix broken alerting when using pipeline aggregations (#29903) * Drone: Fix race conditions between Enterprise and Enterprise2 (#30076) * Chore: Rewrite models datasource cache test to standard library (#30040) * Plugins: prevent app plugin from rendering with wrong location (#30017) * Update NOTICE.md * Chore: Tiny typo fix `rage` -> `range` (#30067) * Docs: loki.md: Add example of Loki data source config (#29976) * ReleaseNotes: Updated changelog and release notes for 7.3.6 (#30066) * Docs: Update usage-insights.md (#30065) * Docs: Update white-labeling.md (#30064) * Chore(deps): Bump axios from 0.19.2 to 0.21.1 (#30059) * Chore: Rewrite models tags test to standard library (#30041) * Bump actions/setup-node from v1 to v2.1.4 (#29891) * Build(deps): Bump ini from 1.3.5 to 1.3.7 (#29787) * fall back to any architecture when getting plugin's checksum #30034 (#30035) * Lerna: Update to 3.22.1 (#30057) * SeriesToRows: Fixes issue in transform so that value field is always named Value (#30054) * [dashboard api] manage error when data in dashboard table is not valid json (#29999) * use sha256 checksum instead of md5 (#30018) * Chore: Rewrite brute force login protection test to standard library (#29986) * Chore: Rewrite login auth test to standard library (#29985) * Chore: Rewrite models dashboards test to standard library (#30023) * Chore: Rewrite models dashboard acl test to standard library (#30022) * Chore: Rewrite models alert test to standard library (#30021) * Chore: Rewrite ldap login test to standard library (#29998) * Chore: Rewrite grafana login test to standard library (#29997) * Fix two ini-file typos regarding LDAP (#29843) * Chore: Changes source map devtool to inline-source-map (#30004) * Chore: Sync Enterprise go.sum (#30005) * Chore: Add Enterprise dependencies (#29994) * SQLStore: customise the limit of retrieved datasources per organisation (#29358) * Chore: update crewjam/saml library to the latest master (#29991) * Graph: Fixes so users can not add annotations in readonly dash (#29990) * Currency: add Vietnamese dong (VND) (#29983) * Drone: Update pipelines for Enterprise (#29939) * Remove the bus from teamgroupsync (#29810) * Influx: Make variable query editor input uncontrolled (#29968) * PanelLibrary: Add PATCH to the API (#29956) * PanelEvents: Isolating angular panel events into it's own event bus + more event refactoring (#29904) * Bump node-notifier from 8.0.0 to 8.0.1 (#29952) * LDAP: Update use_ssl documentation (#29964) * Docs: Missing 's' on 'logs' (#29966) * Docs: Update opentsdb.md (#29963) * Docs: Minor typo correction (#29962) * librarypanels: Fix JSON field casing in tests (#29954) * TemplateSrv: Do not throw error for an unknown format but use glob as fallback and warn in the console (#29955) * PanelLibrary: Adds uid and renames title to name (#29944) * Docs: Fix raw format variable docs (#29945) * RedirectResponse: Implement all of api.Response (#29946) * PanelLibrary: Adds get and getAll to the api (#29772) * Chore: Remove duplicate interpolateString test (#29941) * Chore: Rewrite influxdb query parser test to standard library (#29940) * Folders: Removes the possibility to delete the General folder (#29902) * Chore: Convert tsdb request test to standard library (#29936) * Chore: Convert tsdb interval test to standard library (#29935) * Docs: Update configuration.md (#29912) * Docs: Update organization_roles.md (#29911) * Docs: Update _index.md (#29918) * GraphNG: bring back tooltip (#29910) * Ng Alerting: Remove scroll and fix SplitPane limiters (#29906) * Dashboard: Migrating dashboard settings to react (#27561) * Minor correction to explanation on correct MS SQL usage. (#29889) * AlertingNG: Create a scheduler to evaluate alert definitions (#29305) * Add changelog items for 7.3.6, 7.2.3 and 6.7.5 (#29901) * bump stable to 7.3.6 (#29899) * Upgrade go deps. (#29900) * Expressions: Replace query input fields with select. (#29816) * PanelEdit: Update UI if panel plugin changes field config (#29898) * Elasticsearch: Remove timeSrv dependency (#29770) * PanelEdit: Need new data after plugin change (#29874) * Chore(toolkit): disable react/prop-types for eslint config (#29888) * Field Config API: Add ability to hide field option or disable it from the overrides (#29879) * SharedQuery: Fixes shared query editor now showing queries (#29849) * GraphNG: support fill gradient (#29765) * Backend style guide: Add more guidelines (#29871) * Keep query keys consistent (#29855) * Alerting: Copy frame field labels to time series tags (#29886) * Update configure-docker.md (#29883) * Usage Stats: Introduce an interface for usage stats service (#29882) * DataFrame: add a writable flag to fields (#29869) * InlineForms: Changes to make inline forms more flexible for query editors (#29782) * Usage Stats: Allow to add additional metrics to the stats (#29774) * Fix the broken link of XORM documentation (#29865) * Move colors demo under theme colors (#29873) * Dashboard: Increase folder name size in search dashboard (#29821) * MSSQL: Config UI touches (#29834) * QueryOptions: Open QueryEditors: run queries after changing group options #29864 * GraphNG: uPlot 1.5.2, dynamic stroke/fill, Flot-style hover points (#29866) * Variables: Fixes so numerical sortorder works for options with null values (#29846) * GraphNG: only initialize path builders once (#29863) * GraphNG: Do not set fillColor from GraphNG only opacity (#29851) * add an example cloudwatch resource_arns() query that uses multiple tags (ref: #29499) (#29838) * Backend: Remove more globals (#29644) * MS SQL: Fix MS SQL add data source UI issues (#29832) * Display palette and colors for dark and light themes in storybook (#29848) * Docs: Fix broken link in logs-panel (#29833) * Docs: Add info about typing of connected props to Redux style guide (#29842) * Loki: Remove unnecessary deduplication (#29421) * Varibles: Fixes so clicking on Selected will not include All (#29844) * Explore/Logs: Correctly display newlines in detected fields (#29541) * Link suppliers: getLinks API update (#29757) * Select: Changes default menu placement for Select from auto to bottom (#29837) * Chore: Automatically infer types for dashgrid connected components (#29818) * Chore: Remove unused Loki and Cloudwatch syntax providers (#29686) * Pass row (#29839) * GraphNG: Context menu (#29745) * GraphNG: Enable scale distribution configuration (#29684) * Explore: Improve Explore performance but removing unnecessary re-renders (#29752) * DashboardDS: Fixes display of long queries (#29808) * Sparkline: Fixes issue with sparkline that sent in custom fillColor instead of fillOpacity (#29825) * Chore: Disable default golangci-lint filter (#29751) * Update style guide with correct usage of MS SQL (#29829) * QueryEditor: do not auto refresh on every update (#29762) * Chore: remove unused datasource status enum (#29827) * Expressions: support ${my var} syntax (#29819) * Docs: Update types-options.md (#29777) * Chore: Enable more go-ruleguard rules (#29781) * GraphNG: Load uPlot path builders lazily (#29813) * Elasticsearch: ensure query model has timeField configured in datasource settings (#29807) * Chore: Use Header.Set method instead of Header.Add (#29804) * Allow dependabot to check actions (#28159) * Grafana-UI: Support optgroup for MultiSelect (#29805) * Sliders: Update behavior and style tweak (#29795) * Grafana-ui: Fix collapsible children sizing (#29776) * Style guide: Document avoidance of globals in Go code (#29803) * Chore: Rewrite opentsdb test to standard library (#29792) * CloudWatch: Add support for AWS DirectConnect ConnectionErrorCount metric (#29583) * GraphNG: uPlot 1.5.1 (#29789) * GraphNG: update uPlot v1.5.0 (#29763) * Added httpMethod to webhook (#29780) * @grafana-runtime: Throw error if health check fails in DataSourceWithBackend (#29743) * Explore: Fix remounting of query row (#29771) * Expressions: Add placeholders to hint on input (#29773) * Alerting: Next gen Alerting page (#28397) * GraphNG: Add test dashboard for null & and gaps rendering (#29769) * Expressions: Field names from refId (#29755) * Plugins: Add support for signature manifest V2 (#29240) * Chore: Configure go-ruleguard via golangci-lint (#28419) * Move middleware context handler logic to service (#29605) * AlertListPanel: Add options to sort by Time(asc) and Time(desc) (#29764) * PanelLibrary: Adds delete Api (#29741) * Tracing: Release trace to logs feature (#29443) * ReleaseNotes: Updated changelog and release notes for 7.3.5 (#29753) * DataSourceSettings: Add servername field to DataSource TLS config (#29279) * Chore: update stable and testing versions (#29748) * ReleaseNotes: Updated changelog and release notes for 7.3.5 (#29744) * Elasticsearch: View in context feature for logs (#28764) * Chore: Disable gosec on certain line (#29382) * Logging: log frontend errors caught by ErrorBoundary, including component stack (#29345) * ChangePassword: improved keyboard navigation (#29567) * GrafanaDataSource: Fix selecting -- Grafana -- data source, broken after recent changes (#29737) * Docs: added version note for rename by regex transformation. (#29735) * @grafana/ui: Fix UI issues for cascader button dropdown and query input (#29727) * Docs: Update configuration.md (#29728) * Docs: Remove survey (#29549) * Logging: rate limit fronted logging endpoint (#29272) * API: add Status() to RedirectResponse (#29722) * Elasticsearch: Deprecate browser access mode (#29649) * Elasticsearch: Fix query initialization action (#29652) * PanelLibrary: Adds api and db to create Library/Shared/Reusable Panel (#29642) * Transformer: Rename metrics based on regex (#29281) * Variables: Fixes upgrade of legacy Prometheus queries (#29704) * Auth: Add SigV4 header allowlist to reduce chances of verification issues (#29650) * DataFrame: add path and description metadata (#29695) * Alerting: Use correct time series name override from frame fields (#29693) * GraphNG: fix bars migration and support color and linewidth (#29697) * PanelHeader: Fix panel header description inline code wrapping (#29628) * Bugfix 29848: Remove annotation_tag entries as part of annotations cleanup (#29534) * GraphNG: simple settings migration from flot panel (#29599) * GraphNG: replace bizcharts with uPlot for sparklines (#29632) * GitHubActions: Update node version in github action (#29683) * Adds go dep used by an Enterprise feature. (#29645) * Typescript: Raise strict error limit for enterprise (#29688) * Remove unnecessary escaping (#29677) * Update getting-started-prometheus.md (#29678) * instrumentation: align label name with our other projects (#29514) * Typescript: Fixing typescript strict error, and separate check from publishing (#29679) * CloudWatch: namespace in search expression should be quoted if match exact is enabled #29109 (#29563) * Docs: Plugin schema updates (#28232) * RadioButton: Fix flex issue in master for radio buttons (#29664) * Update getting-started.md (#29670) * Expr: fix time unit typo in ds queries (#29668) * Expr: make reduction nan/null more consistent (#29665) * Expr: fix func argument panic (#29663) * Update documentation-style-guide.md (#29661) * Update documentation-markdown-guide.md (#29659) * Docs: Changed image format (#29658) * Expr: fix failure to execute due to OrgID (#29653) * GraphNG: rename 'points' to 'showPoints' (#29635) * Expressions: Restore showing expression query editor even if main data source is not mixed (#29656) * GraphNG: time range should match the panel timeRange (#29596) * Support svg embedded favicons in whitelabeling (#29436) * Add changelog to docs style guide (#29581) * Loki: Retry web socket connection when connection is closed abnormally (#29438) * GraphNG: Fix annotations and exemplars plugins (#29613) * Chore: Rewrite tsdb sql engine test to standard library (#29590) * GraphNG: fix and optimize spanNulls (#29633) * Build(deps): Bump highlight.js from 10.4.0 to 10.4.1 (#29625) * Cloudwatch: session cache should use UTC consistently (#29627) * GraphNG: rename GraphMode to DrawStyle (#29623) * GraphNG: add spanNulls config option (#29512) * Docs: add docs for concatenate transformer (#28667) * Stat/Gauge: expose explicit font sizing (#29476) * GraphNG: add gaps/nulls support to staircase & smooth interpolation modes (#29593) * grafana/ui: Migrate Field knobs to controls (#29433) * Prometheus: Fix link to Prometheus graph in dashboard (#29543) * Build: Publish next and latest npm channels to Github (#29615) * Update broken aliases (#29603) * API: add ID to snapshot API responses (#29600) * Elasticsearch: Migrate queryeditor to React (#28033) * QueryGroup & DataSourceSrv & DataSourcePicker changes simplify usage, error handling and reduce duplication, support for uid (#29542) * Elastic: Fixes config UI issues (#29608) * GraphNG: Fix issues with plugins not retrieving plot instance (#29585) * middleware: Make scenario test functions take a testing.T argument (#29564) * Grafana/ui: Storybook controls understand component types (#29574) * Login: Fixes typo in tooltip (#29604) * Panel: making sure we support all versions of chrome when detecting position of click event. (#29544) * Chore: Rewrite sqlstore migration test to use standard library (#29589) * Chore: Rewrite tsdb prometheus test to standard library (#29592) * Security: Add gosec G304 auditing annotations (#29578) * Chore: Rewrite tsdb testdatasource scenarios test to standard library (#29591) * Docs: Add missing key to enable SigV4 for provisioning Elasticsearch data source (#29584) * Add Microsoft.Network/natGateways (#29479) * Update documentation-style-guide.md (#29586) * @grafana/ui: Add bell-slash to available icons (#29579) * Alert: Fix forwardRef warning (#29577) * Update documentation-style-guide.md (#29580) * Chore: Upgrade typescript to 4.1 (#29493) * PanelLibrary: Adds library_panel table (#29565) * Make build docker full fix (#29570) * Build: move canary packages to github (#29411) * Devenv: Add default db for influxdb (#29371) * Chore: Check errors from Close calls (#29562) * GraphNG: support auto and explicit axis width (#29553) * Chore: upgrading y18n to 4.0.1 for security reasons (#29523) * Middleware: Rewrite tests to use standard library (#29535) * Overrides: show category on the overrides (#29556) * GraphNG: Bars, Staircase, Smooth modes (#29359) * Docs: Fix docs sync actions (#29551) * Chore: Update dev guide node version for Mac (#29548) * Docs: Update formatting-multi-value-variables.md (#29547) * Arrow: toArray() on nullable values should include null values (#29520) * Docs: Update syntax.md (#29545) * NodeJS: Update to LTS (14) (#29467) * Docs: Update repeat-panels-or-rows.md (#29540) * 3 minor changes, including updating the title TOC (#29501) * Auth proxy: Return standard error type (#29502) * Data: use pre-defined output array length in vectorToArray() (#29516) * Dashboards: hide playlist edit functionality from viewers and snapshots link from unauthenticated users (#28992) * docker: use yarn to build (#29538) * QueryEditors: Refactoring & rewriting out dependency on PanelModel (#29419) * Chore: skip flaky tests (#29537) * Graph NG: Invalidate uPlot config on timezone changes (#29531) * IntelliSense: Fix autocomplete and highlighting for Loki, Prometheus, Cloudwatch (#29381) * Variables: Fixes Textbox current value persistence (#29481) * OptionsEditor: simplify the options editor interfaces (#29518) * Icon: Changed the icon for signing in (#29530) * fixes bug with invalid handler name for metrics (#29529) * Middleware: Simplifications (#29491) * GraphNG: simplify effects responsible for plot updates/initialization (#29496) * Alarting: fix alarm messages in dingding (Fixes #29470) (#29482) * PanelEdit: making sure the correct datasource query editor is being rendered. (#29500) * AzureMonitor: Unit MilliSeconds naming (#29399) * Devenv: update mysql_tests and postgres_tests blocks for allowing dynamically change of underlying docker image (#29525) * Chore: Enable remaining eslint-plugin-react rules (#29519) * Docs/Transformations: Add documentation about Binary operations in Add field from calculation (#29511) * Datasources: fixed long error message overflowing container (#29440) * docker: fix Dockerfile after Gruntfile.js removed (#29515) * Chore: Adds Panel Library featuretoggle (#29521) * Docs: Update filter-variables-with-regex.md (#29508) * Docs: InfluxDB_V2 datasource: adding an example on how to add InfluxQL as a datasource (#29490) * Loki: Add query type and line limit to query editor in dashboard (#29356) * Docs: Added Security Group support to Azure Auth (#29418) * DataLinks: Removes getDataSourceSettingsByUid from applyFieldOverrides (#29447) * Bug: trace viewer doesn't show more than 300 spans (#29377) * Live: publish all dashboard changes to a single channel (#29474) * Chore: Enable eslint-plugin-react partial rules (#29428) * Alerting: Update alertDef.ts with more time options (#29498) * DataSourceSrv: Look up data source by uid and name transparently (#29449) * Instrumentation: Add examplars for request histograms (#29357) * Variables: Fixes Constant variable persistence confusion (#29407) * Docs: Fix broken link for plugins (#29346) * Prometheus: don't override displayName property (#29441) * Grunt: Removes grunt dependency and replaces some of its usage (#29461) * Transformation: added support for excluding/including rows based on their values. (#26884) * Chore: Enable exhaustive linter (#29458) * Field overrides: added matcher to match all fields within frame/query. (#28872) * Log: Use os.Open to open file for reading (#29483) * MinMax: keep global min/main in field state (#29406) * ReactGridLayout: Update dependency to 1.2 (#29455) * Jest: Upgrade to latest (#29450) * Chore: bump grafana-ui rollup dependencies (#29315) * GraphNG: use uPlot's native ms support (#29445) * Alerting: Add support for Sensu Go notification channel (#28012) * adds tracing for all bus calls that passes ctx (#29434) * prometheus: Improve IsAPIError's documentation (#29432) * ReleaseNotes: Updated changelog and release notes for 7.3.4 (#29430) * Elasticsearch: Fix index pattern not working with multiple base sections (#28348) * Plugins: Add support for includes' icon (#29416) * Docs: fixing frontend docs issue where enums ending up in wrong folder level. (#29429) * Variables: Fixes issue with upgrading legacy queries (#29375) * Queries: Extract queries from dashboard (#29349) * Docs: docker -> Docker (#29331) * PanelEvents: Refactors and removes unnecessary events, fixes panel editor update issue when panel options change (#29414) * Fix: Correct panel edit uistate migration (#29413) * Alerting: Improve Prometheus Alert Rule error message (#29390) * Fix: Migrate Panel edit uiState percentage strings to number (#29412) * remove insecure cipher suit as default option (#29378) * * prometheus fix variables fetching when customQueryParameters used #28907 (#28949) * Chore: Removes observableTester (#29369) * Chore: Adds e2e tests for Variables (#29341) * Fix gosec finding of unhandled errors (#29398) * Getting started with Grafana and MS SQL (#29401) * Arrow: cast timestams to Number (#29402) * Docs: Add Cloud content links (#29317) * PanelEditor: allow access to the eventBus from panel options (#29327) * GraphNG: support x != time in library (#29353) * removes unused golint file (#29391) * prefer server cipher suites (#29379) * Panels/DashList: Fix order of recent dashboards (#29366) * Core: Move SplitPane layout from PanelEdit. (#29266) * Drone: Upgrade build pipeline tool (#29365) * Update yarn.lock to use latest rc-util (#29313) * Variables: Adds description field (#29332) * Chore: Update latest.json (#29351) * Drone: Upload artifacts for release branch builds (#29297) * Docs: fixing link issues in auto generated frontend docs. (#29326) * Drone: Execute artifact publishing for both editions in parallel during release (#29362) * Devenv: adding default credentials for influxdb (#29344) * Drone: Check CUE dashboard schemas (#29334) * Backend: fix IPv6 address parsing erroneous (#28585) * dashboard-schemas cue 3.0.0 compatible (#29352) * Update documentation-style-guide.md (#29354) * Docs: Update requirements.md (#29350) * ReleaseNotes: Updated changelog and release notes for 7.3.4 (#29347) * ReleaseNotes: Updated changelog and release notes for 7.3.4 (#29338) * Drone: Publish NPM packages after Storybook to avoid race condition (#29340) * Add an option to hide certain users in the UI (#28942) * Guardian: Rewrite tests from goconvey (#29292) * Docs: Fix editor role and alert notification channel description (#29301) * Docs: Improve custom Docker image instructions (#29263) * Security: Fixes minor security issue with alert notification webhooks that allowed GET & DELETE requests #29330 * Chore: Bump storybook to v6 (#28926) * ReleaseNotes: Updates release notes link in package.json (master) (#29329) * Docs: Accurately reflecting available variables (#29302) * Heatmap: Fixes issue introduced by new eventbus (#29322) * Dashboard Schemas (#28793) * devenv: Add docker load test which authenticates with API key (#28905) * Login: Fixes redirect url encoding issues of # %23 being unencoded after login (#29299) * InfluxDB: update flux library and support boolean label values (#29310) * Explore/Logs: Update Parsed fields to Detected fields (#28881) * GraphNG: Init refactorings and fixes (#29275) * fixing a broken relref link (#29312) * Drone: Upgrade build pipeline tool (#29308) * decreasing frontend docs threshold. (#29304) * Docker: update docker root group docs and docker image (#29222) * WebhookNotifier: Convert tests away from goconvey (#29291) * Annotations: fixing so when changing annotations query links submenu will be updated. (#28990) * [graph-ng] add temporal DataFrame alignment/outerJoin & move null-asZero pass inside (#29250) * Dashboard: Fixes kiosk state after being redirected to login page and back (#29273) * make it possible to hide change password link in profile menu (#29246) * Theme: Add missing color type (#29265) * Chore: Allow reducerTester to work with every data type & payload-less actions (#29241) * Explore/Prometheus: Update default query type option to 'Both' (#28935) * Loki/Explore: Add query type selector (#28817) * Variables: New Variables are stored immediately (#29178) * reduce severity level to warning (#28939) * Units: Changes FLOP/s to FLOPS and some other rates per second units get /s suffix (#28825) * Docs: Remove duplicate 'Transformations overview' topics from the TOC (#29247) * Docs: Fixed broken relrefs and chanfed TOC entry name from Alerting to Alerts. (#29251) * Docs: Remove duplicate Panel overview topic. (#29248) * Increase search limit on team add user and improve placeholder (#29258) * Fix warnings for conflicting style rules (#29249) * Make backwards compatible (#29212) * Minor cosmetic markdown tweaks in docs/cloudwatch.md (#29238) * Getting Started: Updated index topic, removed 'what-is-grafana', and adjusted weight o… (#29216) * BarGauge: Fix story for BarGauge, caused knobs to show for other stories (#29232) * Update glossary to add hyperlinks to Explore and Transformation entries (#29217) * Chore: Enable errorlint linter (#29227) * TimeRegions: Fixed issue with time regions and tresholds due to angular js upgrade (#29229) * CloudWatch: Support request cancellation properly (#28865) * CloudMonitoring: Support request cancellation properly (#28847) * Chore: Handle wrapped errors (#29223) * Expressions: Move GEL into core as expressions (#29072) * Chore: remove compress:release grunt task (#29225) * Refactor/Explore: Inline datasource actions into initialisation (#28953) * Fix README typo (#29219) * Grafana UI: Card API refactor (#29034) * Plugins: Changed alertlist alert url to view instead of edit (#29060) * React: Upgrading react to v17, wip (#29057) * Gauge: Tweaks short value auto-sizing (#29197) * BackendSrv: support binary responseType like $http did (#29004) * GraphNG: update the options config (#28917) * Backend: Fix build (#29206) * Permissions: Validate against Team/User permission role update (#29101) * ESlint: React fixes part 1 (#29062) * Tests: Adds expects for observables (#28929) * Variables: Adds new Api that allows proper QueryEditors for Query variables (#28217) * Introduce eslint-plugin-react (#29053) * Automation: Adds GitHub release action (#29194) * Refactor declarative series configuration to a config builder (#29106) * ReleaseNotes: Updated changelog and release notes for 7.3.3 (#29189) * Panels: fix positioning of the header title (#29167) * trace user login and datasource name instead of id (#29183) * playlist: Improve test (#29120) * Drone: Fix publish-packages invocation (#29179) * Table: Fix incorrect condtition for rendering table filter (#29165) * Chore: Upgrade grafana/build-ci-deploy image to latest Go (#29171) * DashboardLinks: will only refresh dashboard search when changing tags for link. (#29040) * ReleaseNotes: Updated changelog and release notes for 7.3.3 (#29169) * CloudWatch: added HTTP API Gateway specific metrics and dimensions (#28780) * Release: Adding release notes for 7.3.3 (#29168) * SQL: Define primary key for tables without it (#22255) * changed link format from MD to HTML (#29163) * Backend: Rename variables for style conformance (#29097) * Docs: Fixes what'new menu and creates index page, adds first draft of release notes to docs (#29158) * Drone: Upgrade build pipeline tool and build image (#29161) * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#29160) * ReleaseNotes: Updated changelog and release notes for 7.3.3 (#29159) * Chore: Upgrade Go etc in build images (#29157) * Chore: Remove unused Go code (#28852) * API: Rewrite tests from goconvey (#29091) * Chore: Fix linting issues caught by ruleguard (#28799) * Fix panic when using complex dynamic URLs in app plugin routes (#27977) * Snapshots: Fixes so that dashboard snapshots show data when using Stat, Gauge, BarGauge or Table panels (#29031) * Fix authomation text: remove hyphen (#29149) * respect fronted-logging.enabled flag (#29107) * build paths in an os independent way (#29143) * Provisioning: always pin app to the sidebar when enabled (#29084) * Automation: Adds new changelog actions (#29142) * Chore: Rewrite preferences test from GoConvey to stdlib and testify (#29129) * Chore: Upgrade Go dev tools (#29124) * Automation: Adding version bump action * DataFrames: add utility function to check if structure has changed (#29006) * Drone: Fix Drone config verification for enterprise on Windows (#29118) * Chore: Require OrgId to be specified in delete playlist command (#29117) * Plugin proxy: Handle URL parsing errors (#29093) * Drone: Verify Drone config at beginning of pipelines (#29071) * Legend/GraphNG: Refactoring legend types and options (#29067) * Doc: Update documentation-style-guide.md (#29082) * Chore: Bumps types for jest (#29098) * LogsPanel: Fix scrolling in dashboards (#28974) * sort alphabetically unique labels, labels and parsed fields (#29030) * Data source proxy: Convert 401 from data source to 400 (#28962) * Plugins: Implement testDatasource for Jaeger (#28916) * Update react-testing-library (#29061) * Graph: Fixes stacking issues like floating bars when data is not aligned (#29051) * StatPanel: Fixes hanging issue when all values are zero (#29077) * Auth: Enable more complete credential chain for SigV4 default SDK auth option (#29065) * Chore: Convert API tests to standard Go lib (#29009) * Update README.md (#29075) * Update CODEOWNERS (#28906) * Enhance automation text for missing information (#29052) * GraphNG: Adding ticks test dashboard and improves tick spacing (#29044) * Chore: Migrate Dashboard List panel to React (#28607) * Test Datasource/Bug: Fixes division by zero in csv metric values scenario (#29029) * Plugins: Bring back coreplugin package (#29064) * Add 'EventBusName' dimension to CloudWatch 'AWS/Events' namespace (#28402) * CloudWatch: Add support for AWS/ClientVPN metrics and dimensions (#29055) * AlertingNG: manage and evaluate alert definitions via the API (#28377) * Fix linting issues (#28811) * Logging: Log frontend errors (#28073) * Fix for multi-value template variable for project selector (#29042) * Chore: Rewrite test helpers from GoConvey to stdlib (#28919) * GraphNG: Fixed axis measurements (#29036) * Fix links to logql docs (#29037) * latest 7.3.2 (#29041) * Elasticsearch: Add Moving Function Pipeline Aggregation (#28131) * changelog 7.3.2 (#29038) * MutableDataFrame: Remove unique field name constraint and values field index and unused/seldom used stuff (#27573) * Fix prometheus docs related to query variable (#29027) * Explore: support ANSI colors in live logs (#28895) * Docs: Add documentation about log levels (#28975) * Dashboard: remove usage of Legacyforms (#28707) * Docs: Troubleshoot starting docker containers on Mac (#28754) * Elasticsearch: interpolate variables in Filters Bucket Aggregation (#28969) * Chore: Bump build pipeline version (#29023) * Annotations: Fixes error when trying to create annotation when dashboard is unsaved (#29013) * TraceViewer: Make sure it does not break when no trace is passed (#28909) * Thresholds: Fixes color assigned to null values (#29010) * Backend: Remove unused code (#28933) * Fix documentation (#28998) * Tracing: Add setting for sampling server (#29011) * Logs Panel: Fix inconsistent higlighting (#28971) * MySQL: Update README.md (#29003) * IntervalVariable: Fix variable tooltip (#28988) * StatPanels: Fixes auto min max when latest value is zero (#28982) * Chore: Fix SQL related Go variable naming (#28887) * MSSQL: Support request cancellation properly (Uses new backendSrv.fetch Observable request API) (#28809) * Variables: Fixes loading with a custom all value in url (#28958) * Backend: Adds route for well-known change password URL (#28788) * docs: fix repeated dashboards link (#29002) * LogsPanel: Don't show scroll bars when not needed (#28972) * Drone: Fix docs building (#28986) * StatPanel: Fixed center of values in edge case scenarios (#28968) * Update getting-started-prometheus.md (#28502) * Docs: fix relref (#28977) * Docs: Minor docs update * Docs: Another workflow docs update * Docs: Workflow minor edit * Docs: Another minor edit * Docs: Update PR workflow docs * Docs: Update bot docs * StatPanels: set default to last (#28617) * Tracing: log traceID in request logger (#28952) * start tracking usage stats for tempo (#28948) * Docs: Update bot docs * GrafanaBot: Update labels and commands and adds docs (#28950) * Docs: updates for file-based menu (#28500) * Grot: Added command/label to close feature requests with standard message (#28937) * GraphNG: Restore focus option (#28946) * Docs: Fix links (#28945) * Short URL: Cleanup unvisited/stale short URLs (#28867) * GraphNG: Using new VizLayout, moving Legend into GraphNG and some other refactorings (#28913) * CloudWatch Logs: Change what we use to measure progress (#28912) * Chore: use jest without grunt (#28558) * Chore: Split Explore redux code into multiple sections (#28819) * TestData: Fix issue with numeric inputs in TestData query editor (#28936) * setting: Fix tests on Mac (#28886) * Plugins signing: Fix docs urls (#28930) * Field color: handling color changes when switching panel types (#28875) * Variables: make sure that we support both old and new syntax for custom variables. (#28896) * CodeEditor: added support for javascript language (#28818) * Update CHANGELOG.md (#28928) * Plugins: allow override when allowing unsigned plugins (#28901) * Chore: Fix spelling issue (#28904) * Grafana-UI: LoadingPlaceholder docs (#28874) * Gauge: making sure threshold panel json is correct before render (#28898) * Chore: Rewrite test in GoConvey to stdlib and testify (#28918) * Update documentation-style-guide.md (#28908) * Adding terms to glossary (#28884) * Devenv: Fix Prometheus basic auth proxy (#28889) * API: replace SendLoginLogCommand with LoginHook (#28777) * Dashboards / Folders: delete related data (permissions, stars, tags, versions, annotations) when deleting a dashboard or a folder (#28826) * Loki: Correct grammar in DerivedFields.tsx (#28885) * Docs: Update list of Enterprise plugins (#28882) * Live: update centrifuge and the ChannelHandler api (#28843) * Update share-panel.md (#28880) * CRLF (#28822) * PanelHeader: show streaming indicator (and allow unsubscribe) (#28682) * Docs: Plugin signing docs (#28671) * Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866) * Elasticsearch: Filter pipeline aggregations from order by options (#28620) * Variables: added __user.email to global variable (#28853) * Fix titles case and add missing punctuation marks (#28713) * VizLayout: Simple viz layout component for legend placement and scaling (#28820) * Chore: Fix staticcheck issues (#28860) * Chore: Fix staticcheck issues (#28854) * Disable selecting enterprise plugins with no license (#28758) * Tempo: fix test data source (#28836) * Prometheus: fix missing labels from value (#28842) * Chore: Fix issues found by staticcheck (#28802) * Chore: Remove dead code (#28664) * Units: added support to handle negative fractional numbers. (#28849) * Variables: Adds variables inspection (#25214) * Marked: Upgrade and always sanitize by default (#28796) * Currency: add Philippine peso currency (PHP) (#28823) * Alert: Remove z-index on Alert component so that it does not overlay ontop of other content (#28834) * increase blob column size for encrypted dashboard data (#28831) * Gauge: Improve font size auto sizing (#28797) * grafana/toolkit: allow builds with lint warnings (#28810) * core and grafana/toolkit: Use latest version of grafana-eslint-conifg (#28816) * Icon: Replace font awesome icons where possible (#28757) * Remove homelinks panel (#28808) * StatPanels: Add new calculation option for percentage difference (#26369) * Dashboard: Add Datetime local (No date if today) option in panel axes' units (#28011) * Variables: Adds named capture groups to variable regex (#28625) * Panel inspect: Interpolate variables in panel inspect title (#28779) * grafana/toolkit: Drop console and debugger statements by default when building plugin with toolkit (#28776) * Variables: Fixes URL values for dependent variables (#28798) * Graph: Fixes event emit function error (#28795) * Adds storybook integrity check to drone config (#28785) * Live: improve broadcast semantics and avoid double posting (#28765) * Events: Remove unused or unnecessary events (#28783) * Docs: added code comments to frontend packages. (#28784) * Plugin Dockerfiles: Upgrade Go, golangci-lint, gcloud SDK (#28767) * Dependencies: Update angularjs to 1.8.2 (#28736) * EventBus: Introduces new event bus with emitter backward compatible interface (#27564) * ColorSchemes: Add new color scheme (#28719) * Docs: Add NGINX example for using websockets to Loki (#27998) * Docs: Made usage of config/configuration consistent #19270 (#28167) * Cloudwatch: Fix issue with field calculation transform not working properly with Cloudwatch data (#28761) * grafana/toolkit: Extract CHANGELOG when building plugin (#28773) * Drone: Upgrade build pipeline tool (#28769) * devenv: Upgrade MSSQL Docker image (#28749) * Docs: Add docs for InfoBox component (#28705) * Reoeragnization. (#28760) * gtime: Add ParseDuration function (#28525) * Explore: Remove redundant decodeURI and fix urls (#28697) * Dashboard: fix view panel mode for Safari / iOS (#28702) * Provisioning: Fixed problem with getting started panel being added to custom home dashboard (#28750) * LoginPage: Removed auto-capitalization from the login form (#28716) * Plugin page: Fix dom validation warning (#28737) * Migration: Remove LegacyForms from dashboard folder permissions (#28564) * Dependencies: Remove unused dependency (#28711) * AlertRuleList: Add keys to alert rule items (#28735) * Chore: Pin nginx base image in nginx proxy Dockerfiles (#28730) * Drone: Upgrade build-pipeline tool (#28728) * TableFilters: Fixes filtering with field overrides (#28690) * Templating: Speeds up certain variable queries for Postgres, MySql and MSSql (#28686) * Fix typo in unsigned plugin warning (#28709) * Chore: Convert sqlstore annotation test from GoConvey to testify (#28715) * updates from https://github.com/grafana/grafana/pull/28679 (#28708) * Chore: Add some scenario tests for Explore (#28534) * Update latest version to 7.3.1 (#28701) * Changelog update - 7.3.1 (#28699) * Drone: Don't build on Windows for PRs (#28663) * Build: changing docs docker image to prevent setting up frontend devenv. (#28670) * Prometheus: Fix copy paste behaving as cut and paste (#28622) * Loki: Fix error when some queries return zero results (#28645) * Chore: allow higher nodejs version than 12 (#28624) * TextPanel: Fixes problems where text panel would show old content (#28643) * PanelMenu: Fixes panel submenu not being accessible for panels close to the right edge of the screen (#28666) * Cloudwatch: Fix duplicate metric data (#28642) * Add info about CSV download for Excel in What's new article (#28661) * Docs: Describe pipeline aggregation changes in v7.3 (#28660) * Plugins: Fix descendent frontend plugin signature validation (#28638) * Docker: use root group in the custom Dockerfile (#28639) * Bump rxjs to 6.6.3 (#28657) * StatPanel: Fixed value being under graph and reduced likley hood for white and dark value text mixing (#28641) * Table: Fix image cell mode so that it works with value mappings (#28644) * Build: support custom build tags (#28609) * Plugin signing: Fix copy on signed plugin notice (#28633) * Dashboard: Fix navigation from one SoloPanelPage to another one (#28578) * CloudWatch: Improve method name, performance optimization (#28632) * Developer guide: Update wrt. Windows (#28559) * Docs: Update graph panel for tabs (#28552) * update latest.json (#28603) * Docs: data source insights (#28542) * Field config API: add slider editor (#28007) * changelog: update for 7.3.0 (#28602) * Update uPlot to 1.2.2 and align timestamps config with new uPLot API (#28569) * Live: updated the reference to use lazy loaded Monaco in code editor. (#28597) * Dashboard: Allow add panel for viewers_can_edit (#28570) * Docs: Data source provisioning and sigV4 (#28593) * Docs: Additional 7.3 upgrade notes (#28592) * CI: Add GCC to Windows Docker image (#28562) * CloudWatch Logs queue and websocket support (#28176) * Explore/Loki: Update docs and cheatsheet (#28541) * Grafana-UI: Add Card component (#28216) * AddDatasource: Improve plugin categories (#28584) * StatPanel: Fixes BizChart error max: yyy should not be less than min zzz (#28587) * docs: a few tweaks for clarity and readability (#28579) * API: Reducing some api docs errors (#28575) * Grafana-UI: ContextMenu docs (#28508) * Short URL: Update last seen at when visiting a short URL (#28565) * Fix backend build on Windows (#28557) * add value prop (#28561) * Plugin signing: UI information (#28469) * Use fetch API in InfluxDB data source (#28555) * PanelEdit: Prevent the preview pane to be resized further than window height (#28370) * Docs: Update generic-oauth.md (#28517) * GCS image uploader: Add tests (#28521) * Move metrics collector queries to config (#28549) * Plugins: Fix plugin URL paths on Windows (#28548) * API: add login username in SendLoginLogCommand (#28544) * AzureMonitor: Support decimal (as float64) type in analytics/logs (#28480) * Auth: Fix SigV4 request verification step for Amazon Elasticsearch Service (#28481) * Grafana/ui: auto focus threshold editor input (#28360) * Docs: SigV4 What's New and AWS Elasticsearch documentation (#28506) * Drone: Upgrade build pipeline tool (#28533) * Drone: Refactor version branch pipeline logic (#28531) * Drone: Upgrade build-pipeline tool (#28520) * Docs: Update field color scheme docs and 7.3 what's new (#28496) * Templating: Custom variable edit UI, change text input into textarea (#28312) (#28322) * Currency: Adds Indonesian IDR currency (#28363) * Chore: Fix flaky sqlstore annotation test (#28527) * Checkbox: Fix component sample typo (#28518) * Image uploader: Fix uploading of images to GCS (#26493) * OAuth: Support Forward OAuth Identity for backend data source plugins (#27055) * Updated documentation style guide (#28488) * Cloud Monitoring: Fix help section for aliases (#28499) * Docs: what's new in enterprise 7.3 (#28472) * Plugins: Track plugin signing errors and expose them to the frontend (#28219) * Elasticsearch: Fix handling of errors when testing data source (#28498) * Auth: Should redirect to login when anonymous enabled and URL with different org than anonymous specified (#28158) * Drone: Don't build Windows installer for version branches (#28494) * Docs: Grafana Enterprise auditing feature (#28356) * Drone: Add version branch pipeline (#28490) * Getting Started section rehaul (#28090) * Docs: Add survey content (#28446) * Docs: Update prometheus.md (#28483) * Docs: Add view settings and view stats (#28155) * Remove entry from 7.3.0-beta2 Changelog (#28478) * Circle: Remove release pipeline (#28474) * Update latest.json (#28476) * Switch default version to Graphite 1.1 (#28471) * Plugin page: update readme icon (#28465) * Chore: Update changelog (#28473) * Explore: parse time range fix (#28467) * Alerting: Log alert warnings for obsolete notifiers when extracting alerts and remove spammy error (#28162) * Shorten url: Unification across Explore and Dashboards (#28434) * Explore: Support wide data frames (#28393) * Docs: updated cmd to build docs locally to generate docs prior to building site. (#28371) * Live: support real time measurements (alpha) (#28022) * CloudWatch/Athena - valid metrics and dimensions. (#28436) * Chore: Use net.JoinHostPort (#28421) * Chore: Upgrade grafana-eslint to latest (#28444) * Fix cut off icon (#28442) * Docs: Add shared (#28411) * Loki: Visually distinguish error logs for LogQL2 (#28359) * Database; Remove database metric feature flag and update changelog (#28438) * TestData: multiple arrow requests should return multiple frames (#28417) * Docs: Test survey code (#28437) * Docs: improved github action that syncs docs to website (#28277) * update latest.json with latest stable version (#28433) * 7.2.2 changelog update (#28406) * plugins: Don't exit on duplicate plugin (#28390) * API: Query database from /api/health endpoint (#28349) * Chore: Fix conversion of a 64-bit integer to a lower bit size type uint (#28425) * Prometheus: fix parsing of infinite sample values (#28287) (#28288) * Chore: Rewrite some tests to use testify (#28420) * Plugins: do not remount app plugin on nav change (#28105) * App Plugins: Add backend support (#28272) * Chore: react hooks eslint fixes in grafana-ui (#28026) * ci-e2e: Add Git (#28410) * TestData: Remove useEffect that triggeres query on component load (#28321) * FieldColor: Remove inverted color scheme (#28408) * Chore: Set timezone for tests to non utc. (#28405) * Chore: fix jsdoc desc and return (#28383) * Docs: Fixing v51 link (#28396) * fixes windows crlf warning (#28346) * Grafana/ui: pass html attributes to segment (#28316) * Alerting: Return proper status code when trying to create alert notification channel with duplicate name or uid (#28043) * OAuth: Able to skip auto login (#28357) * CloudWatch: Fix custom metrics (#28391) * Docs: Adds basic frontend data request concepts (#28253) * Instrumentation: Add histogram for request duration (#28364) * remove status label from histogram (#28387) * OAuth: configurable user name attribute (#28286) * Component/NewsPanel: Add rel='noopener' to NewsPanel links (#28379) * Webpack: Split out unicons and bizcharts (#28374) * Explore: Fix date formatting in url for trace logs link (#28381) * Docs: Add activate-license (#28156) * Instrumentation: Add counters and histograms for database queries (#28236) * Docs: Make tables formatting more consistent (#28164) * CloudWatch: Adding support for additional Amazon CloudFront metrics (#28378) * Add unique ids to query editor fields (#28376) * Plugins: Compose filesystem paths with filepath.Join (#28375) * Explore: Minor tweaks to exemplars marble (#28366) * Instrumentation: Adds environment_info metric (#28355) * AzureMonitor: Fix capitalization of NetApp 'volumes' namespace (#28369) * ColorSchemes: Adds more color schemes and text colors that depend on the background (#28305) * Automation: Update backport github action trigger (#28352) * Dashboard links: Places drop down list so it's always visible (#28330) * Docs: Add missing records from grafana-ui 7.2.1 CHANGELOG (#28302) * Templating: Replace all '$tag' in tag values query (#28343) * Docs: Add docs for valuepicker (#28327) * Git: Create .gitattributes for windows line endings (#28340) * Update auth-proxy.md (#28339) * area/grafana/toolkit: update e2e docker image (#28335) * AlertingNG: remove warn/crit from eval prototype (#28334) * Automation: Tweaks to more info message (#28332) * Loki: Run instant query only when doing metric query (#28325) * SAML: IdP-initiated SSO docs (#28280) * IssueTriage: Needs more info automation and messages (#28137) * GraphNG: Use AxisSide enum (#28320) * BackendSrv: Fixes queue countdown when unsubscribe is before response (#28323) * Automation: Add backport github action (#28318) * Build(deps): Bump http-proxy from 1.18.0 to 1.18.1 (#27507) * Bump handlebars from 4.4.3 to 4.7.6 (#27416) * Bump tree-kill from 1.2.1 to 1.2.2 (#27405) * Loki: Base maxDataPoints limits on query type (#28298) * Explore: respect min_refresh_interval (#27988) * Drone: Use ${DRONE_TAG} in release pipelines, since it should work (#28299) * Graph NG: fix toggling queries and extract Graph component from graph3 panel (#28290) * fix: for graph size not taking up full height or width * should only ignore the file in the grafana mixin root folder (#28306) * Drone: Fix grafana-mixin linting (#28308) * SQLStore: Run tests as integration tests (#28265) * Chore: Add cloud-middleware as code owners (#28310) * API: Fix short URLs (#28300) * CloudWatch: Add EC2CapacityReservations Namespace (#28309) * Jaeger: timeline collapser to show icons (#28284) * update latest.json with latest beta version (#28293) * Update changelog (#28292) * Docs : - Added period (#28260) * Add monitoring mixing for Grafana (#28285) * Chore: Update package.json (#28291) * Drone: Fix enterprise release pipeline (#28289) * Alerting: Append appSubUrl to back button on channel form (#28282) - Rework package Makefile & README now that Grunt is gone - Update to version 7.3.6: * fixes for saml vulnerability * [v7.3.x] Fix: Correct panel edit uistate migration (#29413) (#29711) * PanelEdit: Prevent the preview pane to be resized further than window height (#28370) (#29726) * Fix: Migrate Panel edit uiState percentage strings to number (#29412) (#29723) * 'Release: Updated versions in package to 7.3.5' (#29710) * Chore: upgrading y18n to 4.0.1 for security reasons (#29523) (#29709) * Panel: making sure we support all versions of chrome when detecting position of click event. (#29544) (#29708) * PanelEdit: making sure the correct datasource query editor is being rendered. (#29500) (#29707) * [v7.3.x] Auth: Add SigV4 header allowlist to reduce chances of verification issues (#29705) * Alerting: Use correct time series name override from frame fields (#29693) (#29698) * CloudWatch: namespace in search expression should be quoted if match exact is enabled #29109 (#29563) (#29687) * Adds go dep used by an Enterprise feature. (#29645) (#29690) * instrumentation: align label name with our other projects (#29514) (#29685) * Instrumentation: Add examplars for request histograms (#29357) (#29682) * Login: Fixes typo in tooltip (#29604) (#29606) * fixes bug with invalid handler name for metrics (#29529) (#29532) * AzureMonitor: Unit MilliSeconds naming (#29399) (#29526) * Alarting: fix alarm messages in dingding (Fixes #29470) (#29482) (#29527) * Bug: trace viewer doesn't show more than 300 spans (#29377) (#29504) * Prometheus: don't override displayName property (#29441) (#29488) * resolve conflicts (#29415) * Drone: Upgrade build pipeline tool (#29365) (#29368) * Drone: Upload artifacts for release branch builds (#29297) (#29364) * Drone: Execute artifact publishing for both editions in parallel during release (#29362) (#29363) * Drone: Publish NPM packages after Storybook to avoid race condition (#29340) (#29343) * Docs: Fix editor role and alert notification channel description (#29301) (#29337) * 'Release: Updated versions in package to 7.3.4' (#29336) * Security: Fixes minor security issue with alert notification webhooks that allowed GET & DELETE requests #29330 (#29335) * Backport of InfluxDB: update flux library and support boolean label values #29333 * ReleaseNotes: Update link in package.json (#29328) * Login: Fixes redirect url encoding issues of # %23 being unencoded after login (#29299) (#29323) * Drone: Upgrade build pipeline tool (#29308) (#29309) * Annotations: fixing so when changing annotations query links submenu will be updated. (#28990) (#29285) * Dashboard: Fixes kiosk state after being redirected to login page and back (#29273) (#29278) * Increase search limit on team add user and improve placeholder (#29258) (#29261) * Drone: Sync with master (#29205) * Drone: Fix publish-packages invocation (#29179) (#29184) * Chore: Upgrade grafana/build-ci-deploy image to latest Go (#29171) (#29180) * Table: Fix incorrect condtition for rendering table filter (#29165) (#29181) * DashboardLinks: will only refresh dashboard search when changing tags for link. (#29040) (#29177) * Drone: Upgrade build pipeline tool and build image (#29161) (#29162) * Release: Updated versions in package to 7.3.3 (#29126) * git cherry-pick -x 0f3bebb38daa488e108881ce17d4f68167a834e6 (#29155) * Build: support custom build tags (#28609) (#29128) * Revert 'Graph: Fixes stacking issues like floating bars when data is not aligned (#29051) (#29088)' (#29151) * Provisioning: always pin app to the sidebar when enabled (#29084) (#29146) * build paths in an os independent way (#29143) (#29147) * Chore: Upgrade Go dev tools (#29124) (#29132) * Automatin: set node version * Automation: Adding version bump action * Drone: Fix Drone config verification for enterprise on Windows (#29118) (#29119) * [v7.3.x] Drone: Verify Drone config at beginning of pipelines (#29111) * Test Datasource/Bug: Fixes division by zero in csv metric values scenario (#29029) (#29068) * [v7.3.x] StatPanel: Fixes hanging issue when all values are zero (#29087) * Data source proxy: Convert 401 from data source to 400 (#28962) (#29095) * Graph: Fixes stacking issues like floating bars when data is not aligned (#29051) (#29088) * Auth: Enable more complete credential chain for SigV4 default SDK auth option (#29065) (#29086) * Fix for multi-value template variable for project selector (#29042) (#29054) * Thresholds: Fixes color assigned to null values (#29010) (#29018) * [v7.3.x] Chore: Bump build pipeline version (#29025) * Release v7.3.2 (#29024) * Fix conflict (#29020) * StatPanels: Fixes auto min max when latest value is zero (#28982) (#29007) * Tracing: Add setting for sampling server (#29011) (#29015) * Gauge: making sure threshold panel json is correct before render (#28898) (#28984) * Variables: make sure that we support both old and new syntax for custom variables. (#28896) (#28985) * Explore: Remove redundant decodeURI and fix urls (#28697) (#28963) * [v7.3.x] Drone: Fix docs building (#28987) * Alerting: Append appSubUrl to back button on channel form (#28282) (#28983) * Plugins: allow override when allowing unsigned plugins (#28901) (#28927) * CloudWatch Logs: Change what we use to measure progress (#28912) (#28964) * Tracing: log traceID in request logger (#28952) (#28959) * Panel inspect: Interpolate variables in panel inspect title (#28779) (#28801) * UsageStats: start tracking usage stats for tempo (#28948) (#28951) * Short URL: Cleanup unvisited/stale short URLs (#28867) (#28944) * Plugins signing: Fix docs urls (#28930) (#28934) * Chore: Fix spelling issue (#28904) (#28925) * API: replace SendLoginLogCommand with LoginHook (#28777) (#28891) * Elasticsearch: Exclude pipeline aggregations from order by options (#28620) (#28873) * Dashboards / Folders: delete related data (permissions, stars, tags, versions, annotations) when deleting a dashboard or a folder (#28826) (#28890) * Disable selecting enterprise plugins with no license (#28758) (#28859) * Tempo: fix test data source (#28836) (#28856) * Prometheus: fix missing labels from value (#28842) (#28855) * Units: added support to handle negative fractional numbers. (#28849) (#28851) * increase blob column size for encrypted dashboard data (#28831) (#28832) * Gauge: Improve font size auto sizing (#28797) (#28828) * Variables: Fixes URL values for dependent variables (#28798) (#28800) * grafana/toolkit: Extract CHANGELOG when building plugin (#28773) (#28774) * Templating: Custom variable edit UI, change text input into textarea (#28312) (#28322) (#28704) * Cloudwatch: Fix issue with field calculation transform not working properly with Cloudwatch data (#28761) (#28775) * Plugin page: Fix dom validation warning (#28737) (#28741) * Dashboard: fix view panel mode for Safari / iOS (#28702) (#28755) * Fix typo in unsigned plugin warning (#28709) (#28722) * TableFilters: Fixes filtering with field overrides (#28690) (#28727) * Templating: Speeds up certain variable queries for Postgres, MySql and MSSql (#28686) (#28726) * Prometheus: Fix copy paste behaving as cut and paste (#28622) (#28691) rhnlib: - Require missing python-backports.ssl_match_hostname on SLE 11 (bsc#1183959) spacecmd: - Handle SIGPIPE without user-visible Exception (bsc#1181124) spacewalk-client-tools: - Fallback to sysfs when reading info from python-dmidecode fails (bsc#1182603) - Log an error when product detection failed (bsc#1182339) supportutils-plugin-salt: - Fix yaml.load() warnings and issues with Python versions (bsc#1178072) (bsc#1181474) - Fix errors when collecting data for salt-minion (bsc#1131670) zypp-plugin-spacewalk: - Support for 'allow vendor change' for patching/upgrading ----------------------------------------- Patch: SUSE-2021-1234 Released: Thu Apr 15 17:21:44 2021 Summary: Recommended update for python-kiwi Severity: moderate References: 1178670,1182211,1182264,1182963,1183059 Description: This update for python-kiwi fixes the following issues: Upgrade from version 9.23.19 to version 9.23.20 - Require `qemu-img` in any filesystem based image. Move the qemu-img requirement into the `kiwi-systemdeps-filesystems` to ensure ISO, OEM and PXE images include it in the build service. This is also required for images that are simple root-trees in a filesystem `(image=ext4)`. - Add a requirement for `kiwi-systemdeps-iso-media` on disk images. Add a requirement for `kiwi-systemdeps-iso-media` in `kiwi-systemdeps-disk-images`. This is to ensure that installing `kiwi-systemdeps-disk-images` is enough to build OEM images including install media. - Turn `fb-util-for-appx` requirement into a recommendation. Relax the requirement for `fb-util-for-appx` since the utiliy is not part of all SUSE Linux Enterprise 15 Service Packs. - Refactor grub2 installation. (bsc#1182211) Split the installation in two parts. Former `grub2.install` method was meant to run the `grub2-install` tool, however, in addition it was also running the secure boot installation `shim-install`. The install method in `KIWI` is skipped for those architectures and firmware combinations for which bios support doesn't exist. This was leading to skip the secure boot installation. The current approach strips the secure boot installation logic from the `grub2.install` method, so skipping the install method does not automatically result in skipping the secure boot installation. - Fix `lsblk` flags to get sorted output (bsc#1182264, bsc#1182963, bsc#1183059) Modify the `lsblk` command flags to get a sorted output according to the disk layout. - Avoid using generators in `pre-mount` hooks (bsc#1178670) Delete the generator that was creating the `sysroot.mount` unit for ramdisk deployments. Generators, specially the `sysroot.mount` is expected to be created on very early stages of the boot procedure as this has impact on relevant targets such as `initrd-root-fs.target`, which does not depend on `sysroot.mount` if the unit is not there. In ramdisk deployments some data is known on pre-mount stage as it is downloaded from the PXE server. At this stage it is not safe to generate a `sysroot.mount` unit that depends on `initrd-root-fs.target` as the target is close to finalize or even finalized already and could potentially skip `sysroot.mount` exection. Instead include a mount hook which is only executed on ramdisk deployments that simply runs the mount command to mount `/sysroot`. ----------------------------------------- Patch: SUSE-2021-1236 Released: Fri Apr 16 08:13:51 2021 Summary: Recommended update for tcsh Severity: important References: 1179316 Description: This update for tcsh fixes the following issues: - Fixed an issue, where the history file continued growing, leading to csh processes consuming 100% of the CPU (bsc#1179316) ----------------------------------------- Patch: SUSE-2021-1276 Released: Tue Apr 20 14:32:45 2021 Summary: Security update for ImageMagick Severity: moderate References: 1184624,1184626,1184627,1184628,CVE-2021-20309,CVE-2021-20311,CVE-2021-20312,CVE-2021-20313 Description: This update for ImageMagick fixes the following issues: - CVE-2021-20309: Division by zero in WaveImage() of MagickCore/visual-effects. (bsc#1184624) - CVE-2021-20311: Division by zero in sRGBTransformImage() in MagickCore/colorspace.c (bsc#1184626) - CVE-2021-20312: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c (bsc#1184627) - CVE-2021-20313: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c (bsc#1184628) ----------------------------------------- Patch: SUSE-2021-1280 Released: Tue Apr 20 14:34:19 2021 Summary: Security update for ruby2.5 Severity: moderate References: 1184644,CVE-2021-28965 Description: This update for ruby2.5 fixes the following issues: - Update to 2.5.9 - CVE-2021-28965: XML round-trip vulnerability in REXML (bsc#1184644) ----------------------------------------- Patch: SUSE-2021-1282 Released: Tue Apr 20 14:47:17 2021 Summary: Security update for apache-commons-io Severity: moderate References: 1184755,CVE-2021-29425 Description: This update for apache-commons-io fixes the following issues: - CVE-2021-29425: Limited path traversal when invoking the method FileNameUtils.normalize with an improper input string (bsc#1184755) ----------------------------------------- Patch: SUSE-2021-1284 Released: Tue Apr 20 14:56:32 2021 Summary: Recommended update for adcli Severity: moderate References: 1184462 Description: This update for adcli fixes the following issues: - Respect allowed Kerberos encryption types. (bsc#1184462) ----------------------------------------- Patch: SUSE-2021-1289 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Severity: moderate References: 1177047 Description: This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------- Patch: SUSE-2021-1291 Released: Wed Apr 21 14:04:06 2021 Summary: Recommended update for mpfr Severity: moderate References: 1141190 Description: This update for mpfr fixes the following issues: - Fixed an issue when building for ppc64le (bsc#1141190) Technical library fixes: - A subtraction of two numbers of the same sign or addition of two numbers of different signs can be rounded incorrectly (and the ternary value can be incorrect) when one of the two inputs is reused as the output (destination) and all these MPFR numbers have exactly GMP_NUMB_BITS bits of precision (typically, 32 bits on 32-bit machines, 64 bits on 64-bit machines). - The mpfr_fma and mpfr_fms functions can behave incorrectly in case of internal overflow or underflow. - The result of the mpfr_sqr function can be rounded incorrectly in a rare case near underflow when the destination has exactly GMP_NUMB_BITS bits of precision (typically, 32 bits on 32-bit machines, 64 bits on 64-bit machines) and the input has at most GMP_NUMB_BITS bits of precision. - The behavior and documentation of the mpfr_get_str function are inconsistent concerning the minimum precision (this is related to the change of the minimum precision from 2 to 1 in MPFR 4.0.0). The get_str patch fixes this issue in the following way: the value 1 can now be provided for n (4th argument of mpfr_get_str); if n = 0, then the number of significant digits in the output string can now be 1, as already implied by the documentation (but the code was increasing it to 2). - The mpfr_cmp_q function can behave incorrectly when the rational (mpq_t) number has a null denominator. - The mpfr_inp_str and mpfr_out_str functions might behave incorrectly when the stream is a null pointer: the stream is replaced by stdin and stdout, respectively. This behavior is useless, not documented (thus incorrect in case a null pointer would have a special meaning), and not consistent with other input/output functions. ----------------------------------------- Patch: SUSE-2021-1295 Released: Wed Apr 21 14:08:19 2021 Summary: Recommended update for systemd-presets-common-SUSE Severity: moderate References: 1184136 Description: This update for systemd-presets-common-SUSE fixes the following issues: - Enabled hcn-init.service for HNV on POWER (bsc#1184136) ----------------------------------------- Patch: SUSE-2021-1296 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Severity: low References: 1183791 Description: This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------- Patch: SUSE-2021-1297 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Severity: moderate References: 1178219 Description: This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------- Patch: SUSE-2021-1299 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Severity: low References: 1183801 Description: This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------- Patch: SUSE-2021-1307 Released: Fri Apr 23 09:15:01 2021 Summary: Security update for MozillaFirefox Severity: important References: 1184960,CVE-2021-23961,CVE-2021-23994,CVE-2021-23995,CVE-2021-23998,CVE-2021-23999,CVE-2021-24002,CVE-2021-29945,CVE-2021-29946 Description: This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.10.0 ESR (bsc#1184960) * CVE-2021-23994: Out of bound write due to lazy initialization * CVE-2021-23995: Use-after-free in Responsive Design Mode * CVE-2021-23998: Secure Lock icon could have been spoofed * CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage * CVE-2021-23999: Blob URLs may have been granted additional privileges * CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL * CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads * CVE-2021-29946: Port blocking could be bypassed ----------------------------------------- Patch: SUSE-2021-1309 Released: Fri Apr 23 13:23:49 2021 Summary: Recommended update for NetworkManager Severity: important References: 1183202,1183967 Description: This update for NetworkManager fixes the following issues: - Better handle dhclient's timeout so that a recorded lease can be used when dhcp server is down. (bsc#1183202) - Use `dhclient` as the default dhcp client. (bsc#1183202) - bond: restore `MAC` on release only when there is a cloned `MAC address`. (bsc#1183967) ----------------------------------------- Patch: SUSE-2021-1313 Released: Mon Apr 26 09:12:07 2021 Summary: Security update for python-aiohttp Severity: important References: 1184745,CVE-2021-21330 Description: This update for python-aiohttp fixes the following issues: - CVE-2021-21330: Fixed the way pure-Python HTTP parser interprets `//` (bsc#1184745) ----------------------------------------- Patch: SUSE-2021-1320 Released: Mon Apr 26 15:07:58 2021 Summary: Recommended update for xorg-x11-server Severity: moderate References: 1184072,1184543 Description: This update for xorg-x11-server fixes the following issues: - Fixed a crash that might occur when talking to Xwayland (bsc#1184072, bsc#1184543) ----------------------------------------- Patch: SUSE-2021-1321 Released: Mon Apr 26 15:10:40 2021 Summary: Recommended update for strongswan Severity: low References: Description: This update for strongswan fixes the following issues: - Added rcstrongswan-starter to this package. Please refer to the README.SUSE file to get more information about its usage. ----------------------------------------- Patch: SUSE-2021-1327 Released: Tue Apr 27 13:41:31 2021 Summary: Recommended update for sapstartsrv-resource-agents Severity: moderate References: 1183969 Description: This update for sapstartsrv-resource-agents fixes the following issues: - sapping.service does no longer run a second time after a restart/start of corosync (bsc#1183969) ----------------------------------------- Patch: SUSE-2021-1335 Released: Tue Apr 27 17:01:57 2021 Summary: Recommended update for hawk2 Severity: important References: 1184274 Description: This update for hawk2 fixes the following issue: Update to version 2.6.4: - Fix the wizards User Interface and show it.(bsc#1184274) ----------------------------------------- Patch: SUSE-2021-1404 Released: Wed Apr 28 14:36:10 2021 Summary: Recommended update for gnome-session Severity: moderate References: 1175622 Description: This update for gnome-session fixes the following issues: - Fix for an issue when VNC fails after upgrade from 15 SP1 to SP2. (bsc#1175622, glgo!GNOME/gnome-session!60) ----------------------------------------- Patch: SUSE-2021-1405 Released: Wed Apr 28 15:09:07 2021 Summary: Recommended update for brp-check-suse Severity: moderate References: 1184555 Description: This update for brp-check-suse fixes the following issues: - Add patch to implement fipscheck. (bsc#1184555) ----------------------------------------- Patch: SUSE-2021-1407 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Severity: important References: 1184690 Description: This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------- Patch: SUSE-2021-1408 Released: Wed Apr 28 16:32:00 2021 Summary: Security update for librsvg Severity: important References: 1183403,CVE-2021-25900 Description: This update for librsvg fixes the following issues: - librsvg was updated to 2.46.5: * Update dependent crates that had security vulnerabilities: smallvec to 0.6.14 - RUSTSEC-2018-0003 - CVE-2021-25900 (bsc#1183403) ----------------------------------------- Patch: SUSE-2021-1409 Released: Wed Apr 28 16:32:50 2021 Summary: Security update for giflib Severity: low References: 1184123 Description: This update for giflib fixes the following issues: - Enable Position Independent Code and inherit CFLAGS from the build system (bsc#1184123). ----------------------------------------- Patch: SUSE-2021-1412 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Severity: important References: 1184401,CVE-2021-20305 Description: This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------- Patch: SUSE-2021-1413 Released: Wed Apr 28 18:20:21 2021 Summary: Recommended update for nautilus Severity: moderate References: 1171506,1185026 Description: This update for nautilus fixes the following issues: - Use the right value in gio command. (bsc#1185026) - Update to version 3.34.3 (bsc#1171506): + Revert icon emblem fixes in order to prevent performance issues. + Fix crashes often happening when searching. + Fix crashes after conflict dialog response. ----------------------------------------- Patch: SUSE-2021-1414 Released: Wed Apr 28 18:32:11 2021 Summary: Recommended update for boost-legacy Severity: important References: 1006584,1038083,1076640,1082318,1175886,401964,439805,457699,461372,477603,479659,544958,621140,655747,714373,765443,951902,958150,994378,994381,994382,994383,996917,CVE-2008-0171 Description: This update for boost-legacy fixes the following issues: Create a new boost-legacy package with version 1.66.0. (bsc#1175886, jsc#SLE-17304, jsc#ECO-3147) - Remove duplicate license package that we get from original Boost - Add a backport of `Boost.Optional::has_value()` for LibreOffice - Use `%license` instead of `%doc` (bsc#1082318) - Multibuild requires versioned `Name: tag` . (bsc#1076640) Changes in version 1.66.0: - `Beast`: new portable HTTP, WebSocket and network operations using `Boost.Asio`. Header-only library. - `Callable Traits`: new library and successor to `Boost.FunctionTypes`. Header-only library. - `Mp11:` new metaprogramming library - ` Asio`: - implemented interface changes to reflect the Networking TS (N4656) - functions and classes that have been superseded by Networking TS functionality have been deprecated. - added support for customized handler tracking - removed previously deprecated functions - `Atomic`: improved compatibility with GCC 7. 128-bit operations on `x86_64` no longer require linking with compiled library. - `DateTime`: Fixed an integral overflow that could cause incorrect results when adding or subtracting many years from a date. - `Format`: New format specifiers added and volatile arguments can not be safely used with operator`%` - `Fusion`: - fix compile error with `std::array` - remove circular preprocessor include - `PolyCollection`: backported to GCC 4.8 and 4.9 with some limitations - `Uuid`: added `RTF-4122` namespaces in `boost::uuids::ns` ----------------------------------------- Patch: SUSE-2021-1416 Released: Thu Apr 29 06:19:16 2021 Summary: Recommended update for kyotocabinet Severity: low References: 1185033 Description: This update for kyotocabinet fixes the following issues: - Proactive fix for a hardening making 'kyotokabinet' in SLE as position independent executable. (bsc#1185033) ----------------------------------------- Patch: SUSE-2021-1417 Released: Thu Apr 29 06:19:47 2021 Summary: Recommended update for ntp Severity: moderate References: 1185171 Description: This update for ntp fixes the following issues: - Use '/run' instead of '/var/run' for PIDFile in 'ntpd.service'. (bsc#1185171) ----------------------------------------- Patch: SUSE-2021-1419 Released: Thu Apr 29 06:20:30 2021 Summary: Recommended update for dracut Severity: moderate References: 1178219 Description: This update for dracut fixes the following issues: - Fix for adding timeout to umount calls. (bsc#1178219) ----------------------------------------- Patch: SUSE-2021-1424 Released: Thu Apr 29 06:22:32 2021 Summary: Recommended update for openslp Severity: moderate References: 1166637,1184008 Description: This update for openslp fixes the following issues: - Added automated active discovery retries so that DAs do not get dropped, if they are not reachable for some time (bsc#1166637, bsc#1184008) ----------------------------------------- Patch: SUSE-2021-1425 Released: Thu Apr 29 06:23:08 2021 Summary: Optional update for tcpdump Severity: low References: 1183800 Description: This update for tcpdump fixes the following issues: - Disabled five regression tests that fail with libpcap > 1.8.1 (bsc#1183800) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------- Patch: SUSE-2021-1426 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Severity: moderate References: Description: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------- Patch: SUSE-2021-1427 Released: Thu Apr 29 06:24:32 2021 Summary: Recommended update for scap-security-guide Severity: moderate References: Description: This update for scap-security-guide fixes the following issues: This update ships the ComplianceAsCode build version 0.1.55+git containing the following supported file: - SCAP STIG automation for SUSE Linux Enterprise 12 (SUSE supplied, more rules added compared to 0.1.54) - SCAP STIG automation for SUSE Linux Enterprise 15 (SUSE supplied, new, first rules added) - CIS automation for SUSE Linux Enterprise 15 (community supplied) It can be evaluated using 'oscap' from 'openscap-utils', e.g. by doing on SUSE Linux Enterprise 12: - oscap xccdf eval --profile stig /usr/share/xml/scap/ssg/content/ssg-sle12-ds.xml On SUSE Linux Enterprise 15: - oscap xccdf eval --profile stig /usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml or the community supplied CIS on SUSE Linux Enterprise 15: - oscap xccdf eval --profile cis /usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml More content will be added in future updates. ----------------------------------------- Patch: SUSE-2021-1430 Released: Thu Apr 29 10:05:31 2021 Summary: Security update for webkit2gtk3 Severity: important References: 1182719,1184155,1184262,CVE-2020-27918,CVE-2020-29623,CVE-2021-1765,CVE-2021-1788,CVE-2021-1789,CVE-2021-1799,CVE-2021-1801,CVE-2021-1844,CVE-2021-1870,CVE-2021-1871 Description: This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.0 (bsc#1184155): * Fix the authentication request port when URL omits the port. * Fix iframe scrolling when main frame is scrolled in async * scrolling mode. * Stop using g_memdup. * Show a warning message when overriding signal handler for * threading suspension. * Fix the build on RISC-V with GCC 11. * Fix several crashes and rendering issues. * Security fixes: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871 - Update in version 2.30.6 (bsc#1184262): * Update user agent quirks again for Google Docs and Google Drive. * Fix several crashes and rendering issues. * Security fixes: CVE-2020-27918, CVE-2020-29623, CVE-2021-1765 CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870. - Update _constraints for armv6/armv7 (bsc#1182719) - restore NPAPI plugin support which was removed in 2.32.0 ----------------------------------------- Patch: SUSE-2021-1432 Released: Thu Apr 29 10:06:47 2021 Summary: Security update for MozillaThunderbird Severity: important References: 1184960,CVE-2021-23961,CVE-2021-23994,CVE-2021-23995,CVE-2021-23998,CVE-2021-23999,CVE-2021-24002,CVE-2021-29945,CVE-2021-29946,CVE-2021-29948 Description: This update for MozillaThunderbird fixes the following issues: - Firefox was updated to 78.10.0 ESR (bsc#1184960) * CVE-2021-23994: Out of bound write due to lazy initialization * CVE-2021-23995: Use-after-free in Responsive Design Mode * CVE-2021-23998: Secure Lock icon could have been spoofed * CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage * CVE-2021-23999: Blob URLs may have been granted additional privileges * CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL * CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads * CVE-2021-29946: Port blocking could be bypassed * CVE-2021-29948: Race condition when reading from disk while verifying signatures ----------------------------------------- Patch: SUSE-2021-1448 Released: Fri Apr 30 08:08:17 2021 Summary: Recommended update for pidentd Severity: moderate References: 1185070 Description: This update for pidentd fixes the following issues: - Use '/run' instead of '/var/run'. (bsc#1185070) ----------------------------------------- Patch: SUSE-2021-1449 Released: Fri Apr 30 08:08:25 2021 Summary: Recommended update for systemd-presets-branding-SLE Severity: moderate References: 1165780 Description: This update for systemd-presets-branding-SLE fixes the following issues: - Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780) ----------------------------------------- Patch: SUSE-2021-1451 Released: Fri Apr 30 08:08:45 2021 Summary: Recommended update for dhcp Severity: moderate References: 1185157 Description: This update for dhcp fixes the following issues: - Use '/run' instead of '/var/run' for PIDFile in 'dhcrelay.service'. (bsc#1185157) ----------------------------------------- Patch: SUSE-2021-1454 Released: Fri Apr 30 09:22:26 2021 Summary: Security update for cups Severity: important References: 1184161,CVE-2021-25317 Description: This update for cups fixes the following issues: - CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161) ----------------------------------------- Patch: SUSE-2021-1456 Released: Fri Apr 30 12:00:01 2021 Summary: Recommended update for cifs-utils Severity: important References: 1184815 Description: This update for cifs-utils fixes the following issues: - Fixed a bug where it was no longer possible to mount CIFS filesystem after the last maintenance update (bsc#1184815) ----------------------------------------- Patch: SUSE-2021-1462 Released: Fri Apr 30 14:54:23 2021 Summary: Recommended update for cloud-init Severity: moderate References: 1181283,1184085 Description: This update for cloud-init fixes the following issues: - Fixed an issue, where the bonding options were wrongly configured in SLE and openSUSE (bsc#1184085) ----------------------------------------- Version 0 2023-09-13T09:00:32 ----------------------------------------- Patch: SUSE-2023-3590 Released: Tue Sep 12 16:40:53 2023 Summary: Recommended update for mozilla-nss Severity: moderate References: 1176173 Description: This update for mozilla-nss fixes the following issue: - FIPS: Adjust the Diffie-Hellman and Elliptic Curve Diffie-Hellman algorithms to be NIST SP800-56Arev3 compliant (bsc#1176173). ----------------------------------------- Version 0 2023-10-03T09:00:30 ----------------------------------------- Patch: SUSE-2020-2149 Released: Thu Aug 6 13:37:40 2020 Summary: Security update for postgresql10 and postgresql12 Severity: moderate References: 1148643,1163985,1171924,CVE-2020-1720 Description: This update for postgresql10 and postgresql12 fixes the following issues: postgresql10 was updated to 10.13 (bsc#1171924). https://www.postgresql.org/about/news/2038/ https://www.postgresql.org/docs/10/release-10-13.html postgresql10 was updated to 10.12 (CVE-2020-1720, bsc#1163985) - https://www.postgresql.org/about/news/2011/ - https://www.postgresql.org/docs/10/release-10-12.html postgresql10 was updated to 10.11: - https://www.postgresql.org/about/news/1994/ - https://www.postgresql.org/docs/10/release-10-11.html postgresql12 was updated to 12.3 (bsc#1171924). Bug Fixes and Improvements: - Several fixes for GENERATED columns, including an issue where it was possible to crash or corrupt data in a table when the output of the generated column was the exact copy of a physical column on the table, e.g. if the expression called a function which could return its own input. - Several fixes for ALTER TABLE, including ensuring the SET STORAGE directive is propagated to a table's indexes. - Fix a potential race condition when using DROP OWNED BY while another session is deleting the same objects. - Allow for a partition to be detached when it has inherited ROW triggers. - Several fixes for REINDEX CONCURRENTLY, particularly with issues when a REINDEX CONCURRENTLY operation fails. - Fix crash when COLLATE is applied to an uncollatable type in a partition bound expression. - Fix performance regression in floating point overflow/underflow detection. - Several fixes for full text search, particularly with phrase searching. - Fix query-lifespan memory leak for a set-returning function used in a query's FROM clause. - Several reporting fixes for the output of VACUUM VERBOSE. - Allow input of type circle to accept the format (x,y),r, which is specified in the documentation. - Allow for the get_bit() and set_bit() functions to not fail on bytea strings longer than 256MB. - Avoid premature recycling of WAL segments during crash recovery, which could lead to WAL segments being recycled before being archived. - Avoid attempting to fetch nonexistent WAL files from archive storage during recovery by skipping irrelevant timelines. - Several fixes for logical replication and replication slots. - Fix several race conditions in synchronous standby management, including one that occurred when changing the synchronous_standby_names setting. - Several fixes for GSSAPI support, include a fix for a memory leak that occurred when using GSSAPI encryption. - Ensure that members of the pg_read_all_stats role can read all statistics views. - Fix performance regression in information_schema.triggers view. - Fix memory leak in libpq when using sslmode=verify-full. - Fix crash in psql when attempting to re-establish a failed connection. - Allow tab-completion of the filename argument to \gx command in psql. - Add pg_dump support for ALTER ... DEPENDS ON EXTENSION. - Several other fixes for pg_dump, which include dumping comments on RLS policies and postponing restore of event triggers until the end. - Ensure pg_basebackup generates valid tar files. - pg_checksums skips tablespace subdirectories that belong to a different PostgreSQL major version - Several Windows compatibility fixes This update also contains timezone tzdata release 2020a for DST law changes in Morocco and the Canadian Yukon, plus historical corrections for Shanghai. The America/Godthab zone has been renamed to America/Nuuk to reflect current English usage ; however, the old name remains available as a compatibility link. This also updates initdb's list of known Windows time zone names to include recent additions. For more details, check out: - https://www.postgresql.org/docs/12/release-12-3.html Other fixes: - Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean and complete cutover to the new packaging schema. ----------------------------------------- Version 0 2024-01-11T09:00:15 ----------------------------------------- Patch: SUSE-2024-79 Released: Wed Jan 10 15:44:42 2024 Summary: Recommended update for azure-cli, python-azure-mgmt-appconfiguration, python-azure-mgmt-resource Severity: moderate References: 1201870,1205340 Description: This update for azure-cli, python-azure-mgmt-appconfiguration, python-azure-mgmt-resource fixes the following issues: - Add missing python3-azure-mgmt-resource dependency to Requires (bsc#1201870) - Downgrade to upstream version 0.6.0 - Downgrade to upstream version 10.3.0 (bsc#1205340)